Guys get your tokens up!!
This situation is out of control and very sad, I immediately removed him from our FC before our chest could be emptied and I have Gil controls.. but wow...
Just a very sad situation.
Just Saw One My FC Members Shouting RMT... AKA Hacked...
Printable View
-
09-13-2013, 05:51 PMOrionInerghemJust Saw One My FC Members Shouting RMT... AKA Hacked...
-
09-13-2013, 05:55 PMShneibel
SE give the security apps for free you know, also while at it, you can begin to tell your ppl to get that one time password
-
09-13-2013, 05:55 PMMhyrria
He prolly bought gil or went to those hack this game site.
-
09-13-2013, 06:06 PMAldoraTrust me, I do not want sound like a jerk for saying this, but the security token was included in the Collectors Edition of the game (which was the major reason why I bought the CE edition) After my elder brothers WoW account was hacked, I never played WoW or FFXIV without a security token anymore.Quote:
Originally Posted by Shneibel
Next to that, you can get the software security token for your smartphone in the app store. I can tell you that the software security token is free for android phones.
And finally, the token only costs about 10 bucks. Considering the increase of security, they are worth the money. -
09-13-2013, 06:14 PMNeri
Trying to get the physical token, however my country is not in the list in SE's list so, can't get that. And about software token, I read the review there and there seems to be problem that the thing reset itself thus screwing some people. Saw the rating about the software token too... 5 stars vs 1 star ratio is like 3:1. So I don't really know whether I should use this or not...
-
09-13-2013, 06:18 PMtexhnolyzei've been using Android OTP from the day it launched until nowQuote:
Originally Posted by Neri
works flawlessly
just test it, you can always uninstall it and remove your protecton anyway.. -
09-13-2013, 06:21 PMblowfinNo, a lot of people are being compromised without doing anything dodgy. It seems password are just being brute forced or nicked from other sites. There are a few things:Quote:
Originally Posted by Mhyrria
- Don't use your SE account name anywhere else, like here for example
- Make sure your password is different from any other sites
- Get the security token. I've been a bit blase about it, but will be doing this first thing when I get home tonight. -
09-13-2013, 06:25 PMKeith_DragoonI stilluse the one I bought back in XI for mog satchel and I also have the 1.0 CE and ARR CE token aswell should one die on me. :3Quote:
Originally Posted by Aldora
-
09-13-2013, 06:27 PMOrionInerghem
Oh I posted all over our Facebook and LS site don't worry, but I'm just saying for everyone because I know a lot of people aren't understanding, or taking serious how insidious these RMT are being for this game..
He was a 50 Legacy player, I don't think he did anything besides not get a token :/ -
09-13-2013, 06:32 PMRyuujinZEROThis is a fallacy i see thrown about a lot. While it's certainly possible, the majority of hacking comes from people re-using passwords they use elsewhere on the net.Quote:
Originally Posted by Mhyrria
Say you're a member of CuteLittlePuppies.com (I dunno if that's a real site :p) - and you use the same username and password there and you do on FF14. CuteLittlePuppies.com gets hacked, and all the user details stolen. Those details are then sold online to criminal groups.
Criminal groups then try a dictionary attack on the FF14 servers, testing out all the username/password combos from their bought dictionary - a small number of them end up yielding successful logins, and these become the hacked accounts. Most recent MMOs (notably GW2) have suffered the same problem, because the strategy seems to work. -
09-13-2013, 06:33 PMCubesterSquare gives you an emergency removal password for the software token when you register it, in case you lose your phone or if it is stolen. So I imagine that it should also work if the app goes haywire.Quote:
Originally Posted by Neri
I'd say use it, I'm doing the same and haven't had any issues so far. -
09-13-2013, 06:56 PMFiresped-setup a new email address for Square Enix only because you can login with email addresses now.Quote:
Originally Posted by blowfin
-
09-13-2013, 07:28 PMSilvyaniss
How does this token work?
-
09-13-2013, 07:33 PMDjinnrb
I have had the security token since they first released it with XI years ago. Still works... If people didnt go to the gil websites(even if they didnt buy anything) they wouldnt be getting hacked.
-
09-13-2013, 07:44 PMKathryn
I've had my security token since 1.0 and tbh im glad I have it but getting 2 whispers every 1 minute is getting out of control, they want us to report each name but if we do that we would be there all day reporting, they should implement a right click report button because this is getting abit much.
-
09-13-2013, 07:48 PMCubesterYou buy (or install) it, and then you're supposed to go to your account page on mogstation to register the token.Quote:
Originally Posted by Silvyaniss
After you've successfully registered the token, you can then have it generate a "one time password" for use whenever you log in. -
09-13-2013, 07:51 PMtexhnolyzefirst, you have register and link your account to your token/smartphone appQuote:
Originally Posted by Silvyaniss
after that, you'll have to open the token/app and fill the randomly generated code to OTP below your ID & password each time you log in -
09-13-2013, 07:54 PMblowfin
How to One-Time Password:
http://www.square-enix.com/na/account/otp/
And here, this is worth reading too:
http://forum.square-enix.com/ffxiv/t...f-Your-Account
:o -
09-13-2013, 07:56 PMLaifon
Some people don't want to use the token, because it takes a few extra seconds to log in.. *cough*
-
09-13-2013, 08:21 PMMyrdyn_WyldtMake a macro with /blist add <r> This will blacklist the last person to send you a tell, and is really convenient for handling the whisperers. The shouters are a bit more difficult. You have to actually get their name, and /blist add them manually, and this can be difficult if they are spamming as fast as they can, but I can tell you it works.Quote:
Originally Posted by Kathryn
I have blisted every RMT I have seen, and reported every one I have blisted. Last night, I had a grand total of 2 whispers, and no shouts. I don't know if it's because of the blacklists or the reporting, but it does seem to be working. -
09-13-2013, 08:22 PMNasibihc
I also saw a guy named William Shakespeare shouting RMT messages.. I wonder if his account was hacked. lol
-
09-13-2013, 08:28 PMJayCommon
It does also look like something is being done about the RMTs. Yesterday, when I logged in, Ul'dah only had 2 shouters. When I went to blacklist them 3 of the people on my list had been deleted, so that's at least a good sign. I agree it is getting out of control, though.
-
09-13-2013, 08:45 PMAenarionAs other posters have pointed out, this is most definitely false. There are about 7583746274 different ways for someone to be compromised on the net, many of which requires no action from the user themselves. Just this past few months I've received notices from a couple of tech forums and UbiSoft about losing their user info to hackers, I guess I should tell them to stop going to gilseller websites? :rolleyes:Quote:
Originally Posted by Djinnrb
-
09-13-2013, 08:49 PMFreestyle
Well worth the money for the token, still using my FFXI one I bought years ago (no idea how old it is now) still going strong tho. Also have a spare token from my 1.0 CE box.
-
09-13-2013, 09:09 PMkazaran
wait who? Not good.
-
09-13-2013, 09:25 PMRath
Just be careful with your software token. Mine gives passwords that do not work anymore. It was working fine but has not since yesterday. Removal also fails. Will be on the phone with support as soon as it opens.
-
09-13-2013, 09:36 PMUrvanis
I don't like security tokens. It dumbs down one's own ability to counter security exploits by placing the responsibility in another.
I've been online gaming for over 15 years, I've only ever had an email account "hacked". Things like security tokens, and other forms of physical verification only promote negligence from an individual. It is a good additional level of security, but with most people it just leads them to being lazy about it. using the same password for multiple accounts, never changing their password. and worse yet, never realizing that their account has been compromised because of a physical barrier. then continuing to use the same password somewhere where that barrier isn't present.
In this day and age, blaming a company for not protecting your account while you put little or no effort into protecting it yourself is like blaming the police because you got robbed walking down a dark ally late at night. -
09-13-2013, 09:43 PMDozer
SE posted a bit about this: http://na.finalfantasyxiv.com/lodest...41eaefc2aeef7b
Some of this information may be helpful to people here. -
09-13-2013, 09:57 PMKayoGreat... next time you see the real him, thank him for sucking at account security and adding to the problem. Its gotten to the poit where I just turn off /shout.Quote:
Originally Posted by OrionInerghem
SE really needs to add more security measures. Rift did an awesome job with identifying IPs and heavily limiting them if/when they signed on to a different one. They need to do this asap ... especially to accouts that dont use the security app. I know its not their fault players keep getting hacked and they have a full "task force" dedicated to this but obviously thats not enough. The amount of dumbasses out there with weak security measures is astounding and impossible to keep up with. -
09-13-2013, 10:14 PMEsuraCould I change it?Quote:
Originally Posted by blowfin
-
09-13-2013, 10:31 PMSIXTYONESIX
Make your password longer than 8 characters and you don't need a token.
ForgetThisPasswordNever
IHateRMTWithAFieryPassion
BillLikesToPickHisNose.
Passwords like that have so much entropy that it would take thousands of years to crack, and they are much easier to remember than a random string of BS letters and digits. Don't get me wrong, a security token is a really good idea, but if you can't get one for some reason, this is the next best step. -
09-13-2013, 10:35 PMTupsiSorry, Blowfin, but you will never know this 100% even if you say you do.Quote:
Originally Posted by blowfin
-
09-13-2013, 10:40 PMRyamatsuDo you use the keychain or Phone App? Phone App has option to re-sync with the server so the passwords will hopefully clear up. Hard tokens... sorry might be in trouble there. Sad thing is once you remove it, it's gone forever. SE might give you a replacement for free, but I thought that was just for dead batteries.Quote:
Originally Posted by Rath
Good luck friend. -
09-13-2013, 10:47 PMKisaiTenshiHA! No, it's one of three things:Quote:
Originally Posted by blowfin
a) They bought gil, power leveling, or some other scammy thing that you give your login info to
b) There email was compromised and password was "reset"
c) One of the related SSO (Single Signon)'s were hacked. eg.
Steam (was hacked in 2011), PSN (was hacked some time in 2011) , Xbox Live was hacked in March 2013 (which means your MSN(outlook/hotmail)/Skype is also compromised), SquareEnix was hacked in 2011 as well. So... well if you haven't changed your passwords on all of these services since march, chances are one of them is the compromised one. -
09-13-2013, 10:50 PMDschlitz
Yikes! I registered the app token today.
I am afraid to register my physical token from the CE because I dont want to accidentally lose the token. -
09-13-2013, 10:51 PMKisaiTenshiThat's not how they do it. Lookup Rainbow tables. Many backends don't use a salted password hash, so all they have to do is "for each (rainbowtable) {cat stolenpasswords | grep (passwordhash)}" and they have a list of accounts to hack. No bruteforcing required.Quote:
Originally Posted by SIXTYONESIX
-
09-14-2013, 12:01 AMRathUsing the android app. Where is the resync option?Quote:
Originally Posted by Ryamatsu