Please recommend OTP software

[JamuManis]

Hello im using android. and when i goggle i saw many ppl complaint about one time password. is anyone can recommend a good otp software? i read goggle authenticator is good enough. can i use it for ff14? please need help. thank you guys

[LordSideKicks]

Hello im using android. and when i goggle i saw many ppl complaint about one time password. is anyone can recommend a good otp software? i read goggle authenticator is good enough. can i use it for ff14? please need help. thank you guys

Using it for almost a month. No issues. Those giving it down votes may be hackers. Reason it is obvious.

[Rivienne]

Hello im using android. and when i goggle i saw many ppl complaint about one time password. is anyone can recommend a good otp software? i read goggle authenticator is good enough. can i use it for ff14? please need help. thank you guys

You do not need a third party tool. SE has a specific app for Android and iPhone to provide the one-time password. It is in the app store for both as, I believe, "Square Enix Software Token".

The problem that people encounter with the Android/iOS Token Apps is that someone could still gain control of your phone and figure out your token serial and such and take your account that way. With a physical token, they would need to go to greater lengths.

That really makes no logical sense.. Somebody could just as easily steal my one time password token. In fact, considering you cannot set an emergency password for the physical token, I would almost say you're even less safe.

I didn't say physical access to the phone, i'm talking about it being compromised over the internet. I mean, many people root/jailbreak their phones without knowing the potential consequences. You can't compromise a physical token over the internet. Sure you can set up a man in the middle attack and such, but that takes more work. So, yes, it makes perfect logical sense.

Technically she is correct. There are many phone compromises that would allow for the software app to be potentially bypassed. That said, the software token is still more secure than not having any at all, as it adds a secondary time-based authentication factor beyond the static name and password.

It can be hacked. Never doubt it. The question in security is never "can" but "is it worth it". As of right now, I would say the answer to this question is no in this case. It is definitely worth it to hack account information in general as it can be used for data mining in general and hacking multiple websites. But as of right now I would say it is not worth it to target specific peoples phones for the off chance of getting a password that must be used in 60 seconds of capture.

So while the security token is absolutely without a doubt more secure than the software token, I do not believe that at this time there is any evidence that the additional security it provides is substantial enough to be necessary for those who do not have one, but do have the ability to use a software token.

[ispano]

The problem that people encounter with the Android/iOS Token Apps is that someone could still gain control of your phone and figure out your token serial and such and take your account that way. With a physical token, they would need to go to greater lengths.

[DoctorPepper]

The problem that people encounter with the Android/iOS Token Apps is that someone could still gain control of your phone and figure out your token serial and such and take your account that way. With a physical token, they would need to go to greater lengths.

That really makes no logical sense.. Somebody could just as easily steal my one time password token. In fact, considering you cannot set an emergency password for the physical token, I would almost say you're even less safe.

[ispano]

That really makes no logical sense.. Somebody could just as easily steal my one time password token. In fact, considering you cannot set an emergency password for the physical token, I would almost say you're even less safe.

I didn't say physical access to the phone, i'm talking about it being compromised over the internet. I mean, many people root/jailbreak their phones without knowing the potential consequences. You can't compromise a physical token over the internet. Sure you can set up a man in the middle attack and such, but that takes more work. So, yes, it makes perfect logical sense.

[Yoohre_WildRiver]

I didn't say physical access to the phone, i'm talking about it being compromised over the internet. I mean, many people root/jailbreak their phones without knowing the potential consequences. You can't compromise a physical token over the internet. Sure you can set up a man in the middle attack and such, but that takes more work. So, yes, it makes perfect logical sense.

by simple setting your SU restrictions to prompt and not granting SU to everything you install should take care of any malware trying to hijack the OTG digits textfield

[ispano]

by simple setting your SU restrictions to prompt and not granting SU to everything you install should take care of any malware trying to hijack the OTG digits textfield

Has nothing to do with what I was speaking of. Just because you CAN make it more secure, doesn't mean people do. Or even know how to or such. The point was the phone is usually connected to the internet, the physical token is not, ever.

[Ryios]

Or you can have Square Mail you the actual RSA Token, I keep it on my keychain. You don't have to have the app to use it. I've had it since 1.0 and it still works.

[Krimzin]

I currently use a program called Bluestacks. Its in beta but works well. It is an Android Emulator.
That way I know if I lose my phone or whatever, I have the ability to get the OTP.