Results 1 to 10 of 19

Hybrid View

  1. 10-16-2013 07:37 PM #1
    whoopeeragon
    Player
    whoopeeragon's Avatar
    Join Date
    Mar 2011
    Location
    Navigator's Glory
    Posts
    1,245
    Character
    Azarim Erro
    World
    Hyperion
    Main Class
    Lancer Lv 70
    Quote Originally Posted by Jwrigh7784 View Post
    Actually, the authenticator can be bypassed. Someone pointed out a massive security flaw that bypasses the launcher and lets anyone log into any account and all they need is the session ID which is surprisingly easy to obtain. I have personally witnessed this and am shocked at such a security flaw.
    Apparently, they have fixed it to be IP-locked now? I don't know the specifics, but people have been reporting that when they log in from a different IP, their account gets locked until they confirm it through email etc. Similar to how things worked in 1.0. For people with dynamic IPs, maybe it will be a hassle, but I think it's a welcome change. I'm not sure how this will affect session IDs, but nonetheless, it will make logins from external areas a bit harder.
    (2)
    Reply With Quote Reply With Quote
  2. 10-18-2013 02:33 AM #2
    necrosis
    Player
    Join Date
    Mar 2011
    Posts
    532
    Quote Originally Posted by whoopeeragon View Post
    Apparently, they have fixed it to be IP-locked now? I don't know the specifics, but people have been reporting that when they log in from a different IP, their account gets locked until they confirm it through email etc. Similar to how things worked in 1.0. For people with dynamic IPs, maybe it will be a hassle, but I think it's a welcome change. I'm not sure how this will affect session IDs, but nonetheless, it will make logins from external areas a bit harder.
    No the IP check is because they do not have a OTP attached to the account. SE has done this for a rather long time even going back to FFXI.
    (1)
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »