One time password /sigh

**Taylor-MadeAK** · 06-19-2014 03:00 AM

Originally Posted by Jonny_Tapas

Well now then:

I just re-registered and here are all of the instructions:

<SNIP>

I've re-registered my software token several times due to reimaging my phone, and every time - including the first time - the emergency removal code has been displayed on the web page that is displayed upon login immediately after linking the additional authentication token (AAT) to my account:

I keep that key, along with the rest of my account information, in a Keepass 2 database for easy retrieval for situations exactly like this.

I've never had to contact SE support for this, but in their defense the reason you got the "I'm not sure, keep your eyes open" answer can be explained in two words: outsourced support. Clearly their training doesn't include going through the user experience of linking an AAT to an account. This is something that maybe we can suggest to SE that they feed back to their outsourcing provider to fine-tune their support.

**Rennah** · 06-19-2014 03:17 AM

I definitely didn't remember anything about an emergency removal password, so I looked into it...and nothing. It seems those are ONLY for the phone app token, not the physical security token, like the kind that came with the CE. I'm a bit confused by that, seeing as a security token, small as it is, is a lot easier to lose than your phone, but...

**Taylor-MadeAK** · 06-19-2014 03:22 AM

Just out of curiosity: Are you guys looking into this all from the Mog Station? Or from the Square-Enix Account Management page?

**Rennah** · 06-19-2014 03:41 AM

Mog Station redirects you to the Square Enix Account Management Page when you click One-Time Password.

**Morsmordie** · 06-19-2014 03:48 AM

Originally Posted by Jonny_Tapas

snip

I do agree with you that the process is a little bit long winded & you do have to do a little bit more than most security options out there for games. I guess Squeenix has to improve their wording & information page when registering a token. That being said, I did a bunch of research before attaching my phone app to my account but that's just me, not everyone deals with these things the same way.

What would be a good way of dealing with the phone-app is the way the Blizzard Authenticator works. You write down two serial codes when you are registering the app to your account (the app itself gives you these codes, you don't have to do a second log-in to your account) that way if you want to restore the app, you can put those codes in and the app will display the right numbers.

**kidvideo** · 06-19-2014 03:50 AM

Originally Posted by Taylor-MadeAK

"Not giving out information" doesn't protect you from brute-force, dictionary, or man-in-the-middle attacks. It's not difficult to brute-force or assemble usernames with a dictionary. After that, it's just a matter of time before they crack your password. How much time depends on the strength of your password, and quite frankly the odds are in the hackers' favor.

All to get, what? That chub my retainer brought back today? No trade/spirit bonded equipment that might sell for 10gil to an NPC? I don't fear any hackers.

Take my chub, please!

**Taylor-MadeAK** · 06-19-2014 03:59 AM

Originally Posted by kidvideo

All to get, what? That chub my retainer brought back today? No trade/spirit bonded equipment that might sell for 10gil to an NPC? I don't fear any hackers.

Take my chub, please!

How about having your account banned for RMT advertising?

**DSN** · 06-19-2014 04:11 AM

I am guessing you have a android or windows phone as a few FC members who have lost or reset their phones have had problems.

Not to be a dick or anything but this works 100% on iOS and really is a flaw in the Phone OS, your preferences including your serial number in the application when you recover from a backup. As I have been playing with iOS 8 beta's I have wiped my phone many times with no problems starting the One Time Password App and it having my settings restored as expected.

**Valmar** · 06-19-2014 04:27 AM

Originally Posted by kidvideo

All to get, what? That chub my retainer brought back today? No trade/spirit bonded equipment that might sell for 10gil to an NPC? I don't fear any hackers.

Take my chub, please!

All the time and money you have spent on your account to risk RMT's vendoring all of your gear, items and taking every last Gil.

Deleting your characters and canceling your Account.

No Thank you Sir, I would rather not risk that.

**kidvideo** · 06-19-2014 05:20 AM

That's just a generalized fear not based on fact. One would assume if you're going to all the trouble of hacking an account you'd want to make sure there's a lot of in game currency... I doubt I have enough to make it worth the time of these mysterious rmt hackers.

I have this discussion many times... & it's always "but the rmt's", "but the hackers", "but the children", "but the 'ohno's". None of my other game accounts have ever been hacked. But they can still have those damned useless fish.

Thread: One time password /sigh

Thread Tools

Search Thread

Display