Password Reset Security Flaw

[Chihaya]

The fact that they got your SE Account password and you don't use a token = you're most likely screwed even if they send you an e-mail.

[SarcasmMisser]

Thought I would add this:

Token on smartphone = Good.

Token on computer emulation = Bad.

The whole point of the token is so that if someone hacks your computer and steals your information they still can't log into your account because they don't have your token. If you put the token on the same computer you play FF 14 on, you effectively are completely getting rid of the added security the token is suppose to give.

In theory, in practice people aren't going to write exploits that depend on having the multi-factor authorization on the same machine when they have to be a minority of token users, and it's demonstrated that so many people don't even use security tokens. Low hanging fruit and all.

[Rendecrow]

In theory, in practice people aren't going to write exploits that depend on having the multi-factor authorization on the same machine when they have to be a minority of token users, and it's demonstrated that so many people don't even use security tokens. Low hanging fruit and all.

I can agree with that. Though that being said, it still would be dumb to have the token on your computer, lol. That is effectively like hiding your spare house key under your doormat. The door is still locked, but..... :P

If more people would just use the token a LOT of the gill seller issues would go away as they can't hack as many accounts. The 5 second "hassle" of entering the code is totally worth it. I don't understand people who refuse to use it.

[Nicobo]

And a lot of people won't use a token since it's a hassle...

Do you know there is in-game bonus for one-time password users?
IMO using a token absolutely is an advantage for long term players. ^^;

[SarcasmMisser]

I can agree with that. Though that being said, it still would be dumb to have the token on your computer, lol. That is effectively like hiding your spare house key under your doormat. The door is still locked, but..... :P

If more people would just use the token a LOT of the gill seller issues would go away as they can't hack as many accounts. The 5 second "hassle" of entering the code is totally worth it. I don't understand people who refuse to use it.

It is dumb because it basically isn't multi-factor authorization anymore. But it is still better than not using a token at all.

[Kosmos992k]

Two factor authentication, what's hard to understand. Out of all the compromised accounts hijacked by RMT, I'd bet none used the security token. Personally, I think it's time to make two factor authentication mandatory.

Technically, PS3/PS4 playerswith a security token have 3 factor security since PSN authenticates you and your license, then SE takes your password and one time security code.

[Lexia]

Not everyone has a security token or a device able to use one. And a lot of people won't use a token since it's a hassle. And anyone would expect to be notified when ANY change to my account is made.

So getting a $10 token that will secure you account is a hassle? That like having a safe but leaving it open all the time cause it too much of a hassle to enter the combination every time.

[mbncd]

So getting a $10 token that will secure you account is a hassle? That like having a safe but leaving it open all the time cause it too much of a hassle to enter the combination every time.

The phone software token is free.

[Lexia]

The phone software token is free.

They said they didn't have a device that could run the software token so they would need the physical one.

[nuyu11]

I've heard many unpleasant news regarding to the smartphone token, so I'm bit scared to use it.
If you lose your phone you're in totally bad position beyond any help.