FYI: check and change login passwords ASAP

[Aurikai]

Using OTP with FFXIV login is painful, bad enough you need to enter password every time, but OTP also. There's a thing called OAuth that issues security tokens once you pass all authentication checks so you don't need to provide this stuff every time, apparently Blizzard can implement this but not SE. Cumbersome login processes always forces bad security habits by users.

[SaberMaxwell]

Using OTP with FFXIV login is painful, bad enough you need to enter password every time, but OTP also. There's a thing called OAuth that issues security tokens once you pass all authentication checks so you don't need to provide this stuff every time, apparently Blizzard can implement this but not SE. Cumbersome login processes always forces bad security habits by users.

Convenience and security are ever on opposite sides of a spectrum.

[Aurikai]

Convenience and security are ever on opposite sides of a spectrum.

No they aren't, OAuth is easily fixes this, this isn't host based security, doubt you have a clue about IAM systems, so not surprised you would say something that naive.

Lots of banks and other institutions use that same technology to ease logins, even Office 365 does, even Blizzard, so you're just making excuses for SE spending poorly on security because you lack knowledge of how it works.

[SaberMaxwell]

No they aren't, OAuth is easily fixes this, this isn't host based security, doubt you have a clue about IAM systems, so not surprised you would say something that naive.

My guy, I merely stated a pretty standard security adage which holds true almost no matter what. It's why "layered defenses" are better no matter what kind of system you're trying to create. No need to get hostile.

"No authorization or authentication standard is guaranteed to protect your information. If your information is available online, it’s susceptible to being stolen. If hackers breach a server of any service that you use, they could potentially take your login information or personal information, like name, address, and credit card information. [...] What makes OAuth great is that it restricts how many third-parties know your passwords. No, that doesn’t mean your personal information is 100% safe. But, by reducing how many entities have your passwords, you’ll lessen the chance that your passwords will get compromised."

[Aurikai]

My guy, I merely stated a pretty standard security adage which holds true almost no matter what. It's why "layered defenses" are better no matter what kind of system you're trying to create. No need to get hostile.

"No authorization or authentication standard is guaranteed to protect your information. If your information is available online, it’s susceptible to being stolen. If hackers breach a server of any service that you use, they could potentially take your login information or personal information, like name, address, and credit card information. [...] What makes OAuth great is that it restricts how many third-parties know your passwords. No, that doesn’t mean your personal information is 100% safe. But, by reducing how many entities have your passwords, you’ll lessen the chance that your passwords will get compromised."

No you stated a blanket statement that had nothing to do with the topic at hand, which was OAuth would make it easier for users to login. Saying nothing is 100% secure is like saying you should never drive or fly because cars aren't 100% safe, it's pointless thinking and completely dismissive. You can make excuses for SE not implementing that technology all you want, nothing you've said has provided any relevant counter arguments for why they shouldn't.

[Boblawblah]

No you stated a blanket statement that had nothing to do with the topic at hand, which was OAuth would make it easier for users to login. Saying nothing is 100% secure is like saying you should never drive or fly because cars aren't 100% safe, it's pointless thinking and completely dismissive. You can make excuses for SE not implementing that technology all you want, nothing you've said has provided any relevant counter arguments for why they shouldn't.

Saying "convenience and security are on opposite sides of the spectrum" isn't defending SE, take a step back, you're attacking someone who isn't against you.

[Aurikai]

Saying "convenience and security are on opposite sides of the spectrum" isn't defending SE, take a step back, you're attacking someone who isn't against you.

Then why make that generalized statement at all? It's not relevant to the discussion which is WHY SE hasn't implemented this for users convenience.

[DPZ2]

No you stated a blanket statement that had nothing to do with the topic at hand, which was OAuth would make it easier for users to login. Saying nothing is 100% secure is like saying you should never drive or fly because cars aren't 100% safe, it's pointless thinking and completely dismissive. You can make excuses for SE not implementing that technology all you want, nothing you've said has provided any relevant counter arguments for why they shouldn't.

The authentication method may be one you prefer, but it is not the be-all-and-end-all you assume.

The major problem with OAuth as used by Blizzard is that it requires you to have a cell phone or tablet in order to use it. If you don't have one (and it appears to be required for the 'instant' authentication you appear to be pushing), it becomes much more cumbersome to use than a physical authenticator.

[Aurikai]

The authentication method may be one you prefer, but it is not the be-all-and-end-all you assume.

The major problem with OAuth as used by Blizzard is that it requires you to have a cell phone or tablet in order to use it. If you don't have one (and it appears to be required for the 'instant' authentication you appear to be pushing), it becomes much more cumbersome to use than a physical authenticator.

OAuth has nothing to do with the authentication, you can do OAuth with username and password, it's merely a framework for exchanging temporary tokens to KNOWN devices. The fact that I even need to explain this, shows your way out of depth and shouldn't be arguing this. It's used on every single mobile app you have that doesn't require login every time, most bank websites, and a lot of other companies. I guess you guys know more Microsoft, Okta, Apple, Google, and thousands of others who use this technology every day, apparently Sony is the leader in technology according to your standards.

This is why hardly participate on these forums, SE can do wrong to most posters here, no matter the facts stacked against them.

[VelKallor]

apparently Blizzard can implement this

Blizzard couldnt..sorry make that WOULDNT....implement the appear offline feature they promised for five years ( the fact that they blatantly LIED to their players about it didnt help ), have pathetic privacy controls ingame, have a system that allows ANYONE to add you as a friend and track you anywhere, cant or wont implement an account wide ignore system, ties all games to their launcher and FORCED a mandatory voice app on the launcher that CANT be turned off and until a huge uproar, then fixed that voice app to NOT screw with global volume settings, said app was also tied into the entire system sound settings, caused massive system errors because it was a resource hog.

The fact they they had a/ not tested it to prevent that issue and b/ did not allow players to opt OUT of having it installed in the first place says it all.