Security Tokens/Authenticators are useless; SE needs to fix this immediately.

[Orophin]

While it sounds like SE could take better steps to improve their own security, they can't be held accountable for people's poor browsing habits if they end up getting a virus from somewhere.

[Eekiki]

While it sounds like SE could take better steps to improve their own security, they can't be held accountable for people's poor browsing habits if they end up getting a virus from somewhere.

The fix is simple. All SE needs to do is encrypt the session data. And don't give us the "memory limitations" or "server resources" excuse. Encrypting the session data generates a negligible amount of overhead.

Am I the only one who thinks that some of the companies SE outsourced their programming to are in cahoots with RMT sites? There seem to be a TON of obvious backdoors. It's very strange that the RMTs were able to almost immediately take over the economy.

[M4Fade]

And don't give us the "memory limitations" or "server resources" excuse.

This. LOL.

There really needs to be some meme's regarding these phrases.

[Lisotte]

This. LOL.

There really needs to be some meme's regarding these phrases.

It's the new ps2 limitations

[Ranebow]

Am I the only one who thinks that some of the companies SE outsourced their programming to are in cahoots with RMT sites? There seem to be a TON of obvious backdoors. It's very strange that the RMTs were able to almost immediately take over the economy.

No, and it goes hand in hand with my conspiracy theory that MMO developers intentionally design features/items into the games that are meant to be a commodity, of which become so desired that they fuel RMT practices.
They may ban thousands of accounts, but they still made money off it.

[Flarestar]

The fix is simple. All SE needs to do is encrypt the session data. And don't give us the "memory limitations" or "server resources" excuse. Encrypting the session data generates a negligible amount of overhead.

Am I the only one who thinks that some of the companies SE outsourced their programming to are in cahoots with RMT sites? There seem to be a TON of obvious backdoors. It's very strange that the RMTs were able to almost immediately take over the economy.

Um. Encrypting the session data is fine but does nothing against MITM attacks.

The second part of the fix is making the one-time use code expire properly. Those codes should NOT stay valid for more than a very, very brief time window. That's how you protect against MITM. It's still not foolproof if they're fast enough, but it drastically cuts down on your vulnerability.

Edit - Also IP binding. That's spoofable, particularly if you already have a MITM situation, but it at least helps.