Can we force our own account to logout?

[Kosmos992k]

OK, this is an edit because I want to be absolutely clear, my account is NOT compromised. I was asking this question out of curiosity, because I see many threads daily with people who's account is hijacked despite them having a good password and in some cases even a security token. I thought that if there was a way that people in that situation could at lest force the hijacker off their account, it would be helpful to them, which is why I posted the topic.

Someone posted something on another forum (not a million miles from here) suggesting that a man in the middle attack that obtains a valid session ID could permit an attacker to steal your session ID and connect to the game (without authenticating) using the stolen session ID. Apparently because the session ID has a long life span, it's possible to use it to launch/connect to the game without going through the login process.

Assuming that this does actually work, the attacker doesn't have your authentication information, only the session ID and your IP Address. I know that SE does check IP addresses for incoming sessions, so I would presume that if the session ID thing works, it must also involve spoofing the IP address of the client that the session ID was obtained from.

Anyway, all of that speculation aside, if you assume for the moment that it's possible to hijack a session ID and spoof the IP address in order to connect to FFXIV without authenticating. How does SE banning the compromised account help if the ban process doesn't force the player off the system and invalidate any session ID/key in use? I mean, it's quite apparent that the ban process doesn't in fact force players off the system because there are many, many examples of bots and RMT spambots that have been reported, but are still in-game untouched. Presumably they may already have been banned, but until the servers are bounced or the willingly logout, they can continue to do their thing.

So, here is the question, is there any way to force logout your own player/account? Can you do anything from MogStation or the SE account Information screen that has the consequence of forcing a logout? I know there is no specific option to do this anywhere, but if there was something players can do that has the effect of forcing your player off the server, it would be a way for those who have been compromised (but still have access to their account) to regain control.

Ideally, SE will alter their ban process to force banned accounts off the system and invalidate the session ID/key too. but unless and until they do, is there anything we can advise affected players to do that would help?

[Cirsce]

Or you have a keylogger / malware that instead of logging you in it logs them into your account for them. I haven't heard of it recently, but a few years back people were complaining about this on wow.

The only way I've heard of getting someone off your account is to put a token on it, but since you already have one that won't work. If I were you I'd use their live chat / phone support. You'll probably make it through the wait before they close for the day.

To this end, I would actually do both live chat and phone support at the same time. Just in case one errors out.

FYI, you might end up getting suspended even though you tried telling them it wasn't you. So assume you'll be waiting 2ish weeks if that happens to get it back unless they've drastically increased their investigation time.

Good luck with it.

[MStowastiqVahlshdeh]

SE recently added auto kick for accounts that are idle for 30 minutes to avoid afk players occupying the servers while others are trying to log in. Not sure if this is what happened to your account or not. As far as I know, the only official ways to log out are through the game itself choosing log off or exit or hard log out by closing your computer. Also if your monthly fees are due it might have come up that you need to register a new service agreement and that might kick you out until you do.

[Gonzothegreat198]

I believe if you go into mogstation and deactivate your account it will kick you out of the game, but it's not instantaneous. I think it take a couple of hours to register, though I can't be sure, as I've never needed to try it.

[Kosmos992k]

FYI, you might end up getting suspended even though you tried telling them it wasn't you. So assume you'll be waiting 2ish weeks if that happens to get it back unless they've drastically increased their investigation time.

Maybe I wasn't clear enough in my original post (though I have edited it since). My account is not compromised, I was asking out of curiosity because I see lots of people posting about being hacked and there seems precious little anyone can offer in the way of help. Giving them a method that might at least force the attacker out of their account would be useful. However my personal account is quite safe with a security token and no chance of keyloggers or other malware - thanks to Sony ad the PS3....

[Kosmos992k]

I believe if you go into mogstation and deactivate your account it will kick you out of the game, but it's not instantaneous. I think it take a couple of hours to register, though I can't be sure, as I've never needed to try it.

Me either, but if that works, it would be something we could advise posters here who have been compromised to help them regain some measure of control and perhaps a little peace of mind while SE does their work.