Results -9 to 0 of 31

Threaded View

  1. 04-16-2015 08:25 AM #1
    Laraul
    Player
    Laraul's Avatar
    Join Date
    Nov 2011
    Posts
    902
    Character
    Laraul Lunacy
    World
    Hyperion
    Main Class
    Gladiator Lv 70

    Password Reset Security Flaw

    If you attempt logging into the game from a different location without a security token(aka one-time password), you are told that you must reset your password with an email sent to you containing a link that allows you to do so. But this applies only when logging onto the game, not your Square Enix Account Management System.

    It's possible to login to a persons Square Enix Account thru the management system, change the password, then use that password to login w/o triggering the automatic password reset do to logging in from a different location. Also, you do not receive an email when changes to your account, including the password.

    Not everyone has a security token or a device able to use one. And a lot of people won't use a token since it's a hassle. And anyone would expect to be notified when ANY change to my account is made.
    (3)
    Last edited by Laraul; 04-16-2015 at 08:31 AM.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »