Current Game Login Procedure is flawed, here's a solution.

[KaedrianLiang]

Current:
1.Enter username+password+one time pw
2. Click Login Button
3. Launcher performs a version check with patch server
4. Click Play

What it should be:
1. Launcher performs a version check with patch server
2. Enter username+password+one time pw
3. Click Login Button
4. Click Play

Why? In the case that the launcher fails to connect with the patch server, you have to initiate steps 1-2 allover again, until the launcher manages to make a connection.

In the case that a user has a one time pw attached to a smart phone device, you have to wait about 45 seconds until you your square-enix token will generate a new password for you to use. There have been days, where just getting pass the version check takes 5+minutes.

Sending user+pw over the internet, even if encrypted, multiple times in quick succession can pick up unwanted attention. The current system is prone to causing the inconvenience of repetition and an unnecessary risk in account security.

Additional Solution:
Modify the launcher to perform multiple attempts to connect to the patch server, instead of the 1 it performs now.

Example
"attempting to connect tries 1 of 5"
3 second timeout
"No Response from login server"
"attempting to connect tries 2 of 5"
3 second timeout
"No Response from login server"
"attempting to connect tries 3 of 5" etc.
"Connection Successful"
"Sending user information to complete the launcher login process"
"Attempt failed"
"restarting connection procedure"
"attempting to connect tries 1 of 5"
"Sending user information to complete the launcher login process"
"Verification Complete"
"Play"

There are additional flaws once you successfully launch the gameclient.exe.

Clicking the start button suffers the same flaw as the Launcher performing a version check with the patch server. It only makes 1 attempt, if that attempt fails the entire gameclient.exe shuts down and you have to repeat steps 1-4 in the launcher, to make it back to clicking the Start button in the gameclient.exe.

Primary Solution:
Modify the start button within the gameclient.exe to perform more than one attempt to connect to the character login server.

Example:
"Attempting to connect to Character Login Server. Tries 1 of 10"
3 second timeout
"Connection failed"
"Attempting to connect to Character Login Server. Tries 2 of 10"
3 second timeout
"Connection Failed"
"Attempting to connect to Character Login Server. Tries 3 of 10"
"Connection Successful"
Logging user into Character Selection Window

I can't stress enough how repeating steps 1-2 is a significant risk to account security and may as well be responsible for a number of compromised account cases. The act of repetition is what malicious users are looking for, whether your computer is compromised by a malware or someone sniffing packets in wireless or over the hardwired net.

Changes will also alleviate inconveniences, caused by poor oversight while designing the Launcher and gameclient.exe login procedure as well as the implementation of a one time pw.


The Best solution.

The Launcher is merely a portal to the patch server, and gameclient.exe version verification. Essentially the launcher becomes a portal for game news, updates, and patch verifciation. No Login, just a Play button after the launcher automatically verifies you have the latest version.

The gameclient.exe window has the username, password and OTPW login. Thus making the whole login process secure connection 1 procedure. instead of the 2 separate secure connection procedures we have now.


Edit:

i would like to add a feature that puts characters that d/ced from an instance to the front of any login que.

A feature where if you D/C from the game, the gameclient.exe attempts to take you back to the character selection screen, bypassing the start screen and if connection fails back to the start screen.

Feature where logging out of the game takes you straight to the character selection screen, bypassing the start screen.

[Delana]

Might want to post/move this properly to the Bug Report/Not a Bug Report section... this section is for website issues.

[Bacent]

What it should be:
1. Launcher performs a version check with patch server
2. Enter username+password+one time pw
3. Click Login Button
4. Click Play


So you want people to be able to update when they may not even have an active subscription at the moment?

[AskaRay]

Uh, on my Android, if I have an active one-time password up, and I hit the "back" button it'll take me to the menu where I can generate a new one immediately.

[DamianFatale]

This is amazing.

[Risvertasashi]

Might want to post/move this properly to the Bug Report/Not a Bug Report section... this section is for website issues.

That would be a good way to get the thread locked or unable to be replied to. Bug reports follow a very specific format and as soon as they're moved out of the initial category, posting is disabled.