Square-Enix hacked

[Holy_Dragoon]

Use a password exclusive to 1 account, add in a one-time password dongle. Security profit.

[Atoli]

Use a password exclusive to 1 account.

Square forced me to do it

[BenjiTulia]

My security token has "Made in China" on its back, I'm sure RMT will soon figure out how it works hehe.

[Fiosha_Maureiba]

The maker of the security tokens had a security breach about a year ago. They would need two pieces to make that work though.

The serial number of your token.
And the technology used to generate that one-time password.

And unless they grab more dataR bases linking up your username with your serial number, they probably won't find that out anytime soons.

Identity theft is still serus bizness tho.

I digress, we don't know the specifics of what the infiltrators were looking for. Until SE sends us the warning e-mail, we should try to remain calm...

*gets compromised... in compromising positions*
*takes an arrow to the knee*
*lalafell steals my sweet roll*
*mustard jar...*

[TheRac25]

The maker of the security tokens had a security breach about a year ago.

That was RSA generators not Vasco wich is the maker of digipass used by SE.

[viion]

Why people are talking about security tokens in this thread is beyond me. If you hacked into the server, your dongle is as useless as a slang dongle..

[Fiosha_Maureiba]

Why people are talking about security tokens in this thread is beyond me. If you hacked into the server, your dongle is as useless as a slang dongle..

In terms of logging into an SE account and hijacking a character (deletion, selling everything they own and trading the gil to third-party, etc.)

[viion]

In terms of logging into an SE account and hijacking a character (deletion, selling everything they own and trading the gil to third-party, etc.)

But if I hacked the account server, I would just edit the database to have no SE token linked, so I wouldnt need your token, or care, because i just directly removed it..... See what I mean?

Then I edit your password to 123456789, login, have fun.

Its like trying to laugh at a burglar because he broke into your house through the window, but doesnt have the keys so he cant do anything when hes in there........

[Fiosha_Maureiba]

But if I hacked the account server, I would just edit the database to have no SE token linked, so I wouldnt need your token, or care, because i just directly removed it..... See what I mean?

Then I edit your password to 123456789, login, have fun.

Its like trying to laugh at a burglar because he broke into your house through the window, but doesnt have the keys so he cant do anything when hes in there........

Ah! I see your point. Although if they get that far, then stealing a character account would seem like the least of their worries.

On the Sony situation, I didn't think they got to the credit cards. But they did get to all the passwords that were stored in plain text instead of being encrypted.

[Antipika]

Why people are talking about security tokens in this thread is beyond me. If you hacked into the server, your dongle is as useless as a slang dongle..

And how?

The Square Enix Account management system is completely different from the Square Enix MEMBERS site.

Now even if the Square Enix Account management system was hacked, off course token would be useless, but all the damn Square Enix services would be suspended anyway, so it's not like you would be even able to log on in the first place.

Customers are in a better stance if EVERYONE is "compromised", because SE would simply fix the hole, re-issue a password to everyone (or have them confirm their ID by contacting the Support Center or w/e), rollback characters data if character data were affected. And beside service suspension for couple of days (weeks at worse), there wouldn't be much damage to individuals.

Payment information, passwords, and such are (supposed) to be encrypted.

My company actually has a finger print scanner lol, so they're made, I don't think they're for retail use yet though.

Biometry been used for a while, even for the average end-user. Fingerprint reader have been implemented on laptops, USB drives or available as external devices for over 10 years. And it never was expensive for the most basic ones ($40-50).