I mean, SE has had theirs out for 11 years now.It's no worse than half of the other software security tokens out there, but neither is it any better.
That said, I'm very tired of companies making their own variant two-factor code; I would vastly prefer they used the standard TOTP (RFC 6238) or HOTP (RFC 4226) authentication. That way you could use anything that supported those standards. Be it things like Token2 hardware tokens, or Google's Authenticator software, or ecoystems like Authy or 1Password. Then I could stop having like five different custom authenticators installed on my phone for different systems.
(Especially since I cannot see any appreciable security benefit to SquareEnix's OTP implementation, versus TOTP or HOTP.)
Why change what works? Seems to be SE's policy on many things.
http://king.canadane.com
Because it's one less thing to maintain; if you maintain a custom-built software token, then as the mobile operating systems update, sooner or later you need to redo the app to update it for a newer operating system. Things that were written for iOS 2.0 are very different than things written for iOS 13, just as things written for Android 2.4 and Android 10.0 are extremely different; in neither case would the original code compile for a newer system.
If you rely on standards-driven authenticators, then you don't have to maintain anything; you just tell people to use Google Authenticator, or Authy, or 1Password, or anything else that supports TOTP/HOTP.
As to why they don't, when it would mean less long-term work?
¯\_(ツ)_/¯
I wish the standard works like FFXIV's app. I find it nicer to use than Google authenticator (or equivalent).Because it's one less thing to maintain; if you maintain a custom-built software token, then as the mobile operating systems update, sooner or later you need to redo the app to update it for a newer operating system. Things that were written for iOS 2.0 are very different than things written for iOS 13, just as things written for Android 2.4 and Android 10.0 are extremely different; in neither case would the original code compile for a newer system.
If you rely on standards-driven authenticators, then you don't have to maintain anything; you just tell people to use Google Authenticator, or Authy, or 1Password, or anything else that supports TOTP/HOTP.
As to why they don't, when it would mean less long-term work?
¯\_(ツ)_/¯
|
![]() |
![]() |
![]() |
|
Cookie Policy
This website uses cookies. If you do not wish us to set cookies on your device, please do not use the website. Please read the Square Enix cookies policy for more information. Your use of the website is also subject to the terms in the Square Enix website terms of use and privacy policy and by using the website you are accepting those terms. The Square Enix terms of use, privacy policy and cookies policy can also be found through links at the bottom of the page.