Page 2 of 2 FirstFirst 1 2
Results 11 to 13 of 13

Hybrid View

  1. #1
    Player
    Canadane's Avatar
    Join Date
    Jul 2011
    Location
    Limsa Lominsa
    Posts
    7,467
    Character
    King Canadane
    World
    Hyperion
    Main Class
    Sage Lv 100
    Quote Originally Posted by Packetdancer View Post
    It's no worse than half of the other software security tokens out there, but neither is it any better.

    That said, I'm very tired of companies making their own variant two-factor code; I would vastly prefer they used the standard TOTP (RFC 6238) or HOTP (RFC 4226) authentication. That way you could use anything that supported those standards. Be it things like Token2 hardware tokens, or Google's Authenticator software, or ecoystems like Authy or 1Password. Then I could stop having like five different custom authenticators installed on my phone for different systems.

    (Especially since I cannot see any appreciable security benefit to SquareEnix's OTP implementation, versus TOTP or HOTP.)
    I mean, SE has had theirs out for 11 years now.
    Why change what works? Seems to be SE's policy on many things.
    (0)

    http://king.canadane.com

  2. #2
    Player
    Packetdancer's Avatar
    Join Date
    Oct 2019
    Location
    Gridania
    Posts
    1,948
    Character
    Khit Amariyo
    World
    Leviathan
    Main Class
    Sage Lv 100
    Quote Originally Posted by Canadane View Post
    I mean, SE has had theirs out for 11 years now.
    Why change what works? Seems to be SE's policy on many things.
    Because it's one less thing to maintain; if you maintain a custom-built software token, then as the mobile operating systems update, sooner or later you need to redo the app to update it for a newer operating system. Things that were written for iOS 2.0 are very different than things written for iOS 13, just as things written for Android 2.4 and Android 10.0 are extremely different; in neither case would the original code compile for a newer system.

    If you rely on standards-driven authenticators, then you don't have to maintain anything; you just tell people to use Google Authenticator, or Authy, or 1Password, or anything else that supports TOTP/HOTP.

    As to why they don't, when it would mean less long-term work?

    ¯\_(ツ)_/¯
    (0)

  3. #3
    Player

    Join Date
    Nov 2018
    Posts
    1,706
    Quote Originally Posted by Packetdancer View Post
    Because it's one less thing to maintain; if you maintain a custom-built software token, then as the mobile operating systems update, sooner or later you need to redo the app to update it for a newer operating system. Things that were written for iOS 2.0 are very different than things written for iOS 13, just as things written for Android 2.4 and Android 10.0 are extremely different; in neither case would the original code compile for a newer system.

    If you rely on standards-driven authenticators, then you don't have to maintain anything; you just tell people to use Google Authenticator, or Authy, or 1Password, or anything else that supports TOTP/HOTP.

    As to why they don't, when it would mean less long-term work?

    ¯\_(ツ)_/¯
    I wish the standard works like FFXIV's app. I find it nicer to use than Google authenticator (or equivalent).
    (0)

Page 2 of 2 FirstFirst 1 2