HELP! I GOT HACKED! GAMEMASTER HELP?

[Klaleara]

Apparently on the phishing site's login page it has you put in your token. They then instantly use that token to log into your account in game, before the token changes. So I dont know if it will help in this situation..

Which is why push codes are far superior imo. At least for the majority of users.

[MsMisato]

Apparently on the phishing site's login page it has you put in your token. They then instantly use that token to log into your account in game, before the token changes. So I dont know if it will help in this situation..

...

I see...

I wouldn't know what the site looked like or what details it asked for, didn't realize they went straight for a redirected login page. This much I do know. You are able to browse both Lodestone and the Forums without logging in. Granted the forums are a mess to navigate and you can't post or reply without logging in. Anything that immediately requests a login for Lodestone and the Forums link wise, I would back away. If anything manually navigate to the forum and not copy paste links. I hope gets a roll back if possible.

Still if you don't have 2 factor still get it. It definitely secures the actual square enix account management section. You can't change your password or remove your token without. You can't change your email unless the person knows your secret question so they cant simply emergency remove it.

I hope OP that they get some things back from SE when they reach out.

Which is why push codes are far superior imo. At least for the majority of users.

I wish we had push code authentication here as well. at work we can use either the token which is on a 20-second timer or push authentication. SE actually needs to shorten their timer on the authentication token.

[Klaleara]

I wish we had push code authentication here as well. at work we can use either the token which is on a 20-second timer or push authentication. SE actually needs to shorten their timer on the authentication token.

Unsure if shortening the timer would help. The only way this would work is if it was automatic. So basically the moment you put in your credentials, a program is throwing it into SE's site. I'd say within less than a couple seconds.

And don't forget that the person has to type in the code, so you can't shorten it too much. Far too many people type slowly to change it much.