Quote Originally Posted by Cinno View Post
Apparently on the phishing site's login page it has you put in your token. They then instantly use that token to log into your account in game, before the token changes. So I dont know if it will help in this situation..
Quote Originally Posted by AduroT View Post
...
I see...

I wouldn't know what the site looked like or what details it asked for, didn't realize they went straight for a redirected login page. This much I do know. You are able to browse both Lodestone and the Forums without logging in. Granted the forums are a mess to navigate and you can't post or reply without logging in. Anything that immediately requests a login for Lodestone and the Forums link wise, I would back away. If anything manually navigate to the forum and not copy paste links. I hope gets a roll back if possible.

Still if you don't have 2 factor still get it. It definitely secures the actual square enix account management section. You can't change your password or remove your token without. You can't change your email unless the person knows your secret question so they cant simply emergency remove it.

I hope OP that they get some things back from SE when they reach out.


Quote Originally Posted by Klaleara View Post
Which is why push codes are far superior imo. At least for the majority of users.
I wish we had push code authentication here as well. at work we can use either the token which is on a 20-second timer or push authentication. SE actually needs to shorten their timer on the authentication token.