One time password Authenticator - Mobile App?

[Delsus]

This guy - the point of the keyfob things is that they are not part of the grid.

We have been through this and concluded that the security risk is minimal because of security software, apps needing permissions to interact with eachother, remote lock and wipe etc etc etc.

The reason we have keyfobs is not because they have no internet access but they are not connected to your PC so malware cannot access the OTP and FFXIV client at the same time, I don't know about iPhone, Windows phone, blackberry OS and Symbian but Android has security inplace, the FFXIV app will not need network access so it will not use it, if it doesn't have the network access permission it is impossible for it to access the internet, this is deep inside the android framework and system files need to be replaced (another permission needed) to overcome it.

I believe apps need permissions to interact so a hacker could not use another app to influance or spy on an authenticator app, and it would flag up on decent security apps, the risk is minimal if existant at all.

[Antipika]

I said app devs, they are completly differant people, people who write the apps, if they got the game devs to do it they would have to be trained, its not just write this code test find bugs and publish, you need to know how the platform works, which, unless they write apps in thier free time, the game devs don't.

SE dont have theier game devs and no one else, they need differant people, people who cannot write for the game to make the apps.

I have a security token, but I would use an app over it straight away and keep my current CE token as game memorabilia, the risk of loosing my token is too great to use it over an app.

Again it would not use up GAME DEVS time, it would use up APP DEVS time.

It doesn't change anything, time is money. And SE have absolutely no reason to waste money on this right now. When you pay one hour of "app devs time" you could have used that money to pay "game dev time" (or even Lodestone dev time (the site could use some improvement as well, same goes with our forums which has been rubbish for a while)).

So get outside your bubble, this is a super low priority issue, only a comfort matter for the few customers the game currently have, nothing more.

- It won't bring new customers in
- It won't reduce the number of compromised account cases for now (very low threat level / players who wanted a token already have a physical one)

Also do you have an idea why companies wants their customers to secure their account? To save money and decrease customer service costs with compromised account cases. They don't really care about YOUR security, they care about them spending less money trying to help customers who got compromised (typical case where the customer must be helped at any cost or there is a high chance for him to cancel his subscription).

So when you add that up, you understand that there is little to no chance to see an auth app before 2.0. (maybe beta so app could be tested before release)

[NationOfZealots]

A great idea here.... would like the app to do what Pocketstation done for FFVIII, be able to character progress outside of the actual game via mini game etc

[Delsus]

It doesn't change anything, time is money. And SE have absolutely no reason to waste money on this right now. When you pay one hour of "app devs time" you could have used that money to pay "game dev time" (or even Lodestone dev time (the site could use some improvement as well, same goes with our forums which has been rubbish for a while)).

So get outside your bubble, this is a super low priority issue, only a comfort matter for the few customers the game currently have, nothing more.

- It won't bring new customers in
- It won't reduce the number of compromised account cases for now (very low threat level / players who wanted a token already have a physical one)

Also do you have an idea why companies wants their customers to secure their account? To save money and decrease customer service costs with compromised account cases. They don't really care about YOUR security, they care about them spending less money trying to help customers who got compromised (typical case where the customer must be helped at any cost or there is a high chance for him to cancel his subscription).

So when you add that up, you understand that there is little to no chance to see an auth app before 2.0. (maybe beta so app could be tested before release)

SE will already have the app devs on the payroll, from what I saw in an earlier post SE have an account on iTunes, the have a play store accont, they have apps published, it would cost the NO MORE, they just pull devs from other apps to make it.

[Antipika]

SE will already have the app devs on the payroll, from what I saw in an earlier post SE have an account on iTunes, the have a play store accont, they have apps published, it would cost the NO MORE, they just pull devs from other apps to make it.

Lol you obviously know nothing about development, human resources and cost management. Apps dev could be done by employee working freelance, meaning that they get paid according to the time they work. You increase the workload? It costs you more money. It is also fairly possible that these apps development is fully outsourced (which is more and more common nowadays). Same in that case, the more work, the more it costs you.

And even if there are full time employee working on mobile apps, again, same. Either they have "free time" to dedicate to this (in that case it means that resources are poorly managed, since you shouldn't have employee paid sitting around doing nothing in your company). Either they are busy with other projects, you increase their workload, you have to pay them overtime...

[Delsus]

Lol you obviously know nothing about development, human resources and cost management. Apps dev could be done by employee working freelance, meaning that they get paid according to the time they work. You increase the workload? It costs you more money. It is also fairly possible that these apps development is fully outsourced (which is more and more common nowadays). Same in that case, the more work, the more it costs you.

And even if there are full time employee working on mobile apps, again, same. Either they have "free time" to dedicate to this (in that case it means that resources are poorly managed, since you shouldn't have employee paid sitting around doing nothing in your company). Either they are busy with other projects, you increase their workload, you have to pay them overtime...

Check out this current PERMANANT vacancy at SE Europe http://www.square-enix.com/eu/en/jobs/#SEE-GDS

It takes one dev to pull off another project to make an app, yes that takes longer but its all thats needed.

You obviously know nothing about development, software is always being developed, working on new projects debugging current software, take one dev off SE's free apps that they make no money from to make the authenticator and its win win.

SE has just announced lifetime discounts for us all they can afford one person to write an authenticator app, this discount costs them more than moving one or 2 devs to make an authenticator (doesn't even need to be involved with FFXIV, just work for SE)

[Impulse]

Well there is one, and you said it yourself "devs to work on it". It needs DEV time and really this is a super low priority at the moment...

It would makes more sense to me to have such an app ready for 2.0 release, when SE will be expecting new players and when these new players will need to secure their accounts. Also XIV isn't popular enough now for RMT/Hackers to target players with phishing website/keyloggers and all, in order to compromise their account and make profit (it's a business after all), so threat level is low, the need for a token is limited. Finally, current players most likely acquired a token if they wanted one.

Sure having an app on top of that would be more convenient etc. Then again, they are more important things to fix now, hence I hardly see anything coming before 2.0 hits.

Here's the thing, the ones developing this would not be the XIV dev team. This is a Square Enix Account thing which covers their Manga service, FFXI and of course, XIV. The creation of this app has nothing to do with Yoshi-P and his team.

[Irondude]

my key fob is about to fall off my keychain. What the hell do I do when it stops working? Can we please get new fobs with 2.0 launch or a mobile app.

[Soukyuu]

I apologize for skipping 5 pages of paranoia but... I believe Yoshida-san already confirmed there will be an FFXIV app in one of the interviews (or was it in a live letter?), which will include an authentication function, among others.

[Endigiont]

This is becoming an industry standard and besides Blizzard stole our authenticator first and then added a mobile one later, but yah I'd prefer a mobile one to a real authenticator as I lost mine for FF11 and stillllll haven't decided to call SE and beg them over the phone for two hours to let me back into my account lol.