One time password Authenticator - Mobile App?

[Warchi]

Yes awesome idea.

[Zantetsuken]

Mobile phone authenticators are very secure and are currently used across the business world as a way to lock down sensitive networks, etc.

The RSA SecurID has an industry standard authentication app. In fact, the iphone version of the app requires it's own 5 digit code to even access, so if anyone wants to hack your SE acct, they would need the following:

1. Your SE Acct User Name
2. Your SE Acct Password
3. Knowledge that you are using your iPhone Authenticator and not a Security Token
4. Your iPhone
5. Your Phone's password
6. Your Security Authenticator Password.

If anything, an iPhone Authenticator is even less likely to be compromised than a security token (which has a FF logo on it btw).

Impossible? No, nothing is impossible in the world of hacking, but if anyone goes through all that to steal my acct -- until I call SE to get it restored -- then more power to them.

[Delsus]

Mobile phone authenticators are very secure and are currently used across the business world as a way to lock down sensitive networks, etc.

The RSA SecurID is an industry standard. In fact, the iphone version of the app requires it's own 5 digit code to even access, so if anyone wants to hack your SE acct, they would need the following:

1. Your SE Acct User Name
2. Your SE Acct Password
3. Knowledge that you are using your iPhone Authenticator and not a Security Token
4. Your iPhone
5. Your Phone's password
6. Your Security Authenticator Password.

If anything, an iPhone Authenticator is even less likely to be compromised than a security token (which has a FF logo on it btw). Impossible? No, nothing is impossible in the world of hacking, but if anyone goes through all that to steal my acct -- until I call SE to get it restored -- then good luck to them.

And lets not forget if your phone is stolen decent security software lets you remotely lock and wipe your phone get that done fast enough and no one who steals your phone can hack your account, if a token gets stolen you have to go through SE not only to get access but to stop your account getting hacked.

[Zantetsuken]

And lets not forget if your phone is stolen decent security software lets you remotely lock and wipe your phone get that done fast enough and no one who steals your phone can hack your account, if a token gets stolen you have to go through SE not only to get access but to stop your account getting hacked.

Exactly - Can't do that with a token...

Those who say that this is not secure really need to do their research on it.

[Delsus]

Exactly - Can't do that with a token...

Those who say that this is not secure really need to do their research on it.

So many reasons why it should be implemented and any argument against can be easily countered.

[Antipika]

If anything it will come at 2.0 anyway, we were told that smartphone apps are planned, having a mobile auth software is pretty standard these days so it will most likely be released.

[Delsus]

If anything it will come at 2.0 anyway, we were told that smartphone apps are planned, having a mobile auth software is pretty standard these days so it will most likely be released.

This doesn't really need to wait till 2.0, it would come up on SE's end as a security token, they just need android, iPhone, Blackberry, Windows phone, symbian app devs to work on it and possibly some back end config on the account servers, but it would not affect the development of the game and the 1.2xx servers don't matter.

There is no reason to hold it until 2.0

[Antipika]

Well there is one, and you said it yourself "devs to work on it". It needs DEV time and really this is a super low priority at the moment...

It would makes more sense to me to have such an app ready for 2.0 release, when SE will be expecting new players and when these new players will need to secure their accounts. Also XIV isn't popular enough now for RMT/Hackers to target players with phishing website/keyloggers and all, in order to compromise their account and make profit (it's a business after all), so threat level is low, the need for a token is limited. Finally, current players most likely acquired a token if they wanted one.

Sure having an app on top of that would be more convenient etc. Then again, they are more important things to fix now, hence I hardly see anything coming before 2.0 hits.

[Delsus]

Well there is one, and you said it yourself "devs to work on it". It needs DEV time and really this is a super low priority at the moment...

It would makes more sense to me to have such an app ready for 2.0 release, when SE will be expecting new players and when these new players will need to secure their accounts. Also XIV isn't popular enough now for RMT/Hackers to target players with phishing website/keyloggers and all, in order to compromise their account and make profit (it's a business after all), so threat level is low, the need for a token is limited. Finally, current players most likely acquired a token if they wanted one.

Sure having an app on top of that would be more convenient etc. Then again, they are more important things to fix now, hence I hardly see anything coming before 2.0 hits.

I said app devs, they are completly differant people, people who write the apps, if they got the game devs to do it they would have to be trained, its not just write this code test find bugs and publish, you need to know how the platform works, which, unless they write apps in thier free time, the game devs don't.

SE dont have theier game devs and no one else, they need differant people, people who cannot write for the game to make the apps.

I have a security token, but I would use an app over it straight away and keep my current CE token as game memorabilia, the risk of loosing my token is too great to use it over an app.

Again it would not use up GAME DEVS time, it would use up APP DEVS time.

[RolandDebreton]

The phone that is able to download an app is by definition online and therefore can be hacked/compromised/etc. Your keychain can't.

Never underestimate the security of an air gap.

This guy - the point of the keyfob things is that they are not part of the grid.