Page 2 of 2 FirstFirst 1 2
Results 11 to 13 of 13
  1. #11
    Player
    Arrhin's Avatar
    Join Date
    Dec 2018
    Location
    Ul'dah
    Posts
    470
    Character
    Arrhin Terremiaux
    World
    Zalera
    Main Class
    Scholar Lv 90
    Quote Originally Posted by Canadane View Post
    2FA wouldn't have prevented a situation like this when you log into a phishing site, which 99% of these cases are. You'd have just entered your OTP and thought you were logging in like normal. The hacker would have logged into your account all the same.
    Not without the code from the physical token, or the app. The hacker would not have been able to remove the token, nor log in. 2FA isn't fool proof but it isn't as simple as "get password, log in". This is precisely what 2FA is designed to prevent as far as I know.

    (Edit for clarity) The code I'm referring to is the on printed on the back of the physical token, or the one generated by the app when it is registered. This is needed to remove 2FA from the account. SE will remove it if reported lost or stolen, though I cannot say what the process there is but I would hope it is extensive in regards to confirming the legitimate account holder.
    (1)
    Last edited by Arrhin; 02-22-2022 at 10:24 AM.
    Don't touch me there

  2. #12
    Player
    Arrhin's Avatar
    Join Date
    Dec 2018
    Location
    Ul'dah
    Posts
    470
    Character
    Arrhin Terremiaux
    World
    Zalera
    Main Class
    Scholar Lv 90
    Quote Originally Posted by AndreD69 View Post
    Like to add. From my other accounts else where like Steam for example. I receive email right away with code to type in on STEAM if it be unfamiliar PC or cell app IP trying to activate my account. Another site gives me txt msg with a code to confirm account access. Without either no other person can get in my accounts. WITH SE YOU GET NEITHER OF THESE OPTIONS.

    Only notice i had was a email, that a security software was activated on my account. I had to send ticket to SE and that took 2hrs. In those 2hrs the damage was done. For whoever it was who hacked me used that software app to lock me out of my account. I prefer to have notice right away on such action against my account. Instead of waiting on support when they decide to respond. Anyways it don't matter. My faith/loyalty is lost with SE and i will continue playing till my sub runs out. Afterwards i may take a long hiatus from the game. If i go that route I give everything i have to my current FC, then will remove myself from it so it will not happen again.
    This is a valid point, and something SE really needs to get on point with. ANY login from a new device or location should provide a notification on a trusted device. They should also prevent login UNTIL IT IS CONFIRMED OK ON THE TRUSTED DEVICE. This would put them in line with other services as you rightly point out.
    (2)
    Don't touch me there

  3. #13
    Player
    Hashberry's Avatar
    Join Date
    May 2019
    Posts
    19
    Character
    Mischa Hashb'ry
    World
    Excalibur
    Main Class
    Dancer Lv 69
    The two factor authentication is pretty powerful against stuff like this. If you did get caught up and accidentally logged into a fake account, they have literal seconds to use that same code to get into your account. You also would have known to be suspicious if the fake site DIDN'T ask for your auth, because SE always does.

    Most gaming companies aren't willing to play ball with this, because of the examples listed above. You can prove someone from Bulgaria accessed your account, and you don't live in Bulgaria. You can't prove it wasn't you, because of VPNs. You can't prove you didn't give someone the password so that they could get the gil and then you demand it be returned. Whatever gil was released into the economy is simply gone. It really sucks and it's awful this happened to you, but gaming companies are used to being scammed in these situations as well.

    When they offer extra security features, please use them. You can complain all you like that it's not the exact extra security measure(s) you want, but it likely would have prevented this. Petition/ask for more or different ones in the meantime, but don't cut off your nose to spite your face and not use what's available. SE isn't the bad guy here for upholding their rule, especially when there was at least 1 tool in place from them to help prevent it.
    (0)

Page 2 of 2 FirstFirst 1 2