Authenticator for iOS / Android

[Emulord]

Hello,

I find it very convenient to use my iPhone / Android Phone to connect to my Google Account, thanks to the app they have published on their respective stores.

It works the very same way than the SE token for FFXI/FFXIV, meaning it generates a personal 6-digit code every 30 secs. When using it for the first time, the computer client delivers you a unique key to type in the iPhone app, which will thus guaranty the uniqueness of the 6-digit codes displayed on each of the devices you will use.

Here's a screenshot of the app:


The main advantage - non counting the fact you can authenticate from anywhere at anytime, since the app doesn't use any Internet data - is that in case you lose your mobile phone, you can deactivate the app - actually, revoke the codes it will generate - in favor of another one.

Why not adopting such a system in place of the current authenticators, and in the mean time get rid of the limiting factors of the battery and risks of loss/forgetting/breakage. How annoying it is not to be able to play for a month, because you forgot to take the little gadget with you (talking of my own experience), or to be obliged to contact SE when you've run out of battery...

Wouldn't it be a logical evolution of SE's technology?

_________________________________

Edit 1: The iPhone app IS offline, and it's easy for you to set a password on your phone to prevent intruders to access it. I don't know Android well, but on iOS, there isn't a lot a threats other than the acquaintances who can physically touch your terminal for the moment.

Edit 2: Would use a smartphone people who'd be able/want to. It is out of the question to make the classical tokens that still work useless, or even to stop further production, they still prove they can keep accounts secure.

[Churchill]

The Security Token is nothing more than a way for SE to get more money. It doesn't actually provide additional security because in order to remove it, all you need to do is have the security code from the back of ANY token - not the token actually linked to the account.

If SE actually cared about account security, they would use a system such as this like Blizzard uses, but they do not. They care about getting an extra 20$.

[Gokulo]

The Security Token is nothing more than a way for SE to get more money. It doesn't actually provide additional security because in order to remove it, all you need to do is have the security code from the back of ANY token - not the token actually linked to the account.

If SE actually cared about account security, they would use a system such as this like Blizzard uses, but they do not. They care about getting an extra 20$.

Hmm, but don't you remove the token after logging on the account? Which would mean you still need to proper one.

[Elexia]

The Security Token is nothing more than a way for SE to get more money.

The company I work for uses them too, so clearly they're just a money grab. Clearly.

[Ingolf]

The company I work for uses them too, so clearly they're just a money grab. Clearly.

Not every security token system is built equally.

SE's security token system is painfully easy to remove, I'm hoping "The company you work for" doesn't have similar issues.

And yeah, I agree with an Android / iOS authenticator. More and more people are doing it.

[Elexia]

Not every security token system is built equally.

SE's security token system is painfully easy to remove, I'm hoping "The company you work for" doesn't have similar issues.

They use the same token (Vasco), it's easily removed on SE's end because people would bitch if it wasn't easy to remove. You should know that by now.

[Ingolf]

They use the same token (Vasco), it's easily removed on SE's end because people would bitch if it wasn't easy to remove. You should know that by now.

Hence: "Not every security token system is built equally.".

I'm aware a lot of organisations use Vasco security tokens, but the system behind it is down to the company using it.

It's a bad decision on SE's part, and goes against the fundamentals of the ideal behind a security token. (not that surprising seeing as it's XI and XIV)

[Coldfire]

I got my token with the CE. But it's true that it has... "issues" xD
But having the generator on a smartphone would be an even worse idea. While it is a bit more convenient, it also opens new ways for others to steal your account. Nowadays smartphones are targeted by trojans alot. The safest key/TAN-generator is offline.

[Emulord]

I got my token with the CE. But it's true that it has... "issues" xD
But having the generator on a smartphone would be an even worse idea. While it is a bit more convenient, it also opens new ways for others to steal your account. Nowadays smartphones are targeted by trojans alot. The safest key/TAN-generator is offline.

The iPhone app IS offline, and it's easy for you to set a password on your phone to prevent intruders to access it. I don't know Android well, but there isn't a lot a threats of this kind on iOS for the moment.

[Norack]

The iPhone app IS offline, and it's easy for you to set a password on your phone to prevent intruders to access it. I don't know Android well, but there isn't a lot a threats of this kind on iOS for the moment.

But it is attached to a foreign hardware device. Even if it never goes online, there are hundreds if not thousands of other ways to steal it. Blizzard is able to do it cause they have the money needed for forensic and security specialists and I doubt SE has that kinda money anymore.