Authenticator for iOS / Android

[Emulord]

Hello,

I find it very convenient to use my iPhone / Android Phone to connect to my Google Account, thanks to the app they have published on their respective stores.

It works the very same way than the SE token for FFXI/FFXIV, meaning it generates a personal 6-digit code every 30 secs. When using it for the first time, the computer client delivers you a unique key to type in the iPhone app, which will thus guaranty the uniqueness of the 6-digit codes displayed on each of the devices you will use.

Here's a screenshot of the app:


The main advantage - non counting the fact you can authenticate from anywhere at anytime, since the app doesn't use any Internet data - is that in case you lose your mobile phone, you can deactivate the app - actually, revoke the codes it will generate - in favor of another one.

Why not adopting such a system in place of the current authenticators, and in the mean time get rid of the limiting factors of the battery and risks of loss/forgetting/breakage. How annoying it is not to be able to play for a month, because you forgot to take the little gadget with you (talking of my own experience), or to be obliged to contact SE when you've run out of battery...

Wouldn't it be a logical evolution of SE's technology?

_________________________________

Edit 1: The iPhone app IS offline, and it's easy for you to set a password on your phone to prevent intruders to access it. I don't know Android well, but on iOS, there isn't a lot a threats other than the acquaintances who can physically touch your terminal for the moment.

Edit 2: Would use a smartphone people who'd be able/want to. It is out of the question to make the classical tokens that still work useless, or even to stop further production, they still prove they can keep accounts secure.

[Churchill]

The Security Token is nothing more than a way for SE to get more money. It doesn't actually provide additional security because in order to remove it, all you need to do is have the security code from the back of ANY token - not the token actually linked to the account.

If SE actually cared about account security, they would use a system such as this like Blizzard uses, but they do not. They care about getting an extra 20$.

[Coldfire]

I got my token with the CE. But it's true that it has... "issues" xD
But having the generator on a smartphone would be an even worse idea. While it is a bit more convenient, it also opens new ways for others to steal your account. Nowadays smartphones are targeted by trojans alot. The safest key/TAN-generator is offline.

[Gokulo]

The Security Token is nothing more than a way for SE to get more money. It doesn't actually provide additional security because in order to remove it, all you need to do is have the security code from the back of ANY token - not the token actually linked to the account.

If SE actually cared about account security, they would use a system such as this like Blizzard uses, but they do not. They care about getting an extra 20$.

Hmm, but don't you remove the token after logging on the account? Which would mean you still need to proper one.

[Emulord]

I got my token with the CE. But it's true that it has... "issues" xD
But having the generator on a smartphone would be an even worse idea. While it is a bit more convenient, it also opens new ways for others to steal your account. Nowadays smartphones are targeted by trojans alot. The safest key/TAN-generator is offline.

The iPhone app IS offline, and it's easy for you to set a password on your phone to prevent intruders to access it. I don't know Android well, but there isn't a lot a threats of this kind on iOS for the moment.

[Elexia]

The Security Token is nothing more than a way for SE to get more money.

The company I work for uses them too, so clearly they're just a money grab. Clearly.

[Seig345]

If it's really all about the money, they could charge their $20 for the app... Granted, I don't recall BW or Blizzard charging for their authenticator apps, but I'd still pay to have an SE one. I'm not really concerned about the battery life, I Just always happen to have my iPod touch with me.

My authenticator is from back when FFXI gave you that mog satchel for registering an authenticator to your account, it's been through the wash at least once, and it still works. On top of that, I have the spare one from the FFXIV CE still in its little plastic wrap >_>

[yukikaze_yanagi]

If it's really all about the money, they could charge their $20 for the app... Granted, I don't recall BW or Blizzard charging for their authenticator apps, but I'd still pay to have an SE one. I'm not really concerned about the battery life, I Just always happen to have my iPod touch with me.

My authenticator is from back when FFXI gave you that mog satchel for registering an authenticator to your account, it's been through the wash at least once, and it still works. On top of that, I have the spare one from the FFXIV CE still in its little plastic wrap >_>

you pay for the phisical blizzard authenticator, but not the ios/android :|| btw a SE mobile authenticator is already in the air

[Ingolf]

The company I work for uses them too, so clearly they're just a money grab. Clearly.

Not every security token system is built equally.

SE's security token system is painfully easy to remove, I'm hoping "The company you work for" doesn't have similar issues.

And yeah, I agree with an Android / iOS authenticator. More and more people are doing it.

[Elexia]

Not every security token system is built equally.

SE's security token system is painfully easy to remove, I'm hoping "The company you work for" doesn't have similar issues.

They use the same token (Vasco), it's easily removed on SE's end because people would bitch if it wasn't easy to remove. You should know that by now.