Get a Token!!!

[ReplicaX]

You forgot using same username and password on other websites. Remember then Curse Aion got hacked? lots of Aion magically got hacked due to users using same password!

Yes, this as well, thank you.

Many corporations and banks use security tokens now as an extra layer of security. These corporations also have IT professionals keeping their networks and user end machines protected. At home its your responsibility to keep your computer protected.

[HurtigeKarl]

Not sure which it was, was probably a app token.

Anyway, you shouldn't really need a token if S-E just had decent security.

You should be able to bind it to specific country, or specific IP adress like ???.???.*.*, have the 2 last once there as most have dynamic adresses. That would stop over 90% of hacked accounts I think.

Proxys bypass the "specific country" counter-measure, specific ips won't work for those who have dynamic adresses. So I am guessing your suggestion wouldn't even stop 1% of the hacked accounts.

[Amberion]

Proxys bypass the "specific country" counter-measure, specific ips won't work for those who have dynamic adresses. So I am guessing your suggestion wouldn't even stop 1% of the hacked accounts.

It's actually harder for them to get your IP then password. And that is what is needed with country lock. There is a lot of mail services that has that as an option, and it has reduced hacked e-mail accounts.

And as for dynamic addresses, I suggest you reread my post. I did not suggest to lock it to entire IP address, only the first 2 parts. Not sure if any operator has larger range then those last 2 for dynamic range.

[ispano]

Not sure which it was, was probably a app token.

Anyway, you shouldn't really need a token if S-E just had decent security.

The problem is you think that SE having Iron clad security on their end would solve the problem, it will not. Almost every single compromised account, has nothing to do with SE, at all. People think that the company can just lock everything down tight and it will be ok, but that's 100% false. If the user does not use strong passwords, different passwords for different sites, especially email, they are literally opening themselves up to have something compromised. Attackers don't typically "hack" the Companies database to get login info, it's almost always easier to compromise the user's security. That's why they suggest a token, because even if you use a crummy password, your security goes way up.

Security of online accounts, of any kind, be it games or otherwise, is a two part deal. The company has to keep their servers and such secure, which so far SE seems to be doing. The other half is the USER needs to keep their credentials secure. This is almost always where the failing is. The user. SE is even telling people things they can do, some companies don't even OFFER a token, which is about as secure as you can get without taking your computer off the net completely.

[Cienna]

I was going to say...the physical token is a Citrix key similar to the one i use for work so unless they can physically obtain my serial number from it im sure im safe....I heard those with software/app tokens getting hacked but thats about it

Physical tokens have been compromised before ever hear of SecureID or Blizzard: http://www.secureworks.com/cyber-thr...rsacompromise/
more on the SecureID/RSA fiasco http://www.securenvoy.com/blog/2012/...logy-turnpike/
Blizzard tokens: http://www.cinemablend.com/games/Bli...ked-42909.html

The SecureID one was HUGE. Lots of businesses used it. They weren't visiting dodgy sites either. So the token is nice, but not 100% protected. Just ask those millions affected by SecureID.

[BakaChin]

Physical tokens have been compromised before ever hear of SecureID or Blizzard: http://www.secureworks.com/cyber-thr...rsacompromise/
more on the SecureID/RSA fiasco http://www.securenvoy.com/blog/2012/...logy-turnpike/
Blizzard tokens: http://www.cinemablend.com/games/Bli...ked-42909.html

The SecureID one was HUGE. Lots of businesses used it. They weren't visiting dodgy sites either. So the token is nice, but not 100% protected. Just ask those millions affected by SecureID.

I do understand its not 100% safe but it will help protect against hacks which is the main point im trying to portray, if you are responsible about your own protection then you will get one and not just rely on chance that SE will always be secure, your security is your own responsibility

[HiirNoivl]

I agree that Keychain Token is best.

[Snooj]

I'd love to get a token, really I would. But SE is making that near impossible.

I've since lost the token from 1.0. After much run around, SE finally lifted the restriction so I could log in without one. However, it's still listed as registered in SE's account management. So when I tried to add my new token, it wants me to manually remove the old token. To do that, I need a one time password from the old token. Thus, I can't use a token at all.

[BakaChin]

I'd love to get a token, really I would. But SE is making that near impossible.

I've since lost the token from 1.0. After much run around, SE finally lifted the restriction so I could log in without one. However, it's still listed as registered in SE's account management. So when I tried to add my new token, it wants me to manually remove the old token. To do that, I need a one time password from the old token. Thus, I can't use a token at all.

Im sure there was a thread around saying you will need to get the OTP reset by SE...which means calling them to verify your details...it is also handy to keep a record of the OTP someone secure...just like all passwords you should keep these details safe

[Snooj]

Im sure there was a thread around saying you will need to get the OTP reset by SE...which means calling them to verify your details...it is also handy to keep a record of the OTP someone secure...just like all passwords you should keep these details safe

Thing is, I did call them. I sent in tickets. I did several chats. Basically, for me at least, contacting them only let me log in but not remove the registered security token. I'll probably try this again in the future, but considering how long the process took before and how they couldn't help then, I don't know if things will necessarily change.