City of Heroes: Live Forum Archive

Would you use an authenticator fob?

Aggelakis

By Aggelakis,
Posted on: 2010-01-09 11:59 in CoH and CoV General Discussions

 

Posted

Quote:
Originally Posted by KaliMagdalene View Post
Account stealers are becoming more aggressive and clever all the time. It's way too simplistic to just say that everyone whose account is stolen is stupid.
It's never too simplistic to consider that option.

 

Posted

My boyfriend and I got WoW authenticators after he had his account hacked by gold farmers. We are very careful with our passwords. Not to mention he uses that particular password ONLY for WoW, and I'm the only other person who knows it. We're not security noobs, and it happened to him. So yeah, we got our authenticators (if you buy from Blizzard, there is no shipping charge, regardless of where you live, btw, you only pay for the authenticator itself) immediately.

The day NCsoft/Paragon offers an authenticator, I'll be buying three (for my two accounts and one for him) without hesitation, regardless of the fact that City has far, far less hacking going on. Besides being more secure, it's giving money to the game and company I love.

Paragon Wiki: http://www.paragonwiki.com
City Info Terminal: http://cit.cohtitan.com
Mids Hero Designer: http://www.cohplanner.com
Quote:
Originally Posted by Dispari View Post
I don't know why Dink thinks she's not as sexy as Jay was. In 5 posts she's already upstaged his entire career.

 

Posted

Quote:
Originally Posted by Lazarus View Post
It's never too simplistic to consider that option.
Give that said option is blatantly false, though...

What I mean is, I've seen all kinds of people lose their accounts - people who screw up, people who lock their machines down as much as possible, people who may very well be stupid, people who are quite intelligent. The fact is that the people who steal accounts are working very hard at it, and they're not all stupid. Aggelakis' story is one I've heard way too many times.

Elsegame: Champions Online: @BellaStrega ||| Battle.net: Ashleigh#1834 ||| Bioware Social Network: BellaStrega ||| EA Origin: Bella_Strega ||| Steam: BellaStrega ||| The first Guild Wars: Kali Magdalene ||| The Secret World: BelleStarr (Arcadia)

 

Posted

Please don't think I'm arguing that this wouldn't make things harder to break into. That's not the case.

I just have a pet peeve about people who think that "additional layers of security" (in the non-specific sense) is some magic bullet. I've had to deal with buzzword-chugging, executive-level "I command it and it is thus, and if I buy *insert product*, I'll be secure" CISSP-types frequently over the last decade and more and I can't decide which I hate worse. Them or lawyers. Maybe I should throw them all together in a Battle Royale style deathmatch, then shoot the victor.

Still, would I make use of this if it were made available for Co*? Probably. Not sure that NCSoft and Paragon could justify the expense of melding it into their infrastructure though.


Clicking on the linked image above will take you off the City of Heroes site. However, the guides will be linked back here.

 

Posted

Quote:
Originally Posted by Hyperstrike View Post
Still, would I make use of this if it were made available for Co*? Probably. Not sure that NCSoft and Paragon could justify the expense of melding it into their infrastructure though.
I'm thinking that if they did consider going this route most of the burden of that cost would go to Aion, rather than Paragon and CoH. At that point, it may be a little easier for our devs to integrate its use into our game if it's something that NC puts in anyways for Aion and GW.


 

Posted

Quote:
Originally Posted by Darkfaith View Post
I'm thinking that if they did consider going this route most of the burden of that cost would go to Aion, rather than Paragon and CoH. At that point, it may be a little easier for our devs to integrate its use into our game if it's something that NC puts in anyways for Aion and GW.
Actually, since the authentication method belongs to NCSoft themselves, it'd be applicable to any and all games that use NCSoft authentication.


Clicking on the linked image above will take you off the City of Heroes site. However, the guides will be linked back here.

 

Posted

Some good points, and some silly ones.

Hyperstrike makes a good point, that it's not going solve the problem but the best analogy to that is making sure you lock your car. A car thief is going go home with a car that's not his, just make sure he's not going to go home in yours.

The simplest way for NCSoft to implement this would be to make it part of a pack with a shiny badge, a useful power (a la Jump Pack, Sands of Mu etc etc) and a months game time all for $12.99 or the other equivalents.

Then anyone who's genuinely into the game will get it and they will be a lot more secure than those who don't.

I'm personally not in favour of mandatory enforcement - I believe in personal choice but if it's readily implementable for a low cost and can do something cool for your characters, the go for it!


"You got to dig it to dig it, you dig?"
Thelonious Monk

 

Posted

Quote:
Originally Posted by KaliMagdalene View Post
What I mean is, I've seen all kinds of people lose their accounts - people who screw up, people who lock their machines down as much as possible, people who may very well be stupid, people who are quite intelligent. The fact is that the people who steal accounts are working very hard at it, and they're not all stupid. Aggelakis' story is one I've heard way too many times.
But that seems rather circular and a bit contradictory to me. Either:
  1. Criminals are working hard enough to surmount any security the devs tack on, fobs included. In which case fobs are of doubtful use.
  2. What's really needed for any security system is vigilence. Unfortunately this is not found in equal measure among all users, clever or not.

"Civilization advances by extending the number of important operations which we can perform without thinking of them."

 

Posted

Quote:
Originally Posted by synthozoic View Post
But that seems rather circular and a bit contradictory to me. Either:
  1. Criminals are working hard enough to surmount any security the devs tack on, fobs included. In which case fobs are of doubtful use.
  2. What's really needed for any security system is vigilence. Unfortunately this is not found in equal measure among all users, clever or not.
I seem to recall the key to security is an appearance of being more secure than any expected value for breaking in.

So if someone really wants in and they have the ability they will get in but how much security do we need for our game before they wouldn't bother?

total kick to the gut

This is like having Ra's Al Ghul show up at your birthday party.

 

Posted

If they came out with phone apps for it, I would choose to use it. Watches, keychains... those all I lose and lose often. My iPhone? Always by my side.

I would not mind it as an option.

Orc&Pie No.53230 There is an orc, and somehow, he got a pie. And you are hungry.
www.repeat-offenders.net

Negaduck: I see you found the crumb. I knew you'd never notice the huge flag.

 

Posted

Quote:
Originally Posted by synthozoic View Post
But that seems rather circular and a bit contradictory to me. Either:
  1. Criminals are working hard enough to surmount any security the devs tack on, fobs included. In which case fobs are of doubtful use.
  2. What's really needed for any security system is vigilence. Unfortunately this is not found in equal measure among all users, clever or not.
Token code generators are currently used in many business banking situations where a single login can authorize huge monetary transfers, such as payroll transfers. If the generators were cracked in any way but the trivial (i.e. stealing the token, disabling the requirement for a token at the server-side, or stealing the token seed records) I would know about it.

"Everything is breakable" is just as silly a position as "my security is unbreakable." There's breakable in theory, and there's breakable in practice. At the moment, I have no problem stating that token code generators and challenge-response tokens are, if implemented cryptographically correctly, impervious to password harvesting attacks. The level and nature of the skill required to break the tokens through monitoring alone is so high its literally of national security significance.

[Guide to Defense] [Scrapper Secondaries Comparison] [Archetype Popularity Analysis]

In one little corner of the universe, there's nothing more irritating than a misfile...
(Please support the best webcomic about a cosmic universal realignment by impaired angelic interference resulting in identity crisis angst. Or I release the pigmy water thieves.)

 

Posted

Quote:
Originally Posted by synthozoic View Post
But that seems rather circular and a bit contradictory to me. Either:
  1. Criminals are working hard enough to surmount any security the devs tack on, fobs included. In which case fobs are of doubtful use.
  2. What's really needed for any security system is vigilence. Unfortunately this is not found in equal measure among all users, clever or not.
This is a false dilemma. 1. is false because whatever the criminals are doing, they can't just crack the fobs which are external to your computer. Most of what they're doing to break into your account is focused on invading your computer, not your keychain.

You're manufacturing something here that I did not argue.

Elsegame: Champions Online: @BellaStrega ||| Battle.net: Ashleigh#1834 ||| Bioware Social Network: BellaStrega ||| EA Origin: Bella_Strega ||| Steam: BellaStrega ||| The first Guild Wars: Kali Magdalene ||| The Secret World: BelleStarr (Arcadia)

 

Posted

Quote:
Originally Posted by synthozoic View Post
But that seems rather circular and a bit contradictory to me. Either:
  1. Criminals are working hard enough to surmount any security the devs tack on, fobs included. In which case fobs are of doubtful use.
  2. What's really needed for any security system is vigilence. Unfortunately this is not found in equal measure among all users, clever or not.
Well, it's like the two campers who see a bear charging toward them. One pauses to put on his sneakers.
"What good are your sneakers? You can't outrun a bear."
"I don't have to outrun the bear. I only have to outrun you."

Yeah, SOMEONE is always going to get hacked. But it can be made to happen to less people. And things YOU do can make it less likely to happen to YOU.

Paragon City Search And Rescue
The Mentor Project

 

Posted

Quote:
Originally Posted by Rajani Isa View Post
If they came out with phone apps for it, I would choose to use it. Watches, keychains... those all I lose and lose often. My iPhone? Always by my side.

I would not mind it as an option.

good job your balls are in a bag then


"You got to dig it to dig it, you dig?"
Thelonious Monk

 

Posted

Quote:
Originally Posted by Ironblade View Post
Well, it's like the two campers who see a bear charging toward them. One pauses to put on his sneakers.
"What good are your sneakers? You can't outrun a bear."
"I don't have to outrun the bear. I only have to outrun you."

Yeah, SOMEONE is always going to get hacked. But it can be made to happen to less people. And things YOU do can make it less likely to happen to YOU.
Hahaha, win.

Elsegame: Champions Online: @BellaStrega ||| Battle.net: Ashleigh#1834 ||| Bioware Social Network: BellaStrega ||| EA Origin: Bella_Strega ||| Steam: BellaStrega ||| The first Guild Wars: Kali Magdalene ||| The Secret World: BelleStarr (Arcadia)

 

Posted

I would snap up a hardware authenticator fob in a minute. Anyone who thinks "only stupid people get hacked," is a bloody fool. Sure, there's methods you can take to minimize the risk of being hacked, but the risk is always there, and growing.

On the other hand, if the authenticator fob is software based, I'd have to skip it as I don't use a smartphone.

@Celestial Lord and @Celestial Lord Too