Why Do We Not Have an Authenticator Yet?

Those authenticators are generally just little doo-dads to make you feel more secure. What we really need are authenticators that jab your finger for a tiny bit of blood and run a DNA scan before allowing you to log on. If you have an evil twin this won't be much use, but it's surefire for the rest of us.

Just to point out, that AFAIK, most if not all of the other MMO's that use an authenticator also have a an android/windows mobile/iphone equivilent. I dont know if they are necessarily suitable for multiple accounts, but as far as i can tell, as long as you have one authenticator, you can use them across *all* of your accounts (once you have linked the hardware to each account).

Also, the authenticator has *not* been essential for the other MMO's... infact more people probably use the android/iphone version instead of the actual keyfob version.

Side note: I find it quite strange that each authenticator can cost *so* much (i would assume that the price quoted above was on "small orders" of keyfobs... small being 1000 units or less).

Side note 2: The only MMO that i have seen actually release with a keyfob authenticator in a box is the recent big space sword wielding one, and that was only in the Collectors Edition (the £130 cost) version.

Does any game that NCSoft runs use an authenticator? If there isn't one, there's your answer.

Bear in mind, what people get by stealing account login is not generally the same thing as what they get by hacking the game service.

When they get your personal account or game authentication information, they have access to your account info and/or virtual goods. Last time I checked, the NCSoft North America account management site did not display my whole credit card number. Mostly, achieving this level of access gives them access to your characters and those characters' inventories. CoH is not high on the list of MMOs where you can sell those goods for lots of money. It's not proof it will never happen, but other more populous games are likely better targets from a profit/time perspective.

If the attackers penetrate the NCSoft back-end, having a client authenticator does nothing for us. They can steal personal account details in bulk, and if they are not sensibly encrypted, this can be used for identity theft. This is (normally) harder to pull of, but also vastly more potentially profitable in the real-world for the attackers. Getting all our game login information is a pittance compared to getting our personal, real-world information.

The value for NCSoft in adding client account protection to CoH in particular seems low, and conceivably would be negative. If they added it to all their titles (and they have some big ones that seem like they might be juicier targets) it might make sense for NC to bundle CoH in with it. Otherwise, it seems likely to be overkill.

Also, a reason for the account hacking is 'things that can be sold for people who want to buy gold'.

The goldfarmers haven't been particularly successful in CoX that I can tell. There was a burst of them back when free trials were first enabled, and you occasionally see one spam the Help channel these days, but it's so easy for someone to aquire a valuable-on-the-market recipe and get more than enough influence to keep them in SOs there's not a whole hell of a lot of a point.

Authenticators help but they aren't a silver bullet. You see a lot of account hacking in WoW even WITH authenticators because World of Warcraft has millions of subscribers and is a very juicy target for hackers and spammers. City of Heroes is much smaller and the Paragon Shop quite possibly satisfies many of the people who DO like to pay-to-win.

It's not security through obscurity, it's just the simple logic that you don't mug the gradeschooler for their five bucks of lunch money when there's a bank across the street.