Announcement

Collapse

READ THIS BEFORE POSTING IN THIS FORUM!

In order to properly organize all the questions in to an appropriate list for the administration team to compile in to a list to be submitted to Square Enix, please post ONE QUESTION PER THREAD ONLY!

If you are not asking a question, do NOT post a thread, please take your discussions elsewhere. If you wish to comment on a question, or provide an answer to a question, please post a reply, but any questions inside a thread that is not the first post of the thread will be ignored.

For the subject line, please put one of the things:
A.) Put the question in the subject line and the message.
OR
B.) If the question is too long, put part of the question and then repeat the entire question in the post.

Please make sure a thread with the same question does not already exists, or your thread may be merged or deleted.

Threads that do not conform to these rules may be overlooked and not added to the list to be submitted to SquareEnix.

Disclaimer: Things subject to change without notice, especially if SquareEnix decides to change it on us.

Thank you,
AKosygin
FFXIOnline.com Moderation and Administration Team
See more
See less

Do we really need to buy a security token?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Re: Do we really need to buy a security token?

    No, it's inferior. A cell phone is not a secure device, the cell network is not a secure transmission medium.

    The SecureID token is a secure device and since you only send what it displays (and have 30s to do so) instead of the server sending and you sending it back saying you got it making the insecurity of the transmission medium (internet) irrelevant.

    It also doesn't cost me 10 cents every time I want to use it.
    I use a Mac because I'm just better than you are.

    HTTP Error 418 - I'm A Teapot - The resulting entity body MAY be short and stout.

    loose

    Comment


    • #17
      Re: Do we really need to buy a security token?

      wow, I see no point in this entire thread.Thank you for the "bullshit", paranoia, and pointlessness of this. It is helping me get through my day.

      ps, I think is funny when some people dive to deep into a issue or problem trying to find something that dosnt exist. Reminds me of all women.
      Originally posted by Raydeus

      Other than that the only thing I'd like to see is SE changing Homam so RDM can use it, but the chances of that happening are the same as those of me winning the Mog bonanza.

      Comment


      • #18
        Re: Do we really need to buy a security token?

        Originally posted by Mhurron View Post
        A cell phone is not a secure device, the cell network is not a secure transmission medium.
        Yes, but at the same time, a keyfob isn't secure either; it can be stolen.

        For the purposes of what we are discussing, the security effect is practically the same. Anyone with the means to monitor your cell phone transmissions could easily just physically steal the account for you.

        I'm not doubting that the keyfob is more secure if you're working on some sensitive government project or the like, but with FFXI's account/login system, I do not see how it is any significantly worse for security.

        On your ten cents comment, I already explained that people without unlimited data plans would probably be better off buying the token. Some of us already use the $5-15 a month our providers charge us for that, and it's free to use the cell phone system compared to the token. For those that don't, of course the token saves money in the long run.

        Comment


        • #19
          Re: Do we really need to buy a security token?

          Originally posted by Feba View Post
          Yes, but at the same time, a keyfob isn't secure either; it can be stolen.

          For the purposes of what we are discussing, the security effect is practically the same. Anyone with the means to monitor your cell phone transmissions could easily just physically steal the account for you.
          Is it easier to "monitor your cell phone transmission" or to break into someones home to steal a video game keyfob?


          I am sorry but I am still trying to grasp what the actually issue is.
          Originally posted by Raydeus

          Other than that the only thing I'd like to see is SE changing Homam so RDM can use it, but the chances of that happening are the same as those of me winning the Mog bonanza.

          Comment


          • #20
            Re: Do we really need to buy a security token?

            Originally posted by Amberly View Post
            Is it easier to "monitor your cell phone transmission" or to break into someones home to steal a video game keyfob?
            I would say break into someone's home. I could do that with nothing more than items you'd find in a backyard.

            Originally posted by Amberly View Post
            I am sorry but I am still trying to grasp what the actually issue is.
            1: Problem: SE's Security Token requires money, thus discouraging people from using it.
            Potential solution: Cell phone SMS are free for those with unlimited texting plans, and vary in cost for others, and use hardware people already have to provide more people with a secure service.

            2: Problem: The Mog Satchel is ONLY available to people with a Security Token. This reeks of RMT at best.
            Potential solution: Using an SMS system (again, as an ALTERNATIVE to the token, not a substitute) would allow people to get practically the same security benefit at no cost, and thus disprove the notion that the Mog Satchel is PAID for with cash, instead of a BENEFIT to using enhanced security.

            Those are the big two. I'm uneasy enough about the Mog Satchel requiring you to buy anything, but if it were for a security thing that people can get without paying any money to SE (whatever else it may cost, the importance of RMT is who makes money off it, not how much the end user pays) I'd be fully behind it. That's exactly what this provides-- the same practical benefit of security, without the spectre of RMT. Not only would it open up the security benefits to people where it would be free instead of $10, but it could actually improve sales of things like the security token; people that have been concerned about supporting further in-game benefits for real world money would have that fear dissuaded (at least for the token), and not worry nearly so much about buying it.

            Comment


            • #21
              Re: Do we really need to buy a security token?

              Originally posted by Feba View Post
              I would say break into someone's home. I could do that with nothing more than items you'd find in a backyard.


              1: Problem: SE's Security Token requires money, thus discouraging people from using it.
              Potential solution: Cell phone SMS are free for those with unlimited texting plans, and vary in cost for others, and use hardware people already have to provide more people with a secure service.

              Missed my point about the breaking in thing. I know it is easy to break into someones home. The point was that to break into someones home to steal the token for a video game is what I was trying to say. If you, or anyone else, broke into someones home, the security token would not be the first thing on your/my mind to steal from that house. TV's, Computers, jewlery, etc would be what anyone would steal. It is highly unlikely you would have someone do a B & E (thank you Dane Cook) to get a video game RL item is all I am saying.

              The other part I want to address would be this issue with using the free SMS process you are talking about. For something that is suppossed to be a security item/code I would (if I were SE) want it to go through me and my products and not some other "3rd party" ways.

              Example: You have a Comcast email address. You want to use it through Outlook Express. You can if you want but we can not support something that is not a Comcast product. We offer Comcast.net as the source to get your emails but you are more than welcome to use w/e 3rd party you want but we will not be involved.

              This is kinda what we are talking about and I can see what your saying. If it was emails we are talking about then sure but its not. This is a SECURITY code and needs to go by the correct channels to provide the insurance of it being secure since it was under the wing of SE all the way.


              Sorry for that but I thought I would give my 10 cents as well.
              Originally posted by Raydeus

              Other than that the only thing I'd like to see is SE changing Homam so RDM can use it, but the chances of that happening are the same as those of me winning the Mog bonanza.

              Comment


              • #22
                Re: Do we really need to buy a security token?

                I only wish I could get the Satchel without the Token. I'm currently only playing XI on 360. I plan to only play XIV on my PS3. I don't log onto the LS Beta at all. Ergo, I'm not in any pressing danger from trojans and account jacking. The only game whose account is in any potential danger is my LotRO one, and maybe my PSU one if I ever played it more than a month at a time.

                And as I was mumbling about somewhere else, my account is actually in my younger brother's name. Years ago, when we started, he was the one who bought the HDD. Their PS2 would not read 'colored' discs anymore, so they used mine. He didn't play very long before he got bored of the game, so it was passed to me, since he was only level 10, and it was my console. I deactivated his ID, made my own, and there's Telera, and Caeryn, and my mule. That's it. It's been 'mine' for 4+ years now. But I'm not sure I can even make a SE account in my name and link it to it, since that's in his. And if there's ever any actual issues with the Token, I could never get them resolved without contacting him first. This won't be an issue in XIV, but it's an issue in XI, and I am so not fucking restarting this time-sucking game at this point.

                I'd love to have extra storage, but I see no point in adding hassle to my playing, and the potential need to have to be able to get in touch with him when the thing inevitably loses its battery or whatever. Just give me another way to get the satchel and I'll be fine.
                "If you keep me waiting much longer, it damn well better be the end of the Galaxy." ~ Kaidan

                ~There's gonna come a day, and I can't wait to see your face...~

                Comment


                • #23
                  Re: Do we really need to buy a security token?

                  Originally posted by Amberly View Post
                  Example: You have a Comcast email address. You want to use it through Outlook Express. You can if you want but we can not support something that is not a Comcast product. We offer Comcast.net as the source to get your emails but you are more than welcome to use w/e 3rd party you want but we will not be involved.
                  At the same time, though, it's quite possible that those emails are passing through the servers of other companies. For example, if I try to check my email at a random hotspot that doesn't use Comcast, that message is certainly passing through their system. Now, obviously, that mail is encrypted, where an SMS probably isn't. But then, an email can contain valuable information-- Even if it 'only' took a year to decrypt mail, that could still be very damaging. If you get an SMS in real time, you have a very short period of time to act on that.

                  Originally posted by Amberly View Post
                  If you, or anyone else, broke into someones home, the security token would not be the first thing on your/my mind to steal from that house.
                  I dunno about that. If you know someone plays a game, and you have their password (or they automatically enter it), breaking in and stealing a small plastic item that could be worth hundreds or thousands is a pretty sweet effort:reward ratio. The "best" case scenario in this case would be someone who has their password automatic on their laptop, and keeps it right next to the security token. Go in, go to the laptop, grab it and the token, get out. That could easily be upwards of a thousand dollars, depending on the value of the account/items/hardware. Sounds silly, but then pretty much everything related to RMT does.

                  Comment


                  • #24
                    Re: Do we really need to buy a security token?

                    So you really think that someone would steal the token and that would be on their "hit list" when they broke in? Well then that might be the reason we are not seeing eye to eye then.

                    The main point about the 3rd party (aka cell phone) is that you are having secure info traveling over something that is not under SE's wing. They can not tell you that it is secure b/c it leaves SE's hands when it is sent. So basicly defeats the purpose of a password.

                    To safe us both hassle and just repeating the same thing over and over, I say we just agree on having different matters of opinion.
                    Originally posted by Raydeus

                    Other than that the only thing I'd like to see is SE changing Homam so RDM can use it, but the chances of that happening are the same as those of me winning the Mog bonanza.

                    Comment


                    • #25
                      Re: Do we really need to buy a security token?

                      Originally posted by Feba View Post
                      I dunno about that. If you know someone plays a game, and you have their password (or they automatically enter it), breaking in and stealing a small plastic item that could be worth hundreds or thousands is a pretty sweet effort:reward ratio. The "best" case scenario in this case would be someone who has their password automatic on their laptop, and keeps it right next to the security token. Go in, go to the laptop, grab it and the token, get out. That could easily be upwards of a thousand dollars, depending on the value of the account/items/hardware. Sounds silly, but then pretty much everything related to RMT does.
                      Dammit so now the RMT are going to break into my house!? Well they won't be getting this laptop or my character either! *Throws the laptop on the floor and beats it with a baseball bat* NOW THE RMT WILL NEVER GET IT! *Laughs fiendishly*...Wait a minute how am I supposed to play the game now?



                      Anyways, I thought amberly was talking about some random person breaking into the house like for example my drug using next door neighbor who has a bunch of unsavory folks next door all the time. They'd be more interested in the laptop, the xbox, the playstation, my monitor, and probably my desktop (If they can lift the thing) than they would the security token that is laying right next to it. If the RMT start robbing houses then we seriously have a problem.
                      {New Sig in the works}
                      -----------------------
                      "There will come a day when the world will realize that Superman can no longer create miracles. If my name was Superman, that day would be today." 4/29/2009 - Me

                      Originally posted by Aksannyi
                      "Hello! 100+3 Leathercrafting, your materials, 5k! Mention code LTH74 for a special discount!" - they'd get blisted by everyone they sent that to.
                      Originally posted by Solymir
                      What do you have against Ants? Is iVirus some new Apple product?

                      Comment


                      • #26
                        Re: Do we really need to buy a security token?

                        I agree, the odds of a random person breaking into you house and stealing your token is rare. But its probably not any more unlikely than a person with all the equipment necessary to intercept cell phone calls and SMS messages finding a code being sent to you and knowing what the hell to do with it w/in the next 60 seconds.
                        I RNG 75 I WAR 37 I NIN 38 I SAM 50 I Woodworking 92+2

                        PSN: Caspian

                        Comment


                        • #27
                          Re: Do we really need to buy a security token?

                          Originally posted by Amberly View Post
                          So you really think that someone would steal the token and that would be on their "hit list" when they broke in?
                          Most burglars? Certainly not. However, if it was someone with knowledge of RMT, and knowledge of a person's character, it's definitely not hard to imagine. Especially if you can make it look like the token was simply misplaced, and not stolen.

                          Now, I don't think the chances of someone targeting your token are very high. But it has to be at least as high as your chance of having your SMSs sniffed and converted in real time. All a token theft takes is a deceitful 'friend' or family member, or even just some random person in your house.

                          Originally posted by Amberly View Post
                          The main point about the 3rd party (aka cell phone) is that you are having secure info traveling over something that is not under SE's wing. They can not tell you that it is secure b/c it leaves SE's hands when it is sent.
                          Oh please. That's like saying that the security token isn't secure because SE isn't god, and doesn't have an omnipotent control of physical reality. It's still really, really damn good, either way. If someone has the ability to A- Gain your password, B- Intercept your SMS messages, and C- Act on that information within a time frame of a minute (or two, or more), then they would definitely have the ability to simply hijack your account as it is.

                          And it's not really a matter of opinion. It's a matter of "Is there some serious problem with this method" (So far, the answers have been overwhelmingly "no"-- it's got its upsides and downsides, but the only real security issues are ones that aren't a real world concern for anyone who isn't employed by the government), and "if not, doesn't SE's refusal to implement this system point towards the Mog Satchel being purely RMT?".

                          Comment


                          • #28
                            Re: Do we really need to buy a security token?

                            You do realise that in order to use a "stolen" Security Tag you also need to know someone's SE Member password right? Whenever you log in with a Security Tag you need to input your SE Member password which cannot be saved to perfom an auto login and cannot be changed via POL by mean friends or family members and the password that is on the tag.

                            Really unless Mr Burglar who happens to know that the tag sitting on my computer desk is for a video game where me might make a few hundred dollars by selling my account to the Russians finds out my password all stealing the tag will do is make me unable to access my mog satchel until a replacement token arrives by mail. That and I get to laugh at Mr Burglar for not trying to steal my PS3, 360, Laptop, the PC itself, the TV or my guitar which granted only has two working pickups but would probably fetch more than the account itself anyway.
                            Rahal Gerrant - Balmung - 188 DRK
                            Reiko Takahashi
                            - Balmung - 182 AST, 191 BLM, 182 SCH, 188 SMN
                            Haters Gonna Hate



                            Comment


                            • #29
                              Re: Do we really need to buy a security token?

                              Originally posted by Feba View Post
                              1: Problem: SE's Security Token requires money, thus discouraging people from using it.
                              Potential solution: Cell phone SMS are free for those with unlimited texting plans, and vary in cost for others, and use hardware people already have to provide more people with a secure service.
                              Why should SE have to pay for two different systems doing the same thing when one is just more efficient in every possible way? If there are people playing this game who can't afford a one time only $10 purchase of a security based item, how in the hell are they actually playing this game? Even a 13 year old on mommy's credit card can scrounge up 10 bucks easy enough. The cost of the token is not an issue, so that removes the only real advantage of having the SMS system set up.

                              2: Problem: The Mog Satchel is ONLY available to people with a Security Token. This reeks of RMT at best.
                              Potential solution: Using an SMS system (again, as an ALTERNATIVE to the token, not a substitute) would allow people to get practically the same security benefit at no cost, and thus disprove the notion that the Mog Satchel is PAID for with cash, instead of a BENEFIT to using enhanced security.
                              No it does not reek of RMT, it's an incentive to those who were on the fence about the dangle. A free bonus to trick people into paying the 10 bucks for a more secure account. And if any other online SE game has a free incentive that can be accessed by having the Security Token, then that just means that 10 bucks I spent just got a little bit better. This is no more RMT then selling the Piano collection and having the Harpsichord included with it.
                              "I have a forebrain, my ability to abstract thoughts allow for all kinds of things" - Red Mage 8-Bit theater

                              Comment


                              • #30
                                Re: Do we really need to buy a security token?

                                Totally off topic, but this topic is reminding me of how the Sims 3 gamefaqs boards are looking right now.

                                Sims 3 was bootlegged about 2-3 weeks before the retail version came out. EA got wind of it and said that the final retail version would be different from the leaked version since it would have a extra city and access to "The Exchange" and DLC. When the retail version of the game came out EA created the new city patch as DLC to be installed into the game and they made a bunch of furniture/haircuts/cars etc., (Uploaded people and houses are free though) that should've been included in the game, as pay DLC instead of free. So basically you now have to register a credit card or buy sim point cards to buy those things. About 1-2 days after the release, the whole Sims 3 Exchange Pay DLC was uploaded to a torrent with the extra city content as well.

                                So why would I pay to download $100+ of random EA DLC, when I can instead get a subscription to thesimsresource and download all the user created stuff that I want for 12 months for about half that price and also have access to over 1 million different downloads of Sims 2 content as well.
                                Last edited by Durahansolo; 06-10-2009, 06:21 AM.
                                {New Sig in the works}
                                -----------------------
                                "There will come a day when the world will realize that Superman can no longer create miracles. If my name was Superman, that day would be today." 4/29/2009 - Me

                                Originally posted by Aksannyi
                                "Hello! 100+3 Leathercrafting, your materials, 5k! Mention code LTH74 for a special discount!" - they'd get blisted by everyone they sent that to.
                                Originally posted by Solymir
                                What do you have against Ants? Is iVirus some new Apple product?

                                Comment

                                Working...
                                X