Just a quick word about the security options available for protecting your Star Wars account, especially if you've not had experience of other MMO's before. It takes a huge amount of time and effort to acquire the rare items in an MMO. There's often no way to get them other than to work hard and play through missions and raids. The investment of time we put into characters is considerable. It's also true that this adds great value to our characters and their possessions. Sadly there are plenty of people who are happy to side step the hard work required and simply steal stuff from other players. The illegal trade of in game currency can be worth huge amounts of money to people willing to sell in game currency and items (Gold farmers). For this reason World of Warcraft became subject to a huge attack on players accounts which is still ongoing. Most of these attacks come in the form of phishing emails that try to get players to reveal login in details to bogus web sites pretending to be the official Bioware site. See how long it is before people start getting asked to visit Boiware.com and then loose their accounts. This problem has also seem the rise in attacks from key loggers specifically designed just to lift MMO login names and passwords. Who knows if one would also have a look at your bank log in stuff as well though? You might well have received one of these 'Please log into your WOW account on our web site now' emails even though you possibly have never had a WOW account or played the game. A phisher by definition spread their nets wide :eyebrow:
After several years Blizzard released the World of Warcraft Security Key. SWTOR obviously learnt from WOW and has released their version at game launch. Basically the key works by generating a unique number that is formed by your own game ID and the date and time. This key remains active for 30 seconds. Now when you log into the game you enter your Game ID, your password and this unique key number. After the 30 seconds the key number expires and you will need to generate a new one to log in. So even if a hacker gets your password they cannot log in without your key number, which they don't have. It's a pretty solid extra layer of security.
The key generator comes in two forms, a key fob for £8.99 and an iPhone / Android app which is free. I would strongly recommend you go for the key fob, especially if you use a rooted phone. Smart phones can in theory be hacked and rooted phones will allow apps to have 'super user' permissions so it wouldn't be impossible for a rogue application to copy the SWTOR security key generator from your phone to a server and allow a hacker to generate their own keys for your account! Also on a rooted phone if you ever wipe and install a new ROM you will loose the key app and get locked out of your account. I'm not sure how fast SWTOR customers services will respond but I imagine you'll be out of the game a for a day or two while they unlock your account. So if you plan to stick with SWTOR I recommend getting the key fob version.
It's also quite likely that when we get guild banks only players with a key generator will be allowed access to it (standard procedure for most guilds)
Another security option that I've used in the past is to create a unique email address for use with SWTOR. Go grab a Hotmail or Gmail address and only use it for your SWTOR account, nothing else. In this way if you ever get an email telling you that 'there is a serious problem with your account and you MUST log in to deal with it' which doesn't come from your unique SWTOR email address then you know it must be bogus. Conversely anything that does come to that address is most likely legitimate as only Bioware have the address to send email too.
http://www.swtor.com/info/security-key
My long-deactivated WOW account still gets hacked into on a regular basis. Despite having an impossibly long string of random characters as it's password (I haven't used it in years), it still gets broken into and used with a timecard.
So don't rely on your password alone being strong enough, it's not much hassle to set up the extra protection and it's worth it.
Quote from: smilodon;343247I would strongly recommend you go for the key fob, especially if you use a rooted phone. Smart phones can in theory be hacked and rooted phones will allow apps to have 'super user' permissions so it wouldn't be impossible for a rogue application to copy the SWTOR security key generator from your phone to a server and allow a hacker to generate their own keys for your account! Also on a rooted phone if you ever wipe and install a new ROM you will loose the key app and get locked out of your account. I'm not sure how fast SWTOR customers services will respond but I imagine you'll be out of the game a for a day or two while they unlock your account. So if you plan to stick with SWTOR I recommend getting the key fob version.
I'm a software developer. I write open source software which is used by a lot of large distributions such as NetBSD, FreeBSD, Gentoo, Debian and Arch. Funnily enough, my name is also in the many licenses you'll find on the Android phones. So my argument is thus.
A rooted phone is more "secure" because you know (or ought to, you rooted it after all) you installed a trusted root image. Now, if you don't trust the root image then frankly you are a fool! But I trust the stock image a carrier puts on it even less because they care less about security and privacy than you might think.
http://www.freakgeeks.com/2011/19388/carrier-iq-detector-let-you-scan-your-phone-from-tracking-software/
Also, bugs and exploits are found in all applications on a daily basis. They are also fixed promptly and pushed upstream to say Android. However, the chances of this fix ever getting down to the carrier image for your phone is almost nil as they do not want to upgrade you. They need you to be running older buggy software so they can sell their update via a new phone.
That all being said, if you do have a smartphone and are not very technical or don't want to root your phone then please take smilodon's advice and get a key fob.
Twisted I accept what you say about rooted phones but doesn't it work that I you install Superuser and are a bit careless with the apps you allow SU access you could get compromised. On a stock ROM applications are not normally allowed elevated permissions as they can get on a non stock ROM? So root plus careless downloading of unverified apps might be an issue. Also the WOW Authenticator App complained a lot when I tried to install it saying I was not using a 'trusted ROM' (their words). Mainly though I sometimes try new ROMs and messing about sometimes results in a forced factory reset which would delete my SWTOR security app. Then I'm hoping RAND backups or Titanium backup can fix things for me.
Finally we can loose phones, drop them down the toilet and break them. A keyfob sits on my desk tied to my monitor stand with a bit of string. I'm never going to loose it or break it. It just seems more reliable thats all.
Apps have the same level of elevation and risk wether running on a rooted, trusted or carrier ROM. You're now talking about usage which isn't in the scope of my argument.
The WoW authenticator message you describe is just that, a warning. Their message is clear "Blizzard only trusts carrier images". My stance is that I don't trust carrier images and at the end of the day, it's my phone :)
I had a similar argument with my bank. Their argument was that Internet explorer was the only trusted browser. My argument was that because I'm a paranoid developer I can audit at my digression the source code for Mozilla to ensure that privacy, data integrity and exploits are not there. You cannot do the same with any Microsoft product. I had this argument back in the late 90's (or early 2000's maybe) and eventually my bank capitulated and allowed firefox through even though I was using it anyway by forging the UserAgent string.
Finally, I changed from a Fob in WoW to an app purely because my daughter managed to remove it from my keyring and then lost it. Remember, I am not arguing against the Fob, just your assertation that a rooted phone is inherently more insecure than a non rooted one.
Fair point. I just know that as rooting phones becomes more of a trivial process non techy people might install a ROM and later hit the 'allow this app super user privileges' when they shouldn't and allow something nasty to happen. Plus from my own experience I've inadvertently wiped a phone with an authenticator still installed. Add that to the shame of losing or braking a phone and I'd always pay the money and get a dedicated key fob. Then again I don't have curious little rug rats to worry about :-)
Sent from my HTC Desire
I'm starting to regret adding a phone-based security key to my account.
I recently contacted support asking them to remove my security key from my account as I wanted to stick a new rom on my phone. Their reply is below. Note the text in bold ...
QuoteWe could remove your account's security key in order for you to gain access of it. However, we regret to inform you that we cannot deal with your request through email. In order to protect your account, all Security Key issues are dealt with via our Customer Service telephone support.
We are aware that there is currently a bug which prevents a Mobile Security Key from being re-attached to an account after being removed.
This bug also prevents a new Security Key being downloaded and attached to the account using the same mobile device.
As account security is one of our top priorities, we are working hard on fixing this problem as quickly as possible. In the meantime, please be aware that a physical Security Key can still be added to accounts which have had a Mobile Security Key removed.
You cannot add keys from a different mobile device, only in Physical Keys.
You may link your physical security key to up to 5 SWTOR accounts. This feature is not currently available for the mobile security key.
So you can only have one key generated from a single device and should that device go belly up it's a phone call to support to get it all put straight and then you cannot attach a new (mobile) one. The physical key fob looks favourite to me too.
Thanks for the heads-up. I have just signed up with the APP and will see how that goes.