So I got hacked

[AidenCarby]

This app works on droid too? Thought they said something about a 6 month gap between iphone/droid for it. Unless that's the armory app?

[ronin sparthos]

Shit sucks but getting back up to speed is nowhere near the effort in XIV it took for anyone who got jacked in FFXI.

Weeks of work can be redone. Years of painful droprates, EXP and mission progress? /wrists

[BlaizeAsura]

This app works on droid too? Thought they said something about a 6 month gap between iphone/droid for it. Unless that's the armory app?

Yeah there is an Android version, I got it this morning.

[dejet]

im told that there are some drawbacks to the app. Like if you reset your phone or w/e. just get the real one if you can I would say.

[arus2001]

You need an authorization password to disconnect the software token, which of course would require the phone to get it. So if you did reformat, lose your phone, or whatever, you'd have to call SE to get the token removed and that might be a one-time only thing. I feel like I'd be more inclined to lose a little dongle than my phone, but shit happens.

[Jakson]

This app works on droid too? Thought they said something about a 6 month gap between iphone/droid for it. Unless that's the armory app?

The Libra Eorzea app is only for ios last I checked, so that's probably it.

[Grieverbk]

You need an authorization password to disconnect the software token, which of course would require the phone to get it. So if you did reformat, lose your phone, or whatever, you'd have to call SE to get the token removed and that might be a one-time only thing. I feel like I'd be more inclined to lose a little dongle than my phone, but shit happens.

Not true, when you setup a mobile authenticator, your home page in the SE Management Site should have an emergency removal code sitting there printed in red.
This code is to be used as your OTP Code in the event that you have lost or formatted your phone, it will log you in and automatically remove the Authenticator, allowing you to setup a new one.
I have confirmed this just last week as I used it to remove my old 4S, before setting up a new authenticator on my 5S.

I keep this code in a Keepass file on one of my truecrypt drives personally.

[Waraji]

I keep this code in a Keepass file on one of my truecrypt drives personally.

I actually printed mine just this week. Had an unfortunate lockout from my phone over the weekend and I had not saved it beforehand. Not only, I had accidentally deleted my phone backups on my PC not 2 hours before it happened. Never again, clutching onto that emergency removal password with a death grip. (Locked out of game since Saturday Night, calling SE all Monday, 3 hour wait on phone.)

[Day]

Hi5 to the 2 other people on the planet without a smart phone. Stay strong.

[Midnightjade]

I use my XI one, and no.


I don't ;/

Yeah, I still have my XI one from 2007. I think I'll switch to authenticator this weekend though. I mean, the batteries in that thing are only going to last so long, right? Hate to have it go out on me some night when I'm meant to be main healing my FC in some dungeon or other.

Anyone have a guide to removing the dongle and using the authenticator? I'm ok with computers but would be nice to have a step by step walkthrough. Thanks.

[arus2001]

Not true, when you setup a mobile authenticator, your home page in the SE Management Site should have an emergency removal code sitting there printed in red.
This code is to be used as your OTP Code in the event that you have lost or formatted your phone, it will log you in and automatically remove the Authenticator, allowing you to setup a new one.
I have confirmed this just last week as I used it to remove my old 4S, before setting up a new authenticator on my 5S.

I keep this code in a Keepass file on one of my truecrypt drives personally.

Well, if you didn't save it, you couldn't exactly log in to get it. x.x

[Kari]

I got my account hacked a few weeks into launch, thankfully they took all of my Gil then left me alone.

My account had a token attached years ago, but I lost it, called SE, and had them remove it after giving them a ton of personal information. Now, years later, I want to put a new token on but I can't. When they removed my token, they made it so that games don't require a one-time password for me, but my account still SAYS I have a token attached, so I can't attach a new one. I can't "remove" it because it requires the non-existant one-time password. I also had to find a non-traditional form on SE's websites to change my SE account password after being hacked, because the standard one kept saying my one-time password was wrong. [This is probably the only reason RMT didn't steal my account.]

One of these days I'll get through to SE Support to let me fully remove it then use the smartphone app, but their call-in and chat hours are not aligned well with my sleep schedule.
But yeah, if you're not in a situation like mine, get a freaking token. There's not many reasons to not have one, and at least for now, no account is truly safe.

[landua]

best thing to do is call

[TheGlow]

A nandroid backup can be restored and keep the sqex token info. A titanium backup will not.
Also look into bluestacks, free android emulator on pc. you can use that to download the app, so you dont even need a phone either.
Im in the process of trying to find out how to do a proper backup of the data so I can export from phone to my kindle and bluestacks.
All this took seconds to do for battle.net

[Ratatapa]

sigh lol

[fussel]

A nandroid backup can be restored and keep the sqex token info. A titanium backup will not.
Also look into bluestacks, free android emulator on pc. you can use that to download the app, so you dont even need a phone either.
Im in the process of trying to find out how to do a proper backup of the data so I can export from phone to my kindle and bluestacks.
All this took seconds to do for battle.net

Apologize for my humble knowledge of computer security in advance, but isn't the point of using an authenticator or a smart phone that your authentication information is _not_ generated by your PC but by an external device? An android emulator running on your PC kind of defeats this purpose.

[Ahmera Mae]

Hi5 to the 2 other people on the planet without a smart phone. Stay strong.

That makes 4 in total!

Apologize for my humble knowledge of computer security in advance, but isn't the point of using an authenticator or a smart phone that your authentication information is _not_ generated by your PC but by an external device? An android emulator running on your PC kind of defeats this purpose.

I feel there is a misconception of how ppl "hack" accounts. Nobody hacks your computer directly, looks for login information and uses it. Those hacked accounts are usually malware-infested machines that use a process scanner and keylogger for automated retrieval of the information or just a case where the account owner used the same Username/PW-combination on another site/forum/whatever.

Also, how does buying gil get you hacked? Are we talking drive-by infection on the gil-sellers site that they use to retrieve your account info? Can't make sense of it in any other way.

[Elizara]

Even tho right now I don't have a XIV account, (I have a Square Enix account from open beta ready to go if i can improve my money situation; I swore after FFXI I'd NEVER share a mmo account again, so I made my own) I think this will work on not just smartphones, but any good Android tablet or even a Ipod touch. (That is if you're like me and don't have a smart phone) Trouble is with Kindle Fires, you need to find the application elsewhere or find a way to yoink it off the Android store, since annoyingly enough it isn't on Amazon at all ><. I found a copy that I'm going to sideload to secure my extra sq.enix account tho I deleted all XIV stuff off it just to be safe. (Better safe than sorry..) I'll let you guys know if that worked and where I found it if people want to try that.

Never been hacked but then me and my brother have been keeping our pcs clean and we don't buy gil or nuffin' ^^ And we never removed the original token, if it starts going bad, we'll get a new one or find a way to go software on the XI account somehow since that's used on multiple pcs in the same house.

[lilbubbles]

Also, how does buying gil get you hacked? Are we talking drive-by infection on the gil-sellers site that they use to retrieve your account info? Can't make sense of it in any other way.

Yup, a couple of the gil sites have drive-bys.

Just visiting them with puts you at risk lol.