Introducing the Square Enix Security Token

[Devek]

If you or anyone you know manages to crack a SecurID keychain/password algorithm...you should be focusing on stealing many other things outside of FFXI.

Anyone that did would instantly be rich and famous. The guy was just talking out of his ass.

[Unstable]

If you or anyone you know manages to crack a SecurID keychain/password algorithm...you should be focusing on stealing many other things outside of FFXI.

Correct, these things can be broken but you would need something like A.I to do it. They are near to impassable to crack. Hell the enigma machine in WW2 was a very very simple one. It toke them years to crack that and that's only because they got the red book decoder off of a sub. This is so much harder to do.

[Riel]

Anyone that did would instantly be rich and famous. The guy was just talking out of his ass.

Or I've just heard the same thing enough times. There is proof of concept in numerous forms, and there are human links. The same dumbasses will likely still be hacked, and the rest are paying for a placebo.

edit: I sound too wingnut lol. This will make things safer for people who keep getting hacked because they've never heard of noscript, although most of these folks will probably compromise their personal information/machine/passwords to tons of other things because they have no idea what is going on. Better?

[Tarage]

I want one, just because I like keychains.

[Zumi]

I am going to wait and see on this. We still don't know too many details about it.

Since they didn't say it was secured by RSA or anything and knowing how cheap SE can be they could just use their own algorithm and then someone like Taj would be able to hack it easy. Lets see if SE is really willing to play licensing fees to RSA, they always talking about going over budget ect lol

[Seraph]

Assuming this is a supplement to your existing password, and not a replacement, I find absolutely nothing wrong with this at all.

My name is Seraph, and I support this message.™

[Katalyn]

Do want.

[Darte]

*flips out Credit Card*

Where do i sign up?

[Dayson]

I use the SecurID RSA keychain at my workplace, which is a government contracting company that is currently working with the FAA.

It is a solid security measure, but it can do more harm than good. One of my co-workers lost his token, as we like to call it, and the process he had to go through to restore his access to the system was painful.

I worry that if I were to get a token for my PoL ID that I might lose it and have to call SE to either send a new one, or just remove the security measure from the account. Knowing SE, I can imagine this would be a long and painful process. I might not be able to even get access to my character again.

I'm probably not going to get one, and just try not to be stupid with the internet.

Still its a good step forward on SE's part.

[Omnipotent]

What does this do about recalled accounts?

[Aselin]

I may actually get one but I have been consciously careful with my account and password for the last 5 years. I routinely change passwords every 3 to 6 months. That also includes email accounts and other online accounts I use.

Knowing me I may lose the token. However, given what has happened in the mass number of hacks last year, they're getting smarter and more deceptive. If this is as secure as I believe it to be, I will actually go for it.

I have read about similar being used by government agencies and other places where high security is an absolute requirement and not a necessity. (This does not pertain to those government fools losing their laptops, PDAs, and what not and having them stolen or misplaced... >.>)

Also, speaking of which, a friend gave me this tonight:
http://imgs.xkcd.com/comics/security.png

Gotta love XKCD. Friend got me hooked on this guy's comic's.

[Pikarya]

It comes with an in-game item. Moogle Chasity Belt!

FUCK YEAR

[Arthars]

this thing can prevent online hackers for the most part, but cannot prevent irl rmts that shifted and living next to you, awaiting an opportunity to spank you until you tell them the password ^^

[Lexa]

OH FUCK YES!

Also, I trust this kinda thing with all of my bank accounts. I'll damn well trust it with a computer game.

[Spekkio]

RSA will not be broken for a game account. if RSA is broken, it will be by a foreign nation to get into government material, not my ffxi acct. other than the issues w/ a lost device (and obviously the difficulty in sharing your acct w/ someone) i can't see any major issues with this. it obviously won't block against an MITM attack against the token's key (i install a trojan on your box, then when you put in the password and one time pad i throw a fake login error on your computer and instead of sending the login to SE i send it to myself to log in myself with.) though that would mandate that the attacker act within 2-3 minutes of stealing my data drastically limiting the effectiveness of any exploit since they couldn't harvest passwords for a short window and exploit them for a long one. my account with the security token would be significantly more hardened than the low hanging fruit of others and thus the RMT would be far less likely to bother with it.

edit: fixed tard typing.

[Izzy]

I really hope they haven't developed their own SecurID keychain... They better have paid for the real deal.

I can see their random number generator being just as random as the PS2 version Mog Bonanza random number generator.

[Syntex]

Blizzard released something similar for WoW and they had like something in the area of 750,000 units.

It sold out in 30 minutes.

Now keep in mind this is a game where if your hacked, your stuff is taken, you get it back 99% of the time.

I know a lotta players could rest easy if they spend the little extra cash on this to sleep knowing RMT cant fuck with them.

[Zumi]

I really hope they haven't developed their own SecurID keychain... They better have paid for the real deal.

I can see their random number generator being just as random as the PS2 version Mog Bonanza random number generator.

PS2 limitations lol

[Phraust]

Hrm... Looks like SE gave players a physical item to ebay when selling their accounts...

[Tankjr]

Been using these at IBM for over a decade without incident(afaik).

Hrm... Looks like SE gave players a physical item to ebay when selling their accounts...

Wow, that's diabolical.