StarDestroyer.Net BBS

Does anyone know how secure these authenticator tokens are? Link.

It just generates a 6-digit code to put in after your username & password (and register the authenticator with your account). Basically another layer of security in case someone gets your password, although 6 digits means it's only a million possible combinations .

Sir Sirius wrote:Does anyone know how secure these authenticator tokens are? Link.

They are as secure as the tokens themselves are. If you don't have it plugged into your machine, you won't be able to play your account, and neither will anyone else. There's no conceivable way to predict what the next sequence of numbers the dongle will produce is without actually pressing the button, so your account is essentially safe.

Teleros wrote:It just generates a 6-digit code to put in after your username & password (and register the authenticator with your account). Basically another layer of security in case someone gets your password, although 6 digits means it's only a million possible combinations .

True, it's only a million possible combinations, but it's not bruteforcable. It changes, making it impossible to do so.

Now if they would allow you to pay with something else besides credit cards (which very many people do not use in Germany), I would own one of these things...

Graeme Dice wrote:They are as secure as the tokens themselves are. If you don't have it plugged into your machine, you won't be able to play your account, and neither will anyone else. There's no conceivable way to predict what the next sequence of numbers the dongle will produce is without actually pressing the button, so your account is essentially safe.

It doesn't actually plug in to the computer, you just push a button and type the code in when requested.

Why would one need one of those? Are all WoW-accounts hacked on a regular basis, or what?

charlemagne wrote:Why would one need one of those? Are all WoW-accounts hacked on a regular basis, or what?

Stealing a WoW account is good money. A nice HL account stripped of items and golds can yield anywhere from 50$ to 1000$ if they can redo the account details and Ebay it off.

Many companies use hardware tokens like these for VPN authentication. As long as Blizzard provide real time support for when the tokens go out of sync there shouldn't be a problem.

As for the security, you could create a virtual key if you had the algorithm used to generate the codes, the serial number of the token, 2 consecutive codes and you were able to synchronise with the server. In other words, if you can't get your hands on the physical key then you're probably not getting through.

Mr Bean wrote: Stealing a WoW account is good money. A nice HL account stripped of items and golds can yield anywhere from 50$ to 1000$ if they can redo the account details and Ebay it off.

I see, didn't occur to me that this might be widespread. Boy I'm glad to be hooked to a niche MMORPG

On the other hand, most accounts are hacked because the owners are dumbshits. They use paid leveling services, download hacks that may be virus-infested, and loan out their passwords to "friends". Yes, sometimes you can do everything right and still get your account stolen, but with so many idiots in the world the Bad Guys usually don't bother.

Broomstick wrote:On the other hand, most accounts are hacked because the owners are dumbshits. They use paid leveling services, download hacks that may be virus-infested, and loan out their passwords to "friends". Yes, sometimes you can do everything right and still get your account stolen, but with so many idiots in the world the Bad Guys usually don't bother.

It's easy enough to get a dumbass to download a keylogger program that they don't really need to try very hard to go out of their way to bust people.