Arkadia Account Security - Gold Card - Please Keep Your Account Secure

Discussion in 'Miscellaneous Discussion' started by SallyBridges, Jan 7, 2015.

  1. Nikto

    Nikto Active Member

    Messages:
    312
    Likes Received:
    42
    Trophy Points:
    28
    Login/Password — something you know, you are right. OTAC generator — something you own. SMS message, not something you own at all. :)

    If attacker will get your Login/Password, there is tons of ways for them to get access to your SMS. And only one way to gain access to your OTAC generator — physical.

    So, Login/Password + SMS not two-factor authentication. Login/Password + application on phone — two-factor authentication, but only if some additional rules applied (if it's impossible to gain remote access to it). In other words if it's _secured_ (better always physically disconnected from all networks, but is that still phone in that case? ;) ).

    Ability to turn off real two-factor authentication with SMS — huge security hole. I hope I described it more clear that way.

    Yes, SMS "works" not only for Blizzard, Google, Facebook and many others, but for banks as well and millions stolen that way. I don't want to see MA among them at all. :)

    And, of course, that just my humble opinion as well. ;)
     
  2. Lovefall

    Lovefall Deactivated User

    Messages:
    551
    Likes Received:
    142
    Trophy Points:
    43
    So what you suggesting (if I get it right) is that someone may hack into your phone and read your messages, open your program and so on. While not totally impossible, I kinda thing we going on a bit paranoid route over here. And yeah, as I already said, if you are so worried that something like that can happen, could always go with the physical device (or an old disconnected phone :p). But, for me at least, the convenience of having my phone as the second factor into two step authentification would beat the tiny risk that someone must be so greedy over my PEDs to steal my password and hack into my phone at the same time. :)

    It might not be 100% safe... yeah maybe, but my paranoia is not yet so high to freak out over it; if it's good enough for Google, Microsoft, Facebook, Blizzard, maybe even banks (that's you said, not me), then for sure is more than enough and for my game account... things are not reduced to "if it's possible to break something", but more like to the "cost of opportunity" or "if it's worth bothering to break something". :)
     
    Last edited: Feb 21, 2015
  3. Nikto

    Nikto Active Member

    Messages:
    312
    Likes Received:
    42
    Trophy Points:
    28
    That's only one way and not simplest one. Other includes SMS interception, back-door in your phone, back-door inside your SIM card, social engineering attacks on mobile operator stuff, where they replacing SIM card (it's mostly students and such in some countries), insiders at mobile operator, attack on mobile operator servers etc. etc. etc.

    Many of those attacks very common and was used many-many times and not rare or uncommon at all. And if those attacks was used to steal money from bank accounts, I don't see any reasons why someone will not use them to steal money/items from Entropia (some peoples have way more money here than others in bank).

    Just because you're paranoid doesn't mean they aren't after you. ;)
     
  4. fredzepp

    fredzepp Active Member

    Messages:
    130
    Likes Received:
    37
    Trophy Points:
    28
    Where is the popcorn emote?
     
  5. May

    May Active Member

    Messages:
    906
    Likes Received:
    230
    Trophy Points:
    43
    Here you go: [​IMG]

    Hehe [​IMG]