Arkadia Account Security - Gold Card - Please Keep Your Account Secure

Login/Password — something you know, you are right. OTAC generator — something you own. SMS message, not something you own at all.

If attacker will get your Login/Password, there is tons of ways for them to get access to your SMS. And only one way to gain access to your OTAC generator — physical.

So, Login/Password + SMS not two-factor authentication. Login/Password + application on phone — two-factor authentication, but only if some additional rules applied (if it's impossible to gain remote access to it). In other words if it's _secured_ (better always physically disconnected from all networks, but is that still phone in that case? ).

Ability to turn off real two-factor authentication with SMS — huge security hole. I hope I described it more clear that way.

Yes, SMS "works" not only for Blizzard, Google, Facebook and many others, but for banks as well and millions stolen that way. I don't want to see MA among them at all.

And, of course, that just my humble opinion as well.

 

So what you suggesting (if I get it right) is that someone may hack into your phone and read your messages, open your program and so on. While not totally impossible, I kinda thing we going on a bit paranoid route over here. And yeah, as I already said, if you are so worried that something like that can happen, could always go with the physical device (or an old disconnected phone ). But, for me at least, the convenience of having my phone as the second factor into two step authentification would beat the tiny risk that someone must be so greedy over my PEDs to steal my password and hack into my phone at the same time.

It might not be 100% safe... yeah maybe, but my paranoia is not yet so high to freak out over it; if it's good enough for Google, Microsoft, Facebook, Blizzard, maybe even banks (that's you said, not me), then for sure is more than enough and for my game account... things are not reduced to "if it's possible to break something", but more like to the "cost of opportunity" or "if it's worth bothering to break something".

 

That's only one way and not simplest one. Other includes SMS interception, back-door in your phone, back-door inside your SIM card, social engineering attacks on mobile operator stuff, where they replacing SIM card (it's mostly students and such in some countries), insiders at mobile operator, attack on mobile operator servers etc. etc. etc.

Many of those attacks very common and was used many-many times and not rare or uncommon at all. And if those attacks was used to steal money from bank accounts, I don't see any reasons why someone will not use them to steal money/items from Entropia (some peoples have way more money here than others in bank).

Just because you're paranoid doesn't mean they aren't after you.

 

Where is the popcorn emote?

 

Here you go:

Hehe