Forum Settings
       
Reply To Thread

Warning concerning the security of your accountFollow

#1 Sep 10 2013 at 8:28 AM Rating: Excellent
http://forum.square-enix.com/ffxiv/threads/86984-Warning-Concerning-the-Security-of-Your-Account?p=1231421#post1231421

Quote:
Currently, we have confirmed that a third party is using account names and passwords, thought to be obtained from security breaches of other companys' online services, in attempts to gain unauthorized access to Square Enix accounts.

If you are using the same account name or password as your Square Enix account on other online services, there is a much greater chance that a security breach at any of the other online services could potentially lead to your Square Enix account being compromised.

Additionally, even if you are not using the same account name or password across multiple accounts, if you use repeated strings of character, phone numbers, birthdates, or other information that may be tied to your identity, this may make it possible for individuals to access your account simply by guessing its password.

Therefore, if you are using the same account name or password for your Square Enix account as for your other online accounts, or are using a password that might be easily guessed, we ask that you change your password immediately by going to the following page:

https://secure.square-enix.com/account/app/svc/reminder

Also, please note that accounts that are suspected of having been compromised will have their access temporarily restricted. Once login has been restricted, an email notification will be sent to the primary email address registered to the Square Enix account. This email will contain instructions on how to remove the login restriction. Players will be asked to reset their passwords and log in again.

Please visit the following link for more information about login restrictions.

http://support.na.square-enix.com/j/lbna

To further strengthen the security of your Square Enix account, we highly recommend using a Square Enix Security Token to act as an extra layer of protection against unauthorized access.

A free, downloadable smartphone app is available at the following locations:

Google Play: https://play.google.com/store/apps/d...software_token

Itunes: https://itunes.apple.com/us/app/squa...617970570?mt=8

Physical security tokens are also available for purchase here:

http://www.square-enix.com/na/account/otp/

Should instances of compromised accounts rise in future, there is the possibility we will perform a compulsory password reset across all Square Enix accounts.

We kindly ask for your cooperation in helping us better safeguard your personal information and account information.
#2 Sep 10 2013 at 8:42 AM Rating: Good
***
1,208 posts
I'm going to register our key fobs that came with our CE tonight... I saw people with normal sounding names doing shouts and tells yesterday for gilsellers... Maybe they got hacked?

Anyways as far as I know the key fob should fix this 100%, correct?
#3 Sep 10 2013 at 8:44 AM Rating: Excellent
*******
50,767 posts
There's no such thing as 100%, all you can really do is stack the odds as high as possible in your favor and hope for the best. Don't repeat passwords, use whatever security items (like the keyfob or whatever), and use letters, numbers, and symbols in those passwords.

* Oh, and change your password every so often.

Edited, Sep 10th 2013 10:48am by lolgaxe
____________________________
George Carlin wrote:
I think it’s the duty of the comedian to find out where the line is drawn and cross it deliberately.
#4 Sep 10 2013 at 8:47 AM Rating: Excellent
30 posts
ah really? i need to register my key fob too. minds well change my password while i'm at it
#5 Sep 10 2013 at 9:18 AM Rating: Excellent
****
5,745 posts
lolgaxe wrote:
There's no such thing as 100%, all you can really do is stack the odds as high as possible in your favor and hope for the best.

To elaborate on this, an account with security token can still be compromised using something called a Man-in-the-middle attack. It's more difficult to pull off than, say, brute force password guessing or hacking a vulnerable server to access password data. But it's still in the realm of possibilities.
#6 Sep 10 2013 at 9:21 AM Rating: Good
**
655 posts
Added my keyfob and updated my PW.. I would really hate to get hacked I would prolly just give up lol
#7 Sep 10 2013 at 9:33 AM Rating: Excellent
**
362 posts
William Shakespeare (spelled correctly) started whispering everyone yesterday. Made me sad. Would be an awesome name for a Bard so I'm hoping it's a regular person and they'll get their account back.
#8 Sep 10 2013 at 9:42 AM Rating: Decent
Names and birthdays are not the problem, some guy in china doesn't know who I am or anything about me, and these compromised accounts aren't coming from someone who knows you.

That being said, I'd love to use my keyfob, however I have one SE account, and 4 XIV accounts under it, and 4 players playing. Enabling a keyfob would require each of the 4 people to have access to one fob, passing it all over the house. That's a great way to get it lost and have a nightmare to get it fixed. If they let us have 4 fobs, one for each SE account, that would be idea, but unfortunately that's not the case.

I bet that a great deal of people went to the gil sellers site when they gil seller has 5 logins, and created a login and password,t hat was identical to their xiv login and password, and thus it spreads like wildfire.
#9 Sep 10 2013 at 9:42 AM Rating: Good
***
1,208 posts
svlyons wrote:
lolgaxe wrote:
There's no such thing as 100%, all you can really do is stack the odds as high as possible in your favor and hope for the best.

To elaborate on this, an account with security token can still be compromised using something called a Man-in-the-middle attack. It's more difficult to pull off than, say, brute force password guessing or hacking a vulnerable server to access password data. But it's still in the realm of possibilities.


Maybe I'm dumb but after reading the Wikipedia link I don't understand how anyone could use that Man in the Middle trick to get my key fob.

#10 Sep 10 2013 at 10:17 AM Rating: Good
Scholar
***
1,098 posts
This explains the unending shouts all yesterday. It wasn't their accounts so they didn't care if they get banned.
____________________________




[ffxivsig]459049[/ffxivsig]
#11 Sep 10 2013 at 10:38 AM Rating: Good
PocketHockey wrote:
Names and birthdays are not the problem, some guy in china doesn't know who I am or anything about me, and these compromised accounts aren't coming from someone who knows you.

That being said, I'd love to use my keyfob, however I have one SE account, and 4 XIV accounts under it, and 4 players playing. Enabling a keyfob would require each of the 4 people to have access to one fob, passing it all over the house. That's a great way to get it lost and have a nightmare to get it fixed. If they let us have 4 fobs, one for each SE account, that would be idea, but unfortunately that's not the case.

I bet that a great deal of people went to the gil sellers site when they gil seller has 5 logins, and created a login and password,t hat was identical to their xiv login and password, and thus it spreads like wildfire.


Would the smart phone app allow you all to share a single password generator on different phones? Something to investigate as an alternative to the key fob.
#12 Sep 10 2013 at 10:43 AM Rating: Excellent
****
5,745 posts
Hairspray wrote:
svlyons wrote:
lolgaxe wrote:
There's no such thing as 100%, all you can really do is stack the odds as high as possible in your favor and hope for the best.

To elaborate on this, an account with security token can still be compromised using something called a Man-in-the-middle attack. It's more difficult to pull off than, say, brute force password guessing or hacking a vulnerable server to access password data. But it's still in the realm of possibilities.

Maybe I'm dumb but after reading the Wikipedia link I don't understand how anyone could use that Man in the Middle trick to get my key fob.

They don't get your key fob because they don't need to. They sit in the middle of your connection to the FFXIV server and let you do the work of logging in. Once login is completed, they take over the connection entirely and cut you out. If they do this for a session where you are managing your SE account, they could remove your security token from your profile and change your password.
#13 Sep 10 2013 at 10:50 AM Rating: Decent
svlyons wrote:
Hairspray wrote:
svlyons wrote:
lolgaxe wrote:
There's no such thing as 100%, all you can really do is stack the odds as high as possible in your favor and hope for the best.

To elaborate on this, an account with security token can still be compromised using something called a Man-in-the-middle attack. It's more difficult to pull off than, say, brute force password guessing or hacking a vulnerable server to access password data. But it's still in the realm of possibilities.

Maybe I'm dumb but after reading the Wikipedia link I don't understand how anyone could use that Man in the Middle trick to get my key fob.

They don't get your key fob because they don't need to. They sit in the middle of your connection to the FFXIV server and let you do the work of logging in. Once login is completed, they take over the connection entirely and cut you out. If they do this for a session where you are managing your SE account, they could remove your security token from your profile and change your password.

it's possible, but not from china, and they're the ones that are aiming at your account. And they can't remove your token without you having to enter the token numbers twice, once you're in account maintenance page.

Edited, Sep 10th 2013 12:51pm by PocketHockey
#14 Sep 10 2013 at 10:56 AM Rating: Decent
Catwho wrote:
PocketHockey wrote:
Names and birthdays are not the problem, some guy in china doesn't know who I am or anything about me, and these compromised accounts aren't coming from someone who knows you.

That being said, I'd love to use my keyfob, however I have one SE account, and 4 XIV accounts under it, and 4 players playing. Enabling a keyfob would require each of the 4 people to have access to one fob, passing it all over the house. That's a great way to get it lost and have a nightmare to get it fixed. If they let us have 4 fobs, one for each SE account, that would be idea, but unfortunately that's not the case.

I bet that a great deal of people went to the gil sellers site when they gil seller has 5 logins, and created a login and password,t hat was identical to their xiv login and password, and thus it spreads like wildfire.


Would the smart phone app allow you all to share a single password generator on different phones? Something to investigate as an alternative to the key fob.

The smartphone app would work, but not everyone has smartphones, and you can still only hook up one per SE account.
#15 Sep 10 2013 at 11:01 AM Rating: Good
**
491 posts
PocketHockey wrote:
svlyons wrote:
Hairspray wrote:
svlyons wrote:
lolgaxe wrote:
There's no such thing as 100%, all you can really do is stack the odds as high as possible in your favor and hope for the best.

To elaborate on this, an account with security token can still be compromised using something called a Man-in-the-middle attack. It's more difficult to pull off than, say, brute force password guessing or hacking a vulnerable server to access password data. But it's still in the realm of possibilities.

Maybe I'm dumb but after reading the Wikipedia link I don't understand how anyone could use that Man in the Middle trick to get my key fob.

They don't get your key fob because they don't need to. They sit in the middle of your connection to the FFXIV server and let you do the work of logging in. Once login is completed, they take over the connection entirely and cut you out. If they do this for a session where you are managing your SE account, they could remove your security token from your profile and change your password.

it's possible, but not from china, and they're the ones that are aiming at your account. And they can't remove your token without you having to enter the token numbers twice, once you're in account maintenance page.

Edited, Sep 10th 2013 12:51pm by PocketHockey


Don't be naive. An attack can come from anywhere at anytime. Byfocusing on and pointing a figure at a specific demographic or country simply blinds you to something happening right under your nose.
#16 Sep 10 2013 at 11:04 AM Rating: Default
If these fools stopped buying gil theyd still have accounts
Reply To Thread

Colors Smileys Quote OriginalQuote Checked Help

 

Recent Visitors: 247 All times are in CST
Anonymous Guests (247)