Forum Settings
       
Reply To Thread

Warning concerning the security of your accountFollow

#1 Sep 10 2013 at 8:28 AM Rating: Excellent
Anterograde Amnesia
Avatar
*****
12,363 posts
http://forum.square-enix.com/ffxiv/threads/86984-Warning-Concerning-the-Security-of-Your-Account?p=1231421#post1231421

Quote:
Currently, we have confirmed that a third party is using account names and passwords, thought to be obtained from security breaches of other companys' online services, in attempts to gain unauthorized access to Square Enix accounts.

If you are using the same account name or password as your Square Enix account on other online services, there is a much greater chance that a security breach at any of the other online services could potentially lead to your Square Enix account being compromised.

Additionally, even if you are not using the same account name or password across multiple accounts, if you use repeated strings of character, phone numbers, birthdates, or other information that may be tied to your identity, this may make it possible for individuals to access your account simply by guessing its password.

Therefore, if you are using the same account name or password for your Square Enix account as for your other online accounts, or are using a password that might be easily guessed, we ask that you change your password immediately by going to the following page:

https://secure.square-enix.com/account/app/svc/reminder

Also, please note that accounts that are suspected of having been compromised will have their access temporarily restricted. Once login has been restricted, an email notification will be sent to the primary email address registered to the Square Enix account. This email will contain instructions on how to remove the login restriction. Players will be asked to reset their passwords and log in again.

Please visit the following link for more information about login restrictions.

http://support.na.square-enix.com/j/lbna

To further strengthen the security of your Square Enix account, we highly recommend using a Square Enix Security Token to act as an extra layer of protection against unauthorized access.

A free, downloadable smartphone app is available at the following locations:

Google Play: https://play.google.com/store/apps/d...software_token

Itunes: https://itunes.apple.com/us/app/squa...617970570?mt=8

Physical security tokens are also available for purchase here:

http://www.square-enix.com/na/account/otp/

Should instances of compromised accounts rise in future, there is the possibility we will perform a compulsory password reset across all Square Enix accounts.

We kindly ask for your cooperation in helping us better safeguard your personal information and account information.
____________________________
"Choosy MMO's choose Wint." - Louiscool
The greatest trick the devil ever pulled was to convince the world he didn't exist.
Keyser Soze - Ultros
Guide to Setting Up Mumble on a Raspberry Pi
#2 Sep 10 2013 at 8:42 AM Rating: Good
Avatar
***
1,208 posts
I'm going to register our key fobs that came with our CE tonight... I saw people with normal sounding names doing shouts and tells yesterday for gilsellers... Maybe they got hacked?

Anyways as far as I know the key fob should fix this 100%, correct?
____________________________
The Kraken Club - (Ultros FC)
Character Name: Meat Mithkabob
#3 Sep 10 2013 at 8:44 AM Rating: Excellent
******
48,733 posts
There's no such thing as 100%, all you can really do is stack the odds as high as possible in your favor and hope for the best. Don't repeat passwords, use whatever security items (like the keyfob or whatever), and use letters, numbers, and symbols in those passwords.

* Oh, and change your password every so often.

Edited, Sep 10th 2013 10:48am by lolgaxe
____________________________
George Carlin wrote:
I think it’s the duty of the comedian to find out where the line is drawn and cross it deliberately.
#4 Sep 10 2013 at 8:47 AM Rating: Excellent
Scholar
30 posts
ah really? i need to register my key fob too. minds well change my password while i'm at it
#5 Sep 10 2013 at 9:18 AM Rating: Excellent
****
5,745 posts
lolgaxe wrote:
There's no such thing as 100%, all you can really do is stack the odds as high as possible in your favor and hope for the best.

To elaborate on this, an account with security token can still be compromised using something called a Man-in-the-middle attack. It's more difficult to pull off than, say, brute force password guessing or hacking a vulnerable server to access password data. But it's still in the realm of possibilities.
____________________________
Lyonheart, like Eorzia, will be reborn in FFXIV!

FFXI veteran (Lyonheart and Lakiskline of Lakshmi)
1/467 on signed HQ Weskit!!!
#6 Sep 10 2013 at 9:21 AM Rating: Good
Avatar
**
655 posts
Added my keyfob and updated my PW.. I would really hate to get hacked I would prolly just give up lol
#7 Sep 10 2013 at 9:33 AM Rating: Excellent
Guru
Avatar
**
362 posts
William Shakespeare (spelled correctly) started whispering everyone yesterday. Made me sad. Would be an awesome name for a Bard so I'm hoping it's a regular person and they'll get their account back.
____________________________
Anakte Grey
BLM 50 SMN/SCH 50 WHM 40
MRD 26 DRG 30 MNK 30 GLA 25

http://art.penny-arcade.com/photos/416469141_Vt5aq-XL-2.jpg
#8 Sep 10 2013 at 9:42 AM Rating: Decent
*
92 posts
Names and birthdays are not the problem, some guy in china doesn't know who I am or anything about me, and these compromised accounts aren't coming from someone who knows you.

That being said, I'd love to use my keyfob, however I have one SE account, and 4 XIV accounts under it, and 4 players playing. Enabling a keyfob would require each of the 4 people to have access to one fob, passing it all over the house. That's a great way to get it lost and have a nightmare to get it fixed. If they let us have 4 fobs, one for each SE account, that would be idea, but unfortunately that's not the case.

I bet that a great deal of people went to the gil sellers site when they gil seller has 5 logins, and created a login and password,t hat was identical to their xiv login and password, and thus it spreads like wildfire.
____________________________
Sites hosting illegal downloads, "private" servers, or material that has been brought to our attention as being in violation U.S. law is not allowed and will be immediately removed. All copyrighted content, regardless of format, that is submitted to the forums will be removed at the request of the copyright holder.

Heroes are what you make them...
#9 Sep 10 2013 at 9:42 AM Rating: Good
Avatar
***
1,208 posts
svlyons wrote:
lolgaxe wrote:
There's no such thing as 100%, all you can really do is stack the odds as high as possible in your favor and hope for the best.

To elaborate on this, an account with security token can still be compromised using something called a Man-in-the-middle attack. It's more difficult to pull off than, say, brute force password guessing or hacking a vulnerable server to access password data. But it's still in the realm of possibilities.


Maybe I'm dumb but after reading the Wikipedia link I don't understand how anyone could use that Man in the Middle trick to get my key fob.

____________________________
The Kraken Club - (Ultros FC)
Character Name: Meat Mithkabob
#10 Sep 10 2013 at 10:17 AM Rating: Good
Scholar
***
1,098 posts
This explains the unending shouts all yesterday. It wasn't their accounts so they didn't care if they get banned.
____________________________





#11 Sep 10 2013 at 10:38 AM Rating: Good
Needs More Smut
******
21,262 posts
PocketHockey wrote:
Names and birthdays are not the problem, some guy in china doesn't know who I am or anything about me, and these compromised accounts aren't coming from someone who knows you.

That being said, I'd love to use my keyfob, however I have one SE account, and 4 XIV accounts under it, and 4 players playing. Enabling a keyfob would require each of the 4 people to have access to one fob, passing it all over the house. That's a great way to get it lost and have a nightmare to get it fixed. If they let us have 4 fobs, one for each SE account, that would be idea, but unfortunately that's not the case.

I bet that a great deal of people went to the gil sellers site when they gil seller has 5 logins, and created a login and password,t hat was identical to their xiv login and password, and thus it spreads like wildfire.


Would the smart phone app allow you all to share a single password generator on different phones? Something to investigate as an alternative to the key fob.
____________________________
FFXI: Catwho on Bismarck: Retired December 2014
Thayos wrote:
I can't understand anyone who skips the cutscenes of a Final Fantasy game. That's like going to Texas and not getting barbecue.

FFXIV: Katarh Mest and Taprara Rara on Lamia Server - Member of The Swarm
Curator of the XIV Wallpapers Tumblr and the XIV Fashion Tumblr
#12 Sep 10 2013 at 10:43 AM Rating: Excellent
****
5,745 posts
Hairspray wrote:
svlyons wrote:
lolgaxe wrote:
There's no such thing as 100%, all you can really do is stack the odds as high as possible in your favor and hope for the best.

To elaborate on this, an account with security token can still be compromised using something called a Man-in-the-middle attack. It's more difficult to pull off than, say, brute force password guessing or hacking a vulnerable server to access password data. But it's still in the realm of possibilities.

Maybe I'm dumb but after reading the Wikipedia link I don't understand how anyone could use that Man in the Middle trick to get my key fob.

They don't get your key fob because they don't need to. They sit in the middle of your connection to the FFXIV server and let you do the work of logging in. Once login is completed, they take over the connection entirely and cut you out. If they do this for a session where you are managing your SE account, they could remove your security token from your profile and change your password.
____________________________
Lyonheart, like Eorzia, will be reborn in FFXIV!

FFXI veteran (Lyonheart and Lakiskline of Lakshmi)
1/467 on signed HQ Weskit!!!
#13 Sep 10 2013 at 10:50 AM Rating: Decent
*
92 posts
svlyons wrote:
Hairspray wrote:
svlyons wrote:
lolgaxe wrote:
There's no such thing as 100%, all you can really do is stack the odds as high as possible in your favor and hope for the best.

To elaborate on this, an account with security token can still be compromised using something called a Man-in-the-middle attack. It's more difficult to pull off than, say, brute force password guessing or hacking a vulnerable server to access password data. But it's still in the realm of possibilities.

Maybe I'm dumb but after reading the Wikipedia link I don't understand how anyone could use that Man in the Middle trick to get my key fob.

They don't get your key fob because they don't need to. They sit in the middle of your connection to the FFXIV server and let you do the work of logging in. Once login is completed, they take over the connection entirely and cut you out. If they do this for a session where you are managing your SE account, they could remove your security token from your profile and change your password.

it's possible, but not from china, and they're the ones that are aiming at your account. And they can't remove your token without you having to enter the token numbers twice, once you're in account maintenance page.

Edited, Sep 10th 2013 12:51pm by PocketHockey
____________________________
Sites hosting illegal downloads, "private" servers, or material that has been brought to our attention as being in violation U.S. law is not allowed and will be immediately removed. All copyrighted content, regardless of format, that is submitted to the forums will be removed at the request of the copyright holder.

Heroes are what you make them...
#14 Sep 10 2013 at 10:56 AM Rating: Decent
*
92 posts
Catwho wrote:
PocketHockey wrote:
Names and birthdays are not the problem, some guy in china doesn't know who I am or anything about me, and these compromised accounts aren't coming from someone who knows you.

That being said, I'd love to use my keyfob, however I have one SE account, and 4 XIV accounts under it, and 4 players playing. Enabling a keyfob would require each of the 4 people to have access to one fob, passing it all over the house. That's a great way to get it lost and have a nightmare to get it fixed. If they let us have 4 fobs, one for each SE account, that would be idea, but unfortunately that's not the case.

I bet that a great deal of people went to the gil sellers site when they gil seller has 5 logins, and created a login and password,t hat was identical to their xiv login and password, and thus it spreads like wildfire.


Would the smart phone app allow you all to share a single password generator on different phones? Something to investigate as an alternative to the key fob.

The smartphone app would work, but not everyone has smartphones, and you can still only hook up one per SE account.
____________________________
Sites hosting illegal downloads, "private" servers, or material that has been brought to our attention as being in violation U.S. law is not allowed and will be immediately removed. All copyrighted content, regardless of format, that is submitted to the forums will be removed at the request of the copyright holder.

Heroes are what you make them...
#15 Sep 10 2013 at 11:01 AM Rating: Good
Avatar
**
491 posts
PocketHockey wrote:
svlyons wrote:
Hairspray wrote:
svlyons wrote:
lolgaxe wrote:
There's no such thing as 100%, all you can really do is stack the odds as high as possible in your favor and hope for the best.

To elaborate on this, an account with security token can still be compromised using something called a Man-in-the-middle attack. It's more difficult to pull off than, say, brute force password guessing or hacking a vulnerable server to access password data. But it's still in the realm of possibilities.

Maybe I'm dumb but after reading the Wikipedia link I don't understand how anyone could use that Man in the Middle trick to get my key fob.

They don't get your key fob because they don't need to. They sit in the middle of your connection to the FFXIV server and let you do the work of logging in. Once login is completed, they take over the connection entirely and cut you out. If they do this for a session where you are managing your SE account, they could remove your security token from your profile and change your password.

it's possible, but not from china, and they're the ones that are aiming at your account. And they can't remove your token without you having to enter the token numbers twice, once you're in account maintenance page.

Edited, Sep 10th 2013 12:51pm by PocketHockey


Don't be naive. An attack can come from anywhere at anytime. Byfocusing on and pointing a figure at a specific demographic or country simply blinds you to something happening right under your nose.
#16 Sep 10 2013 at 11:04 AM Rating: Default
*
249 posts
If these fools stopped buying gil theyd still have accounts
Reply To Thread

Colors Smileys Quote OriginalQuote Checked Help

 

Recent Visitors: 72 All times are in CST
Seriha, Anonymous Guests (71)