Menu
What's New
By:
Filters

Time for a Gold Card phone App

Few Scars said:
Seriously, most modern people in 2014 have either an Android phone or an iPhone. Most people have data internet access on their phones. An App that generates a unique code to enter when you log in would be near impossible to hack
EG
Username: Joe blogs
Password: eatmy55shorts
App security pin: jb19276

The hacker would have to know your username, password and somehow find a way to generate the same unique codes linked to your account. Seriously even a 4 digit pin would be extra security. The hacker would have to again guess your username and password, then run a script logging 4 digit combinations, but your account would be locked after a few unsuccessful attempts. The option to use a phone App should be there.
Click to expand...

Why do you want the bicycle to be reinvented so much?

As many others said, this solution would be hackable. Especially when most people don't really care about their smartphone's security at all.

If other companies use phone authentiffication apps, why should MA necessarily make one available just because you don't like their system? Why not use simple pin code cards with 30/60/90 printed PIN codes (like a lot of banks also use) to spare hackers some time?

I wonder what would have happened if monkey would have all done the same thing, that one monkey started, and not started to use different tools? Would we be using rocks now? :)
 
What a load of utter Bollocks. First time MA DoS'd some of the player base in 10 years and people complain. Sheesh.

The fact is that there is more security (if requested, no one forces you to use GC) than on the majority of bank accounts.

This claim of a phone app being secure too. If you asked me how many people there are in the world who are capable of hacking a mobile phone app vs the number who can hack a microprocessor such as that found in the GC. I would strongly suspect there are a hell of a lot less of the latter.

Couple this with the fact that mobile phones are on line most of the time where as the GC is inherantly off line I cannot fathom how someone could consider a mobile phone app to be as secure.

Wistrel

PS I love the idea of a phone app that doesn't require batteries! Pray tell where do I get one of these "battery free phones" of which you speak
 
Wistrel said:
PS I love the idea of a phone app that doesn't require batteries! Pray tell where do I get one of these "battery free phones" of which you speak
Click to expand...

Some futuristic movie I suppose :)
 
Thinking about vulnerabilities of a software solution you're looking the wrong way. The theft will happen at very different place.

The main reason some people want an app is because it's more easily obtainable and replaceable than the reader.

Now, do you realize what does that mean? What are the possible steps to get and activate a new copy of the app in case you deleted the app or got a new phone? It's not like it will be sent to your home address the way it's done with GC. Everything will be done online and, in the end, not awfully harder than retrieving your lost password. Or not your password.

You will still need the login and password, but they aren't impossible to obtain (keyloggers, phishing sites, etc), or we wouldn't need an additional layer of protection, right?
 
I think is would be very simple for a evil person to get into your phone.
Just offer a nice app that is helpful for EU and wait until many persons thrust it and install it.

After that goal is reached give out an update with the evil code.
The evil code tries to install itself onto your PC to install a keylogger to get Username and password.

When it gathered enough usernames the next part of the evil code is activated.
That tries to get access to the "Gold card" app and generates some codes and make your phone unuseable.

Now the evil person has enough time to access your account while you can not login because your phone is unusable.
 
Few Scars said:
Seriously, most modern people in 2014 have either an Android phone or an iPhone. Most people have data internet access on their phones. An App that generates a unique code to enter when you log in would be near impossible to hack
EG
Username: Joe blogs
Password: eatmy55shorts
App security pin: jb19276

The hacker would have to know your username, password and somehow find a way to generate the same unique codes linked to your account. Seriously even a 4 digit pin would be extra security. The hacker would have to again guess your username and password, then run a script logging 4 digit combinations, but your account would be locked after a few unsuccessful attempts. The option to use a phone App should be there.
Click to expand...

Or...
they could steal your phone.
 
Guarana said:
Can someone point me in the direction of a "malware Entropia tycoon" app which takes your username, password and GC code and sends it? I guess it's on Android marked. No? No one have made a malware app to Tycoon yet? Even if it's a software mobile phone app which requires all of your login information and GC code. So making a mockup app of this which sends everything you type to me. Should be like ten different ones now right?

Guess when they make the auth app, THEN people will make malware. Yes, quite.
Click to expand...

This is the same attitude that Mac-heads and amateur UNIX gurus have regarding viruses on those platforms.

It's why in the last 3 years Apple has become a favorite target for new viruses, and why I am often consulted to clean up UNIX based servers that have strange 'problems'.

The hacks will happen. Its just a matter of when.
 
Wollongong said:
Or...
they could steal your phone.
Click to expand...

Assuming you aren't storing all your account information on your phone without a lock, then this would essentially do nothing unless the hacker has already compromised your regular username and pw some other way (hacked the database storing all account information [not your phones fault], keylogger on the computer, social engineering, etc)

Has anyone here even used an authentication system through their phone for a game? (I'm thinking of blizzard's app for their games). The code it generates is completely random and works the same way as the gold card app. It's just a matter of convenience. If I go to my cousins house and I want to log in, I have to drag along that stupid card and reader just so I can get a code generated so I can log in. The app can do that for me and alleviate this cumbersome process. Some people will live and die by their GC readers, but there are others who want to ditch that damn thing as soon as possible and move to something of more convenience.
 
Svarog said:
...
What are the possible steps to get and activate a new copy of the app in case you deleted the app or got a new phone?
Click to expand...

Just re-download it, install, and log in? If you lost your phone, I'm guessing you know at least 1 other person who has a smart phone that you can temporarily install the app on, log in, get your stuff sorted, then delete the app from their phone?
 
Hypnotyk said:
Just re-download it, install, and log in? If you lost your phone, I'm guessing you know at least 1 other person who has a smart phone that you can temporarily install the app on, log in, get your stuff sorted, then delete the app from their phone?
Click to expand...

It has to be bound to your account somehow, you can't just install it and expect EU to accept the code. So there should be a procedure on EU site to do that, and it should do doable with only login and password - and once it's there, anyone with your l/p could do it.
 
Few Scars said:
The Gold Card system finally failed, it was only a matter of time. Its time for this game to join other MMOs and have a phone App security system. Most banks use 4 digit pin code Apps to let u access your bank accounts, why is EU so special the game developers cant spend a few hours putting together a iPhone and Android security App for our accounts? Simple, secure and doesn't need batteries.
Can any players design such an App?
Click to expand...

no fucking way,i dont have nor will ever buy an mobile phone
 
Svarog said:
It has to be bound to your account somehow, you can't just install it and expect EU to accept the code. So there should be a procedure on EU site to do that, and it should do doable with only login and password - and once it's there, anyone with your l/p could do it.
Click to expand...

I know you have to log in, I stated it in my previous post. So is your worry that someone will intercept your packages between your mobile phone and server? How is that any different than a keylogger on your computer? You type in your L/P every time you use your GC anyways, the only difference is to generate the code you have a card and reader specifically for your account whereas the app would have the information stored upon the first log in for your account.

Of course they can do it where you have to type in your L/P but if proper procedures are taken to secure your phone (i.e. lock your phone with a code) then it is the same as your computer. I know people aren't as secure with their phones as they should be, but that is their problem and not everyone elses. It's the same thing as connecting to a public wifi on your laptop and having no protection for intruders, but then getting mad that someone stole your personal information that you had stored on your laptop.

I think it is safe to say that the phone app option should be added as another option for GC, and the readers should still be used and available for purchase for others to use if they prefer.
 
Hypnotyk said:
So is your worry that someone will intercept your packages between your mobile phone and server?
Click to expand...

No, I mean a different thing. This code is the last defense in case your login and password are compromised, so let's see what happens if I already have your login and password.

with a card reader: nothing happens. There's totally no way for me to get a code without breaking into your house :)

with an app: I am in the same position as would be you if you'd replaced your phone and just reinstalled the app. You would have to bind the freshly installed app to your account, and the only way to do it would be to login to EU site with the l/p. But I have them too and can do that too! What are other ways for identity verification? A call to MA each time you reinstall the app? Unlikely, but even if so, I can do it. What else? Sending them a notarized scan of ID? Surely not, that would be no better than the current system. So basically once someone get hold of your l/p they automatically get through the last defense, rendering it useless.
 
I dont an electronic way for someone to get into my account. What happens if they opt to download it and use it? I hold onto my Gold Card FOB and for what? So somebody can bypass it? No thank you.
 
There is another option.

Login in once with the GC and then generate a certificate that's locked to your machine and login details. Next time to attempt a login you have the option to use the certificate or use the GC.

Just have it reset once a month or whenever they login with a GC.
 
Last edited:
SpikeBlack said:
There is another option.

Login in once with the GC and then generate a certificate that's locked to your machine and login details. Next time to attempt a login you have the option to use the certificate or use the GC.
Click to expand...

Thats not secure at all, if they own your computer they also own the certificate, and if they login they will do it via your machine.
 
You must log in or register to reply here.
Back
Top