Alternative to Gold Card?

e-lite · Aug 19, 2015

Hello people!

I have had the gold card and reader ever since they first came out. I think My first card has number 250 or something. Anyhow, I was wondering if you guys know if there's any alternative authentication devices? Like mobile authenticator app, one time code through SMS or any other better solution to drag around the card and the reader?

Thanks!

Hypnotyk · Aug 19, 2015

e-lite said:
Hello people!

I have had the gold card and reader ever since they first came out. I think My first card has number 250 or something. Anyhow, I was wondering if you guys know if there's any alternative authentication devices? Like mobile authenticator app, one time code through SMS or any other better solution to drag around the card and the reader?

Thanks!

this has been asked for so many times, but no luck in getting it done. I would love an app too, but seems theo nly mobile app that matters is compet at the moment to MA

NeutrinoX · Aug 19, 2015

There's no excuse for MA not to provide 2FA in the form of a less "secure" OTP token for Google Authenticator when most sites worth their salt are doing it already. If they want to stick with the gold card, yeah sure, but at least make it an option for those who don't want to carry around a fiddly reader and a card and want at least a modicum of extra security.

Mega · Aug 19, 2015

I'd just like to make 2 points:

Not everyone has or wants a SmartPhone
Drag is hardly the word I'd use for carrying a credit card sized object and a USB memory stick sized object.

Now if it was this size:

I'd agree with you!

No one with a GC has ever been hacked, so why fix something that isn't broken?

Hypnotyk · Aug 19, 2015

Mega said:
I'd just like to make 2 points:

Not everyone has or wants a SmartPhone

Drag is hardly the word I'd use for carrying a credit card sized object and a USB memory stick sized object.

Now if it was this size:

I'd agree with you!

No one with a GC has ever been hacked, so why fix something that isn't broken?

It's not fixing anything, it's supplementing. I 100% agree with you that GC's work great, but they are not something that everyone wants to use. All we'd like is another option to be at least a bit more secure than no GC, and that would be via an authenticator app. Google has one that MA can integrate for us to use, and that would give players 3 options, Gold card, Authenticator app, or neither.

Mega · Aug 19, 2015

Hypnotyk said:
It's not fixing anything, it's supplementing. I 100% agree with you that GC's work great, but they are not something that everyone wants to use. All we'd like is another option to be at least a bit more secure than no GC, and that would be via an authenticator app. Google has one that MA can integrate for us to use, and that would give players 3 options, Gold card, Authenticator app, or neither.

Yes I understand the "more options is better" argument, and I'm not completely opposed to it as long as I dont HAVE to use an app.

As any programmer will know, adding extra "ways in" adds the potential for compromise, and Sony has been hacked (at least twice) and only today on the news we have this:

http://techcrunch.com/2015/08/19/ashley-madison-data-dumped/

I think a Gold Card and reader (which combined is smaller than any smartphone) is not a suitcase sized object to put in your pocket if you want to play at a friends house, and if you forget to bring it with you then play Trivial Pursuit, Monopoly or Mouse Trap instead!

Hypnotyk · Aug 19, 2015

Mega said:
Yes I understand the "more options is better" argument, and I'm not completely opposed to it as long as I dont HAVE to use an app.

As any programmer will know, adding extra "ways in" adds the potential for compromise, and Sony has been hacked (at least twice) and only today on the news we have this:

http://techcrunch.com/2015/08/19/ashley-madison-data-dumped/

I think a Gold Card and reader (which combined is smaller than any smartphone) is not a suitcase sized object to put in your pocket if you want to play at a friends house, and if you forget to bring it with you then play Trivial Pursuit, Monopoly or Mouse Trap instead!

I agree with you that I wouldn't want the authenticator app to replace GC's, or have the authenticator to be forced onto all players. Just want another option for more security. Just like you said that not everyone has/wants a smartphone, not everyone has/wants a gold card.

Mega · Aug 19, 2015

The day I need an App to login is the day I quit (erm, but how do I login to sell my stuff?

)

If you think MA are going to let some pay for Gold Cards for increased security, and others use an App for free, well....

JohnCapital · Aug 19, 2015

The more login options, the more places you can be hacked.

More doors = more convenient = Less safe

Hypnotyk · Aug 19, 2015

Mega said:
The day I need an App to login is the day I quit (erm, but how do I login to sell my stuff? )

If you think MA are going to let some pay for Gold Cards for increased security, and others use an App for free, well....

LOL true! What was I thinking.. :hammer:

SpikeBlack · Aug 20, 2015

We doing this again? It's been discussed several times before.

You could do it by having a code sent to your email or phone to be typed in but they can get delayed and if your email has been compromised...

Hypnotyk · Aug 20, 2015

SpikeBlack said:
We doing this again? It's been discussed several times before.

You could do it by having a code sent to your email or phone to be typed in but they can get delayed and if your email has been compromised...

Are you saying this exists already or is this an idea for another solution?

NeutrinoX · Aug 20, 2015

SpikeBlack said:
We doing this again? It's been discussed several times before.

You could do it by having a code sent to your email or phone to be typed in but they can get delayed and if your email has been compromised...

Yes, and?

If your email has been already compromised, you're pretty much screwed anyway. I just don't get why having an alternative is better than no alternative. If people want to keep using their Gold Cards, that's fine! They're pretty damn hard to compromise, I recognize that. The cynical in me wants to believe they'd rather make people pay for the GC and deal with all the support cases from compromised accounts for those who don't have one, but even companies such as Square-Enix and Blizzard which eventually started out with dedicated devices for 2FA, much like our own GC+Reader, eventually also gave the choice of using an app. Why? Because it's a cheap way to increase account security and wash their hands whenever some idiot gets "hacked".

Right now my EU account's security is lower than I'd want it to be because I don't have any other means to have two-factor authentication and I'm unwilling to use a dedicated device that, mind you, can also break or fail at any time. I have enabled 2FA in pretty much every service that supports it (GMail, Dropbox, bank account, any cryptocurrency exchange worth their salt...) and I'm doing fine, this is an industry standard by now. MindArk is no longer so special for having "bank account-like" security measures for their accounts.

If my phone breaks or gets lost/stolen, I still have the means to restore access because you can make paper backups of any secret tokens you push in Google Authenticator/Authy/Any similar proprietary app. If my hypothetical GC gets lost or stolen, I've got some grueling moments with support if I wanted to have access to my account once again.

Hypnotyk · Aug 20, 2015

NeutrinoX said:
Yes, and? If your email has been already compromised, you're pretty much screwed anyway. I just don't get why having an alternative is better than no alternative. If people want to keep using their Gold Cards, that's fine! They're pretty damn hard to compromise, I recognize that. The cynical in me wants to believe they'd rather make people pay for the GC and deal with all the support cases from compromised accounts for those who don't have one, but even companies such as Square-Enix and Blizzard which eventually started out with dedicated devices for 2FA, much like our own GC+Reader, eventually also gave the choice of using an app. Why? Because it's a cheap way to increase account security and wash their hands whenever some idiot gets "hacked".

Right now my EU account's security is lower than I'd want it to be because I don't have any other means to have two-factor authentication and I'm unwilling to use a dedicated device that, mind you, can also break or fail at any time. I have enabled 2FA in pretty much every service that supports it (GMail, Dropbox, bank account, any cryptocurrency exchange worth their salt...) and I'm doing fine, this is an industry standard by now. MindArk is no longer so special for having "bank account-like" security measures for their accounts.

If my phone breaks or gets lost/stolen, I still have the means to restore access because you can make paper backups of any secret tokens you push in Google Authenticator/Authy/Any similar proprietary app. If my hypothetical GC gets lost or stolen, I've got some grueling moments with support if I wanted to have access to my account once again.

This should be the automatic reply to anyone who objects against an authentication app. Well said, +rep

K-Max · Aug 20, 2015

You could have a chip that's powered by biorythmic pulses implanted in your forehead. As you get EU anxiety during your login and password entry portion the chip will be fully charged with all those new biorythmes then all you need to do is when it asks for you private key is :duh:

number sent wirelessly to your computer and your ready to play.

The need to lug around that extremely heavy reader and that way to convenient card in your wallet is over.

Edit: This is just sarcastic joke but yeah a 2nd method involving SMS to those that want to utilize it now and then would be a good idea. For times when the reader battery dies, you accidentally misplace your card or reader etc. note 500PED surcharges may apply....

e-lite · Aug 21, 2015

JohnCapital said:
The more login options, the more places you can be hacked.

More doors = more convenient = Less safe

Well, the gold card and card reader isn't really the most secure option anyway. The reader itself is not unique, so I can use any card reader I want (I can use your card with my reader), and the card is pretty easy to copy as it's key is stored in clear text on the card. A google authenticator alternative on your smartphone would be much more secure.

The Jetman · Aug 21, 2015

i wouldn't mind an app, its not a major factor for me as i have a GC but there is times i would have logged in my account at work but i'm unable as i never take my GC out.

however my biggest concern if it is an app it'll be android only or as people are saying google authenticator, this due to google been the way they are, refuse to create apps for windows phone so no authenticator (havn't tested authenticator via WP emulation)..... and no i won't change to android, im happy with WP10 and its far away from google.
However MS have a authenticator, and i assume apple do, so it could be made compatible with all of them

The 2FA by text isn't a bad idea and i think should be an option, plus also a log in history, showing IP, Location and times of past 20-30 logins

SpikeBlack · Aug 21, 2015

I think the MS one does work with android, they make enough money out of it (more than windows phone) so it makes sense to support it.

They have two - Microsoft Account and Azure Authenticator but their designed for their systems not as a generic. You can set up a Microsoft account using any email address so it might be possible provided we link the same one our accounts are registered with.

http://www.cnet.com/uk/how-to/how-to-use-two-step-verification-with-your-microsoft-account/

according to that post you can use multiple 2fa systems with a MS account so provided you're willing to hand over your details to MS then it's possible on almost any platform.

The Jetman · Aug 21, 2015

SpikeBlack said:
I think the MS one does work with android, they make enough money out of it (more than windows phone) so it makes sense to support it.

They have two - Microsoft Account and Azure Authenticator but their designed for their systems not as a generic. You can set up a Microsoft account using any email address so it might be possible provided we link the same one our accounts are registered with.

http://www.cnet.com/uk/how-to/how-to-use-two-step-verification-with-your-microsoft-account/

according to that post you can use multiple 2fa systems with a MS account so provided you're willing to hand over your details to MS then it's possible on almost any platform.

i think the MS do work yea, but sadly google havn't returned the favor. so if MA do go down the line of app authenticators, they should they to make sure its compatiable with all phones (however once WP can run android apps, its may not matter)

Alternative to Gold Card?

Moderator

Elite

Old Alpha

Chaotic Good

Elite

Chaotic Good

Elite

Chaotic Good

Slayer

Elite

Elite

Elite

Old Alpha

Elite

Stalker

Moderator

Prowler

Elite

Prowler