| 
	
		| 
				
					| Pages: 1 [2] 3   |  |  |  
	
		|  Author | Topic: Blizzard introducing security dongle  (Read 25341 times) |  
	| 
			| 
					
						| Salamok 
								Terracotta Army 
								Posts: 2803
								
								 | 
 favpassword+number of the current month |  
						|  |  |  |  | 
			| 
					
						| Bzalthek 
								Terracotta Army 
								Posts: 3110
								
								"Use the Soy Sauce, Luke!" WHOM, ZASH, CLISH CLASH! "Umeboshi Kenobi!! NOOO!!!" | 
 I would use phrases, but as acronyms.  (FmdIdgad = Frankly my dear, I don't give a damn) and append one of several numbers I prefer depending on the system the password is for. |  
						| 
 "Pity hurricanes aren't actually caused by gays; I would take a shot in the mouth right now if it meant wiping out these chucklefucks." ~WayAbvPar |  |  |  | 
			| 
					
						| Oban 
								Terracotta Army 
								Posts: 4662
								
								 | 
 I would use phrases, but as acronyms.  (FmdIdgad = Frankly my dear, I don't give a damn) and append one of several numbers I prefer depending on the system the password is for.
 I am selling a level 70 full T6 blood elf mage account I just cracked for 700 dollars.  Armory data is Bzalthek on Destromath. |  
						| 
 Palin 2012 : Let's go out with a bang! |  |  |  | 
			| 
					
						| Typhon 
								Terracotta Army 
								Posts: 2493
								
								 | 
 I just changed jobs, went indpendent, had to get my own laptop which came with a finger print reader.  I already can't remember how I ever lived without it.  I <3 Biometrics! |  
						|  |  |  |  | 
			| 
					
						| Murgos 
								Terracotta Army 
								Posts: 7474
								
								 | 
 With SCII, DIII and WOW II (c'mon, you know it's in the works) coming this sort of investment in technology makes absolutely perfect sense.
 It might not make that much sense for anyone other than Blizzard though.
 |  
						| 
 "You have all recieved youre last warning. I am in the process of currently tracking all of youre ips and pinging your home adressess. you should not have commencemed a war with me" - Aaron Rayburn |  |  |  | 
			| 
					
						| schild 
								Administrator 
								Posts: 60350
								
								   | 
 It might not make that much sense for anyone other than Blizzard though. Steam. |  
						|  |  |  |  | 
			| 
					
						| UnSub 
								Contributor 
								Posts: 8064
								
								   | 
 It might not make that much sense for anyone other than Blizzard though. Steam.Which is why I wouldn't be surprised if Bnet The Next Gen has a lot more attention put on account security. There'd be a level of free play, but a lot more unlocked by paying a monthly fee or something. With dongle. |  
						| 
 |  |  |  | 
			| 
					
						| Bzalthek 
								Terracotta Army 
								Posts: 3110
								
								"Use the Soy Sauce, Luke!" WHOM, ZASH, CLISH CLASH! "Umeboshi Kenobi!! NOOO!!!" | 
 I would use phrases, but as acronyms.  (FmdIdgad = Frankly my dear, I don't give a damn) and append one of several numbers I prefer depending on the system the password is for.
 I am selling a level 70 full T6 blood elf mage account I just cracked for 700 dollars.  Armory data is Bzalthek on Destromath.Hah, actually Bzalthek is on Lightbringer and is still a 60 Troll Shaman.  The password above, however, hasn't been used since 97 when I maintained the local High School computer servers. |  
						| 
 "Pity hurricanes aren't actually caused by gays; I would take a shot in the mouth right now if it meant wiping out these chucklefucks." ~WayAbvPar |  |  |  | 
			| 
					
						| Jerrith 
								Developers 
								Posts: 145
								
								Trion   | 
 It's a great idea, and the costs are finally getting low enough that it's financially reasonable to do it.  There are also some subtle benefits to it - while not impossible, it makes giving out your account info (to a friend, or a powerleveling service) difficult, resulting in less of that behavior.  There's also some IPs (such as Stargate, which I'm working on) where you could make it fit in really well (the GDO device ).   |  
						|  |  |  |  | 
			| 
					
						| Koyasha 
								Terracotta Army 
								Posts: 1363
								
								 | 
 My question on this would basically be, why NOT a USB dongle?  If we're going to make a physical device the user has to have in order to log in, why not something they just plug into their computer?  Seems a lot more user-friendly.  Having to mess with reading a number off the thing and typing it in is enough to discourage me from wanting to use something like that, since for a game, I use easily memorized passwords, and anything that delays my login, especially if it requires me to interact further (even an unneeded CLICK is annoying) is something I'll avoid. |  
						| 
 -Do you honestly think that we believe ourselves evil? My friend, we seek only good. It's just that our definitions don't quite match.-Ailanreanter, Arcanaloth
 |  |  |  | 
			| 
					
						| Talonus 
								Terracotta ArmyPosts: 23
 
 
 
 | 
 My question on this would basically be, why NOT a USB dongle?  Most likely because the dongles are more prone to breakage than RSA keyfobs. Really, the RSA keyfobs are durable little fuckers; I've left mine in the wash more than a couple times and it always comes out good as new. |  
						|  |  |  |  | 
			| 
					
						| Trippy 
								Administrator 
								Posts: 23657
								
								 | 
 My question on this would basically be, why NOT a USB dongle?  If we're going to make a physical device the user has to have in order to log in, why not something they just plug into their computer?  Seems a lot more user-friendly.  Having to mess with reading a number off the thing and typing it in is enough to discourage me from wanting to use something like that, since for a game, I use easily memorized passwords, and anything that delays my login, especially if it requires me to interact further (even an unneeded CLICK is annoying) is something I'll avoid.
 Ignoring the endless support issues with dongle drivers (heh) they are fine if you only use one computer and never have to move it. If you are in a situation like in China where people play in Internet cafes, it becomes a big big problem putting them in all the time (especially if the case doesn't have front USB ports), leaving them behind, mixing them up with other people's etc. Edit: They are also potentially hackable in the same way that dongles used as copy protection can be bypassed if you can hack the code that makes the check. |  
						| 
								|  |  
								| « Last Edit: June 28, 2008, 01:39:20 PM by Trippy » |  | 
 |  |  |  | 
			| 
					
						| fuser 
								Terracotta Army 
								Posts: 1572
								
								 | 
 My question on this would basically be, why NOT a USB dongle?  If we're going to make a physical device the user has to have in order to log in, why not something they just plug into their computer?  Seems a lot more user-friendly.  Having to mess with reading a number off the thing and typing it in is enough to discourage me from wanting to use something like that, since for a game, I use easily memorized passwords, and anything that delays my login, especially if it requires me to interact further (even an unneeded CLICK is annoying) is something I'll avoid.
 edit: snipping out stuffy trippy covered... You would also defeat the purpose of the security measure (atleast with blizzard) because someone could still get into your account management page where the device is physically still attached to your computer and turn the device off from your account management. Another hope is something like OpenID  gaining more traction... |  
						| 
								|  |  
								| « Last Edit: June 28, 2008, 05:10:39 PM by fuser » |  | 
 |  |  |  | 
			| 
					
						| Kitsune 
								Terracotta Army 
								Posts: 2406
								
								 | 
 My password advice for users is to pick a mnemonic system that they can remember, fit a theme to the mnemonic system that lets them associate common words to the place they're logging into, then l33t up the words with letter substitution for numbers and symbols and tack an arbitrary number on there for good measure.  Just as an off the cuff example, basing the mnemonic off of the number of characters in the name, and associating that with the name of a month.  F13 has three characters, so M4rch2008.  Paypal has six, so Jun32008.  If you ran across something with more than twelve characters, you'd need to improvise somehow, but otherwise it should be pretty solid.  By keeping a whole suite of passwords in your brain, even if one password gets found out somehow, whoever has that one password doesn't have the key to everything, unless they can guess the pattern you used to make the passwords. |  
						|  |  |  |  | 
			| 
					
						| Lantyssa 
								Terracotta Army 
								Posts: 20848
								
								 | 
 I just changed jobs, went indpendent, had to get my own laptop which came with a finger print reader.  I already can't remember how I ever lived without it.  I <3 Biometrics!
 They're neat until you have fingerprints the readers can't decipher. |  
						| 
 Hahahaha!  I'm really good at this! |  |  |  | 
			| 
					
						| Oban 
								Terracotta Army 
								Posts: 4662
								
								 | 
 Knife beats fingerprint reader every time. |  
						| 
 Palin 2012 : Let's go out with a bang! |  |  |  | 
			| 
					
						| Selby 
								Terracotta Army 
								Posts: 2963
								
								 | 
 They're neat until you have fingerprints the readers can't decipher.
 Yeah, electrical burns really mess with your fingerprints over time.  The bigwigs at work have fingerprint readers on their laptops, but us peons get the same laptop with the software for the reader removed "as a security measure." I've used dongles and parallel port readers for years on CAD and FEA software.  I hate using it for them and I'd hate to use it for a game.  An RFID similar to keyless entry in a car would be nifty though.  No more plugging in devices, just have the device within 2 feet of the computer. |  
						|  |  |  |  | 
			| 
					
						| Lantyssa 
								Terracotta Army 
								Posts: 20848
								
								 | 
 Yeah, electrical burns really mess with your fingerprints over time.  The bigwigs at work have fingerprint readers on their laptops, but us peons get the same laptop with the software for the reader removed "as a security measure."
 There are plenty of reasons.  Apparently I naturally have really thin skin that makes it hard to get a fingerprint or use an electronic reader.  The FBI rejected my card three times for a routine check until I had an officer take thirty minutes to get my prints and write a letter that it was the best they would ever get. |  
						| 
 Hahahaha!  I'm really good at this! |  |  |  | 
			| 
					
						| Selby 
								Terracotta Army 
								Posts: 2963
								
								 | 
 There are plenty of reasons. Of course there are =P  I just tend to burn\damage the tips of my fingers regularly which causes them to change a bit as the scar tissue moves around.  Which is why I don't necessarily like cheap finger print readers - which we shouldn't kid ourselves, the ones available for low prices are very cheap readers. |  
						|  |  |  |  | 
			| 
					
						| Trippy 
								Administrator 
								Posts: 23657
								
								 | 
 My aunt is a serious Mahjong player. They don't even bother to look at their tiles -- they just use their thumbs to feel the patterns braille-style. Because of that her thumb prints are so worn down they couldn't get a good print of them when she went to get a driver's license.
 |  
						|  |  |  |  | 
			| 
					
						| Pendan 
								Terracotta ArmyPosts: 246
 
 
 
 | 
 Tobold reports that the Paris Blizzard show over the weekend sold out of the dongles on first day. |  
						|  |  |  |  | 
			| 
					
						| schild 
								Administrator 
								Posts: 60350
								
								   | 
 That means absolutely nothing, Pendan. They would've sold out of MOCK id tags for it simply because it's piece to add to the blizzard collection. Analyzing any sort of success from any sort of sales at WWI is a fallacy. |  
						|  |  |  |  | 
			| 
					
						| Merusk 
								Terracotta Army 
								Posts: 27449
								
								Badge Whore | 
 I hear the self-castration kit only sold 3/4 of the units.   |  
						| 
 The past cannot be changed. The future is yet within your power. |  |  |  | 
			| 
					
						| schild 
								Administrator 
								Posts: 60350
								
								   | 
 If they slold self-castration kits, they'd already be fetching thousands on ebay. |  
						|  |  |  |  | 
			| 
					
						| Oban 
								Terracotta Army 
								Posts: 4662
								
								 | 
 If they slold self-castration kits, they'd already be fetching thousands on ebay.
 Aw god, they really do sell those on eBay. |  
						| 
 Palin 2012 : Let's go out with a bang! |  |  |  | 
			| 
					
						| Furiously 
								Terracotta Army 
								Posts: 7199
								
								   | 
 No one watched the Mythbusters show on fingerprint readers? 
 
 |  
						| 
 |  |  |  | 
			| 
					
						| Oban 
								Terracotta Army 
								Posts: 4662
								
								 | 
 No one watched the Mythbusters show on fingerprint readers? 
 
 
 Hey, not everyone has access to jello and/or a photocopier. |  
						| 
 Palin 2012 : Let's go out with a bang! |  |  |  | 
			| 
					
						| Salamok 
								Terracotta Army 
								Posts: 2803
								
								 | 
 No one watched the Mythbusters show on fingerprint readers? 
 
 
 the gummy bear attack FTW!  Actually I dodn't catch that mythbusters episode and am not sure if they even covered the gummy bear attack but it still rocks. |  
						|  |  |  |  | 
			| 
					
						| UnSub 
								Contributor 
								Posts: 8064
								
								   | 
 If they slold self-castration kits, they'd already be fetching thousands on ebay.
 If they sold Diablo 3 self-castration kits that went PING when the 'loot' dropped, schild would already have one.  |  
						| 
 |  |  |  | 
			| 
					
						| Ubvman 
								Terracotta Army 
								Posts: 182
								
								 | 
 I'm waiting for the first news report of somebody being beaten up/robbed for one of those things.  It's sort of like the rise in carjackings because of the use of encoded car keys. It used to be people would break into the cars when nobody was around to steal them. Now they steal them at gunpoint when the driver is still in it. Key-logging and hacking is a lot easier to get away with than outright theft or mugging. Robbery is a traditional crime that the police understands; the thief takes a lot of risk doing this since its a lot harder to get away with it. Chances are higher getting caught or getting roughed up if things go wrong, compared to white collar computer crimes (different breed of criminals altogether IMO). Once they are committed to stealing physical stuff - there are far better things to take from you - wallet, purse, cash, credit cards, watches etc. etc. than an esoteric dongle. BYTW, anyone have a picture of the WoW security device? Its got to attach to a USB port.  New computers do not come with  parallel or serial ports anymore. I had a world of trouble fixing my old pre-USB HP laser printer to my new computer.  |  
						|  |  |  |  | 
			| 
					
						| Trippy 
								Administrator 
								Posts: 23657
								
								 | 
 BYTW, anyone have a picture of the WoW security device? Its got to attach to a USB port.
 No it does not. |  
						|  |  |  |  | 
			| 
					
						| Oban 
								Terracotta Army 
								Posts: 4662
								
								 | 
 Right angle image:  and an image to the left:  |  
						| 
								|  |  
								| « Last Edit: July 01, 2008, 01:09:35 AM by Oban » |  | 
 
 Palin 2012 : Let's go out with a bang! |  |  |  | 
			| 
					
						| Trippy 
								Administrator 
								Posts: 23657
								
								 | 
 As a side note that button is actually an interesting security feature. The original SecurID device just had an "always on" display with the numbers changing on a regular basis. This had the advantage of allowing for a totally "sealed" enclosure. I'm guessing Blizzard went with a button to prevent people from stealing codes off the devices in a "public" setting. E.g. the user forgets to put the fob back in his pocket/backpack so it's sitting on the table and somebody nearby can steal the latest code off of it and if they know that person's account info they could steal the account still.
 |  
						|  |  |  |  | 
			| 
					
						| bhodi 
								Moderator 
								Posts: 6817
								
								No lie. | 
 And the downside is if you drop it in the toilet or sink by accident, it no longer works.
 My Aladdin token has a button, as well. I assume it also helps to save energy, they probably don't go dead after 2-3 years like the securid ones do.
 |  
						|  |  |  |  | 
			| 
					
						| Tale 
								Terracotta Army 
								Posts: 8567
								
								sıɥʇ ǝʞıן sʞןɐʇ | 
 The original SecurID device
 This reminds me, I killed two SecurIDs in a week once. All I did was put them on my keyring (nothing special, just a standard metal keyring). SecurID #1 Lived on a clip on my laptop bag. Taken off occasionally to read number. Decided one day that I wanted it on my keyring instead. Three days later it blanked out. SecurID #2 Replacement for #1. Put it on my keyring right away. Three days later it blanked out. SecurID #3 Lives on a clip on my laptop bag. Never on my keyring. Using it to this day. |  
						|  |  |  |  |  |  
	
		| 
				
					| Pages: 1 [2] 3   |   |  |  
	
 
  |