Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links

One time password authenticator

JakeSimJakeSim Member RarePosts: 884
in Final Fantasy XIV
Lets say someone has your account info. Password and sq and answer. Does this still help to prevent your account from being hacked? How so?
Please come check out my stream. All the love is appreciated! 

TWITCH: @JakeSimTV

Comments

  • TwoThreeFourTwoThreeFour Member UncommonPosts: 2,155
    It helps as long as it is impossible to inactivate a security token once you've already activated it, which I hope is the case. 
  • xpsyncxpsync Member EpicPosts: 1,854

    Unsure but would assume:

     

    You need the token to disable or a phone call to SE.

    My faith is my shield! - Turalyon 2022

    Your legend ends here and now! - (Battles Won Long Ago)

    Currently Playing; Dragonflight and SWG:L
  • Kayo45Kayo45 Member Posts: 293
    OTP has a unique password (youre supposed to create) to disable it ... if they have that too youre screwed. You wouldnt type that password everyday so they shouldnt have it.
  • JakeSimJakeSim Member RarePosts: 884
    Alright, what about if they know my email as well? Cause I'm just curious as I have all my answers on one sheet of paper.
    Please come check out my stream. All the love is appreciated! 

    TWITCH: @JakeSimTV
  • JakeSimJakeSim Member RarePosts: 884
    Also, I just added an authenticator on my account. But if they have access to my email too, could they somehow put the authenticator on their device or something as well?
    Please come check out my stream. All the love is appreciated! 

    TWITCH: @JakeSimTV
  • JakeSimJakeSim Member RarePosts: 884
    Sorry, if I need to, can I register for a new authenticator on the same device with a different emergency password?
    Please come check out my stream. All the love is appreciated! 

    TWITCH: @JakeSimTV
  • JakeSimJakeSim Member RarePosts: 884

    Originally posted by Tidel
    Alright, what about if they know my email as well? Cause I'm just curious as I have all my answers on one sheet of paper.

    Originally posted by Tidel
    Also, I just added an authenticator on my account. But if they have access to my email too, could they somehow put the authenticator on their device or something as well?

    Originally posted by Tidel
    Sorry, if I need to, can I register for a new authenticator on the same device with a different emergency password?

    Bump for the above 3.

     

    Please come check out my stream. All the love is appreciated! 

    TWITCH: @JakeSimTV
  • Robert_S4Robert_S4 Member Posts: 142
    Originally posted by Tidel

    Originally posted by Tidel
    Alright, what about if they know my email as well? Cause I'm just curious as I have all my answers on one sheet of paper.

    Originally posted by Tidel
    Also, I just added an authenticator on my account. But if they have access to my email too, could they somehow put the authenticator on their device or something as well?

    Originally posted by Tidel
    Sorry, if I need to, can I register for a new authenticator on the same device with a different emergency password?

    Bump for the above 3.

     

    You can only activate one authenticator per account.

    As far as I am concerned, aslong as you write down and keep your disable authenticator password safe, it's nigh impossible for anyone to take over your account.

    You shouldn't have written in your disable authenticator password on any website yet, neither will you do so until you decide to disable your authenticator for whatever reason.

    You are as safe as you possibly can be in this situation, really.

    It's impossible for someone to get ahold of or change your authenticator by stealing your e-mail.

    Unless your disable authenticator password is in your e-mail somewhere, something it should not be.

    The people and the friends that we have lost, and the dreams that have faded, never forget them~

  • Robert_S4Robert_S4 Member Posts: 142

    Really, don't do this, obviously.

    Though, you can give out your e-mail address, e-mail password, and login e-mail / username plus password to FFXIV to anyone.

    They will NOT, I repeat, NOT be able to access your FFXIV account, neither on the web or in-game.

    Aslong as you have an authenticator on the account and the disable authenticator password / code only written down physically in your own home.

    It's that simple really.

     

    You can't change, or take off an authenticator without the password you were given, to do so.

    It's impossible to login to either the website for account management or game, as it will ask for your one time authenticator code each and every time you try to log into either.

    World of Warcraft let's you choose that it only asks you once in a while for the authenticator code.

    Through that system it checks your IP address everytime you login, if the IP is wrong, it asks for your one time authenticator code again.

    I have it turned off in WoW just for safe though, as I want to be asked for the authenticator code each and every time I log into WoW.

     

    This is as safe as it's going to get in the foreseeable future at least.

     

    The people and the friends that we have lost, and the dreams that have faded, never forget them~

  • RidelynnRidelynn Member EpicPosts: 7,383

    Originally posted by Tidel
    Originally posted by Tidel Alright, what about if they know my email as well? Cause I'm just curious as I have all my answers on one sheet of paper.

    Originally posted by Tidel Also, I just added an authenticator on my account. But if they have access to my email too, could they somehow put the authenticator on their device or something as well?

    Originally posted by Tidel Sorry, if I need to, can I register for a new authenticator on the same device with a different emergency password?
    Bump for the above 3. 

    To amplify what Robert_S4 already answered:

    (a) They can have your email and password, but if they don't have your physical authenticator (either the keyfob or the phone), they cannot log into the game, and they cannot log into your service account (Mog Station). The authenticator code will change about once per minute, and they do not cycle/repeat. Without the device in front of you, it's ~nearly~ impossible (nothing is 100% fullproof, they could get lucky, but you have the same odds of winning Powerball) to hack the one-time password.

    (b) If you have an authenticator attached to your account, it can only be removed/changed if you either have the authenticator in hand, or have the Emergency Unlock password (which is only shown once, so write it down and keep it safe).

    (c) You remove and re-register the mobile app as many times as you want, you will get a new Emergency Unlock password each time. The physical keyfob you can only register once, never gets an Emergency Unlock password (you must call customer service with the serial number printed on the fob if it breaks/gets lost - so write that down someplace safe), and once you unlink it it becomes useless and cannot be reused.

  • JakeSimJakeSim Member RarePosts: 884

    Thanks guys. I'm an OCD worrywart so I have a couple more questions.

     

    does it matter if I've used my apple Id on another device before that is not my own? I believe I'm logged out but if they have my account info for my apple ID and download the authenticator would it work?

     

    would it work for hotmail as well with the same scenario? I use an authenticator for that too now.

     

    if I uninstall my google authenticator and take it off my account, would it make a difference to the codes that it produces? Like say of someone has the same authenticator under the same apple ID then I reregister it...would it be valid for them anyone?

    Please come check out my stream. All the love is appreciated! 

    TWITCH: @JakeSimTV
  • JakeSimJakeSim Member RarePosts: 884

    Bump for above

     

    Please come check out my stream. All the love is appreciated! 

    TWITCH: @JakeSimTV
  • RidelynnRidelynn Member EpicPosts: 7,383

    Originally posted by Tidel
    Thanks guys. I'm an OCD worrywart so I have a couple more questions.does it matter if I've used my apple Id on another device before that is not my own? I believe I'm logged out but if they have my account info for my apple ID and download the authenticator would it work?would it work for hotmail as well with the same scenario? I use an authenticator for that too now.if I uninstall my google authenticator and take it off my account, would it make a difference to the codes that it produces? Like say of someone has the same authenticator under the same apple ID then I reregister it...would it be valid for them anyone?

    The authenticator has a unique "seed", which is made up of various semi-random sources. That means that the same authenticator software running on your iPhone will have a different seed than the same software running on your iPad, than the same software running on your iPod. Each of them would generate different numbers. Since you can only have one device linked to your S/E account, just having your Apple ID does nothing for them as far as the S/E authenticator goes (aside from the obvious security ramifications with Apple).

    You can't link the authenticator running on your iPhone, and then try to use numbers generated on your iPad, or someone else's phone running under your Apple ID. It's linked to the specific piece of hardware you use when you go through the linking process with S/E.

    So with that in mind - it doesn't care what your Apple ID is, or hotmail or google or anything else, because the software running on that particular piece of hardware is what is linked to your account. They need your particular phone, not just your Apple ID or whatever else.

Sign In or Register to comment.