Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Quick Links
One time password authenticator
JakeSim
Member RarePosts: 884
Lets say someone has your account info. Password and sq and answer. Does this still help to prevent your account from being hacked? How so?
Comments
Unsure but would assume:
You need the token to disable or a phone call to SE.
You can only activate one authenticator per account.
As far as I am concerned, aslong as you write down and keep your disable authenticator password safe, it's nigh impossible for anyone to take over your account.
You shouldn't have written in your disable authenticator password on any website yet, neither will you do so until you decide to disable your authenticator for whatever reason.
You are as safe as you possibly can be in this situation, really.
It's impossible for someone to get ahold of or change your authenticator by stealing your e-mail.
Unless your disable authenticator password is in your e-mail somewhere, something it should not be.
The people and the friends that we have lost, and the dreams that have faded, never forget them~
Really, don't do this, obviously.
Though, you can give out your e-mail address, e-mail password, and login e-mail / username plus password to FFXIV to anyone.
They will NOT, I repeat, NOT be able to access your FFXIV account, neither on the web or in-game.
Aslong as you have an authenticator on the account and the disable authenticator password / code only written down physically in your own home.
It's that simple really.
You can't change, or take off an authenticator without the password you were given, to do so.
It's impossible to login to either the website for account management or game, as it will ask for your one time authenticator code each and every time you try to log into either.
World of Warcraft let's you choose that it only asks you once in a while for the authenticator code.
Through that system it checks your IP address everytime you login, if the IP is wrong, it asks for your one time authenticator code again.
I have it turned off in WoW just for safe though, as I want to be asked for the authenticator code each and every time I log into WoW.
This is as safe as it's going to get in the foreseeable future at least.
The people and the friends that we have lost, and the dreams that have faded, never forget them~
To amplify what Robert_S4 already answered:
(a) They can have your email and password, but if they don't have your physical authenticator (either the keyfob or the phone), they cannot log into the game, and they cannot log into your service account (Mog Station). The authenticator code will change about once per minute, and they do not cycle/repeat. Without the device in front of you, it's ~nearly~ impossible (nothing is 100% fullproof, they could get lucky, but you have the same odds of winning Powerball) to hack the one-time password.
(b) If you have an authenticator attached to your account, it can only be removed/changed if you either have the authenticator in hand, or have the Emergency Unlock password (which is only shown once, so write it down and keep it safe).
(c) You remove and re-register the mobile app as many times as you want, you will get a new Emergency Unlock password each time. The physical keyfob you can only register once, never gets an Emergency Unlock password (you must call customer service with the serial number printed on the fob if it breaks/gets lost - so write that down someplace safe), and once you unlink it it becomes useless and cannot be reused.
Thanks guys. I'm an OCD worrywart so I have a couple more questions.
does it matter if I've used my apple Id on another device before that is not my own? I believe I'm logged out but if they have my account info for my apple ID and download the authenticator would it work?
would it work for hotmail as well with the same scenario? I use an authenticator for that too now.
if I uninstall my google authenticator and take it off my account, would it make a difference to the codes that it produces? Like say of someone has the same authenticator under the same apple ID then I reregister it...would it be valid for them anyone?
Bump for above
The authenticator has a unique "seed", which is made up of various semi-random sources. That means that the same authenticator software running on your iPhone will have a different seed than the same software running on your iPad, than the same software running on your iPod. Each of them would generate different numbers. Since you can only have one device linked to your S/E account, just having your Apple ID does nothing for them as far as the S/E authenticator goes (aside from the obvious security ramifications with Apple).
You can't link the authenticator running on your iPhone, and then try to use numbers generated on your iPad, or someone else's phone running under your Apple ID. It's linked to the specific piece of hardware you use when you go through the linking process with S/E.
So with that in mind - it doesn't care what your Apple ID is, or hotmail or google or anything else, because the software running on that particular piece of hardware is what is linked to your account. They need your particular phone, not just your Apple ID or whatever else.