jump to navigation

Comments»

1. Mark - July 12, 2011

They won’t be compatible. Using the serial number on the back of your Blizzard authenticator, Blizzard is able to determine what number will be displayed on your authenticator at any given point in time. The same is (or will be) true for SOE and the SOE authenticators. Each company that contracts with Vasco has their own key. Otherwise, any Vasco customer would be able to hack into any other Vasco customer’s database knowing only the serial number of an authenticator. That would make an authenticator only as secure as a password.

Like

2. Wilhelm Arcturus - July 12, 2011

I agree that they will likely not be compatible. But Vasco sells Digipass GO 6 units over the counter and in multi-packs at something like a retail level, so I would guess that they offer some low cost service that is less secure, though such units might need to be individually registered with a given security installation.

Like

3. Wilhelm Arcturus - July 12, 2011

And, of course, it is nice to get a definitive answer from the source on these things. My thanks to Will at VASCO for the note!

Like

4. Yarr - July 13, 2011

If ‘Will at VASCO’ is reading the comments, he might want to have his sales people call on NCSoft and remind them what happened at SOE, especially considering how NCSoft has a bad rep with accounts being hacked. I know I’d buy one for $10 if it protected GW (and GW2), Aion, and the rest of their games.

Like

5. Angry Gamer - July 13, 2011

“It sure would be nice if I could use just one authenticator across multiple games. ”

What a great idea!

Just one Authentication Site for the entire online game industry.

Think of it! One stop shop for any cyber criminal to: target with direct attacks, spear-phish, push a bot run DDOS against, test zero day attacks on.

Background-
The (GOOD) reason why you can’t use tokens across auth servers right now is due to the site dependent seeds. It get’s a bit techy but to create a trust web you need a root Cert authority. That root essentially needs to self certify this root then issues certs to tokens, SSL, email etc. This is why you cant cross this boundary. [but as a bonus a breach at one customer does not mean ALL tokens are now insecure]

In the wake of the RSA break-in read here (http://www.nytimes.com/2011/06/08/business/08security.html?pagewanted=all)

The actual target of this breach WAS the salts or root cert info that made each site secure to itself. The hackers (obviously state sponsored) wanted to get the root info to attack other big RSA token users [the defense contractor Lockheed being one – you know the company that builds our two Steal Fighters… hmmm wonder who would want to hack them… eh probably NOT the same place that has all the gold “farmers” after all hacking Wow is different right?… wait a minute Wow uses PC clients and offices uses PCs ah well just a coincidence] read here – http://www.infoworld.com/t/hacking/lockheed-hack-should-put-the-us-high-alert-329

Sigh I guess those hackers just needed help on their new toy – http://www.bbc.co.uk/news/world-asia-pacific-12266973

FYI this is a statement below that is either naive or NOT a credible security authority —
“As an avid gamer and a lover of security, the ability for one device to be used across multiple providers is something that I am strongly advising for and hopefully is something we will see soon.”

This is just absurd given the RSA break in. NEVER EVER believe anyone who espouses security through single points of failure and single points of trust.

Like

6. MMO Security « The Running Gamer - July 14, 2011

[…] was reading this blog post over at The Ancient Gaming Noob the other day, and he said something that stuck with me: “And […]

Like


Voice your opinion... but be nice about it...

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: