Another tale for the Sony Online Entertainment files.
There is a general rule for online shopping, which is that you should never do it after dark.
The theory is that, at the end of the day, you are tired and more susceptible to making poor or impulsive purchasing decisions. But if you wait until the morning, you will have given yourself enough time to talk yourself out of any bad ideas.
Given my own past after-dark purchasing record, I am afraid I must agree. I have, as one example, a pile of songs on my iPod that I bought of iTunes at 10pm at night in a fit of nostalgia. Then I don’t ever really listen to them again. I keep them on the iPod as a reminder. I have a special play list for that.
Still, that is apparently not reminder enough.
So there I was, at about 9pm on Monday night, tinkering around in EverQuest II. I wanted another peek before my account lapsed.
And while I was there, I decided that maybe I should put an authenticator on my SOE account, just as another layer of protection. I am the guild leader in two guilds. Getting hacked could impact us… should anybody log on and notice.
Fortunately, given the after dark rule, SOE seemed quite disinclined to sell me one.
The Station Store is still down. There is nothing on the SOE main page about the authenticator. There is no search function to find things.
Eventually I had to leave the SOE site, go to Google, and search on “SOE Authenticator” there.
That actually lead me to the page on their site dedicated to the authenticator.
I hate to say it, but typical SOE shooting themselves in the foot, making available something they want their users to have, then hiding it.
So there was the big green “Buy Now” button, so I clicked it.
The site went through the motions of letting me enter my information to buy the authenticator.
Then, on the last step, the site crapped out. It gave me an error. It said I should try back later.
Fine. Whatever. I probably didn’t need the thing really. It was an after dark online purchase and all.
But then I got home from work last night to fine a little box had arrived for me from 8928 Tennan Ct., San Diego.
So the site worked well enough to get me an authenticator. On the other hand, I checked the activity on my credit card and they haven’t bothered to charge me yet. Now, there can be some delay in showing up on my online statement, but it wouldn’t surprise me if there was yet another error in the process.
Nor was there any order confirmation email sent to me. SOE always follows up with one of those. I have a directory where I store them away. But none with this purchase. So who knows where the process broke.
Still, I have the authenticator. It came with a little flyer describing how to use it.
And I was able to add the to my account. And it even works.
I had visions of yet more errors on their site.
Their whole setup doesn’t seem like it has been put back together right since the big security breach. I realize that was a big deal, but SOE has been back up since May, and items that were broken back then mostly remain broken today.
Functionally, the authenticator works pretty much like the Blizzard authenticator, with one exception.
When you press the button to get your code, the damn thing pauses for 2 seconds to spell out SOE on the display (Well, S [] E in any case) before showing you the code. Essentially, they put a splash screen on my authenticaor. Bleh.
And, just for one final kick in the teeth, once I added the authenticator to the account, I had to go read the FAQ to figure out how to use it. This should be the easy part. And if it wasn’t, it should have been on the flyer in the box.
Blizzard, they put up a special field to type in your authenticator code. It echoes back the numbers you type, since they change every time, so you can verify the code.
SOE, on the other hand, didn’t want to have to change the UI across all their games I guess, so they found another solution.
Where do I enter the authenticator code (PIN) after successfully ADDING the SOE Authenticator to my Station Account?
During your normal login procedure you will enter your Station password plus your unique, one-time authenticator code (PIN) in the same field. Please note you will be required to enter both your Station password and your unique, one-time authenticator code (PIN) in that order. Each time you log in to your Station Account you will be required to enter your current Station password plus your unique, one-time authenticator code (PIN). Log in using both and rest assured knowing your Station Account is now even more secure from malicious attacks and possible threats.
And even that was kind of a “huh?” paragraph. Who wrote that? Technically, just saying “enter your password plus… code” describes the Blizz process as well.
But they also sent along an email confirmation (see, I told you they always do that) with a picture for those of us who get hung up on any possible ambiguity.
Yes, type in your password, press the button on your authenticator, wait for the splash screen to go away, then type in the six digit string at the end of your password, which like the password, echoes back dots. (Don’t type the plus.) Essentially, your password becomes your old password plus the six digit code the authenticator.
It seems to work. I am able to log onto my account on the web site as well as into multiple SOE games with it, so their “no UI change” design approach was a success.
The whole thing though, from ordering to use, just doesn’t feel as smooth as the Blizzard implementation.
But if that isn’t SOE’s usual song, I don’t know what is.
One of the very reasons I haven’t added this to any of my accounts (and I have a lot, due to a few after dark “wouldn’t it be cool if I could play these characters together?” binges). I don’t trust SOE to tie their own shoelaces, much less add a security feature like this competently. The same company that lets arguably their best game (Vanguard) basically wither on the vine (until very recently) and cancel a game that by its very nature would’ve created a new niche in MMOs (The Agency) and (biggest ‘duh’ of all) saved customer data in unencrypted form, can’t really be expected to turn over a new leaf in a few months. Maybe a few years, but not a few months.
So I think the Blizzard comparisons are unfair to SOE. Blizzard has always been better at handling their business than SOE. Blizzard has add-ons that actually appeal to players (mobile authenticator, mobile armory, etc) while SOE is slow on the uptake always. The original authenticator hype post (there was one on EQPlayers. Dunno about EQ2players) said ‘Mobile version coming soon’. Given the pace of their ‘coming soons’, it’ll be here in 2016. Remember how long EQPlayers was completely busted (no updates, incorrect updates, bad data, etc) and Jelan & co over at Magelo laughed all the way to the proverbial bank (and rightfully so)? Yeah, that doesn’t instill confidence in their ability to pull this off competently in a timeframe anyone would agree fits the ‘soon’ label.
LikeLike
“So I think the Blizzard comparisons are unfair to SOE.”
Actually, reading what you wrote, I think you mean that the Blizzard comparisons are unfair to Blizzard, since it tries to put SOE in the same league.
But what has “fair” to do with anything?
And it still says “mobile version coming soon” on the SOE authenticator site.
LikeLike
Yes, that’s SOE.
(Although I should point out that there is a link to the authenticator page on the SOE main page, directly under the “Consumer Alert: SOE Unauthorized Network Intrusion” banner. I’d have displayed a feature that might make people more likely to use my products again much more prominently, but it’s there.)
LikeLike
@Aufero – Yes, there it is. I was probably blinded by the bright orange network intrusion banner above it. And, probably impacted by the whole “shopping after dark” thing as well.
LikeLike
Blizzard, even a baby’s bottom isn’t that smooth!
LikeLike
If you try to login to your account with just your original password, does login fail?
If it fails, is the error message the same as a normal password failure?
I hope the answer to these questions is YES! for a true security upgrade.
LikeLike
@Snick – The answer to both questions are YES!
Essentially your password becomes your password plus the security token, so it is as though you mis-typed your password… because you did as far as they are concerned.
LikeLike
It never ceases to amaze me how SOE can make even the simplest processes hard. This company must be where they send all the dropouts in interface design, public relations management, human resources, and overall workflow management.
It is just amazing. I wonder whether SOE is a training ground for saboteurs who are afterwards sent to infiltrate competitors and ruin them from within?
LikeLike