Thread: Password Security Suggestion--Key Fobs
View Single Post
  #20  
Old 03-05-2007, 04:57 PM
Percula Percula is offline
Senior Member
  
Join Date: Jun 2004
Location: Phoenix
Posts: 2,050
Default Re: Password Security Suggestion--Key Fobs
[ QUOTE ]
As someone who works on the tech side in the industry, I can tell you that this will almost never happen for two reasons.

Firstly, the benefits of two factor authentication (password + key fob) are extremely limited when it comes to poker accounts. Simply put, if someone has illegal access to your account they have two options. They can go the 'theft' route and try and transfer the money out (either by straight transfer or chip dump), or they can effectively 'joy ride' on your funds.

In the first case the problem becomes getting the money out of the recipient account. The big companies (such as mine) spend millions each year tracking players and cashouts to catch all the instances of this type. It is the reason why there is often a delay between the request and the processing of cashouts.

Joy riding is also not a major concern. The good sites track usage patterns, and the nature of poker means that it is hard to do major damage quickly (especially since the person joy riding is likely to be playing to win). 99% of all joy riding is not malicious - it is actually done by players in the same household or known to the account holder, and most often occurs when players leave themselves logged in (which a key fob cannot prevent).

[/ QUOTE ]

Both of these "reasons" are prevented with the use of secure tokens, that in and of its self is reason to deploy the technology. If for no other reason that to reduce the man hours/infrastructure requirements that this requires.

[ QUOTE ]
There are therefore real difference between an online banking system (where real damage can be done quickly) and a poker site (where poker companies can easily reverse transfers or refund you in the case of a real attempt to steal).

[/ QUOTE ]

That has not been the experience of many of the people reporting hacks here on 2+2. Most end with "sorry, we tried to get the funds back, but it was too late".

[ QUOTE ]
I should also point out from a technological perspective that key fobs and the system behind them are far from perfect - there are many security issues that they cannot prevent or resolve.

This idea is therefore one to be filed in the 'sounds like a great idea until you consider the practicalities' along with per session screen names etc.

[/ QUOTE ]

When correctly implemented and maintained this is a solid and reliable solution that has little down side.
Reply With Quote