Online poker account security measures

all_in_lam · #1 02-26-2007, 04:10 AM

In light of the recent security breaches of online poker accounts, i was wondering if this product completely prevents hackers from being able to gain control of your login/passwords.

http://www.amazon.com/gp/product/B00...585749-2993425

it is microsoft's fingerprint reader, allowing you to login to accounts by fingerprint.

and yes i am aware of the security measures suggested in this thread: http://forumserver.twoplustwo.com/showfl...p;vc=1&nt=6
but was wondering if the fingerprint reader is a quicker/easier fix.

assuming you have no trojans when you setup your fingerprint reader to login to accounts, will a torjan that is planted after setup be able to 'sendkey' your passwords?

kyleb · #2 02-26-2007, 04:31 AM

...

The fingerprint reader uses an API call to send keys to the screen.

Percula · #3 02-26-2007, 12:12 PM

And has been proven to be defeated by a photo copy...

Secure tokens are the way to go, too bad it looks like the poker sites are totally ignoring this. Lord knows they have had lots of opportunities to talk about them but have chosen not to.

all_in_lam · #4 02-27-2007, 12:52 AM

[ QUOTE ]
...

The fingerprint reader uses an API call to send keys to the screen.

[/ QUOTE ]

does this means it is safe from hackers or not?

Percula · #5 02-27-2007, 01:43 AM

[ QUOTE ]
[ QUOTE ]
...

The fingerprint reader uses an API call to send keys to the screen.

[/ QUOTE ]

does this means it is safe from hackers or not?

[/ QUOTE ]

It means it is not useful in defeating hackers.

Secure tokens are the only viable answer along these lines, we just need to keep throwing in their faces until they implement them.

It will keep the average roommate out that hasn't seen the MythBuster episode about using photo copies of finger prints to defeat these...

Splash-the-Pot · #6 02-27-2007, 01:53 AM

Not secure for trojans most surely, but for those concerned about surround environment security it may not be a bad way to start. Like stated above photocopiers are a problem. I'd probably stick to being very aware of what you download and run, and use normal usernames and passwords.

As far as the tokens that people talk so much about - What percent of poker room users would REALLY utilize such software / hardware if they provided it? 5%? Not even?

They have many other more pressing things to put their developers to work on IMO - I doubt you'll see support for such things for a long time, if ever.

JayA · #7 02-27-2007, 02:27 AM

What does a secure token do?

Dazarath · #8 02-27-2007, 07:40 AM

Guys, I think those of us who would like higher security measures should send them emails explaining what we'd like, and why. I just sent an email a couple of days ago with multiple suggestions to increase the security of one's poker account. We all know how much money is kept in them, and how easy it would be to clean out someone's account in minutes. I specifically mentioned that secure tokens would be at the top of my list. Also, I think this is important, but extra security measures need to be optional. Joe Fish isn't going to want to deposit a couple hundred bucks if he has to jump through multiple security measures just to log on. But for the more security-conscious, having the option would help us sleep better at night (at least it would for me).

Right now, I think one of the big problems is that we only need two fields to log in: our username and our password. Usernames are displayed at every table you join, so all that's left is guessing one's password. That's kind of scary to me. Yeah, we should all choose strong passwords, and probably change them from time to time, but still only having one unknown between a malicious person and my bankroll is just not enough.

Snafu'd · #9 02-27-2007, 09:41 AM

[ QUOTE ]
What does a secure token do?

[/ QUOTE ]

BluffTHIS! · #10 02-27-2007, 11:29 AM

[ QUOTE ]
Right now, I think one of the big problems is that we only need two fields to log in: our username and our password. Usernames are displayed at every table you join, so all that's left is guessing one's password. That's kind of scary to me. Yeah, we should all choose strong passwords, and probably change them from time to time, but still only having one unknown between a malicious person and my bankroll is just not enough.

[/ QUOTE ]

This is one of the most important security measures that all sites should use, but only a few do, i.e. a different login name than your screen name. There really is no excuse for the sites not implementing this, especially FT where most of the high stakes horror stories come from.