Online poker account security measures

[Percula]

[ QUOTE ]
What does a secure token do?

[/ QUOTE ]

They add a physical third element to the authentication process.

Check out this page, we are talking about "one time" tokens.

Wikipedia Secure Tokens

[Percula]

[ QUOTE ]
As far as the tokens that people talk so much about - What percent of poker room users would REALLY utilize such software / hardware if they provided it? 5%? Not even?

[/ QUOTE ]

You do not understand the technology, its not software, its hardware, its not an option. Once an account is tied to a secure token there is no option of not using it. To log on, you would be required to enter the username, password and secure token from the hardware. There is no option to not use it, that's the whole point of it, without the hardware generated token, there is no access possible.

[Splash-the-Pot]

Actually, Percula, I do fully understand how the Secure Token works.

The SOFTWARE portion that I am speaking of is the part where the Poker Site in question (Full Tilt, etc..) has design, develop, test, and implement code (software) that recognizes, sees, supports, and allows these tokens to work for their site. This is the software element that I speak of.

I do understand that once setup it's not an option, but how many people would set these up in the first place out of their entire user base? Less than 5% I'd be willing to wager! [img]/images/graemlins/grin.gif[/img]

The problem is that the sites have much more pressing software development issues to attend to: They'd rather develop additional features that 50% or greater of their playerbase would use, rather than only 5% or less.

It does stink, especially since we hear of all these high profile thefts, but I do not see it changing for the most part except maybe the sites that are keen to their high-end players' wants.

[-zero-]

Just an FYI about that fingerprint reader: my friend got one recently and enrolled 3 of his fingers because it would occassionally be difficult and not accept one of his digits. Problem is that I was able to access his passwords using my own fingerprint. It thought I was him roughly 1 in 10 times I scanned my finger. He then removed one of his fingers and only had two enrolled, and I haven't been able to get in.

Edit: This was using the APC Biometric Password Manager, not Microsoft's.

[Dazarath]

Splash, it's true that not many players would use it. But they still might implement it for the same reason that they implemented the Supernova Elite status, even if only a select few people could ever reach it. Big players are valuable. Yeah, there's a million guppies who go deposit $100 here and there and donk it off, but if the high stakes players want something like this, I'm sure they will at least take it into consideration.

[Bobo Fett]

[ QUOTE ]
Just an FYI about that fingerprint reader: my friend got one recently and enrolled 3 of his fingers because it would occassionally be difficult and not accept one of his digits. Problem is that I was able to access his passwords using my own fingerprint. It thought I was him roughly 1 in 10 times I scanned my finger. He then removed one of his fingers and only had two enrolled, and I haven't been able to get in.

Edit: This was using the APC Biometric Password Manager, not Microsoft's.

[/ QUOTE ]

Ouch! I'm hoping they'll come up with a less painful security measure.