#11
|
|||
|
|||
Re: Stars Secure ID Beta
|
#12
|
|||
|
|||
Re: Stars Secure ID Beta
[ QUOTE ]
I got it and I haven't been hacked. [/ QUOTE ] But am glad to hear about it here. edit- ty Jacob for your answers. |
#13
|
|||
|
|||
Re: Stars Secure ID Beta
I got the email this morning and have it set up. It's a good step in the right direction. I'd still like to see something like the the RSA SecurID authentication mechanism, which I would gladly play for, if it were available.
|
#14
|
|||
|
|||
Re: Stars Secure ID Beta
I fail to see how this actually adds any security. If people want to be forced to enter something on login, just turn "remember password" off. If someone is keylogging this adds no security. If the PokerStars password length was limited before, this will hurt brute force attempts on passwords, but I would hope that after 5 or 6 failed logins it would shut the account down anyway.
A much better method that actually adds security would be something along the lines of ING Direct's login where a number pad 0-9 (looking like a phone pad) pops up, each time you log in. Each number is assigned a character randomly each time the pad is generated then you can enter the characters or hit the numbers with the mouse on your screen. For instance 1, 2, and 3 may be U, K, and G respectively one time, but the next time you log in it will be I, H, and E, and if your PIN was 2132 it would be KUGK in the first case and HIEH in the second. At no time are the numbers typed, displayed, entered into any field, or sent across the network -- only the random characters corresponding to them. This defeats practically all keyloggers. |
#15
|
|||
|
|||
Re: Stars Secure ID Beta
[ QUOTE ]
It effectively means your password is seven digits longer. [/ QUOTE ] Ah. It's not the secure token that I for some reason assumed when I read (scanned?) the OP. This is waaaaaay less interesting than it originally seemed. |
#16
|
|||
|
|||
Re: Stars Secure ID Beta
[ QUOTE ]
I fail to see how this actually adds any security. If people want to be forced to enter something on login, just turn "remember password" off. If someone is keylogging this adds no security. If the PokerStars password length was limited before, this will hurt brute force attempts on passwords, but I would hope that after 5 or 6 failed logins it would shut the account down anyway. [/ QUOTE ] Yup. Let us buy RSA tokens with FPPs or something. Give them out away to people who you're making $x off of interest. |
#17
|
|||
|
|||
Re: Stars Secure ID Beta
You could also do something like keyfile authentication (which is also a two-factor authentication system), but I can see how this might be a hassle for support.
|
#18
|
|||
|
|||
Re: Stars Secure ID Beta
Ah, I thought it was SecurID as well.
|
#19
|
|||
|
|||
Re: Stars Secure ID Beta
[ QUOTE ]
Ah, I thought it was SecurID as well. [/ QUOTE ] My email exchange with Stars this morning: Dan, I thought this would be like the RSA SecurID tokens. I'm not interested in this set up you are explaining. It would be great if you gave players generating xFPP the ability to purchase RSA SecurID tokens with FPP. Thanks for the opportunity to join the Beta though. Regards, XXXX Hello XXXX, Thanks for getting back to us. I can tell you that the SecureID issuing mechanism you are referring to is one of a number of addition security measures being evaluated by our Security Managment team; hopefully we will be able to offer you this option at some stage in the future. Regards, Dan PokerStars Security |
#20
|
|||
|
|||
Re: Stars Secure ID Beta
I got the email too and got my shiny new secure ID. But tbh it doesn't really make me feel much more secure.
How hard would it be for these sites to let you register a primary IP address and not allow access from other IPsw/out approval? What about registering a specific computer? Is that even possible? |
|
|