Stars Secure ID Beta

[HostJacob]

To answer the questions in this thread:

1) Yes this is legitimate. It has been in testing with our host accounts and is planned to be rolled out to everyone.

2) It will not cost anything.

When you have it, it looks like this when you try to login:

[Borgland]

[ QUOTE ]
I got it and I haven't been hacked.

[/ QUOTE ]

But am glad to hear about it here.

edit- ty Jacob for your answers.

[AJackson]

I got the email this morning and have it set up. It's a good step in the right direction. I'd still like to see something like the the RSA SecurID authentication mechanism, which I would gladly play for, if it were available.

[BadBeatsCrewDerk]

I fail to see how this actually adds any security. If people want to be forced to enter something on login, just turn "remember password" off. If someone is keylogging this adds no security. If the PokerStars password length was limited before, this will hurt brute force attempts on passwords, but I would hope that after 5 or 6 failed logins it would shut the account down anyway.

A much better method that actually adds security would be something along the lines of ING Direct's login where a number pad 0-9 (looking like a phone pad) pops up, each time you log in. Each number is assigned a character randomly each time the pad is generated then you can enter the characters or hit the numbers with the mouse on your screen. For instance 1, 2, and 3 may be U, K, and G respectively one time, but the next time you log in it will be I, H, and E, and if your PIN was 2132 it would be KUGK in the first case and HIEH in the second. At no time are the numbers typed, displayed, entered into any field, or sent across the network -- only the random characters corresponding to them. This defeats practically all keyloggers.

[mustmuck]

[ QUOTE ]
It effectively means your password is seven digits longer.

[/ QUOTE ]

Ah. It's not the secure token that I for some reason assumed when I read (scanned?) the OP. This is waaaaaay less interesting than it originally seemed.

[mason55]

[ QUOTE ]
I fail to see how this actually adds any security. If people want to be forced to enter something on login, just turn "remember password" off. If someone is keylogging this adds no security. If the PokerStars password length was limited before, this will hurt brute force attempts on passwords, but I would hope that after 5 or 6 failed logins it would shut the account down anyway.

[/ QUOTE ]

Yup.

Let us buy RSA tokens with FPPs or something. Give them out away to people who you're making $x off of interest.

[BadBeatsCrewDerk]

You could also do something like keyfile authentication (which is also a two-factor authentication system), but I can see how this might be a hassle for support.

[Chunky]

Ah, I thought it was SecurID as well.

[ligastar]

[ QUOTE ]
Ah, I thought it was SecurID as well.



[/ QUOTE ]

My email exchange with Stars this morning:

Dan,

I thought this would be like the RSA SecurID tokens. I'm not interested in this set up you are explaining. It would be great if you gave players generating xFPP the ability to purchase RSA SecurID tokens with FPP.

Thanks for the opportunity to join the Beta though.

Regards,
XXXX


Hello XXXX,

Thanks for getting back to us.

I can tell you that the SecureID issuing mechanism you are referring to is
one of a number of addition security measures being evaluated by our
Security Managment team; hopefully we will be able to offer you this
option at some stage in the future.

Regards,

Dan
PokerStars Security

[Mr_Donktastic]

I got the email too and got my shiny new secure ID. But tbh it doesn't really make me feel much more secure.

How hard would it be for these sites to let you register a primary IP address and not allow access from other IPsw/out approval? What about registering a specific computer? Is that even possible?