Password Security Suggestion--Key Fobs

[NoahSD]

(This is not my idea. It was originally posted by shawny boy in this thread about a poster who was hacked.)

A key fob is basically a little key chain with a digital display. The display shows a number that changes about every 30 seconds, and in order to log into your account someone would need your screen name, password, and this number.

So, a keylogger would no longer do anything because the hacker would only receive your username, password, and a number that's no longer valid. We also wouldn't have to worry about letting our friends use our computers, as long as we don't give them access to the key.

It sound like it might be really hard to implement, but PayPal's offering them to clients for $5 each, so it can't be that hard. (link)

Is there any reason why the poker sites shouldn't be working to implement this as soon as possible?

[Freakin]

[ QUOTE ]
(This is not my idea. It was originally posted by shawny boy in this thread about a poster who was hacked.)

A key fob is basically a little key chain with a digital display. The display shows a number that changes about every 30 seconds, and in order to log into your account someone would need your screen name, password, and this number.

So, a keylogger would no longer do anything because the hacker would only receive your username, password, and a number that's no longer valid. We also wouldn't have to worry about letting our friends use our computers, as long as we don't give them access to the key.

It sound like it might be really hard to implement, but PayPal's offering them to clients for $5 each, so it can't be that hard. (link)

Is there any reason why the poker sites shouldn't be working to implement this as soon as possible?

[/ QUOTE ]

There is absolutely no reason. But it really should be something that is widely sold in stores, then registered with whatever accounts you want to protect. There should not be individual ones for every service that wants to be more secure.

So you could have you one unit with a unique serial or other address then you can register it with PP, or FTP or paypal, or your bank or whatever

[mbillie1]

Agreed... a nice idea would be for the sites to offer them for a certain # of action points, which would effectively make sure that the people who needed them had access to them.

[BigBiceps]

My password is FTPisrigged##!

[TreyOfLight]

[ QUOTE ]
So you could have you one unit with a unique serial or other address then you can register it with PP, or FTP or paypal, or your bank or whatever

[/ QUOTE ]If FTP or paypal can derive the fob's sequence from a serial number, so can the bad guys.

[Percula]

[ QUOTE ]
[ QUOTE ]
So you could have you one unit with a unique serial or other address then you can register it with PP, or FTP or paypal, or your bank or whatever

[/ QUOTE ]If FTP or paypal can derive the fob's sequence from a serial number, so can the bad guys.

[/ QUOTE ]

Here is a link to the VeriSign sight, where you can do more research on how secure tokens work and some of the options available.
VeriSign Site

And here is a link to Wikipedia on secure tokens...
Wikipedia Secure Tokens

We want the "one time" or "single use" type for poker sites.

[Dazarath]

I think this is a very good idea. It should also be optional, though. I think something like this may scare away fish if they are required to use it. But for the security-conscious, having the option to use such a token would sure make me sleep better at night.

[Paul B.]

older thread discussing secure tokens. I'd really like to see Stars and Full Tilt implement them.

[Percula]

[ QUOTE ]
I think this is a very good idea. It should also be optional, though. I think something like this may scare away fish if they are required to use it. But for the security-conscious, having the option to use such a token would sure make me sleep better at night.

[/ QUOTE ]

They do it the same way Ebay/PayPal is doing it. PayPal business customers get one for free, regular users have to pay $5 to get one.

The poker sites do the same, when an account reaches $X balance they automatically get the choice of have a free token, if the balance is less than $X then the player can buy one for $5 or for Y number of points.

It will take a fairly significant investment on the poker sites part to implement this, but the true value in implementing something this is that a) players when well educated will feel and be much safer and b) any government or regulatory body can see they are serious and accountable, making the industry look better from the outside.

I would be VERY VERY surprised if the poker sites do this in the near future. Looking from the outside in, it does not appear that these poker sites actually "own" their IT. What I mean is that they do not seem to have their own people working on all aspects of their infrastructure or they do not have the skill sets themselves. PS seems to have their software inside, but FTP appears to have it contracted out. All seem to rely on the datacenter in Canada for networking and server "hands on" work.

[wtfsvi]

This is a very good idea.