When logging in to Star Wars: The Old Republic, you may have noticed a security key field under your password. While this feature is certainly optional, the added level of security that it provides can mean the difference between your account remaining absolutely secure and being ransacked by a lucky script-happy kid or in-game currency merchant wanting to put your account at risk of banishment instead of their own.
For several years now, it’s been known that MMORPGs are a big target for theft. Players spend weeks, months, and even years equipping their characters and building a small fortune in in-game currency that could net a seedy vendor some real-world cash. You’ve probably seen currency sellers spam more populated zones to drum up visits to their sites. Do you really believe they always pay for legit accounts, or earn the funny money through countless hours of effort only to sell it for $10? If they did, it would be a fruitless operation.
Enter the Security Key, an added layer of protection that’s widely used by banks, financial exchange sites such as PayPal, and even some government agencies to protect their internal security systems from a potential threat via brute force entry or particularly sneaky phishing scams.
Star Wars: The Old Republic offers its users a seemingly randomly generated temporary access key of eight digits that resets itself every 30 seconds. In reality, this code it’s exactly random at all. It’s the result of a mathematical algorithm generated via a combination of time and a secret password that is generated by the server and shared with the disconnected token (physical token or smartphone app).
Users can choose between two types of security keys to link to their account. The first is a more traditional and arguably more secure token (or dongle) that attaches to the user’s keychain. The dongle itself has a single button which generates an eight-digit number every 30 seconds. When you attempt to log in to your Star Wars account, you’ll need to enter that eight-digit number below the password field. The servers will check the number against the algorithm and the shared code linked to your dongle’s serial number. If they’re a match, you’re in. Guessing the password would be like winning the lottery, twice.
The other option available to you is a mobile app available for the iPhone and Android devices. This app works in much the same away as the disconnected key, though it gives you the added convenience of not having to carry around an extra gadget if you log in from remote locations. Oh, and it’s free while the physical token costs $4.00.
Either way you decide to go, adding a security key to your account will greatly increase the safety of your account. By adding an additional factor to authentication, you eliminate the potential of phishing or a man-in-the-middle attack from gathering your user name and password and using them against you. No longer is your account’s security based on what you know. It now becomes what you have and what you know.
You could lose the security key and be faced with a series of hoops to jump through to disassociate your account, though it is possible. Additionally, if someone else where to find your security key, they still couldn’t gain access unless they knew your user name and password.
With account hacks becoming more and more commonplace in the world of online gaming, there’s no reason you shouldn’t consider adding an extra layer of protection around your virtual valuables.