Post by vxsote on Mar 10, 2009 12:44:53 GMT -5
On the main POL site today, there is mention of a new SE Security Token. For those of you unfamiliar, it is a small physical device that generates passwords that are only valid for logging into your account one time. WoW has a similar device, as do a number of private and government applications and VPNs.
There's been a lot of discussion on Alla and BG, and I'm sure elsewhere with people asking questions, making incorrect assertions, and generally being stupid. Because I have professional experience with and good knowledge of cryptography and computer security, I've decided to post a quick FAQ / what you need to know. This information is based on the assumption that SE implemented the system correctly (i.e. didn't do anything stupid).
Why is the current method for logging into FFXI insecure?
Windows machines are inherently insecure. It is nearly impossible to guarantee that nobody can gain access to a Windows machine that is connected to the internet. Because it is possible for unknown, malicious software to be running on your machine, your password can ALWAYS be stolen.
What if I save my password and never type it in?
If FFXI can read your saved password and log in with it, then malicious software can read your password and do what it likes with it. There is no way around this.
What if I type my password in or click on the virtual keyboard on the screen?
If you type on the normal keyboard, a keylogger can intercept the keystrokes. If you click on the screen, a program can intercept that too. It doesn't matter HOW you enter your password. If there is malicious software on your machine, it will always be possible to intercept your password when you enter it. There is no way around this, either.
Note the above two scenarios are computer security problems. It's not necessary to break any cryptography in order for someone to steal your passwords, even if they are encrypted. Cryptography is only useful if you can protect your 'secret' information, which is not currently possible on a Windows machine.
What is the solution?
The ONLY way to guarantee the security of your account is to use a One Time Password every time you log in. This is because if a OTP is stolen or intercepted, it cannot be reused. If implemented correctly, the only way to break into your account would be to break into SE's servers via more direct way, or somehow steal your OTPs. In this case, your OTPs will be generated by SE's new token device.
Why can't I just download software that will do the same thing, instead of buying this token?
If your token was accessible via the internet, then the 'secret' information in it could be hacked. That's why you need to have a separate physical device.
Can't someone figure out the sequence of passwords and then steal my account?
These tokens do not just generate a simple sequence of numbers. They are cryptographic devices, that if designed properly, would require an attacker to break a well-known, thoroughly tested cryptographic algorithm in order to predict the next password. While that will probably become possible with enough computing power at some point in the future, your device should be secure for at least several years.
Additionally, the OTP should be used in conjunction with your normal password. An attacker would need both in order to compromise your account. While getting your normal password isn't out of the question, you would still be no worse off than if you had never used the token.
So what are the security risks?
Someone could break into your house and steal your token, or mug you on the street and take it. Of course, they could break into your house now and hack or steal your computer, or torture you for your password. If this is a concern for you, I suggest an armed guard and/or alarm system.
What if I lose my token?
Given SE's track record on customer service, I can safely say it will suck to be you.
It sounds like a pain in the ass to type in a new password every time.
Yup. But it's also a pain in the ass to have your account jacked. It's your call on which you'd rather deal with.
Will it be expensive?
WoW's token costs something like $6 to buy (one time). Hopefully SE will be equally resonable.
Why do I have to pay for it at all? Shouldn't SE pay to make the game secure?
The security of your own computer is your responsibility, as difficult as it is. POL/FFXI truly isn't the problem, although SE's handling of the entire jacked accounts issue has been crappy in general. These tokens DO cost money to manufacture, program, ship, etc., and it is unrealistic to expect SE to absorb the entire cost.
If there's anything I haven't addressed, feel free to post and I'll try to answer your questions.
There's been a lot of discussion on Alla and BG, and I'm sure elsewhere with people asking questions, making incorrect assertions, and generally being stupid. Because I have professional experience with and good knowledge of cryptography and computer security, I've decided to post a quick FAQ / what you need to know. This information is based on the assumption that SE implemented the system correctly (i.e. didn't do anything stupid).
Why is the current method for logging into FFXI insecure?
Windows machines are inherently insecure. It is nearly impossible to guarantee that nobody can gain access to a Windows machine that is connected to the internet. Because it is possible for unknown, malicious software to be running on your machine, your password can ALWAYS be stolen.
What if I save my password and never type it in?
If FFXI can read your saved password and log in with it, then malicious software can read your password and do what it likes with it. There is no way around this.
What if I type my password in or click on the virtual keyboard on the screen?
If you type on the normal keyboard, a keylogger can intercept the keystrokes. If you click on the screen, a program can intercept that too. It doesn't matter HOW you enter your password. If there is malicious software on your machine, it will always be possible to intercept your password when you enter it. There is no way around this, either.
Note the above two scenarios are computer security problems. It's not necessary to break any cryptography in order for someone to steal your passwords, even if they are encrypted. Cryptography is only useful if you can protect your 'secret' information, which is not currently possible on a Windows machine.
What is the solution?
The ONLY way to guarantee the security of your account is to use a One Time Password every time you log in. This is because if a OTP is stolen or intercepted, it cannot be reused. If implemented correctly, the only way to break into your account would be to break into SE's servers via more direct way, or somehow steal your OTPs. In this case, your OTPs will be generated by SE's new token device.
Why can't I just download software that will do the same thing, instead of buying this token?
If your token was accessible via the internet, then the 'secret' information in it could be hacked. That's why you need to have a separate physical device.
Can't someone figure out the sequence of passwords and then steal my account?
These tokens do not just generate a simple sequence of numbers. They are cryptographic devices, that if designed properly, would require an attacker to break a well-known, thoroughly tested cryptographic algorithm in order to predict the next password. While that will probably become possible with enough computing power at some point in the future, your device should be secure for at least several years.
Additionally, the OTP should be used in conjunction with your normal password. An attacker would need both in order to compromise your account. While getting your normal password isn't out of the question, you would still be no worse off than if you had never used the token.
So what are the security risks?
Someone could break into your house and steal your token, or mug you on the street and take it. Of course, they could break into your house now and hack or steal your computer, or torture you for your password. If this is a concern for you, I suggest an armed guard and/or alarm system.
What if I lose my token?
Given SE's track record on customer service, I can safely say it will suck to be you.
It sounds like a pain in the ass to type in a new password every time.
Yup. But it's also a pain in the ass to have your account jacked. It's your call on which you'd rather deal with.
Will it be expensive?
WoW's token costs something like $6 to buy (one time). Hopefully SE will be equally resonable.
Why do I have to pay for it at all? Shouldn't SE pay to make the game secure?
The security of your own computer is your responsibility, as difficult as it is. POL/FFXI truly isn't the problem, although SE's handling of the entire jacked accounts issue has been crappy in general. These tokens DO cost money to manufacture, program, ship, etc., and it is unrealistic to expect SE to absorb the entire cost.
If there's anything I haven't addressed, feel free to post and I'll try to answer your questions.