Re: Do we really need to buy a security token?

So because people can pirate the game and it's DLC you shouldn't have to pay for the game or it's DLC?

What does that even have to do with the SE Security token and Mog Satchel?

Re: Do we really need to buy a security token?

Ziero you're wasting your time trying to enter into a discussion with Feba. He hasn't played the game in years and all he does know about it he's read on forums. You should know by now he just enjoys starting posts off like this to complain and get into arguments with folks. It's like the complaint he had last week with FFXIV not allowing him to transfer a character from FFXI over he hasn't played longer than he actually did play.

Re: Do we really need to buy a security token?

I said this has nothing to do with what we are talking about but it reminds me of the debate that is going on @ gamefaqs since it is virtual goods for money. I'm not promoting piracy of the game and I understand why EA decided to add in the extra city to save face, but not why they decided to add other random DLC as a buy that should've been in the game to begin with. It isn't like this stuff came out a month after the game was released, it came out the same day so basically they planned to not add the stuff in as a money hook.

This was my real point of what I was talking about^^. Why should we pay for EA's extra DLC content when it would be cheaper to get a subscription to thesimsresource or some other user website that makes custom content that will be 10x better at the least than what EA made and is charging a arm and a leg for. In that same breath we'll still have access to stuff from Sims 1 and 2 if anybody still plays those and I'd highly recommend sticking with Sims 2 until the first expansion or two are released for sims 3.

Re: Do we really need to buy a security token?

I don't know much about how the Sims works so I guess the original post went over my head. =X

But I'm boooooored :(

Re: Do we really need to buy a security token?

So lets say you just got rid of the dongle and made it so you can only get text messages with the password.

I can guarantee there will be so many pissed off people. You know why?

1) Not everyone has a cellphone.
2) Not everyone has a text message plan (like me) I don't particularly like being charged money for texting. Sorry.
3) Not everyone gets cellphone service everywhere, which will make it impossible to log on in certain areas.

I'd rather pay 10 bucks and make it available for everyone than making it available on cellphones, which is ridiculous. If you're having a hard time making 10 dollars, you shouldn't be playing this game in the first place.

As far as RMT goes, LOL. The satchel is an added bonus to buying the token, not their main intention. And like someone else said, I guess this would make the harpsicord RMT too by your logic.

Re: Do we really need to buy a security token?

This. I live at the bottom of a valley so my cell signal is poor to say the least.

Re: Do we really need to buy a security token?

Because, if they supposedly care about improving account security, they would realize that an SMS system would attract many people, of not more people than the token system.

And there is a distinct difference between "able to afford" and "wants to buy".

Your second sentence proves that it is RMT if it is true-- if people are 'tricked' into paying the ten dollars for the 'free bonus', then they are paying for the satchel, not the token, regardless of what may show up on the invoice.

This is absolutely not what I was suggesting. I was saying the services, assuming there is not some serious practical security flaw with using cell phones, should be provided in parallel. The token for those that cannot or do not wish to opt for a cell phone, which would be cheaper than buying a phone and a data plan. And SMS for those that have a cell phone and an existing data plan for whom it would be very cheap or free. Going with one system over another seems like nothing but a bad idea.

No, it's quite a bit difference. FFXI is a game where people have constantly been fighting for more inventory space. The mog satchel doubles your inventory. The Harpsichord is a nice decoration for your home. Big difference. Like the difference between charging people to change their character's appearance (although that's totally unnecessary) and charging them to level up their characters.

The satchel and harpsichord are also wildly different in theme. For the harpsichord, you preordered a musical album, and got a nice piece of musical furniture. It provides you no real benefits. If you weren't interested in the music, chances are you would never be interested in it for the in game item. For the satchel, if you pay SE $10 at ANY point, they will send you a security token (again, not a bad thing), and your in game benefit is a doubling of inventory. They have no link to each other, and lots of people will pay the $10 solely for the inventory space, which yes, reeks of RMT. And it's not a single event, it's teleporting clothing for buying an item that has nothing to do with where Vana'diel was previously, or an expansion that most people despise that offers a nice piece of armor at the end. These are signs that SE is testing the waters of selling in game items for money, or at least seeing how barefaced they can be about it without people like BBQ (who hate games that survive by selling armor and the like) leaving. There's nothing wrong with offering toys with fun in game copies, or events with in game souvenirs, it's when those things begin to justify the cost of buying the real world item that there's a problem.

I mean, do we really want SE to turn into eBay RMTers? "Oh, I'm not selling you the account, I'm selling you a PIECE OF PAPER that just happens to have my login details on it." isn't that far off from "Oh, I'm not selling you the Ridill +1, I'm selling you a TOY SWORD that just happens to come with a code that allows you to redeem a Ridill +1".

Re: Do we really need to buy a security token?

And they realized an SMS system would turn off more people then having a far superior Security Token because not everyone who plays this even has the option of getting a cell phone while the vast majority can spare 10 extra bucks to secure their account.

No, it's bribing people who were on the fence to do something that would ultimately benefit them in the long run. It's like a mother not letting her kid eat dessert until they finished dinner, they had something that was good for us but many would pass on so they added something we want with the something that is good for us. Because, and I don't know if you noticed this, but the vast majority of players can be pretty dim and that lead to a lot of them getting hacked by some of the oldest tricks in the book.

And in the end doing both would be more money and effort on SE's part to service a barely there, small percentage of the population who would want the SMS service over the token. And on top of that, the SMS system would still be an inferior option to the Security Token so it is just not worth it.

The inventory space is nice, but people have gotten along for years without it. It's not needed, it's wanted.

The "teleporting clothing" was a test, it was SE seeing if people would be interested in FFXI merchandise, just like the Shadowlord, business card cases, cell phone danglies and all other stuff they started selling. Do you really think SE thought they could sell an ugly body armor that teleports you once a week for 40 bucks? And most people, myself included, bought the mini-expansion because we thought the story would be worth it. That crappy body armor at the end isn't worth 10 bucks on it's own and no one knew just how bad ACP would be beforehand, especially seeing the epicness of WotG and ToAU missions. In fact many people are going to wait for reviews on the next two add-ons before buying them, and I can assure you if they suck as bad as ACP did they won't be bought.

I would totally buy a replica Ridill whether or not it came with an in-game code for one, that would be awesome. Hell, there's someone on BG who's making and selling home made replica Kraken Clubs and people are eating them up. But at this point in time, we are far, far, far from SE selling in-game items for cash directly. Of your only examples, one is a custom made piece of jewelery that comes with a worthless-but-unique in-game item. A failed mini-expansion that SE thought was worth it with a mediocre body piece. And a one time purchase of an item to that helps everyone who plays FFXI or any future SE online game that comes with a one of a kind bonus that's incredibly useful.

Even though the Token alone *IS* worth 10 bucks, people would have willingly risked not bothering with it. And while some people may have spent 10 bucks just for extra inventory, it wouldn't have nearly been as many people who bought the Token+Satchel combo. Without the satchel, not as many people would have got the token, and without the token not as many people would have got the satchel. Alone they were nothing, together they are everything. So all your doom crying and nay saying about how SE is gonna turn RMT on everyone is just baseless panic because you think an inferior option would have been better for everyone.

Re: Do we really need to buy a security token?

Again, as an option. Not as the only solution.

And you can keep saying it's just an 'incentive', but that the 'incentive' has nothing to do with why people are buying it. For all of you calling it 'inferior', you've provided absolutely zero proof or even examples of it. But then you also provide no reason to believe that there is a 'barely there' population of people that play online games and have cell phones. And yes, it would cost more, but between the service fees we already pay (which we might stop if our accounts are hacked) and the costs they save through recovering accounts, it would probably pay for itself.

You're just in such a rush to defend SE that you forget that some criticism is constructive, not just insulting.

Oh please. People have gotten along without tons of things for years. Yes, they're wants, not needs. That has absolutely nothing to do with whether something is RMT or not. Again, if SE started selling Ridill +1, it would be something people don't need to survive, but it's a significant advantage over those that don't have it.

Like hell it was. If you want to see if people are interested in merchandise, you offer them merchandise, not merchandise with a special bonus. Giving people an incentive to buy it other than the merchandise itself would be undermining the entire point of testing the market.

On the weekly teleport thing, no, I think they planned it to be better than that, but scaled it back after seeing peoples opinions on it.

And yes, ACP is exactly what I mean. Sure, plenty of people bought it because they thought it would give a lot more than it did, but there are still people buying it that have no interest in anything but the armor.



On the token, yes, more people bought it because of the satchel. They bought it because they know that having double inventory is a huge advantage in FFXI. And no, I have said it many times. I will say it again in big letters, so maybe it will get through to you:

I do not think that using SMS instead of the Security Token is the way to handle it. As I have said from the beginning, SMS should be an alternative for those that would prefer it. Still nobody has shown how it is in any way practically inferior, simply that it has benefits and weaknesses compared to the token, which I explained from the start. <Edit by TGM: I don't think the size is necessary.>

Is that clear enough for you? I think providing both is the best course, not picking one over the other, as I have been saying. For some people, receiving an SMS is much more convenient than having to carry around a token. For others, receiving an SMS is basically impossible, whereas the token requires no such thing.

On thinking SE is going to turn RMT, no, I don't. I think they're experimenting with it, however, and testing the waters. Again, I have made this clear. If they think people will stick with them (which they'd be more than correct in thinking at this point), they will probably expand it. I think that people should be wary about FFXI turning away from subscriptions and towards micropayments, or worse yet using subscriptions and micropayments.

If you want to draw up a strawman argument to debate, go elsewhere. If you want to debate the points I am making, the words I am actually writing, do it.

Re: Do we really need to buy a security token?

You're missing out on the cost for SE. SE isn't going to provide a service like this for free. They have a business to run and what you are suggesting simply wouldn't be as cost effective as making a bunch of plastic keychains.

SE may well have considered an SMS service during their research and development stages . If it was a viable option I'm fairly sure they would have implemented it. The token reaches every player and makes SE look like they are doing something about account hijackings to boot, an SMS service will just reach out to a niche audience which will make them less money from it in the long run and it will just annoy players who want SE to do something about account hijackings.

I would also check your own argument before attempting to call out someone on a strawman argument. people have presented plenty of reasons why they think an SMS service would be inferior but you choose to dismess them and ram the same argument down out throats. The burden is on you to prove why we should consider an SMS service as an option instead of the security tag but all you have done so far is not listen to what other people have said.

Re: Do we really need to buy a security token?

It is not SecureID. The server sending you a code and you sending it back is not a secure exchange. Your cell phone is not a secure device, and if you think I'm talking about someone not being able to walk off with it you don't even have the beginnings of the knowledge to understand why your idea is just bad. There is a reason you can not change the battery in the dongle. There is a reason why you can not reuse a dongle once it has been disassociated from the system. Do your own research, look up and understand how RSA's SecureID works. For further reading that is similar and sometimes clearer, look up how Kerberos works since the 'why is this so much more secure' is very similar to SecureID.

There is a reason why people more intelligent then you did not choose to send codes via SMS for anything other then scam contests.

Re: Do we really need to buy a security token?

No, I'm not. I'm saying that the cost of it isn't that significant.

And if adding more inventory was possible, they would've done it, but there were PS2 limitations.


Oh wait.

Sometimes businesses don't do things right away, or at all. In gaming, see the SD card solution for Wii; it's not that Nintendo couldn't have done it earlier, they just didn't. They could've even designed the console with SD cards in mind from the start, which would've been far better, and probably not been significantly more expensive. But they didn't.

Stop. Scroll up. Read the big goddamn letters. The point is to offer both, to appeal to both audiences, the three people that play MMOs and have cell phones that would opt to recieve SMS, and the five people that play MMOs and would opt to spend $10 on a piece of plastic to provide the same security. Both options appeal to a niche audience anyway; most people think they're safe until something bad happens to them, or near them. Because people are idiots.

Wrong. People have presented reasons why they would not personally want an SMS service. Which I brought up from the beginning. They have not given reasons why it is practically inferior in terms of stopping account theft; the closest anyone came to that was Mhurron (and Amberly, iirc) who said it was moderately less secure because the SMS had to be transmitted. But there's little reason to believe that someone who has the ability to intercept an SMS and within a minute (or two, or three) use that to access your account (in addition to your regular user ID and passwrd) would have a problem hijacking your account (or far more important accounts) anyway.

I'm still waiting for someone to say something like "oh, the SMS system doesn't provide as much security because someone could to XYZ to have the number sent to their phone/email address instead"; something which is a practical security hole that the cell phone would be exposed to, that the token is not. Something that could be used by actual account thieves, not something that only matters if you're dealing with government databases or the like.

1- No, the burden is on you to explain why the SMS service shouldn't be an option. I'm not trying to sell anyone on the idea, just ask why (if the Satchel isn't an RMT good) SE cannot offer this service or something similar. If the security token works better for you, wonderful, go use it. That doesn't mean there shouldn't be an option; that's about the same as saying "everyone has a PC, why don't we just get rid of the PS2/360 versions?".
2- I have listened to what other people have said. Which is why I reply to them and explain why their point is either not a real concern, explained why I'm concerned about what I'm concerned about, or explained why their concern doesn't really apply. Again, if someone can point out why this is truly a practically inferior idea, I'd love to hear it. If someone can find some non-trivial flaw, I want to know. But if the concern is "hackers are intercepting your SMS messages so that they can log in to your FFXI account", I think it's pretty damn fair to break out the tin foil hats.

---------- Post added at 03:10 PM ---------- Previous post was at 03:06 PM ----------

I've not debated that. An SMS can be intercepted, yes, and a generated keycode cannot. You have failed to show how this is any more practically insecure, though.

You've failed to show how anyone can exploit the transmission from the server to log in to your account using non-extraordinary means. Again, if you can do this, I want to know. It would shoot down my argument very quickly, and would probably be fascinating on a technical level.

Yeah, like those scam artists that make RSA SecurID Appliances. Oh wait, you were just lauding them, weren't you?

Re: Do we really need to buy a security token?

And I never said it would be the only solution, but it would always be the inferior option.

Many people, including most hard core PC players, were planning on buying the token before SE announced the Satchel. Adding the satchel just pushed over more people who had no problem risking everything to save them a few bucks. SE wasn't selling the satchel just to sell the satchel, they added it with the Token because they knew many people don't care enough about security to buy the token on it's own. This is not in any way shape or form a for-profit issue that RMT and micro-transaction systems are based on. The cost of the token in it's entirety, including shipping costs worldwide, was the only thing we paid for. Blizzard sells security tokens too for roughly the same price.

Being able to reach less people, working slower as it requires you to send and receive the information, possibly incurring charges each time you use it, are any of these reasons that other people have mentioned sinking in as to why SMS is inferior to Security Tokens?

Everyone has the ability to get the Token+Satchel and SE wants everyone to get one, not because it makes them money but because it makes us safer. It was a dick move on their part, but it was for our own good. And you can still be just as effective as any other player with or without the satchel.

They DID offer other merchandise. I listed some of the other merchandise they've made and it won't surprise me when they come out with more. Of these items, only *one* had an ingame bonus and it was purely for looks. If you seriously think SE would try to sell an ingame, fairly useless item for 40 bucks you're nuts. The pendant *was* what they were selling, and the ingame item was just a free bonus.

And again, ACP was supposed to be a "Mini-expansion" and people who thought it would be an epic, detailed, and fun storyline to play jumped all over it. No one bought it just for the armor because the armor itself is not that great. Most people already have AH bought gear that is just as good or better, myself included. If I knew the Add-On would have been as trash as it was, I certainly wouldn't have paid for it. Lesson learned though because next time I'm waiting for reviews.

And I'll say it again in big letters so maybe you will get it:

Using both systems would just cost SE far more money to see far too little worth since the Token alone can reach as many people as the Token+SMS system. There is no reason to do both when one works better and can reach everyone. <Edit by TGM: see post above /sigh>

Is it clear to you that adding an unneeded expense on SE's end to please a few cheapskates would be a bad idea for everyone? There is no reason to do both when doing one can cover everybody.

This *entire* topic is a strawman argument based on something you disagree with because you refuse to believe the truth. The Satchel+Token combo wasn't done for-profit, it was done because SE knew that the majority of dim-wits that play this game would happily choose to let their accounts get hacked then cry to SE about it over spending 10 bucks. So they bundled it with something people want so people would have no choice but to secure themselves better. In the end, it's a win-win situation, SE is able to not only secure the accounts of everyone playing FFXI, but of everyone who will play any future online based SE title(FFXIV included) while players get a few more spaces to hold onto their useless junk.

Re: Do we really need to buy a security token?

PAM on UNIX supports clear text passwords. UNIX still ships with telnetd. I guess that means both of these are secure, right?

People like you who don't understand (or willfully ignore) why it is so damn stupid to send a code simply to have the user send it back are why those devices have those abilities. They still get to sell the expensive box to a company so the company can make a check box on a document with out actually really increasing security.


O hai! What's that account again?

Re: Do we really need to buy a security token?

For you personally? sure.

On a practical level, nobody has shown how they are anything but equal. The cell phone has strengths the token lacks, and the token has strengths the cell phone lacks, but neither is really anymore secure or flawed than the other. One will appeal to some people, the other will appeal to others.

I would say most were on the fence, judging by my recollection. And again, I'm not arguing that they used the satchel as an incentive to get people to buy the token for security. That doesn't mean it's not RMT, just means it's as good a reason for it as any other. The idea that "we only paid for this, those guys charge roughly the same" as again based on the fact that everyone bought it for the token to at least some extent, which just isn't the case. The point isn't really whether it's pure RMT or not, though. If it makes you feel better, I'll say that everyone bought it for the token and the satchel. The point is, if it's truly a matter of getting everyone as secure as possible, why not offer the option to use another authentication method?

Again, none of those make it inferior. They are trade offs.

1- They might reach less people, they might reach more. There's little way to tell based on things as they are now; I would guess that many people that play online games also have cell phones. I would guess many of those people would prefer using what they have instead of getting a new thing. Whether it reaches a larger audience or not isn't really important, as any significant increase in coverage is a good thing for everyone. Less account theft, less RMT making the effort to steal accounts, less stuff being sold by RMTs.
2- I already admitted it's slightly slower, but really, it doesn't take more than a few seconds from the time the server sends the SMS until the time you receive it. It's barely any larger a problem than the user having to read the screen and type it in.
2b- In a way, this is a disadvantage of the token. The SMS can give you a full minute from the time the number is sent to receive, open, and enter the code. The token simply updates every minute; this means you could type in a code, only to have it die right before you submit it, or you could have to wait for the next minute to roll around in order to type in the next number. That also makes the token slower, but not significantly so.
3- Yes, some people will incur charges for using it. Those people would probably be better off investing in a data plan (if they send and receive that many texts) or a token (if SE is the only real source of texts they have). Again, it's a trade off-- some people will get the messages for free, where they'd have to spend $10 on a token. Those people would be very much inclined to join a secure program, where they're not so much now.

The token also has problems:
1- Obviously, you have to pay $10 for it, and wait for it to arrive. People that already have cell phones can take advantage of the service without cost, and instantly.
2- You have to carry it with you; if you want to play FFXI somewhere else (for example, an LS party, or on a business trip), it becomes another piece of plastic you must take with you. Most people would already take their phones
3- As mentioned above, it changes every minute, instead of on demand.
4- When it is lost, or the battery dies, it must be replaced. A lost cell phone will be replaced anyway, and will generally keep the same number. A cell phone's battery can be easily recharged or replaced.

This doesn't make the token inferior, though, it just means that it's less suited to some people than others.

Same as selling any random piece of armor. Again, I'm not debating that the satchel and token should be independent of each other, I really have no problem with linking an authentication system with an in-game bonus. My problem is that, if this is purely a matter of securing our accounts, why not offer a free (in terms of money-to-SE) approach that accomplishes the same thing? The costs would even out for them, and work well for some of us, while proving that the satchel isn't an RMT'd good.


On merchandise and mini-expansions, please reread what I wrote. I already responded to your criticisms, I think we actually agree, at least for the most part.


You kinda suck at big letters. A $10 token will not reach everyone that a free SMS service would. A free SMS service would not add a significant cost that wouldn't already be covered by the money they save by not having to recover accounts (and hire/pay employees to do so). There is a very clear reason to do both: to secure more accounts, and appease players who are concerned about SE gouging the playerbase more and more.

As I've explained, more authenticated accounts is good for everyone. And there's a very good reason to do it-- because SE cannot force people to authenticate their accounts, unless they intend to send out tokens for free. Sending out SMS is extremely cheap, plastic dongles not so much. I highly doubt there are just a 'few cheapskates' out there that wouldn't prefer this option.

Right. Saying "you disagree with it because you refuse to believe the truth" is pretty much the definition of a strawman argument.

And your defense of "SE bundled it with this because they care about us, not because they're making any profit!"-- if they're not making any profit, why is the SMS service a problem, exactly? Like the token, it would be an acceptable cost. If it's really a matter of making secure accounts, why not take a small cost in order to widen the amount of people that will secure their accounts? The same argument applies-- there are 'dim-wits' who wouldn't secure their accounts even with the satchel, so why not offer a service that plenty of them could use absolutely free, so long as it protects their accounts and prevents problems for SE?


The hilarious thing is that we believe basically the same thing:
1- Physical Authentication methods are a good thing.
2- The Token and Phone systems both have some problems, but have their appeals to different people.
3- SE bundled the Satchel with the Token primarily to get people to buy the security measure.
4- SE should be providing security authentication for little-to-no profit.

The only real difference is that you think the SMS option isn't worth the cost to SE, and I think it could really help increase the amount of people using it.

I have a question, then-- if SE charged your POL account for however many cents it takes them to send an SMS, minus the savings they make by not having to deal with accounts being stolen, could we agree that it's the best solution? The net cost to SE is nil, and players get a security solution and inventory increase which is inarguably non-profit. That seems like a win/win to me.

---------- Post added at 03:57 PM ---------- Previous post was at 03:50 PM ----------

Of course not. The point is that your claim that 'these guys know what they're doing' flies out the window when they do something which is what I'm supporting. It means either:

A- They don't know what they're doing.
B- They know what they're doing, but don't care as long as they make a profit.
C- They know what they're doing, and you are wrong.

All three of those undermine your argument. Go ahead, Mhurron. I've been asking for it for three pages now. Explain why it's so damn stupid, explain how sending a code to a person's cell phone as part of the login process (not replacing the password! working with it) leaves them vulnerable to having their account stolen.

I've said it at least three or four times now. I want you to explain precisely how this leads to a real-world security issue with regards to MMOs. So far, all you've managed to say is that people can intercept SMS-- yes, but is there any reason to believe that FFXI account theft could realistically do that? Or that someone who could do that could easily get into FFXI account theft?

Put up or shut up, Mhurron. If all you can say is "I'm so much smarter than you, I don't need to explain why I'm right! HAHAHAHAHAHAHA.", your point is clearly invalid.