WTF!?!

ok i put the title so ppl would be like lol drama let me look what this *** is complaining about.

I made a mistake with the new password things.

I tried my old ones and after it didn't work 2 times i checked my email and apparently they changed y password for safety reasons last night or so.

Third try i put the password in the wrong one, i put it in squareenix instead of member and now for safety reasons my account is temporarily disabled.

Anyone know how long this temp disable for 3 consecutive wrong passwords is?

Thanks

Go to their live chat, verify it's your account and have them reset it and go fix it.

Probably not long, 5-10, maaybe 30 minutes at best. Highly doubt it would go over the hour mark. And yes, kinda fell for the title XD

never had it happen so not sure how it works.

About 30 minutes. I'd taken a few months off from the game and had issues remembering my password when I came back.

You DID ask for it though...

And yea... temp disable is like... 15 minutes i think

SE changes ppl's PW these days?

Was because of the server hack, I'm assuming he just now found out, or something else has happened.

my password wasnt changed

They only changed the PW for the people who possibly got compromised. If yours wasn't, then you're safe enough...
For now! Muahahahaha!

Only select people they thought were compromised has their password changed, mine wasn't either.

thanks guys. Yeah after the announcement my pw were both the same as before, so i didnt expect a change. lol yeah it was my own fault i needa read specifics more carefully. :P

ok..that feels comforting?

Nah, I was just doing that to be an ***, but seriously, if they ever get back in stock and you are worried about hackers and stuff, get one of those tokens. If they didn't change your PW on you, then you weren't breached. ^^

Got my token in January :P

I don't think I could go back to not having one. The satchel is just too nice.

A friend got hacked with a security token.

Yeah I was curious about that, I'd say the almighty concept "don't start no ***won't be no ***" usually prevails.

i am curious how one would get haxxor'd with a security token though...

Simply having a token does not prevent an account from being hacked. If I recall, there was talk of a number of people that bought the token strictly for the use of a Mog Satchel, then unlinked the satchel from their account.

I still have yet to hear of an instance of someone with a properly linked token getting hacked.

Yeah that's what I was thinking...Not gonna unlink mine anytime soon for that reason and for possible new gobbiebag shyt.

http://www.bluegartr.com/forum/showthread.php?t=80487

From what I'm aware, they just install something with a keylogger and the ability to crash POL before login, so that you've typed in both your password and your 1 time token pw but it hasn't gone through. Then they take both and use them to log into your account. Not like they could do anything serious like change pw or cc info afterward because they'd need a second token pw, but they could still raid your characters.

Thanks for the link. Is this something that happens often though? I've only seen stories of "my friend got hacked", and there is very little concrete evidence to prove this keylogger method actually works.

Even on the POL login screen, you have the ability to type in your PW on that secure onscreen keyboard.

there are several people with properly linked tokens and firefox with noscript who say they were hacked over the course of the thread

often is a relative thing. by my standards, id say the limited data i have available to look at suggests that it does happen but is rare. other people's definition of rare/often may vary.

it's certainly worth noting, that, hacked or not, SE offers an unlimited number of resets to properly linked token users

LOLpc users, that's all i gotta say.
I love the windower and all, but this just makes me not want to play it on pc...but I guess since I have it on everything it doesn't matter.
That whole linked thread made me lol, yeah all your shitty antivirus programs will catch the keylogger...lol ya right.
It's rediculous that people think that the antivirus programs do much more than a proactive user could :/
Don't go to questionable sites, or don't browse on the same machine you game on. That's the best viable option.
either that or lolreformat every month.
I know people that do that.

This is how it works in World of Warcraft, I don't know how different the method is in FFXI

Essentially, they Install a Dummy POL on your PC (Usually spotted by lolengrish?) People not paying attention would login normally, right SE PW, right Token number, and get "Invalid PW". This data is sent to the login bot. Boom, RMT now have access to your account.

The immediate course of action from here, is to try again, you repeat the steps and get rejected, the bot now has a second Token verification in order to Change your PW and disable the token for unlimited access. You just lost your account.

Again, that's how Security token hackin works in WoW, I substituted familiar POL terms for ease of translation.

This probably happens more often just because there are bunch of nubs that are all "zomgzwindower i can plays on my pc now with lotza extra features", i wonder how many of these people visit gilseller sites and all that.
I'd say if you aren't competent enough to fix your computer without tech support you PROBABLY shouldn't be a pc gamer...but hell that applies to 99% of the people that pay wow so lolugothaxxed will remain rampant.

Actually windower is relatively safe and dependable as far as malicious programs go. From my knowledge theres never been any issues with dirty versions of windower if you download directly from their site. I've never had a problem with the site or forum either.

As a matter of fact theres a really good post in that forum that gives you steps on setting up firefox + add ons to get the best protection you can, that I know a number of my friends who don't even use windower have saved to their favorites. I should dig it up...
Okie, here it goes: http://forums.windower.net/topic/11323-guide-protecting-your-web-browser/ for anyone who could use it. :)
Also, I would suggest downloading Hijack This and learning it, might take a while and a bit of googling to find out if things are good or bad till you get used to what you're looking for. Or you can find a friend who knows enough to look through a log and help you pick out potential viruses or keyloggers.
http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

I would wonder too if random rmt are gonna even create a dummy pol that would work with windower, at least I'd hope there'd be enough of a problem that would tip off the user before any real damage is done. As for me, I tend to keep my account logged in most of the time bazaaring while I'm not around and if my game crashes, I reboot and log back in normally. Never had a problem.

Sry for the ninja edit xD

Computer security just comes back to being proactive about it. Of course one exception was back a few months when I was browsing FFXIcyclopedia (A sanctioned community site) I got that nasty Malware/spyware Auto installed on my PC, the first infection (Of any kind, aside from loltrackingcookies) in 4 years.

I've been PC FFXI user since NA release too, and never been tehaxored. (Run stock game, no windower or anything) So I must be doing it right, or just not a good target cause all my ***is rare/ex.

nah you didn't get what I was saying.
I was meaning.
a lot of people who aren't the most "computer savvy" see windower, and are like "zomgzwindower must have addons...etc", they get windower(as opposed to console gaming) and all that and then on down the road they get haxxored most likely due to what they were browsing where they were browsing and all that.
Makes me wonder how many of these people buy gil, and how many get hacked in relation to that.

Regardless if you have noscript or anything like that, YOU have to approve of the scripts you go to.
So therefore you have people who don't know what the hell a script is and download it just because they were told to.
they are like "WTF NONE OF MY SITES WILL LOAD"
and I am using this as an example from what a few friends and family members have done after I've tried to get them to use NoScript.
It's not for the commercial user, so therefore if you don't know computers you can't really protect your computer outside of like AVG, TrendMicro and all that...but they really don't do jack ***. Pretty much if you aren't good at computers, you can't protect yourself very well, for those people playing final on the same pc they do all their browsing and stuff will be a hazard just because the general user doesn't know how to proactively protect themselves.
It's a problem you can't solve really though because people will be stupid and unable to learn, or in most cases unwilling to learn( i do tech support).
best course of action for those people, console.
hell i play on console since my power supply died on me and i haven't decided to replace it yet.