So I decided to play SWTOR again and it asked me for a one time password on the same computer I've always played on, so I put the password in and looked it up and apparently this is something they're always doing that unless you buy a security key thingy. Now I know how the two factor authentication works but I'm not going to use one of those things unless it's free. Security, as far as I'm concerned, is a cost to the company not the customer. Even if I did stupidly gave someone my password to someone else I do expect them to clean it up, since in the reverse situation when a company had some massive data breech which seems to happen every other day, you sure don't see them giving everyone a refund for selling your information to everyone on the Internet. I'm not expecting much in terms of what the company will do, just the standard restore stuff if it needs to come down to that. I remember seeing a site that talks about gaming security that points out "Password1" is sufficient as a password for your Amazon accont, which probably has more useful stuff for someone to steal compared to your gaming account. My bank account doesn't require me to do a ritual each time I need to pay my bills, but apparently to play a game we're supposed to put up with these ridiculous constrains because hackers surely are more interested in stealing our gold than our credit card numbers.
I mean, I know two-factor authentication is good, so the company should pay for it. In anything that can easily be tied to a box sale you should just ship people one of those if they pay $50 for your overpriced game. It's no different than how most companies now run wellness programs for employees because they figured out that if you're unfit and then go on disability leave that's going to cost a lot more than the cost of of a wellness program. The stolen/hacked account is obviously a very large expense for any company to deal with since you got to spend time and end up with a lot of angry customers, so why not be proactive? I'd think with every random game demanding you to buy a security key mass production should've easily gotten the cost of these things to a trivial amount, and even if not I'm pretty sure a simple cost benefit analysis is still in favor of that. I remember a study on WoW saying how they changed their policy from just unconditionally give out a welfare kit to anyone who claims to have an account hacked because it's not worth the time to figure out whether you're actually lying, so it seems like it'd still be in their favor as long as you've some way to identify paying accounts (slightly trickier in F2P games but hardly insurmountable). It seems like gaming companies thinks if they repeat the 'security is your problem' enough times people might really believe that, but that's absurd as long as your bank account requires significnatly less protection compared to your gaming account. It's clear that security is supposed to be the company's problem and if they did a reasonable job at it then it mostly works (until there's a massive data breech but that wouldn't have anything to do with security key to begin with).
I mean, I know two-factor authentication is good, so the company should pay for it. In anything that can easily be tied to a box sale you should just ship people one of those if they pay $50 for your overpriced game. It's no different than how most companies now run wellness programs for employees because they figured out that if you're unfit and then go on disability leave that's going to cost a lot more than the cost of of a wellness program. The stolen/hacked account is obviously a very large expense for any company to deal with since you got to spend time and end up with a lot of angry customers, so why not be proactive? I'd think with every random game demanding you to buy a security key mass production should've easily gotten the cost of these things to a trivial amount, and even if not I'm pretty sure a simple cost benefit analysis is still in favor of that. I remember a study on WoW saying how they changed their policy from just unconditionally give out a welfare kit to anyone who claims to have an account hacked because it's not worth the time to figure out whether you're actually lying, so it seems like it'd still be in their favor as long as you've some way to identify paying accounts (slightly trickier in F2P games but hardly insurmountable). It seems like gaming companies thinks if they repeat the 'security is your problem' enough times people might really believe that, but that's absurd as long as your bank account requires significnatly less protection compared to your gaming account. It's clear that security is supposed to be the company's problem and if they did a reasonable job at it then it mostly works (until there's a massive data breech but that wouldn't have anything to do with security key to begin with).
