If Blizzard, who make World of Warcraft, can offer at $6.50 a SecurID token for their Warcraft account to secure fictional gold and magic or something, how are you not able to do the same for a poker account which contains real money, and in some cases a LOT of money.

Link to story

Email your poker site demanding a similar option. Who here wouldnt spend 5 or even 10 times as much for one of these for their account - and im sure there are plenty who would spend a lot more.

I could live with the situation previously where the sites claimed it would be too costly to implement, but if its possible for a business like WoW how is it possibly not possible at a site even if its just for us grinders where we are paying thousands in rake a month.

Couldn't agree more. Its mindblowing to me that these are not in common use.

yeah, this was mentioned in the thread a few days ago about pokerstars.

****ing blows my mind a bunch of WoW junkies can have this to protect their level 32 magic staff with +3 gooblygoo, but I cant have to one to protect a sizable sum of real life money

Yeah I'd but it. They should make it not so fugly tho.

my bank also opened this thing where it will text a second pw you have to type in within 30 secs.

WoW is actually a bad analogy in this case, as the theft scenarios are vastly different. If someone got access to my WoW account they could sell all of my in game goods through any number of third party mediums and neither myself nor Blizzard could stop the thief making an easy profit. The distribution of mediums also makes it almost impossible to track the money or catch me.

If someone got access to my poker account they have only four options:

1. Cash the money out
2. Dump the money to another account to cash out
3. Transfer the money to another account to cash out
4. Donk the money away for fun

Reputable sites should only allow you to cash out to an existing account which rules out 1, and the better sites should always prevent 2 and 3.

This leaves only item 4 - and if I am a someone trying to steal a significant sum from you, why would I draw attention to myself by messing around on a poker account? The answer is I wouldn't - I want your bank account, your share trading accounts e.t.c, and if I have control over your machine then not even a WoW type token will be able to stop me.

This therefore brings attention to the true nature of 95% (true figure in the poker room I used to work for but not indicative of all sites necessarily) of 'hacks' - they are done by friends and acquaintances who you give access to your account. They are done by people accessing their account in communal locations and leaving themselves logged in. They are made easy by people reusing passwords on multiple locations.

Don't get me wrong, I think the security of the sites is poor (and for some it is shockingly bad), but there are about 10 simple things that the sites could do before a token (which is not a perfect solution - can you prove the icon you click on opens the real FTP?) and we should be asking for them as well.

name 5

1. Enforce password complexity rules.
2. Require password after periods of inactivity.
3. Have usernames different to screen names (this is only for some sites).
4. Provide players with simple clear guidelines for safety on signup, and live cds for those who are more paranoid.
5. Ensure that passwords can only be reset through a trusted medium or process (again this is only for some sites).

pwned

yeah, ok, but it's really as simple as, many players want this feature (to reduce paranoia if nothing else), it's probably really forking easy, and pokerstars could probably actually make money by selling these things. these things are long overdue.

As far as I am concerned the main difference is that Wow guaranteed virtual money : gold, items and so on.
Giving it back to the players doesn't cost anything to the company, except the human cost to take care of it. This "great" feature is a new source of income.

If the same thing happens in poker, the room will have to guarantee 5k, 10k or more of real money.
If one day we see this option on poker, it will be a lot more expensive to cover the possibles losses.

The room doesn't have to guarantee anything.
They don't guarantee the money now and adding better security features doesn't mean they have to change anything about their responsibility when something happens.

#1 and #3 don't help in the case of key-loggers.
#2 I agree with.
#4 and #5 don't seem like they would help the problem much.

I find it very frustrating that occassional know it all's pop on here saying security is all up to the player...these secure keys are a great idea...it makes hacking virtually impossible....to those ppl who claim its all up to the player not to click a bad link, etc, etc, i want to know what you think of the following scenario....a very smart and capable hacker decides to make you his prey....he is motivated and knows what he is doing welll....do you feel safe in that situation? or do you think he'll find a way to get what he needs? with the secure ID, he can't log on to your account, period, without those ever changing numbers...seems like more than just a mental thing to me..

Actually this is a very common misconception about random key generators - if someone has control over your machine they are no defence, as all I have to do is get you to put your code into something you think is your poker client, display some error prompt that makes you think there is a problem with the site and intercept any emails you send to support. Of course, I will only have six seconds or so to retransmit that login data, but that is a lifetime in computer security terms.

However, this brings me back to my original point - if I have control over your computer (such as through a key logger) why would I make an effort to build a mock copy of FTP, intercept your emails to support etc? The answer is that I wouldn't - I would go after your bank, share and maybe ewallet accounts.

Note I never said that it was all up to the player (the sites certainly need to do their bit) but if you are so concerned there are ways you can guarantee your own security 100% now by yourself.