Quote:
Originally Posted by coinflipper
-as stars stated there were no failed attempts so your login was compromised (this is on your end)
This is only one possible scenario but not the only possibility. PS could be compromised on their end, probably least likely but not as impossible as PS would want everyone to believe. Could also be a man-in-the-middle attack. Where the data is captured between user and PS and the password is stripped out due to weak or compromised security protocols. This may actually be the most likely attack vector for anyone playing on the mobile app where there is an additional step that can be intercepted, that being the RF communication between the handset and the cell provider. The nature of mobile apps having to be small, code efficient and low processor load can result in trade offs with security.
The main point is the fact that the account was accessed with one try does not conclusively lead to the user being the one that was compromised.
Quote:
Originally Posted by coinflipper
- as far as logging in from other countries, people travel. if they got blocked from accessing their account when they correctly login just because they are in another country they would have way more support emails to deal with pissed off authentic users.
My bank warns me that if I am going to travel that I should inform them ahead of time or my bank cards could be frozen when they are suddenly being used on the other side of the world. Pokerstars should use the same protocols. Your account is accessed from somewhere new, especially when great distances over small time frames are involved, then the account should be restricted until it can be verified it is the actual account holder doing the accessing. This step can be avoided on a one time basis by prior informing support of your travel plans or if you travel a lot then you can take on the additional risk of telling PS not to restrict your account by location. Protecting all users money should come before concerns of possibly pissing off travelers.
These are simple basic steps PokerStrars should be taking but refuse to do. They should also make two factor authentication through at least the PokerStars PIN mandatory rather than the option it currently is. Just speculating here but I can not help but think the reason they do not do this is that the PIN is subject to some of the same potential security weaknesses as your password and if they made it mandatory they would loose their automatic, "it's 100% the users fault", excuse they currently use. They claim that no PIN protected accounts have been compromised so my paranoid concern should not be valid if they are telling the truth.
The current situation is not acceptable, PokerStars could and should be doing more.