Just downloaded the iPhone app--there is supposed to be a serial number under the settings tab that you enter to activate the security, but all I see is an option to change the language the app is in under that tab. Anyone else have this problem?

Yeah, it's in there. Did you enter the url inside the app to the FTP store?

Once you’ve started the Vasco DIGIPASS, please select the “+” icon from the upper right side of the application. You will then be asked to enter the following address and press return: http://store.fulltiltpoker.com/iphone

This action will provide the Full Tilt Poker skin for your Vasco DIGIPASS application. Once this is complete, you will be asked to supply the Mobile ID from the email that you received upon purchase of your Mobile Security Key Application.


Mobile Security Key Serial Number
To access your Mobile Security Key, choose Properties and then select Details.

Your Serial Number will be displayed as the first property for your Mobile Security Key Application.

To generate a Single Use Password, start the Full Tilt Poker Mobile Security Key Application and select Single Use Password.

To generate a second Single Use Password, select any key to return to the start screen for the Mobile Application and then select the Single Use Password option again.

To activate your Mobile Application for your Full Tilt Poker account, please log in to Full Tilt Poker, select Security in the top navigation bar and click on Additional Authentication. When the Additional Authentication screen opens, please select Login with Security Key and follow the steps provided.

Up and working on my ipod touch. So cool. Looks like Doug took care of our other concerns in the 11/11 thread.

got it, ty

yup.

nice.

anyone knows if you can use both, the mobile security as well as the token?

or just one of those?

if so, which one would you guys recommend?

iirc correctly, you can use up to 6 tokens (both the physical token and the phone application version). if you lose your physical token, you can use your phone as a backup and vice versa.

The mobile app works. I would go ahead and order it.

They updated the info on their website to include having to send in copies of your drivers license, etc. So all is well

According to their FAQ you can order multiple ones which can all be registered at the same time, thus allowing you to have backups in case you lose one. IMO the easiest thing to do is use the mobile phone app because we all have our phones on us wherever we are, and keep one of the keyfobs in your safe at home or something.

Also another note, you might want to NOT have your password saved on your computer, so that if your computer and phone are both stolen, villain can't access FTP. (because they don't know your password)

And if keylogger hacks you, he can't access FTP because he doesn't have your phone.

Mark

Does the mobile phone app not require a PIN to access it?

i keep getting an error when typing in my mobile ID on my Storm for the token. i tried deleting the program and reinstalling but i still get the same random error (just a bunch of numbers). has anyone else had trouble?

Nope, so if your phone isn't locked, anyone can access the mobile app and get your password to use.

Mark

This is a little confusing. Do you mean you aren't able to fully install the application because when you try to enter the two codes they sent you in the email, it all craps out?

I had a problem where I couldn't type them in, but there was a button that was like "Click here if you can't enter data" and I did, and it pulled up another box that worked.

Mark

I'm confused... Are their two security tokens? One is a normal security token and the other is some kind of phone app? Which one is the most secure of the two? Or does one token do both? Please help me out, as I would like to get one of these ASAP. Thanks for your help.

Yes, there is both a physical token (the one at 5000 FTP points) and a software based application (the one at 3000 points) that is used on a phone. They both do the same thing; however, I would think the physical token is the more secure of the two as it is a dedicated device whereas the software based token may be open to exploits related to the phone itself. Ultimately, it's likely largely irrelevant though. If you want to carry one less thing around, go for the software based application.

i get this error when entering the mobile id:

"the mobile id does not include the activation date, is this mobile id correct?"

i click on "yes" but nothing happens =(

Ok, I downloaded and installed the mobile application on my Nokia E65, all seems cool.

But I don't understand how does it work exactly. I searched the interwebs and still couldn't find some answers, like:

1. It has a two-factor authentication (event and time based), right? What does this mean exactly? The time thing means that it generates the OTPs based on the exact time of the phone synchronised with the VASCO server time? What if your phone runs out of battery (even the one for the internal clock)? Then you must manually sinchronise the digipass (from that menu?)?

2. About the sync menu... it has auto and manual... what do you do there? Default is set to auto, so when and how does it sync? Because you can use it very well even offline, right? And when you go online with the phone does the app somehow automatically 'sees' this and syncs?

3. What about the event time authentication? It says that you should not generate a OTP and then not use that to log in, or else your app will become out-of-sync and unable to use it anymore(!!). Is this correct? If you by mistake generate an OTP and are not near a computer with FTP what must you do? The resync-ing will work then? On other RSA tokens I'm sure you can generate as many passwords as you like and nothing will happen if you don't log in with each of them... does that mean those are not event based (also)? I don't like this event thing then...

Hmm so many questions... If anyone can find me a link with some general answers I'd appreciate it. But from what I searched I only found very very basic stuff about this mobile digipass, nothing that actually explains how the stuff works...

Yeah, I have the same problem. Annoying. It seems to be working for most people.

Are you from Europe?

I believe it works like this:

You have an offline device that has a clock and a serial number. The serial number is known at the FT server. The device generates an output number based on the serial number and it's clock (and some complicated algorithm). When you initialize your device with FT, it will receive an output number and compare that with output numbers generated by FT's known serial, known algorithms, and clock trial attempts. Now it's initialized. Whenever you log in, it will generate some before numbers and some after numbers around the clock time it has synchronized with your device. It allows for a small margin of error (because your clock can be quick or slow). It then re-syncs with that new clock-time in case there is a change. Clock-times work on 30 second intervals (I think I read somewhere), so it's not like this is about miliseconds. If the output number doesn't match up to the range of acceptable output numbers (and thus clock times), then it's not accepted, and it won't resync either. Digital clocks are very precise, and once it's synced up the device has to literally break for this security check process to fail. I imagine on the server side you need some reliable hard- and software too though. Otherwise you can have tons of people unsynced. But I'm sure the 3rd party vendor has created some smart and reliable uptime and backup solutions for that.

Please tell us when someone in Europe receives their security token.

Sounds pretty logical, but... how does the app in the phone know how to sync with FTP? It just gives you a number and then it doesn't know how 'synced' that was... It must go online for that sometime no?
And what about the thing with the events? Why does the sync break when you generate one OTP and you don't enter it in FTP?

Thank you very much, that's exactly what I wanted to know.

The mobile app is working on the Motorola ROKR Z6 by the way. Not on the list of support devices but I decided to give it a shot anyway and it works fine.

is it a smart idea to delete the email with the ID & pw for the application?
I was thinking, if my email got hacked, said person could download the app and use the ID & PW to get the correct OTP.

Am I right that someone with the ID & PW information to the application can get the OTPs?