Two Plus Two Publishing LLC
Two Plus Two Publishing LLC
 

Go Back   Two Plus Two Poker Forums > >

Notices

Internet Poker Discussions of Internet poker venues, including RB & bonuses.

Reply
 
Thread Tools Display Modes
Old 12-11-2008, 02:56 AM   #1
ackbleh
Pooh-Bah
 
ackbleh's Avatar
 
Join Date: Jan 2005
Posts: 4,707
New PokerStars PIN: Beta Testing Trip Report

The new PokerStars security options are now operational for Beta testers. Well, at least the menus and the PIN are working, the RSA tokens haven't shipped yet. Here's how it works, with pictures.

This is the new 'Account' menu. Right now it only looks like this for logged-in Beta testers.



Here is the window that pops up when you choose the 'Login Settings...' option from the 'Account' menu.



If you choose 'Order Security Token', the window disappears and the Cashier, then FPP store pop up. The token isn't currently available in the store, so it just pops up to the default store category, 'Bonuses'.

If you choose 'Activate RSA Security Token', you get this:


Since we don't have our tokens yet I can't get beyond there right now.

If you click on 'Request Pokerstars PIN', you get:


Then you get the following email... obviously I have since changed my PIN. You get a new PIN every time you click the request button. I've done it a few times and it's damn fast.



If you check or uncheck the 'Enable PokerStars PIN' checkbox you get the following:



If you successfully enter your password/PIN to enable/disable your PIN, you get this email:



If you have the PIN enabled, the first step of logging in looks the same. But then there's a new, second step:



The numbers are in different places each time so if someone tracks the location of your mouse clicks, they still won't know which numbers you're clicking.



If you get to this second login step and have forgotten your PIN, you can click the 'Pokerstars PIN Recovery Service' words in blue, in which case this pops up:



And you get the Pokerstars PIN email with a new PIN.


That's everything until the RSA Tokens come out. Here's the email we got from Josem when he enabled everything, so you know what kind of stuff they want feedback on. These pictures basically give you the same experience a beta tester gets, and I'm sure Josem will read this thread, so here's your chance to contribute even if you missed out on the Beta.

ackbleh is offline   Reply With Quote
Old 12-11-2008, 03:00 AM   #2
ackbleh
Pooh-Bah
 
ackbleh's Avatar
 
Join Date: Jan 2005
Posts: 4,707
Re: New PokerStars PIN: Beta Testing Trip Report

FWIW I first thought the PIN would be useless. Then when I tried it and realized the numbers are in a different order each time, I changed my mind... this is total protection from keyloggers as long as your email password is secure (and you don't type it... I realize some people do, such as those who use webmail accounts rather than pop3).

Anyone that can get at your email can still get your PIN no problem if they have your password. But as long as your email password is different from your pokerstars password, this does protect you from all kinda of Phishing... plus if you use the same password for Stars as you do for something else and that password database is poorly protected or just a straight-out scam, this would save you.

I know a few people who went to 'poker forums' linked to via AIM chat with hackers... they then promptly created accounts, with the same username/password they use for stars, giving the hacker their login info. This would stop that, as well as a few other things.

I'm going to be a RSA Token user myself, but we'll have to wait a bit longer for that.
ackbleh is offline   Reply With Quote
Old 12-11-2008, 03:29 AM   #3
ChrisG.
enthusiast
 
ChrisG.'s Avatar
 
Join Date: Nov 2008
Location: +EV Bus
Posts: 86
Re: New PokerStars PIN: Beta Testing Trip Report

Very nice, thank you PokerStars.
ChrisG. is offline   Reply With Quote
Old 12-11-2008, 03:33 AM   #4
terp
Carnal \ 'Knowledge
 
terp's Avatar
 
Join Date: Dec 2005
Location: @terppoker
Posts: 14,781
Re: New PokerStars PIN: Beta Testing Trip Report

i get this too but no security token in my mailbox yet
terp is offline   Reply With Quote
Old 12-11-2008, 03:35 AM   #5
Shoe
Carpal \'Tunnel
 
Join Date: Jul 2004
Posts: 11,743
Re: New PokerStars PIN: Beta Testing Trip Report

Quote:
Originally Posted by ackbleh View Post
FWIW I first thought the PIN would be useless. Then when I tried it and realized the numbers are in a different order each time, I changed my mind... this is total protection from keyloggers as long as your email password is secure (and you don't type it... I realize some people do, such as those who use webmail accounts rather than pop3).

Anyone that can get at your email can still get your PIN no problem if they have your password. But as long as your email password is different from your pokerstars password, this does protect you from all kinda of Phishing... plus if you use the same password for Stars as you do for something else and that password database is poorly protected or just a straight-out scam, this would save you.

I know a few people who went to 'poker forums' linked to via AIM chat with hackers... they then promptly created accounts, with the same username/password they use for stars, giving the hacker their login info. This would stop that, as well as a few other things.

I'm going to be a RSA Token user myself, but we'll have to wait a bit longer for that.
If a hacker gets your password, but not your PIN, how easy is it to reset the PIN? Do you need to login in with the PIN to change it? As long as you need to know your PIN to change your PIN, your email only needs to be secure when you receive the initial email, after that, they shouldn't be able to hack your stars account even if they hack your email and request a new password. I'm hoping that stars won't resort to sending all the info to a hacked email account, I think Stars should consider their account security to be greater/better than the account security at Hotmail/Gmail/Yahoo/etc... because NOW IT IS. Maybe be able to send a new password to email, but if you cannot remember the PIN or lose your security token you should need some type of non-email validation.

Don't get me wrong, these changes are GREAT. I just want to make sure they aren't making our email provider the weakest link -- there should be some type of additional verification if someone needs their password, PIN, and security token (or 2 of the 3) reset at the same time.

Also, it's awesome that they change the order of the numbers around. I cannot believe there are banks out there that implement a similar feature but don't change the order of the numbers each time.

Last edited by Shoe; 12-11-2008 at 03:42 AM.
Shoe is offline   Reply With Quote
Old 12-11-2008, 08:01 AM   #6
Hood
Carpal \'Tunnel
 
Hood's Avatar
 
Join Date: Apr 2004
Location: 99 problems but a TT+ just ship pf
Posts: 6,768
Re: New PokerStars PIN: Beta Testing Trip Report

Quote:
Originally Posted by ackbleh View Post
FWIW I first thought the PIN would be useless. Then when I tried it and realized the numbers are in a different order each time, I changed my mind... this is total protection from keyloggers as long as your email password is secure (and you don't type it... I realize some people do, such as those who use webmail accounts rather than pop3).
Never say total protection - a key logger could detect the pin window, screenshot it to see the key positions, and monitor mouse activity to see clicks. You could code up a proof-of-concept in autohotkey in a very short time.

I'm not saying it isn't an excellent move by stars and it looks like an excellent implementation (mimmicking that of many online banking sites), but you have to be careful with saying things like "total protection".
Hood is offline   Reply With Quote
Old 12-11-2008, 11:51 AM   #7
1p0kerboy
Carpal \'Tunnel
 
Join Date: Nov 2003
Location: Florida
Posts: 11,796
Re: New PokerStars PIN: Beta Testing Trip Report

How is the pin different from having a password? Is it simply that hackers will now have 2 codes to break instead of just one?

Edit: I just saw this:

FWIW I first thought the PIN would be useless. Then when I tried it and realized the numbers are in a different order each time

Can someone please explain what this does exactly?
1p0kerboy is offline   Reply With Quote
Old 12-11-2008, 12:03 PM   #8
Frawa
journeyman
 
Join Date: Sep 2006
Posts: 220
Re: New PokerStars PIN: Beta Testing Trip Report

Quote:
Originally Posted by 1p0kerboy View Post
How is the pin different from having a password? Is it simply that hackers will now have 2 codes to break instead of just one?

Edit: I just saw this:

FWIW I first thought the PIN would be useless. Then when I tried it and realized the numbers are in a different order each time

Can someone please explain what this does exactly?
when entering the PIN you can choose to "click" on the buttons (numbers) instead of typing them with the keyboard , since the numbers are not on the same spot every time a more sophisticated "keylogger" would be required in order to get your PIN


its pretty clear in the OP i think

If you have the PIN enabled, the first step of logging in looks the same. But then there's a new, second step:



The numbers are in different places each time so if someone tracks the location of your mouse clicks, they still won't know which numbers you're clicking.
Frawa is offline   Reply With Quote
Old 12-11-2008, 01:03 PM   #9
bigjoker66
enthusiast
 
Join Date: Mar 2006
Posts: 68
Re: New PokerStars PIN: Beta Testing Trip Report

Quote:
Originally Posted by ackbleh View Post

If you choose 'Activate RSA Security Token', you get this:


Since we don't have our tokens yet I can't get beyond there right now.
If we already have a RSA token from another source can we enter the serial number here and use it?

I have one my work provides for me for remote access.
bigjoker66 is offline   Reply With Quote
Old 12-11-2008, 01:20 PM   #10
bluey
old hand
 
bluey's Avatar
 
Join Date: Mar 2006
Posts: 1,585
Re: New PokerStars PIN: Beta Testing Trip Report

a couple things.
1. in this popup box there is a type o. 'considering' is what you were going for


2. as far as lost pins. what about text messages to cell phone? my bank will text me if someone tries to setup a new bill pay or my cc is used for an over the internet, or phone transaction. then someone would physically have to have your phone. little bit different system than email but still fully automated and capable of sending thousands a day.
bluey is offline   Reply With Quote
Old 12-11-2008, 01:23 PM   #11
cmyr
veteran
 
cmyr's Avatar
 
Join Date: Jan 2006
Location: battle.net
Posts: 2,048
Re: New PokerStars PIN: Beta Testing Trip Report

Quote:
Originally Posted by bigjoker66 View Post
If we already have a RSA token from another source can we enter the serial number here and use it?

I have one my work provides for me for remote access.
Def. not. There are tons of manufacturers of tokens, and pokerstars will have contracted one of those manufacturers to do a run for them. if PS (or any other institution) had a list of every RSA token in existence, and had the ability to authenticate it (i.e. knew its key) then the whole point of RSA tokens period would evaporate.
cmyr is offline   Reply With Quote
Old 12-11-2008, 01:29 PM   #12
Ponder
veteran
 
Ponder's Avatar
 
Join Date: May 2008
Location: S-Mart
Posts: 3,341
Re: New PokerStars PIN: Beta Testing Trip Report

Looks like a good start but Stars should not allow ones email to be the weak point in this as it just negates the whole usefulness against key logger protection. Perhaps a call like security companies do with a safe word for people that are either supernova or/and have 5k+ in their account.

edit: I prefer blueys idea to mine after reading it.
Ponder is offline   Reply With Quote
Old 12-11-2008, 01:34 PM   #13
LateNiteRush
banned
 
Join Date: Oct 2007
Posts: 1,961
Re: New PokerStars PIN: Beta Testing Trip Report

Sweet, thank you so much Stars. You guys are definitely taking another step in the right direction. Good job guys.
LateNiteRush is offline   Reply With Quote
Old 12-11-2008, 02:27 PM   #14
Deuce2High
veteran
 
Deuce2High's Avatar
 
Join Date: Oct 2004
Posts: 2,596
Re: New PokerStars PIN: Beta Testing Trip Report

Funny, durrrr made a thread in HSML with ideas very similar to these. I expect FTP and eventually UB to follow suit.
Deuce2High is offline   Reply With Quote
Old 12-11-2008, 03:24 PM   #15
BlackRain
veteran
 
BlackRain's Avatar
 
Join Date: May 2005
Location: Thailand
Posts: 2,042
Re: New PokerStars PIN: Beta Testing Trip Report

Good work Stars. Leading the industry yet again, and especially on an important issue like this one. Thank you.
BlackRain is offline   Reply With Quote
Old 12-11-2008, 03:36 PM   #16
kindling
grinder
 
Join Date: Aug 2006
Location: The Cliffs of Insanity
Posts: 543
Re: New PokerStars PIN: Beta Testing Trip Report

Any idea on the FPP cost for this? I don't think these cost that much, and it will certainly be money well spent for all but the smallest accounts.

Also, thanks to Stars for finally making this a reality. I'm looking forward to it getting out of Beta.
kindling is offline   Reply With Quote
Old 12-11-2008, 07:12 PM   #17
Shamrock78
centurion
 
Join Date: Oct 2008
Posts: 101
Re: New PokerStars PIN: Beta Testing Trip Report

Earlier I was working in tech support for company that used RSA security tokens. One of the most common problems (after Outlook ) was token being out of sync and didn't work. They had to call tech support to get their tokens resynced. Just wondering how PS is going to handle this without phone support? Players have just have to order new token and wait couple of weeks?
Shamrock78 is offline   Reply With Quote
Old 12-11-2008, 07:54 PM   #18
NoahSD
Is Right
 
NoahSD's Avatar
 
Join Date: Aug 2005
Posts: 18,865
Re: New PokerStars PIN: Beta Testing Trip Report

The text message thing is def a good idea. I dunno how much it'd cost Stars, but plenty of other companies do it.
NoahSD is offline   Reply With Quote
Old 12-11-2008, 08:23 PM   #19
Jackal69
old hand
 
Jackal69's Avatar
 
Join Date: Aug 2005
Posts: 1,653
Re: New PokerStars PIN: Beta Testing Trip Report

great, any ideas on how much the token will cost?
Jackal69 is offline   Reply With Quote
Old 12-12-2008, 12:08 AM   #20
steel108
Carpal \'Tunnel
 
steel108's Avatar
 
Join Date: Feb 2006
Location: The Bike
Posts: 7,215
Re: New PokerStars PIN: Beta Testing Trip Report

Quote:
Originally Posted by Jackal69 View Post
great, any ideas on how much the token will cost?
+1; not that the price matters. These features will make me feel really comfortable with keeping xx,xxx online. PIN, password, and token = piece of mind.
steel108 is offline   Reply With Quote
Old 12-12-2008, 12:22 AM   #21
rothko
Carpal \'Tunnel
 
Join Date: Jan 2006
Location: :noitacoL
Posts: 8,206
Re: New PokerStars PIN: Beta Testing Trip Report



why not have a clickable keyboard that works the same way for the regular password?
rothko is offline   Reply With Quote
Old 12-12-2008, 02:29 AM   #22
Annorax
veteran
 
Annorax's Avatar
 
Join Date: Jan 2005
Location: [censored]
Posts: 2,787
Re: New PokerStars PIN: Beta Testing Trip Report

What do us little players have to do to get on the beta-test list?
Annorax is offline   Reply With Quote
Old 12-12-2008, 02:32 AM   #23
RikaKazak
Carpal \'Tunnel
 
Join Date: Jul 2005
Location: Waiting for Global Poker cash outs
Posts: 9,512
Re: New PokerStars PIN: Beta Testing Trip Report

Quote:
Originally Posted by ChrisG. View Post
Very nice, thank you PokerStars.
agreed....this is BALLER by stars...makes me feel 100x more safe.
RikaKazak is offline   Reply With Quote
Old 12-12-2008, 02:48 AM   #24
runout_mick
Pooh-Bah
 
runout_mick's Avatar
 
Join Date: Apr 2005
Posts: 5,153
Re: New PokerStars PIN: Beta Testing Trip Report

This:

Quote:
Originally Posted by bluey View Post
2. as far as lost pins. what about text messages to cell phone?

New PINs should be retrievable, at least as an option, from a non-email source. Either a text message or phone call. If cost/manpower is an issue, make each reactivation by non-email subscribers cost x FPPs (with a warning when people select this option there will be a fee for reactivation via this means).

Overall, excellent work Stars!
runout_mick is online now   Reply With Quote
Old 12-12-2008, 02:55 AM   #25
ackbleh
Pooh-Bah
 
ackbleh's Avatar
 
Join Date: Jan 2005
Posts: 4,707
Re: New PokerStars PIN: Beta Testing Trip Report

Quote:
Originally Posted by Annorax View Post
What do us little players have to do to get on the beta-test list?
My impression was that the list of Beta testers was made based on who participated in the forum discussion here about RSA tokens that helped spur pokerstars to initiate this change. Not based on who is a 'little' or 'big' player.
ackbleh is offline   Reply With Quote

Reply
      

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Forum Jump


All times are GMT -4. The time now is 02:28 AM.


Powered by vBulletin®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
Copyright 2008-2017, Two Plus Two Interactive
 
 
Poker Players - Streaming Live Online