http://pso2.jp/players/news/?id=2094

In effect after the September 4th Maintenance. If your account is not protected by by a One-Time Password, you will need to input a separate "Trading Password" before using any functions such as:

- Item Trade
- My Shop
- Present Boxes or any trade related room goods (eg: Shop Counter)

You need to only enter it once per login, from what I understand.

What a pain in the ass. I really don't wanna bother with that OTP crap. :disapprove:

I don't understand the point of this. Were there issues with these features ?

Is this to prevent stolen accounts from being stripped of all items ?

Once per login does not sound that bad, since we do not need to log out to change characters anymore.

It depends what they deem a login. Switching chars could very well be logging in again according to SEGA, meaning that you'll have to enter the password on character changes.

Is this to prevent stolen accounts from being stripped of all items ?
Exactly that.

Also, switching characters is counted as logging out, according to the link.

Oh boy, this is going to be obnoxious.

Goddammit Sega

I hope this pass does not reset itself each time.

It would be really great if SEGA stopped attempting to idiot proof our accounts for us when its our own damned responsibility. I mean I'm sorry, but as long as they've got proper account recovery mechanics in place, it shouldn't be possible for people to steal our accounts unless we've been very stupid. More often than not, I find that the ones responsible for letting someone get "hacked" were the company itself not following protocol which is incredibly obnoxious.

More often than not, I find that the ones responsible for letting someone get "hacked" were the company itself not following protocol which is incredibly obnoxious.

Or the player for having the password as "password"

I can't wait for this system to bug the fuck out and suddenly nobody can trade/buy/sell stuff. :wacko:

I don't quite understand this thing ... now we're going to need a secondary password for PSO or ...? I'm not sure.

Yes, you need a secondary password for PSO2. You will be prompted to enter it if you press "マイショップ" (My Shop) in the Visiphone menu, so even if you just plan to browse you will need this password.

Or the player for having the password as "password"

I can't wait for this system to bug the fuck out and suddenly nobody can trade/buy/sell stuff. :wacko:

Well like I said and I quote myself "its our own damned responsibility". If someone is going to be that stupid, than they fully deserve to lose their account if they somehow do.

But I mean we're already using usernames that are in no way shown ingame and likewise our emails are never shown either. Unless SEGA screws up and gives out info they shouldn't when someone tries to recover their password (which they would somehow need to acquire an email and/or username for anyways which is pretty hard without a slip of tongue) or someone is just flat out dumb enough to let every other person have their account info, than you seriously shouldn't be losing your account in this anyways. Adding redundant passwords like this is just annoying.

I've never used the OTP before. Are we stuck between some stupid choice of constantly having to dig up the new OTP and constantly re-entering passwords just to use probably the most important function in the game?

I've never used the OTP before. Are we stuck between some stupid choice of constantly having to dig up the new OTP and constantly re-entering passwords just to use probably the most important function in the game?

That's what its looking like. Unless of course they don't actually force it on you and just have a "you know you should REALLY do this" message every time you log in or something. Sorta like with one of my archaic junk mail accounts Microsoft tells me needs numbers and capital letters in the password for, but never actually makes me change.

Poor snipers, they will enjoy afking on visiphones even more now, lol.

so is SEGA sending us a unique password via email? also this doesnt really affect me even though i use premium :S.

What a bother

Shout out to the sidewalks for keeping me off the streets but it seems sega wants to change that asap.

This is fucking stupid. Plain and simple.

"Guys, you all need to wear floaties because someone who didn't take their time to learn how to swim has drowned."

I don't understand the point of this. Were there issues with these features ?

Is this to prevent stolen accounts from being stripped of all items ?

The whole point of this is extra security for hacked accounts or accounts that were stolen from complete idiots who will benefit from this added security.

It's not stupid, it's common among a lot of games with trading systems present and virtual wealth.

Steamguard, Runescape guard AND bank pin, etc etc etc.

Well, the fact is that accounts are getting stolen, and it's a problem, since it impacts Sega's game's popularity. So obviously, something must be done. And what are the alternatives? IP locking the game to Japanese region and binding ISAO accounts to JP cell phone numbers?

It's as if Sega is actually trying to appeal to everyone this time.

Well, the fact is that accounts are getting stolen, and it's a problem, since it impacts Sega's game's popularity. So obviously, something must be done. And what are the alternatives? IP locking the game to Japanese region and binding ISAO accounts to JP cell phone numbers?

It's as if Sega is actually trying to appeal to everyone this time.

Wut, you're making it sound like it isn't Japanese doing this to each other already.

best thing is that the only idiots who need that kind of feature are people who use the same password for everything
watch the imbeciles use the same password for the account for the trading password

I should hope that SEGA would require a different password from the login, otherwise this is totally pointless. I don't really see this as that big of a deal though. SEGA is just protecting their profit margins. Two password entries per session is nothing.

How exactly are we supposed to do this though?

Do we need to go to the official sega/jp website to create another password for trading and using my shop? Or is Sega going to give us one?

This sounds a bit confusing.

I should hope that SEGA would require a different password from the login, otherwise this is totally pointless.
Moron #41651:
Password: password
trade password: password1

:wacko:

Each time My Shop asks you for a password (imagine it, but with a rappy):

[spoiler-box]https://encrypted-tbn2.gstatic.com/images?q=tbn:ANd9GcQ4CJ3AAW27553iCKdDvW2nvbFJoueIY eDsRc8KkoFAGbqkl_lGFA[/spoiler-box]

I offer the following:

[spoiler-box]http://funny-pictures-blog.com/wp-content/uploads/2011/09/Trolling-password-on-Facebook.jpg[/spoiler-box]

Wow didn't really think people were getting there accounts stolen like that, either way this just seems lame. I've heard of other MMO's with OTP, but never seen them force it down your throat before. *sigh* this is pointless.

Only for PC?

...

PS VITA master race. o3o

Wow didn't really think people were getting there accounts stolen like that, either way this just seems lame. I've heard of other MMO's with OTP, but never seen them force it down your throat before. *sigh* this is pointless.

Dragon Nest does something similar to a OTP that is mandatory.

Thing is with OTP, not everyone has a cellphone or android device. Actually, can you use it with an android device? Or does it have to be a smartphone?

So SEGA fails to protect our account assets and introduces a layer of abstraction to the trading process on our end? Nice move, passing the buck like that.

Dragon Nest does something similar to a OTP that is mandatory.

Cant say I heard of that game, but either way its still lame. They should have kept it a an option.

Well okay. I don't really care. Cos well... Still get to play the game. Rofl.

Well okay. I don't really care. Cos well... Still get to play the game. Rofl.

Ofc you don't if you're free loader.

...well I'm glad I took another Hiatus from PSo2, SEGA doesn't seem to be improving it.

Whatchu mean tho......... "Free loader"? I'm just sayin' I don't see a problem with them making efforts to protect our accounts. We still get to play, right?

No no silly not calling you one just those who don't use the player shops lol.

Cause that is also what it also pertains to.

Ohhhh. I use the player shops when I have the luck enough to get a My Shop ticket from FUN scratches. And only when my storage is full of rares. I guess it's gonna get more tedious, but there's only so much we can do. Japanese people probably gonna love that Sugar Honey Iced Tea.

"Now amerika-jin gaijin baka sans can't hack into my account desu."

Ohhhh. I use the player shops when I have the luck enough to get a My Shop ticket from FUN scratches. And only when my storage is full of rares. I guess it's gonna get more tedious, but there's only so much we can do. Japanese people probably gonna love that Sugar Honey Iced Tea.

"Now amerika-jin gaijin baka sans can't hack into my account desu."

Seriously, why do you people honestly think this in any way relates to any of our activity on these servers? We're but a speck of their population. They never even made a reference to something that could be traced to us when they said this was coming.

Figures, as far as I'm aware a smartphone is needed to even set up an OTP in the first place and I don't own one. So looks like I'm stuck entering that stupid item password every time I decide to log on. What a load of bullshit.

Hmm, not as bad as some other games. It's pretty ridiculous how much they are trying to force the OTP on players though.
At least there isn't a security pin each time you log out and change characters or whatever some other f2p mmos do

So, how does this OTP work exactly? I never got the memo. <_<

Fuck this.

Fuck this.

^All that needs to be said give this man a medal lol.

So, how does this OTP work exactly? I never got the memo. <_<

It's a cellphone thing, gotta get your pin or whatever from the cell phone number you give em. They send it to ya when you want to log in. Or something.

I hate this security crap. It's not like we're CEOs protecting financial info or the like, it's understandable if it was something like that, but this is just overkill.

I already gotta deal with something almost like this, with a password that resets once every 2 weeks, and you aren't allowed to use the last 10 passwords, and all this capitol letter, ampersand crap. It's annoying, and we're only getting more of it because of idiots and scripts that automate bots that are probably around the memory size of a gameboy color cartridge.

Dammit....

Hmm, it reminds me of Blizzard password gadget thingy. Unfortunately I don't have any phone compatible with the app needed for this thing, so I guess I'll have to go the bothersome way.

Unfortunately I don't have any phone compatible with the app needed for this thing, so I guess I'll have to go the bothersome way.

Same. I can't tell you how annoying this will get when having to switch between characters... :/

All this because SEGA can't get their shit together and work on a proper security system. WE shouldn't have to be the ones to end up screwed because of THEIR mess-up.

Well, I do believe it's a good security system, which would prevent the main reason for people getting their accounts stolen, which is irresponsability. Other games use it, and I wouldn't care much for it if it wasn't for the fact that the app is restricted to iOS/Android.

How are people getting their accounts stolen so easily anyway? Doesn't the game not let you play from another computer unless you enter a code they send you through email?
...don't tell me that people are retarded enough on use the same password for the game and their email...

i guess its fine.

"uses simple password for shop"

simple but hard to crack!

Knowing sega they'll give players a password and they won't be able to change it.

Knowing sega they'll give players a password and they won't be able to change it.

Knowing Sega they'll give us a password and the thing won't work. :\

Well, I do believe it's a good security system, which would prevent the main reason for people getting their accounts stolen, which is irresponsability. .
lol that's not our fault, I mean the option was up there for people to take if they didn't its there fault everyone shouldn't be penalized for this annoyance.

Come to think of it do we even know how or what's the cause of this major hacking problem or how to avoid it. For all we know how will this even solve the mysterious issue. Lame Sega

it's not hacking when they just guess your password based on a list taken from somewhere else

I don't really mind it.

This seems a bit tedious. Well, if it gets going there really isn't much we can do about it aside from adapt.

So SEGA fails to protect our account assets and introduces a layer of abstraction to the trading process on our end? Nice move, passing the buck like that.

It's not SEGA failing to protect accounts. It's idiots failing to be smart enough to not fall for scams/phishes.

But that will never stop happening...

I guess they are moving with the "Even if we can't permanently fix the hackings, we can at least lower number of them" idea.

It's not SEGA's fault if people get hacked, they can't do anything if email companies leak their passwords and players happen to be using the same password on different services.

The reason for making this password mandatory is probably to disincentivize hackers. If they know that the account will definitely be using a trading password, they know there's little point in trying to hack it in the first place.

It would be really great if SEGA stopped attempting to idiot proof our accounts for us when its our own damned responsibility. I mean I'm sorry, but as long as they've got proper account recovery mechanics in place, it shouldn't be possible for people to steal our accounts unless we've been very stupid. More often than not, I find that the ones responsible for letting someone get "hacked" were the company itself not following protocol which is incredibly obnoxious.

Common misconception. Many people seem to assume that if an account gets hacked it definitely has to be the fault of the account holder, and that the service is absolutely infallible and cannot be exploited or make mistakes. In reality, services are run by humans, and humans are far from perfect.

Do people seriously believe that if a company was compromised, that they would openly admit it? They would only do that if they were past the point of no return. Maintaining public trust is very important for companies, and they will deceive consumers to achieve that. Has everyone forgotten Nexon, Sony, etc?

Companies have to pay for extra security consultation. Nexon devs didn't bother until long after they'd been besieged by hackers, and even then, there were still loopholes. They also allegedly had a MYSQL injection loophole on their own website. Companies based in smaller countries like Japan also tend to be more naive about security exploits on an international scale.

Even if it's our sole responsibility to keep our accounts safe (personally, I think it's a two-way thing), there is only so much we can do. We have to rely on methods of security provided to us by the service. For example, if a service only allows password max length 8 characters, all lower case and no special characters? Useless, and there's nothing we can do about it. And who knows whether they are encrypting our personal details or not. Time and again, it's been shown that many do not seem to bother and just store our data in plain text files.

Account recovery is also usually not something that is 100% automated and requires tech support. It makes sense that SEGA can't be bothered dealing with so many people geting hacked. "Prevention is better than cure".

If anything, i think some security measures should be optional. Quick 'n' easy ones should be mandatory.
To be clear, I am not justifying blaming the service. I'm saying that security issues can occur on both ends.
We should always do as much as we can to keep our details safe. The rest is up to the service.


It's not SEGA's fault if people get hacked, they can't do anything if email companies leak their passwords and players happen to be using the same password on different services.

The reason for making this password mandatory is probably to disincentivize hackers. If they know that the account will definitely be using a trading password, they know there's little point in trying to hack it in the first place.

That's going by their explanation. There still remains the possibility that there may be a security loophole somewhere that they have yet to identify.
I'm not saying there definitely is. I'm saying don't be so 100% certain that the service cannot be at fault.

To be fair, SEGA security has been pretty decent compared to other games I've played.
But never forget that just because we personally have not being hacked (yet) does not mean that there isn't an exploit somewhere.
People only admit there's a problem when they are faced with it themselves.

Yeah but if it is indeed Sega's fault then these passwords would be utterly useless.

This wouldn't be so bad if we are able to create the password ourselves and if changing chars doesn't reset it. Knowing Sega, they will give us some random string of numbers of letters for the password and require it every time we change chars.

So, how will this work for people that don't own smartphones?

You won't need phone unless you're gonna op in the OTP. Actually, you might be able to use Bluestacks or some other android emulation software.

So, how will this work for people that don't own smartphones?

You mean for the OTP? You don't need a smartphone for it, you can get a OTP token. Not sure where the idea comes from, that it is only for smartphones. All information about the one-time password usage is all on the PSO2 page.