TerraSleet wrote:My account has 1 token that looks a little odd:
That's just because it was created prior to this change, when the server didn't store that metadata along with the tokens. If you remove that token from the client and make a new one, it should be fixed. (At least as long as you don't allow multiple tokens.)
TerraSleet wrote:When attempting to remove it I get the following error:
That's true, I hadn't thought of that. The reason it happens is because, again, prior to this change, the server didn't store the required metadata, so it has no ID. If you make a new one, it'll be gone though, so since it's a transient condition, I'm unsure whether I'll fix it.
MagicManICT wrote:If you do add in any further 2nd or 3rd factor authentication, is it safe to say the same extensibility for the standard client will include any modded clients?
I'm not sure what kind of extensibility it is that you're referring to. To be sure, custom clients shouldn't really be affected by this change. It would be best if they merged the code that sends along a client ID with the request to make a token, or they'll keep overwriting each other if using several computers, but I don't think they're worse off in any way.
VDZ wrote:But it certainly isn't obvious and I wonder if the non-obviousness might be exploitable. I recall a different online game in which the account name and password were stored in the config file. "My config file got corrupted, can you send me yours?"
I too have worried a bit about that, which has technically been true previously as well, but that's why I did the whole thing where the embedded token only works once and expires in two hours. Once any of those conditions are true, then the downloaded Jar file is, as I wrote in the OP, "harmless", since the token it contains has been invalidated. I also imagine it should be slightly less unobvious, since I've also added the account name as part of the autohaven.jar filename now, which should hopefully make it a bit more clear that it has been associated with an account.