In Star Wars: The Old Republic, your account’s password is what keeps your account safe from other people. But did you know there’s an extra layer of security you can add to protect your account? A security key is a way of guaranteeing your account will never be compromised by someone who doesn’t also have access to your phone or computer. Setting up a security key also gives you 100 free cartel coins a month, even if you’re a free-to-play player! Cartel coins can be used to purchase account unlocks, and cosmetic items like cool mounts and armor.
A security key makes it so that you MUST have your phone or tablet on you when you log in to your SWTOR account. The security key will send your phone a special little code you need to type in when logging in, and is very similar to the one-time password that gets sent to your email, except that it expires very quickly. This means that even if someone has your username and password, they won’t be able to log in without your phone or tablet, making your account very safe from entrepreneurial family members logging into your account when you’re away AND from international hackers who have gotten access to your username and password.
Why read when you can watch? Video shows everything in this article. Skip to 3:40 to view the security key install how-to.
- How would someone get my password and account log in?
- How to Install a SWTOR Security Key on your Phone
- SWTOR Security Key Instructions
- Security Key Reward: 100 Free Cartel Coins per Month
- Security Key Reward: Security Key Vendor
- Uninstall Your SWTOR Security Key
- Additional Account and Online Safety
How would someone get my password and account log in?
If you’re wondering how someone might get access to your SWTOR username and password, hackers and social engineers have gotten even more clever over the years at getting access to your various online accounts. Here are a few ways your password can get compromised.
The first one is sharing passwords between multiple accounts online. If another site’s list of passwords and usernames gets hacked, leaked or compromised in one way or another, other people on the internet will now have the knowledge of what your username is and what password you picked for that website. Hackers with malicious intent will then sometimes see if that same password also works on your other online accounts – and unfortunately, if you are using the same password between accounts, all your accounts can be stolen. This type of “hacking” has even happened to SWTOR in the past, including a claimed 1.7 MILLION EA Origin accounts that were accessed this way by a hacker group a few years ago (
Article about leaks/hacks and origin accounts). Apart from a security key, having different passwords for all your online accounts can stop this from happening.
The second way is by using a public wifi. You may have noticed when you’re browsing the web that some website addresses start with HTTP and others start with HTTPS. If you’re using a public wifi like a hotspot at a coffee shop or a school’s wifi, and log into a site that only starts with HTTP, there’s a chance someone can be “listening in” on what you are doing – and what you’re typing. The chance of someone specifically finding your SWTOR account this way is pretty slim, but recently many accounts have been compromised this way, to the point that even Google themselves is really pushing HTTPS for websites. (Article about using an unsecured wifi hotspot)
The third most common way accounts get hacked is in your own home – if you share your account with family members, guests, or friends. Maybe you’re being nice and sharing your computer with your younger cousin and you log them into SWTOR and they watch you type your password and memorize it for later. With a security key, they would need to not only memorize that username and password, they would also need your personal cellphone with them if they try to log in on their own while you’re away at work or school. Without a security key, if have your credit card attached to your account, they could easily go and ring up hundreds of dollars of merchandise on the cartel market – or just straight up steal any items or credits on your account. (A SWTOR player explaining what they lost when their account got hacked)
There are also a few other ways your SWTOR account can get compromised including naively sharing your password to get free items or enter contests, visiting malicious sites or downloading software that includes keyloggers, or “lending” someone your computer or laptop – but a large majority of unauthorized log ins to SWTOR can be stopped by having a security key.
How to Install a SWTOR Security Key on your Phone
Setting up a Security Key is really simple and works on most modern phones, including iPhones and other Apple tablets and devices, Android phones and tablets, and even Windows phones. Star Wars: The Old Republic Official Security Key Guide
Apple iPhone or Tablet
If you have an Apple device like an iPhone, you’ll start by heading to the the iTunes App Store and downloading the app called “Star Wars: The Old Republic Security Key” to your device. iTunes SWTOR Security Key App (iPhone, iPad)
If you have an android phone or tablet, you can do the same thing on the Google Play store. If you aren’t sure if your cellphone or tablet is an Android, it usually is if it is a touch-enabled device and isn’t a Kindle or a Windows phone. The easiest way to know if you have an android phone or not is to see if you have the “Google Play App Store” installed on your phone – it usually looks like a little play button in rainbow colors on a white background. If you have the google play app icon in your list of apps, you can likely use a security key! Android users also have the option of using the wide-spread Google Authenticator instead of the SWTOR-specific app, which has the benefit of allowing you to keep all your two-factor authentication codes in one spot.
Google Play SWTOR Security Key App (Android phone or tablet), Using Google Authenticator instead of SWTOR authenticator
If you have a Windows phone, you can use the Microsoft Authenticator, although it’s not officially supported it works the same way. You can install it on your Windows phone by going to the Windows Phone Store and searching for “Authenticator”, just make sure to pick the one made by Microsoft Corporation. Windows Phone Store (Windows phones), Windows Phone Install Guide, Windows Phone SWTOR Security Key Guide
Other Type of Phone
If you have a type of phone or tablet that doesn’t support any of those options, you can try using Google Authenticator or Authy, but like the Windows Authenticator these are also not officially supported, but many players have reported that they work well.
Security Key on your Computer
There’s also the option of attaching it to your computer itself – but this doesn’t help you secure your account from anyone who has access to your computer, like a sibling, relative or friend, or someone who’s “hacked” access your computer. It can still help with international attacks, but is less secure than the mobile options. You’ll basically need to install an emulator onto your computer that “mimics” being an android phone, where you can then install an authenticator. It takes more technical knowledge to set up, and it also requires extra time to boot up the emulator every time you log in. This is not a recommended way of using an authenticator, but hey, it’s an option. Emulator for your Computer for a security key
SWTOR Security Key Instructions
Once you’ve installed the Security Key app to your phone or tablet, you’ll then need to go to SWTOR.com and log in to your account on the top right, choose “My Account” by clicking on your username on the top right, then choose Security Key on the menu on the left.
On that page will show three options – the one you need to set up your key is called “Set up a new physical Security Key” and has a picture of a golden cellphone beside it. You’ll be sent to a new page that says “Enter the One-Time Password sent to your email address”. This is a security measure so no one sets up a security key on your account who also doesn’t have access to your email – so just head to your email account that’s attached to your SWTOR account, find the email called “STAR WARS: The Old Republic One-Time Password” and copy the short code you received into the “enter the one-time password” page.
Once you’ve finished that, you’ll be able to link your security key app with your swtor.com account. The page will tell you to “enter this serial number into your mobile security key app”. Open up your phone or tablet again, open up the “Star Wars: The Old Republic Security Key” app, and type in the serial number.
You’ll also want to write down this serial number somewhere safe in real life – if you ever need help accessing your SWTOR account, you might need to give it to a Customer Service Representative. Do NOT save this serial code by saving it on your computer or on a sticky note on your desktop – these are both places someone trying to access your account might also have access to. Your phone is also not a great option, because if you need to remove it and your phone is lost or broken, you won’t be able to access it.
Once you’ve put the serial code into your phone or tablet app, short security codes will start showing up! To finish setting up your security key, put that short code into SWTOR.com right under where you got the serial code.
Now every time you try to log into your Star Wars: The Old Republic account, it will require a security key generated by the app on your phone, and will keep your account very secure. Just make sure to keep your phone charged whenever you want to play the game!
Security Key Reward: 100 Free Cartel Coins per Month
As an incentive to secure your account, SWTOR also offers you a FREE 100 cartel coins per month. These coins are very valuable ingame and can be used to buy cosmetic items. 100 cartel coins is worth about $1, but you can buy quite a few different things on the cartel market by saving up just 3 months worth without spending any real money at all.
Security Key Reward: Security Key Vendor
You also get access to the Security Key Vendor, which sells some very exclusive items that only people with security keys can get. These include dancer outfits, two really cool mounts, unique companion skins, a pet, a white-red dye and two very cool alternative bank decorations for your stronghold.
Uninstall Your SWTOR Security Key
If you ever want to remove the authenticator, for example if you lost your phone, it’s pretty easy. Just got to SWTOR.com and press Log In on the top right, but after you log in instead of entering your security code click: “Lost your Security Key?” All you need to do after that is put in a one-time password from your email and then you can remove it. As long as you have access to your SWTOR account email, it’s very easy to remove the security key, so you don’t need to worry about that when installing it.
Additional Account and Online Safety
Unfortunately, the authenticator can not protect your account against another very common hacking and social engineering technique. If someone, whether it’s a family member or international hacker gets access to your EMAIL account, you are in a lot of trouble. And I mean this in the nicest way – if someone has access to your main email account, they will then have easy access to almost every one of your online accounts including your Star Wars: The Old Republic account. All the hacker has to do is initiate a “forgot password” on your account, and then change your password to one of their own choosing. To use the “forgot password” option in SWTOR they would need to know your username… but it’s very easy to find your username just by digging around in your email for official emails from SWTOR you’ve received in the past – your username is actually at the top of every one-time password email. The one-time password emails actually help stop a lot of the same issues as the authenticator does, but because the hacker will have access to your email, they’ll also be useless.
The authenticator would normally still stop this kind of attack because although the hacker now has your username and their new password, they’d still need your phone or tablet. Unfortunately, your email account is all they would need to remove the authenticator from your account, which they can do and then log into your account.
Two-Factor authentication on your Email
The only thing you can do to prevent this is by placing two-factor authentication on your email account as well – just like you can place an authenticator on your SWTOR account, you can also put one on your email. Android users can easily use Google Authenticator for their gmail accounts, iphone users can usually use Authy an alternative authenticator, and windows users have Windows Authenticator. This way, even if someone gets your email account and password, they won’t be able to log in to it without your mobile authenticator… making not only your SWTOR account very secure, but also securing every. Single. Other. Account. You own! (Two-factor Authentication for iPhones for your email)
If you are sharing your computer with anyone at home, I highly recommend for you add two-factor authentication to your email so that all your online accounts are safe. Just make sure to log out of your email whenever you leave the computer. Others, your account will just stay logged in and that two-factor authentication will be useless. If you only occasionally share your computer, say with a friend or cousin, also just make sure to log out of your email before you let them use your computer.
Another way to strengthen your account security is by using a password manager. It can be really difficult to remember all the different passwords you have across all your online accounts, but it’s really important to use different passwords for all of them so if one is compromised, the others aren’t as well. A password manager basically saves a “safe” version of these passwords for you that are very long and unguessable, and once you set it up you don’t have to remember passwords for your online accounts ever again – they’re instead saved in your password manager, and they can be so secure that you don’t even know your own password. The only thing you need to remember is the “master password” – this master password can even be a easy-to-remember phrase with spaces like “i really enjoy dancing no bones”! The downside of using a password manager is that if you use an offline version like keepass which is very secure, it will be difficult to log in to your accounts from your phone or other computers – you’ll either need to memorize the complicated passwords or transfer your list of passwords and username to an unofficial keypass app for your phone or re-download keypass on your other computer. An alternative to this is LastPass which is an online version that syncs up between all your devices… unfortunately if it is hacked, all of your passwords are compromised in one go. If you’re really interested in strengthening up your account security, Keypass, the offline version, takes some work but is a great option especially if you mostly on use one computer!
Keypass video that walks you through using it on websites easily
In the end, keeping your passwords unique between accounts, adding an authenticator to your SWTOR account, and adding 2-factor authentication to your email should make your account incredibly secure! Good luck out there on in the internet, and I hope you enjoy the 100 free cartels you’ll get every month just for making your SWTOR account a little less hackable!