Diablo® III

I located a bug in the blizzard mobile authenticator/diablo 3 login.

Currently when I attempt to log in, the first time using a authenticator code I get a servers are busy response.

If I re-enter my username/pass and authenticator code (the same one before the timer on the mobile app pushes it to the next code) D3 claims that I have input the wrong account credentials.

If I wait for the mobile app to change and give me a different authenticator code it resumes giving me the servers are busy response.

1. The servers are busy
2. They probably have a one time use built into the authentication setup. Just wait an extra ten seconds like everyone else before putting the code in again.

I understand the servers are busy-that's' the point of a stress test and why I am spamming it.

If they do have a 1 time built into the authenticator then that's a problem why should I be restricted to only attempting to log in once per authenticator code timer when everyone else can spam it with ctrl-v there password?

If everyone is competing to be the lucky guy to click login when someone logs off to get the one open spot on the server that would put me and everyone else with a authenticator at a serious disadvantage reducing the desire to have a authenticator and as a result the number of people who use one increasing the number of stolen accounts which blizzard does not want.

bump

theoretically, this should only be a problem during this weekend with the stress testing. This weekend is to prepare them for the release day rush and should help prevent the same problems on may 15th.

you're mostly just feeling a bit anxious at not being able to play the beta right now and the authenticator problem isn't really a problem.

Allowing only one login attempt per authenticator number is a security feature to make your account safer. Working as intended? I think so.

wow shrink much?
=D, while I get where your coming from unless they implement a server queue for release it WILL be a problem on release day, and for the first week or two during busy times.

And server queues are a whole other slew of problems. Popular games are always overrun on release despite the best predication by the developers if for no other reason then they don't want to buy the servers they need to adequately support there release day/month population knowing it is going to decrease a good deal after that.

See I was only asked for my authenticator code on my first successful login where I did not get the 'server is busy' error. I put in the code I had on my iPhone in front of me and it went without a hitch.

But as others have said it might be a good idea to just wait 10 seconds or so and try the next code. Also try re-syncing your app first before you try logging in. I know if it's in sync it sounds like an unneeded extra step but if it allows you to log easier it might be worth it and who knows maybe it will help.

wow shrink much?
=D, while I get where your coming from unless they implement a server queue for release it WILL be a problem on release day, and for the first week or two during busy times.

And server queues are a whole other slew of problems. Popular games are always overrun on release despite the best predication by the developers if for no other reason then they don't want to buy the servers they need to adequately support there release day/month population knowing it is going to decrease a good deal after that.

server problems will probably happen, but i doubt they will be on a scale as to what we are seeing now. the first hour servers go live, i can see there being some slow downs and issues. this is an open beta right now, though. its free and far more people are attempting to get on right now than there will be at release (just assuming that a percentage of the ppl trying the beta don't really want the game). plus, the entire world is logging onto the U.S. servers right now, thats not something that will happen at release.

i see your concerns and know you want the best for the game. just trying to ease ur mind a bit

I can promise there will be MORE people logging into the game on the american servers alone come release day. There is a large number of people who do not track beta/stress tests and only learn the release date from the game store they use, pick the game up and start playing that day.
I'm quite confident I will be able to play when the game comes out, but I wanted to bring this to the attention of blizzard if they somehow missed it because I for one will disable my authenticator if this proves to be a issue until login becomes standard.

As StormTrooper said, one use per authenticator code is an extra security feature. If someone were, say, keylogging you, they could input your code immediately after you and change your passwords, delete your characters, etc. It won't prevent everything (e.g., man-in-the-middle attacks) but it will give an extra layer of security.

Open beta has a lot of people participating. It's natural for a stress test to cause server instability or busy waiting.

vouch
had the same problem and i too will disable my authenticator

I can promise there will be MORE people logging into the game on the american servers alone come release day. There is a large number of people who do not track beta/stress tests and only learn the release date from the game store they use, pick the game up and start playing that day.
I'm quite confident I will be able to play when the game comes out, but I wanted to bring this to the attention of blizzard if they somehow missed it because I for one will disable my authenticator if this proves to be a issue until login becomes standard.

I just don't see that happening, this is a free download that everyone can get and the only servers open right now are the U.S. servers. This might illustrate the max amount of people that will come on launch day, but i just dont see how it will be more.
Plus, the amount of people logging in on launch day may come in waves. Taking into account that a percentage of people who ordered hard copies (such as the CE and those who just prefer to have the box) wont be getting there's until hours, days, maybe a week or 2 after launch. this will give blizzard more time to stabilize the servers as the populations rises.

Murdoch a simple keylogger/report wouldn't help in this instance, someone would have to be ACTIVELY watching me because the keylogger wouldn't report in time for the key to be any good. If it was reporting in real-time the hacker would have to deciper between my password and the security code, most keyloggers would track it then report in small text files every so often, which would also be far to slow to apply for the code.

Slayers what games have you stress tested/beta/been there for release day on that act the way you claim, because everyone I have has had more reported people log on for release day then for the open-beta stress tests. I.E.

Star Wars The Old Republic
Dungeons and Dragons Online
World of Warcraft
Lord of the Rings Online
Starcraft 2
The Sims Online

and a few others I cant recall at the moment.

Slayers what games have you stress tested/beta/been there for release day on that act the way you claim, because everyone I have has had more reported people log on for release day then for the open-beta stress tests. I.E.

Star Wars The Old Republic
Dungeons and Dragons Online
World of Warcraft
Lord of the Rings Online
Starcraft 2
The Sims Online

and a few others I cant recall at the moment.

i was unaware that some of those had open betas or at the very least an open beta that was as widely publicized as this one is.

04/21/2012 10:36 AMPosted by Bashiok

This is working as intended. Each authenticator code is only good for one use, even if your login fails. You'll need to wait for the next code to attempt to login again.

How long does it take for codes to reset?

I'm pretty sure I timed my iPhone authenticator once; somewhere around 30 seconds to reset?

04/21/2012 10:36 AMPosted by Bashiok

This is working as intended. Each authenticator code is only good for one use, even if your login fails. You'll need to wait for the next code to attempt to login again.

=( sad day