Diablo® III

Just got locked out of rmah -_-

Changed phone number, and it ask for SMS authentication to sell.
To change the SMS authenticator, you need access to the old phone number.

Kind of funny, anyone that would change an SMS authenticator wouldn't have access to their old number unless they were selling or giving their account away.

I contacted them, they ask for email, secret answer and I stopped them there...

Seriously? giving our secret answer to a tech support guy?
I would of figure that blizz had a page where you could of wrote the secret answer and the tech guy only see a confirmation that I've wrote it.

why does blizzard make those information public to their tech support?
I can't even change my secret answer on other game.
That was the worst feeling ever I had, they definitely need to change their system.
Edited by Arden#1669 on 7/2/2013 6:12 PM PDT
Reply Quote
Posts: 10,909
View profile
Changed phone number, and it ask for SMS authentication to sell.
To change the SMS authenticator, you need access to the old phone number.

Kind of funny, anyone that would change an SMS authenticator wouldn't have access to their old number unless they were selling or giving their account away.


You should have changed your sms settings before getting rid of your old phone number. If you failed at doing that you have to go through customer service. Your secret answer is used by them so they dont ask you for your password. How else are they to verify its you quickly? You could choose to go the long route but it requires you send them things like a picture ID and stuff.
Reply Quote
Support Forum Agent
Posts: 857
Hi Arden,

All of our CS is authorized to assist you with account verification. Another way of looking at it is that the lines which separate Tech Support and the Game Masters may not in all cases be as clear as some might believe. There's a good number of us who are crossed-trained and whereas at one point in the day we may be assisting with technical issues, later on we may engage with in-game tickets (Game Master issues).

Rest assured that we're all on the same page, and if we ask you for your information it's only to make sure we are dealing with the appropriate account holder. Please let us know if you do have any CS issues that you still would like us to work out!

I hope that clears that up a bit :)
Reply Quote
I am just amazed that tech support have access to our email and secret answer.

I've changed my secret answer everywhere I could.

Imagine if someone doesn't use additional protection on their gmail account, and you guy have access to their email + secret answer... If you know that they are Canadian, you take a Canadian proxy and change their email password and hack their entire life + lock them out...
Not saying you guy are bad, but there always a bad apple lurking around and normally company protect themselves from such security risk by not giving too much access to their own employees.

DuckOfDeath: Over the past 12 months, they have only asked me to prove my identity twice using sms protection. Trust me, when I changed number, d3 wasn't what I had in mind.
And by twice, I mean, asking 12 times in a row, then not asking for 4-6 months.

Also the SMS protection only block me from selling using paypal...
I can still buy item and/or give away all my item, I don't quite understand how it protect our account. I figured if someone tried to connect using a different IP and blizzard wasn't sure, it would of attempted to make sure it the right person or when he does a purchase...
Not quite how sms protection any good with the authenticator.

Anyway, just raising the issue...
Edited by Arden#1669 on 7/2/2013 6:47 PM PDT
Reply Quote
Seriously? giving our secret answer to a tech support guy?
I would of figure that blizz had a page where you could of wrote the secret answer and the tech guy only see a confirmation that I've wrote it.

I remember years ago when I worked at a call center, there was a woman who had called specifically to set up this kind of secret password system so that no one could make changes to her account without knowing it, since all her children knew her personal details and she apparently didn't trust them. Then, she forget the secret password the next time she called...
Reply Quote
07/02/2013 06:42 PMPosted by Arden
Imagine if someone doesn't use additional protection on their gmail account, and you guy have access to their email + secret answer...

Oh, this is an important point - a 'secret answer' system is almost never treated the same as a password in terms of security. In most/all e-commerce systems, passwords are only saved as the output of a one-way hash function (eg: MD5), where no one, even a database administrator with full system access could read the actual password or recreate it easily. Secret answers, however, are very often protected by other means but stored (or are at least recoverable) as clear text.

The reason for this is their use-case. A password is a unique, typed signature, which is case-sensitive, usually special characters and alternating caps are encouraged. However a secret question might be "What street did you live on when you were seven years old?" For which the answer might be "Main Road." or "Main RD" or "Main Rd.", etc. The intent is to make sure that you know where you lived at seven years old, which is presumably something that a password cracking bot wouldn't know, and it's not a value you'd be typing regularly as a value for a password when logging into things (thus isn't easily retrievable through key loggers, etc.). Since the intent is to make sure you know that information, and not to see how you type it (like a password), storing it as a hashed value and relying on users to type it in exactly as entered originally defeats the purpose of the secret question/answer concept.
Reply Quote
Well since you've already entered all that information into the system during your account setup, they would already have access to it and when the CS tech ask's you for your answer she/he would already be looking at it.

Unless your account is worth hundreds of thousands I would give a 0% chance to someone from within Blizzard stealing it. If it was worth that much, probably time to cash out before summer ends...

They're watching you <(0_0)>
Edited by Rii#1628 on 7/5/2013 11:33 AM PDT
Reply Quote
I love how there are way more important posts on this forum with suggestions from diablo 3 fanbase to improve the absolute terrible state this game is in, and there are immediate blue posts on posts that have to do with the RMAH. Cant have customers in distress that have to do with putting more money in your pocket blizzard!!! GET THAT MONEY!! as long as the rmah is up and running, F*CK what we think about the game, right?
Reply Quote
2 Dwarf Priest
0
Posts: 706
Changed phone number, and it ask for SMS authentication to sell.
To change the SMS authenticator, you need access to the old phone number.

Kind of funny, anyone that would change an SMS authenticator wouldn't have access to their old number unless they were selling or giving their account away.

I contacted them, they ask for email, secret answer and I stopped them there...

Seriously? giving our secret answer to a tech support guy?
I would of figure that blizz had a page where you could of wrote the secret answer and the tech guy only see a confirmation that I've wrote it.

why does blizzard make those information public to their tech support?
I can't even change my secret answer on other game.
That was the worst feeling ever I had, they definitely need to change their system.


You think people care if you had an Issue with the RMAH? LOL. No.
Edited by NewThreat#1840 on 7/6/2013 3:53 PM PDT
Reply Quote

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)
Submit Cancel

Reported!

[Close]