Battle.net Authenticator Changes

Technical Support
Prev 1 4 5 6 26 Next
Even though you know typing in the code can make you even more prone to getting hacked, keyloggers can pick your code up and then hack you within that timeframe, however say you get keylogged after you don't need your code anymore. They go to login and without information data they get denied when asked for one.

So in a way, this could be seen as an increase in security?

I can see both sides of the argument, but I guess I'm going to be a little trusting in blizzard and see how this goes.
06/16/2011 02:36 PMPosted by Holybell
Your really not supposed to be able to do that from what I hear, if they want to play they need their own account.


You're wrong. It's ok for kids.

@parental control guy: annoying and unflexible.




@zarhym: i like you guys developing new features... but seriously, but some damn on/off toggles on this stuff.

@dreadnb:<3
This is a really bad idea. What if in some cases the person is using the authenticator to protect against family or someone else that may use the same computer. This change would leave the persons account completely open if the person has the password but not the authenticator. Please do not implement this change.
GREAT change! I have 3 accounts, so this is huge for me.

Thanks, Blizz!
06/16/2011 02:57 PMPosted by Holybell
Even though you know typing in the code can make you even more prone to getting hacked, keyloggers can pick your code up and then hack you within that timeframe


Once you use the code, it's not able to be used again. The codes are only valid for a short time anyway, but once it's used once, that's it. Keyloggers are useless in this case unless you typed the code and didn't hit Enter.
If you use an authenticator – and we hope you do – you may soon notice that an authenticator prompt may not appear with every login. We’ve recently updated our authentication system to intelligently track your login locations, and if you’re logging in consistently from the same place, you may not be asked for an authenticator code. This change is being made to make the authenticator process less intrusive when we’re sure the person logging in to your account is you.

We hope to continue improving the authenticator system to ensure the same or greater security, while improving and adding features to make having one a more user friendly experience. If you don’t already have a Battle.net Authenticator attached to your account, don’t wait until it’s too late - http://us.battle.net/en/security/checklist


What if you WANT your authenticator to check every time you log in?
I don't like the new feature at all. Please allow us to opt-out of this and always need to be authenticated!
06/16/2011 02:46 PMPosted by Pikachoo
What was the point of this exactly? It took all of 2 seconds to hit 6 buttons on my number pad.


Possibly to circumvent the man in the middle attack.

That was the whole reason they removed the authenticator field at the login page and put it after you logged in. When they did that they did hint at that paving the one for more authentication related changes.

It could be they're trying to introduce an element of randomness here. Part of the reason the MoM attack on the authenticators worked so well was because of predictability - a player with an authenticator will nearly always put in the authenticator code straight after the password.

In the new system it think it could be random - sometimes it would ask you for it , sometimes it doesn't. Of course this may not have any bearing as to how "safe" the system is.

I just hope they don't move to Random!Ninja!Authenticator!Field in game. Oh god the nightmare .. DPS DPS DPS DPS Difficult_Raid_Boss at 4% DPS DPS DPS Difficult_Raid_Boss at 3 % DPS DPS DPS Difficult_Raid_Boss at 2 % [PLEASE ENTER 6 DIGIT AUTH. CODE NAO]

Fuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu
________________________________________________
Bringing you walls of text and cookies since 2005 :)

Mac Tech Support MVP (moonlights in other forums)
Here to Help :)
06/16/2011 02:58 PMPosted by Divrp
This is a really bad idea. What if in some cases the person is using the authenticator to protect against family or someone else that may use the same computer. This change would leave the persons account completely open if the person has the password but not the authenticator. Please do not implement this change.

Then do NOT give your password to your family.
What is so hard about that?

And if someone is trying to login from China they're going to ask for the authenticator code. Read! It won't ask for the code if it recognizes your regular login pattern!
An idea for opt in/opt out of this could be as simple as a checkbox, similar to 'Remember Account Name'. So those of us who would prefer to use an authenticator can, and those who welcome the change, can have it.
I personally am going to enjoy this, but I understand everyones concern. Having an option would be wonderful, to please both audiances.

[] Opt in to Authenticator Intelligent tracking(URL to info here)
[] Require Authenticator code every login
I like it, but I do think there should be a way to opt out of it for those who do not.
OMG , i just thinked i got hacked!
I would like the option to opt out of this change as well, or a clarification if that is already planned.
Another short-sighted decision by Blizzard that is unveiled only after they've already started implementing it. Players NEED to be able to opt out of this 'feature.'
Please. Please. Undo this change, or give me the option to opt out of this. I don't mind taking a few seconds every log in to enter my authenticator code. It gives me a warm fuzzy feeling that I like. Bring it back!
I'm curious to what prompted this change. Have I missed the hundreds of complaint thread where people complain about having to type in the code their authenticator spits out?

Terrible change.
Even though you know typing in the code can make you even more prone to getting hacked, keyloggers can pick your code up and then hack you within that timeframe, however say you get keylogged after you don't need your code anymore. They go to login and without information data they get denied when asked for one.

So in a way, this could be seen as an increase in security?

I can see both sides of the argument, but I guess I'm going to be a little trusting in blizzard and see how this goes.


very true.

i'm seeing a common treand, the people who don't like the change don't trust their own household, but in that regard, i think the problem comes down to something entirely diff then authenicator. that's general computer security for children, and a wife you can actually trust who respects your stuff.
I'm curious to what prompted this change. Have I missed the hundreds of complaint thread where people complain about having to type in the code their authenticator spits out?

Terrible change.

It's a nice change. But anyway, it was probably from complaints. People complain about everything, even if some changes are good.
Well, I guess this explains why they removed the authenticator field from the main login page.

Join the Conversation

Return to Forum