About the Recent Authenticator Change

General Discussion
Post Limit:
Prev 1 2 3 4 25 Next
nah, I just have to deal with it for 4 days(swore it was the 26th I ended, not the 28th)
Status
Active (Expires: 7/28/2011 12:00 PM)

Current Game Time Source
InComm Game Card 60 Day

GTCs show 'active' status till they expire


Just so you know, you don't have to 'deal with it'. Just because your sub expires on the 28th doesn't mean you HAVE to play until then. You cancelled, so delete the game and don't log on again.

Simplicity.


Just so you know, you don't have to 'deal with it'. Just because your sub expires on the 28th doesn't mean you HAVE to play until then. You cancelled, so delete the game and don't log on again.

Simplicity.


That doesn't work for those of us that actually WANT to play but log in every time praying someone hasn't hijacked our accounts.



There is nothing wrong with the new system. It works, and in that month you've seen 13 capped threads, there has not been ONE compromise related to the new system.

Stop whining.


You seem to be whining just as much.

There IS something wrong with the new system. Some have shown how swiss cheese-like it is. Even if YOu don't believe it's less secure now, then at least see the fact that if there is still such an argument on both sides about it, then SOMETHING must be amiss that deserves attention.

It DOESN'T work. I am not being authenticated with my second form of authentication EVERY TIME. That is NOT Two-Factor Authentication. That's not whining, that's FACT.
07/24/2011 03:07 PMPosted by Larkin
You seem to be whining just as much.


Yeah I created 13 threads about a non-issue.



There IS something wrong with the new system. Some have shown how swiss cheese-like it is.


Prove it. Show me where they've said it's vulnerable.

Even if YOu don't believe it's less secure now, then at least see the fact that if there is still such an argument on both sides about it, then SOMETHING must be amiss that deserves attention.



There are still "arguments" for the following that probably won't be "fixed" by blizzard:


Class Changes
Reduced Recustomization charges
Nerf X class (1v1 related)
"Ninja" looting in dungeons
Remove Town Guards


There's more, but that doesn't make any of them an actual issue.



It DOESN'T work. I am not being authenticated with my second form of authentication EVERY TIME. That is NOT Two-Factor Authentication. That's not whining, that's FACT.


Again, you have yet to cite one person who has been hacked under the new system. You've yet to expose why it's faulty and vulnerable.


Ok...I've spent the past few days in the real world giving people the benefit of the doubt. So I will give you the benefit of the doubt you are not a troll.

I'm lazy. Not too lazy to puch in a 6 digit code for my own security, but too lazy to sift through 13+ threads for the "proof" you will undoubtedly dismiss. Vudusinge put up alot of info. There were many others who had experiences, including myself. I was able to log on in a hotel room 1000 miles away on a public hotel wireless isp with no authenticator prompt and no changing passwords. That's bad enough in itself.

I ask you again though, what does TWO FACTOR AUTHENTICATION mean to you? if you don't punch the code in, that second factor is NOT THERE. I can't make it any clearer to you than that. That info doesn't require "proof" because it's a fact.

ETA: How many compromises have there been under the new system called into CS that neither you or I know about? So i agree, I can't prove that, but you can't disprove it either.
I have a feeling this feature will be added soon (that is to say, an "authenticate on every login" option) since the auth key is a security device, and is only as strong as long as it is required.

In my home its just myself and my family, and, I trust everyone here enough that not having to enter my key at every login is still safe enough for me.

On the other hand, if I was still a kid living at home, maybe with brothers/sisters that also play wow, I would probably be scared to death that my idiot-brother or greedy-evil-stepsister might use this as a way to steal my digital pixels.

WONT SOMEONE PLEASE THINK ABOUT THE CHILDREN!
07/24/2011 01:11 PMPosted by Grimmoire
Lol you can front all you want... you will be back.. if for no other reason than the available mmos out there are pale comparisons to wow... SWTOR is going to cause a massive collective depression among the frankie fans who are counting on that pile of garbage to save them from wow... beta for that game is poop

:(

Still waiting for my Beta invite.
The common theme in all of these threads is that people are relying on the authenticator for security. Spoiler alert! That's bad.

If your security protocols are good enough you will never be hacked, you don’t need an authenticator and never did.

The purpose of the authenticator is, and always was, to protect us from stupid mistakes.

I know that it's easy to say that people who use shared computer environments shouldn’t play this game, or should simply accept the consequences if they do. But Blizzard has recommended the authenticator as a security measure for those in such circumstances in the past and now that security measure has been removed for those people.

I’m not in such a circumstance, but I play in a gaming environment where some people are, and therefore my gaming environment is impacted by their diminished security.

I understand the problems a multi-boxer has when disconnected in the middle of a BG, and I support his desire to not need to enter an authentication code for the master account and each slave account to get back into action.

I also understand the problems someone who must use a shared computer environment has and support his desire to require an authentication on every login.

By far the vast majority of posts in the feedback threads asked for an option to opt-in or opt-out, the number of people asking for the change to be arbitrarily reverted for all users was in the single digits.

Ostensibly the threads in tech support were created by Activision Blizzard to collect feedback on the issue. The feedback was definitive; people who expressed an opinion were overwhelmingly in favor of making the new system optional.

In over a month the response has been to first unsticky the threads where they had requested feedback, then to delete the first thread and remove references to it from the stickies in the General forum.

Why ask for feedback from users if you have no intention to provide any response?
/sigh. There have been several holes pointed out, INCLUDING some compromises. If you check...I think it was thread 4, we had a classic sibling compromise on the very first day. The kid HAD been using an authenticator to keep his brother out. We've pointed out viable attack methods and tested them, and they worked fine. A: Remote Access and B: hash code/virtual machine hardware spoofing. http://us.battle.net/wow/en/forum/topic/2743697739?page=15#283 People with untrusted roommates have one less method of keeping their accounts safe. People who (for whatever reason) have logged onto WoW from a public computer anytime in the past seven months are left hoping and praying that that computer was keylogger-free. There is no way to edit your 'safe list' of computers.

http://us.battle.net/wow/en/forum/topic/2743724809
http://us.battle.net/wow/en/forum/topic/2743805107
These aren't authenticator hacks, but they DO prove that the 'trusted system' method of logging in is flawed. If the new system was working as well as advertised, these hacks should have detected a login from a different computer and locked the hacker out.

If your account is hacked by a roommate, sibling, or ticked off girl-/boy-friend, it will NOT be restored. If the person hit the guild bank, you will be the one treated as the thief since the attack came from your computer. (this also goes for Remote Access hacks). See following:

    World of Warcraft - English (NA) Forums -> Hacked NOTHING Returned ...
    https://forums.worldofwarcraft.com/thread.html?topicId...sid=1...1
    19 posts - 10 authors - Last post: Aug 31, 2010
    So , My account gets hacked. I have NEVER been hacked before. ..... The compromise was on your end and until you can prove other wise (as we ...

    World of Warcraft - English (NA) Forums -> Hacked NOTHING Returned ...
    https://forums.worldofwarcraft.com/thread.html?topicId...sid=1...2
    20 posts - 8 authors - Last post: Aug 31, 2010
    I feel bad you got hacked. It sucks. But you're pushing the envelope. .... Again you have no proof because the compromise did not come from ...

    World of Warcraft - English (NA) Forums -> Crazy ex-girlfriend ...
    forums.worldofwarcraft.com/thread.html;jsessionid...blade23...1
    14 posts - 11 authors - Last post: Jul 8, 2009
    Still, if Tom Hanks hacked my account, I think I would be more amused rather then ... And now Blizzard won't restore my items she vendored, ...

    http://www.youtube.com/watch?v=l99nfgols4E
    On Youtube, search "Girlfriend deletes WoW account". Scary thing is that she may have thought she was doing the right thing.


Most of the above were from doing cached Google searches of the OLD CS forums where GMs refused to do an account restoration because the hack came from 'their' computer. I believe this will be more acceptable proof than my (regrettably) unscreenshotted conversation with a GM three weeks back that confirmed it was still in effect.

http://technolog.msnbc.msn.com/_news/2011/07/08/7043349-us-official-says-pre-infected-computer-tech-entering-country
While this malware is from people going for much higher stakes than account hacking, it's still a warning bell that the old 'stay off of questionable websites and you'll be fine' way of thinking no longer applies. You can get keyloggers from flash ads on websites ranging from the WoW forums to your news-of-choice website, you can get keyloggers from that adobe attachment your 'boss' appeared to send you, and now you can even get malware before you've even hooked your computer up to the internet!


Even if you yourself like the new system and want to continue using it, is it any skin off of your nose if WE would like a more secure way of logging in? Most of us are not asking for a rollback, we are asking for the option to log in the old way. I want my authenticator back, blast it! /teardrop

EDIT: for better clarity of a link


The common theme in all of these threads is that people are relying on the authenticator for security. Spoiler alert! That's bad.


Correction. I am relying on TWO FACTOR AUTHENTICATION. Not just the authenticator, but my Un and PW. Nothing is 100%, but TWO FACTOR is more secure than just ONE.



Ah, so he's just lazy and doesn't want to prove that his argument is false so now he's telling you to prove that it does work.

I'd like to see what judges would think if he tried that in a debate.

"Larkin kills and eats dogs!"
"Got proof?"
"No, I'm lazy and I don't have any. But Larkin should prove that he doesn't kill and eat dogs instead!"


I'm not a lawyer. I am not here to convince you it's not safe. I am here to convince Blizzard "I" am not safe. If Blizz tells me to !@#$, then so be it. I was honest to say I hadn't the time or energy to look at the threads. You can prove or disprove it to yourself. No one will change my mind, and only you can change yours. I am not debating anyone.



Jeez you guys are really desperate for attention aren't you? Pathetic. When are you going to get the hint that this is a stupid and pointless issue?

If you take a step back and look, you'll see that 50% of the discussion in those 13 threads have been generated by the same 15 individuals that have been crying since day one. Also, despite how bad you think the authenticator security is, people with authenticators still aren't getting hacked a month after the fact.

So you reached out to another forum to see opinions from other players, and you've been greeted almost exclusively by people who are telling you that this is a non-issue, but you're not listening. That should be a glaring indication that the rest of the WoW community either finds it logical that if people aren't complaining about getting hacked with authenticators, then the authenticators are probably working fine. Either that, they can care less. No but instead, you go back to your cherished "13th thread" and call everyone here "trolls, blizz alts and fanbois" and then go on grumbling to yourselves.

It's about time that you wake up and realize that no one else really cares about this anymore except for you. I've reported this thread as trolling, because that's all it really is at this point.


Me too.
This system will in NO WAY affect your accounts security from outside sources.

*Please note that man in the middle will not work either, no code means no code to steal*

They try to make it easier for you to log in after D/Cing, and you complain.

w...t...f


MITM attacks were the REAL non-issue. Now they don't even need the code anymore.

Join the Conversation