Add Trusted IP address.

85 Tauren Paladin
1770
Hello, I was wondering if Blizzard ever plans to implement a way to add trusted IP addresses to an account to avoid the automated account locking system going haywire every time a player goes home for the weekend. It's not that bad of a problem really, but it doesn't seem like it should be that hard to accommodate players like myself. The system seems to identify access patterns pretty well on its own in the short term, but I'd say addresses expire far too quickly in the system's memory. A simple interface to view which addresses have accessed ones account with some ability to make selected addresses remain permanently would be very nice.
Reply Quote
90 Human Death Knight
10320
The system learns what locations are normal logins for you. It already does this when you reset your password at the location and with the computer that caused the lockout.

If you could manually add such IP's, what would stop a malicious party who has access to your account from adding their own IP's?
Reply Quote
MVP - Customer Support
90 Tauren Druid
12930
05/18/2011 08:34 AMPosted by Maul
If you could manually add such IP's, what would stop a malicious party who has access to your account from adding their own IP's?


Not to mention, what would stop them from adding a proxy to their account-stealing malware, to have their malicious traffic actually be coming from your own "trusted" IP address?

IP addresses aren't a guaranteed safe method of determining legitimate access - which is why Blizzard's system relies on more than just that.
________________________________________________
Customer Support Forum MVP
HDL - http://hdl-the-guild.com/~nodrama/
E-mail - neppyman.no@spam.gmail.com
Reply Quote
61 Worgen Priest
10505
05/18/2011 08:29 AMPosted by Gattsbeard
Hello, I was wondering if Blizzard ever plans to implement a way to add trusted IP addresses to an account to avoid the automated account locking system going haywire every time a player goes home for the weekend. It's not that bad of a problem really, but it doesn't seem like it should be that hard to accommodate players like myself. The system seems to identify access patterns pretty well on its own in the short term, but I'd say addresses expire far too quickly in the system's memory. A simple interface to view which addresses have accessed ones account with some ability to make selected addresses remain permanently would be very nice.


While I am sure they are currently looking into and working on ways to tweak the system to work better and be more convenient for legit players logging on from different places, your idea does have some flaws. Our own computer system security does limit the amount of access that a program can have to it. this will create its own separate issues completely. Also IP addressed like mac addresses can be faked or spoofed. So the same way a hacker can get access to your computer via key-logger they can also view this info and be able to fake it thus tricking the system to see and think it is you logging in. it is not a perfect system. it is only an added layer of security to help prevent compromises, hours of work of restorations and distress and worry on the players end. Also very few ISP provide permanent IP addresses and they change frequently, usually withing a few days. So this would not really be a viable option. To even get a perm IP, if you can find and ISP that will allow it, you will usually have to pay extra.
Reply Quote
90 Night Elf Druid
7240
MAC address maybe.

Yes, they can be spoofed too.
Reply Quote
90 Gnome Warlock
8575
Or just issue a public/private PGP key pair and authenticate at account creation. Of course those of us already with accounts would have to generate a key pair. The advantage would be the ability to revoke the public key if necessary thereby disabling your account until you can get a new public key generated and uploaded and authenticated, the disadvantage is most people don't understand how to generate key pairs or even how it's used.
Reply Quote

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)
Submit Cancel

Reported!

[Close]