Add Trusted IP address.

85 Tauren Paladin
0
Hello, I was wondering if Blizzard ever plans to implement a way to add trusted IP addresses to an account to avoid the automated account locking system going haywire every time a player goes home for the weekend. It's not that bad of a problem really, but it doesn't seem like it should be that hard to accommodate players like myself. The system seems to identify access patterns pretty well on its own in the short term, but I'd say addresses expire far too quickly in the system's memory. A simple interface to view which addresses have accessed ones account with some ability to make selected addresses remain permanently would be very nice.
Reply Quote
100 Human Death Knight
12230
The system learns what locations are normal logins for you. It already does this when you reset your password at the location and with the computer that caused the lockout.

If you could manually add such IP's, what would stop a malicious party who has access to your account from adding their own IP's?
Reply Quote
MVP - Customer Support
100 Tauren Druid
13890
05/18/2011 08:34 AMPosted by Maul
If you could manually add such IP's, what would stop a malicious party who has access to your account from adding their own IP's?


Not to mention, what would stop them from adding a proxy to their account-stealing malware, to have their malicious traffic actually be coming from your own "trusted" IP address?

IP addresses aren't a guaranteed safe method of determining legitimate access - which is why Blizzard's system relies on more than just that.
________________________________________________
Customer Support Forum MVP
HDL - http://hdl-the-guild.com/~nodrama/
E-mail - neppyman.no@spam.gmail.com
Reply Quote
61 Worgen Priest
10505
05/18/2011 08:29 AMPosted by Gattsbeard
Hello, I was wondering if Blizzard ever plans to implement a way to add trusted IP addresses to an account to avoid the automated account locking system going haywire every time a player goes home for the weekend. It's not that bad of a problem really, but it doesn't seem like it should be that hard to accommodate players like myself. The system seems to identify access patterns pretty well on its own in the short term, but I'd say addresses expire far too quickly in the system's memory. A simple interface to view which addresses have accessed ones account with some ability to make selected addresses remain permanently would be very nice.


While I am sure they are currently looking into and working on ways to tweak the system to work better and be more convenient for legit players logging on from different places, your idea does have some flaws. Our own computer system security does limit the amount of access that a program can have to it. this will create its own separate issues completely. Also IP addressed like mac addresses can be faked or spoofed. So the same way a hacker can get access to your computer via key-logger they can also view this info and be able to fake it thus tricking the system to see and think it is you logging in. it is not a perfect system. it is only an added layer of security to help prevent compromises, hours of work of restorations and distress and worry on the players end. Also very few ISP provide permanent IP addresses and they change frequently, usually withing a few days. So this would not really be a viable option. To even get a perm IP, if you can find and ISP that will allow it, you will usually have to pay extra.
Reply Quote
100 Night Elf Druid
9045
MAC address maybe.

Yes, they can be spoofed too.
Reply Quote
100 Gnome Warlock
10170
Or just issue a public/private PGP key pair and authenticate at account creation. Of course those of us already with accounts would have to generate a key pair. The advantage would be the ability to revoke the public key if necessary thereby disabling your account until you can get a new public key generated and uploaded and authenticated, the disadvantage is most people don't understand how to generate key pairs or even how it's used.
Reply Quote

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)

Reported!

[Close]