Battle.net Authenticator Changes

100 Tauren Druid
8155
06/16/2011 04:19 PMPosted by Creepjacker
Less intrusive? Tracking our login location seems MORE intrusive to me. Meh big brother wins again.


They were already tracking your login location. That's why when I log in from TX after being in CA for a long period of time I have to prove who I am. Logging IP addresses isn't exactly a new practice, nor is it usually frowned upon.
Edited by Deadbabyseal on 6/16/2011 4:29 PM PDT
100 Gnome Warlock
18010
06/16/2011 04:22 PMPosted by Jiffywag
I don't like this

why not? as long as you keep your password to yourself, you cant get hacked unless someone uses your computer.


Isn't the authenticator in place because the password isn't safe in the first place?

Also are you saying people can't use your computer from another location?
100 Draenei Warrior
13730
Do not want. Please give me the option of entering the code every time I log in. I'd rather have an option of opting out of the "smart" detection system that throws a hissy fit every time the IP address from my ISP changes.
86 Worgen Mage
8725
Give me your MSN and hit "OK" to any menu that pops up and I'll have full control of you computer /yawn
100 Tauren Druid
8155


why not? as long as you keep your password to yourself, you cant get hacked unless someone uses your computer.


Isn't the authenticator in place because the password isn't safe in the first place?

Also are you saying people can't use your computer from another location?


The authenticator is in place to increase the likelihood that a person claiming to be you actually is you. Location-based authentication accomplishes the same purpose.

Passwords are plenty safe when used properly. The problem is that most people pick weak passwords, use the same password in multiple places, share their password with others, or don't have their computer secured properly. If you have a strong password that you don't share, you don't visit questionable websites and run executables from email attachments, and you have some kind of antivirus or malware protection installed, your password is quite likely all you need to be safe.
Edited by Deadbabyseal on 6/16/2011 4:33 PM PDT
85 Blood Elf Paladin
4135
06/16/2011 04:15 PMPosted by Terrian
Someone said it's not IP bound, so it's probably a hardware footprint, akin to what Windows relies on for validation. Once enough pieces change (e.g. replace a HD, DVD drive, add some memory, get a new motherboard, etc... after X changes, we void the footprint). So yeah, that'd be an interesting and reasonably secure approach.

Not really. I've got a way to break it earlier in this thread. If all else fails, I can just log in from your computer using your WoW client and some basic remote-control functionality.

It's not like the graphics have to be drawn on a visible window...
85 Night Elf Mage
7210
http://twitter.com/#!/BlizzardCS/statuses/81493177147727872

Check and mate. This system will not affect your probability to have your account compromised by some guy half-way across the world. If anything, it may be all the slightly more secure with

You might wanna look up a few posts, where I explain how to break it even if they aren't just using IP.


Because you know exactly how the system works.

Right.
100 Human Paladin
17355
Better hope someone doesn't clone your IP address or steal your computer.

EDIT: cool change but doesn't it kind of defeat the purpose of security? That would be like not doing a pat search at a security checkpoint in an airport simply because you see the same person come through 5 times a day.
Edited by Thëodïcus on 6/16/2011 4:35 PM PDT
57 Blood Elf Hunter
770
I don't like this one bit. Blizzard, as nice as this is to some, it worries many others. I, for one, did not see this. When I logged on at home, I freaked out because I had thought my authenticator had been taken off somehow. Please, even if they do not want it atleast send the ones with authenticators e-mails saying how there was a change so that they know. Many WoW players do not log onto their battle.net account. I, for one, log on very rarely. This should be an option; Just like the "Remember this Log in e-mail" button in the start of the game.
100 Tauren Druid
14760
I also would like an option to use the authenticator every time. I dislike this new setup! I love my authenticator!
100 Blood Elf Mage
9430
Instead of being forced to reset the password for breaking usage patterns can we be forced to unlock the account or trust that location (via email address).

Really annoying logging in at a different location (even one that's been used many times before) to have to fuss with password changes every time.

*I'd like an always-auth-required option as well.
Edited by Opheron on 6/16/2011 4:37 PM PDT
6 Undead Priest
0
06/16/2011 04:26 PMPosted by Cyniq
You're still severely over looking the people who play at LAN centers or over public internet connections. There's so much wrong with this that would require that person to change his password after -every- time he's done playing. More security? Sure. Stupid waste of time on his part? Definitely.


How am I overlooking that? If it intelligently tracks your location, I don't see how this is any different than it is before the fix. Also, logging in from a LAN center or a public area is a bad idea. Blizzard says it is a bad idea. I don't even see how the game would be playable unless you were a super casual person (if this is the only way you were able to play WoW)).
85 Blood Elf Paladin
4135
06/16/2011 04:19 PMPosted by Deadbabyseal
If you don't understand why that wouldn't work, then it's probably not worth explaining to you, but here goes...

You know, it's generally helpful to know what the hell your talking about before trying to insult people.

Changing your MAC address through the control panel isn't going to matter. MAC addresses are only used at the link layer (OSI layer 2). The MAC address of your computer never makes it past your modem or router (at least not as part of the link layer).

Yes, but naive developers consider them unique serial numbers. So theoretically the WoW client could read the MAC address of your NIC and transmit that as a pseudo-serial number.

The IP address that Battle.Net sees is most likely that of your modem. You can't just log into your modem and change that; it's assigned by your ISP.

http://lmgtfy.com/?q=static+ip+address
85 Draenei Death Knight
4175
06/16/2011 04:15 PMPosted by Måtholomu
Wow what a terrible idea, I too would like the option to use my authenticator every time. GIVE ME THIS OPTION NOW!


ditto that.

I want it to ask me EVERY time because if it doesn't ask, I will never have any warning if my account had been hacked and someone removed the authenticator! Having it ASK for my authenticator code, is my only assurance that the authenticator is actually still attached to my account.

I have watched a security expert in a coffee shop with wifi trick both the shop's router and a customers laptop so that each of those devices thought his laptop was the other device so all her traffic was detoured through his laptop! It was amazing, and scary, to watch. We could see all the chat text, and web pages she was doing, and everything she was downloading, as though he was sitting at her PC. Both MAC ID's and IP addresses can be faked.

I want my authenticator code to always be asked for.

Until they fix this, if you log in to your game and it doesn't ask for your authenticator, you can log into the blizzard.com site and go to manage your account and remove then re-add the authenticator and it will begin asking for your code again at your game log in (for a while, at least.)
100 Tauren Druid
8155
06/16/2011 04:33 PMPosted by Texi
Someone said it's not IP bound, so it's probably a hardware footprint, akin to what Windows relies on for validation. Once enough pieces change (e.g. replace a HD, DVD drive, add some memory, get a new motherboard, etc... after X changes, we void the footprint). So yeah, that'd be an interesting and reasonably secure approach.

Not really. I've got a way to break it earlier in this thread. If all else fails, I can just log in from your computer using your WoW client and some basic remote-control functionality.

It's not like the graphics have to be drawn on a visible window...


But if you are able to do that, then you're already able to break into my account even if I am required to use an authenticator every time. If you have full control of my computer, there's nothing I can do to stop you. You can perform a man-in-the-middle attack, launch a fake WoW client, proxy through my machine... take your pick. But you have to get access to my machine first. There's simply no authentication method that's going to prevent you from compromising the account of someone who's computer you've fully taken over without their knowledge.
90 Undead Death Knight
10750
Superficial or not, I like the sense of security entering the code each login.
10 Troll Warlock
0
Zar, buddy, this gave me a bit of a heart attack when it stopped asking me for my authenticator. It's good to know that it's intended and my account is not being messed with.

But while I understand that Blizzard is looking out for us and intends this to be a convenience, being asked for the authenticator number every time was a bit reassuring. I feel a bit naked and that some 500 pound man living in an undersea cave where he feasts on the decomposing bodies of kidnapped children is but a step closer to riding around Orgrimmar on my pimp spectral tiger. Because you know that every morbidly obese submarine cannibal wants a spectral tiger.
85 Night Elf Druid
9645
Well while one one hand I dont mind not haveing to enter it every time it does seem less secure. I honestly didnt mind it when I could enter it at the same time as my PW, it only got to be a pain when you guys took that away and started forceing that popup instead due to the delay in waiting for the popup each time.
86 Worgen Mage
8725
06/16/2011 04:36 PMPosted by Xhen
You're still severely over looking the people who play at LAN centers or over public internet connections. There's so much wrong with this that would require that person to change his password after -every- time he's done playing. More security? Sure. Stupid waste of time on his part? Definitely.


How am I overlooking that? If it intelligently tracks your location, I don't see how this is any different than it is before the fix. Also, logging in from a LAN center or a public area is a bad idea. Blizzard says it is a bad idea. I don't even see how the game would be playable unless you were a super casual person (if this is the only way you were able to play WoW)).


I actually know an entire 10 man guild who raids from the local Hobby/LAN center. Owner of the shop keeps it open for them at night so they can all raid in the same room.
This topic has reached its post limit. You may no longer post or reply to posts for this topic.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)

Reported!

[Close]