Battle.net Authenticator Changes

85 Orc Death Knight
6150
I would also like the ability to opt out. I want it to ask every time. I don't mind the minor inconvenience and don't want to lower my security level. I am just worried that this will give the hackers out there a new way to get into accounts that have authenticators on them.

I try to be as careful as I can while surfing and have up to date antivirus / antimalware software. I use Firefox with noscript, adblock, and flashblock. But I still know that day zero exploits could potentially compromise my systems so I like having the authenticator always there as another layer of security. I just wish I could protect my email with one also.


My understanding is the Idea behind this, is immediately when your account is flagged to login from i'm assuming a different IP/Physical Location the Authenticator window pops up, But if you login from the same location/ip frequently/always, then it skips that process.

This is under the assumption it works full proof, I'm sure if someone finds a way around it blizzard will either be a step ahead, or change it back to normal.
96 Human Paladin
SPR
10755
06/16/2011 02:40 PMPosted by Pozadin
Your really not supposed to be able to do that from what I hear, if they want to play they need their own account.


That's not entirely true. An adult is allowed to share their account with one minor child.

If my dad had an account, he could choose to share it with either me or my brother. Whoever didn't get to share it with him would have to get their own account. According to the rules, that is.


But honestly, if you're using an authenticator to monitor play time, use Parental Controls. It's much easier.


Sometimes kids have a day off school or get out early and have earned some playtime which does not always match up with planned play times. The system I use now works for me, and now unless they have an opt in feature, I will have to adjust things. Im not against this, would just like it to be optional.
90 Blood Elf Rogue
12870
06/16/2011 02:44 PMPosted by Optec
Please return it to it's former self. I feel VERY MUCH more safe having to punch it in each time I log in. I got the Authenticator because I was hacked once. This just makes it pointless to even have it now.


You know that to get it to go away, you have to use it first?
90 Undead Mage
8800
While I can see the benefits of such a system, I would still prefer to enter the code every time.

I don't see having to enter a code as an inconvenience, I got an authenticator because it makes the account more secure and makes me feel safer every time I enter it.

I definitely suggest Blizzard make this an option - let us choose whether we want this feature or not.

I paid for an authenticator and I want to use it, every time.
90 Human Paladin
14640
There better be an option to opt out of this terrible "feature"...
100 Night Elf Priest
13265
I'd also appreciate an opt-out.

While I'm fairly confident in my ability to keep my systems secure, there's always the chance my (or other) systems may be compromised and converted into proxy systems.
90 Blood Elf Rogue
12870



That's not entirely true. An adult is allowed to share their account with one minor child.

If my dad had an account, he could choose to share it with either me or my brother. Whoever didn't get to share it with him would have to get their own account. According to the rules, that is.


But honestly, if you're using an authenticator to monitor play time, use Parental Controls. It's much easier.




Sometimes kids have a day off school or get out early and have earned some playtime which does not always match up with planned play times. The system I use now works for me, and now unless they have an opt in feature, I will have to adjust things. Im not against this, would just like it to be optional.


That is not blizzards design though, that is your own personal, and I hate to sound mean but it is not their responsibility to design around custom made controls like that.
Edited by Holybell on 6/16/2011 2:47 PM PDT
94 Tauren Druid
8690
Wonderful idea, since it is completely not possible at all to ever spoof geolocation data.
90 Human Rogue
7520
I concur , I do not like this change at all

I feel "safe" when typing it in
100 Worgen Mage
13230
I can see the sense in this new system, but this makes me uneasy in the extreme. I've seen far too many cases of people posting in the CS forum who have removed their authenticators for one reason or the other and been nearly immediately hacked.

The current system of catching unusual log-in patterns obviously failed in in those cases or the hackers would have been stopped by a locked down account. The fact that they managed to evade the system and get in is an issue.
85 Blood Elf Priest
3320
I'm absolutely sure that Blizzard would use some form of verification that utilizes a computer's MAC address (or MAC addresses), public IP address and possibly the LAN IP address coupled with some sort of hash sent from the server back to the client from the last successful login using the authenticator. I'm also sure they would allow users to have to opt in to this instead of out (and be able to do so).

I'm absolutely SURE about this, because that is what I would do, and I would hope the minds at Blizzard get paid more than I do and know more than I do. I would hope.
85 Orc Death Knight
6150
If you don't do anything stupid, you shouldn't have anything to worry about anyways. In order to get hacked, they'd have to get your information in the first place, they don't just magically have your login information. Some clarifications on how this will work would still be nice.
22 Tauren Warrior
150
if this is implemented, there needs to be an account setting to enable/disable this feature. I do not like the idea of not having to use my authenticator in the least bit.
100 Tauren Druid
11575
It'd be great to not have the authenticator required for games where there's nothing to steal.

For example, it's pointless to have to authenticate when playing Starcraft II. There's no gold, no items.
100 Dwarf Paladin
17570
I would like my authenticator to keep prompting me every time I wish to log in from wherever I wish to log in. Such a change would no longer protect players from literal "over the shoulder" password theft. While I don't have a problem, I would bet there's issues about unruly children/siblings trying to get into an account of another family member, or even when someone goes often to an internet cafe to play along with friends.

I would rather you guys did away with the "Your login pattern has changed, please change your password" message that I get every time my modem at home decides to reset its connection to my ISP (since I have a dynamic IP address). It does not protect me at all, since I have an authenticator, and it only makes me waste time changing my password every time.
Edited by Regnatia on 6/16/2011 2:52 PM PDT
93 Troll Shaman
14350
I would like to join the people asking for a chance to opt out of the new 'feature', please. IP addresses are not that hard to spoof, so unless Blizzard has some new foolproof way to ensure that it really is me logging in from what really is my home, I would prefer to take the extra couple of seconds typing the number in. Have never been hacked, would prefer not to be.
- Technical Support
100 Human Warrior
22125
"over the shoulder"?
authenicator was not deisgned to keep your wife/child/whoever from messing with your stuff that live in same household. Don't give them your regular password then. Not having to enter code again signing in from same IP will have 0 impact on security from external sources. Keyloggers or not. Your code is still changing every minute it's just not asking YOU for it on same end, it doesn't mean code you typed yesterday is still valid for someone who keylogged you that tries to login elsewhere. even if you had someone get your password from an internet cafe, it's NOT GOING TO MATTER when he tries it later, he's not logging in from your same IP. I suppose if he logs in from same cafe when you leave though that's a problem. But then again it's not smart to play wow from a public computer anyways if you care about your account. that computer no doubt has keyloggers and everything else on it.

as for security from same household logins, that's an issue with trust then that you need to deal with, not an authenicator issue. If you're worried about a stranger breaking in and logging into wow from your house, then authenicator is least of your problems. I'd be more worried about the fact some stranger is in your house.

I just cannot fathom why people would QQ about this change.
Edited by Omegal on 6/16/2011 2:51 PM PDT
90 Night Elf Hunter
9110
I don't like this - would prefer to ALWAYS have to authenticate
100 Human Mage
16115
I think you should be able to opt out of the "smart authentication". Here is something I've seen happen that blizzard is not planning on clearly. I've been on and asked for someone to craft me stuff. I give over mats and the person logs out. I open a ticket and turns out that it was a brother/sister/friend that was messing around and did it. By having to type in the code, you have security over every part of your login...in your own home. If you have people that might mess with your stuff, you can carry the authenticator with you. Personally, I know my wife won't mess with my account or she knows hers of fair game, lol. But security is security. let people with those kinds of concerns opt out. Plus, since no system is totally perfect. what is to say that your system will slip up and not ask for the code from someone hacking an account on a totally different system? Having the authenticator in hand lets us feel secure in that it won't happen.
This topic has reached its post limit. You may no longer post or reply to posts for this topic.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)

Reported!

[Close]