Battle.net Authenticator Changes

85 Human Paladin
14940
06/16/2011 03:01 PMPosted by Grandma
This is a really bad idea. What if in some cases the person is using the authenticator to protect against family or someone else that may use the same computer. This change would leave the persons account completely open if the person has the password but not the authenticator. Please do not implement this change.

Then do NOT give your password to your family.
What is so hard about that?

And if someone is trying to login from China they're going to ask for the authenticator code. Read! It won't ask for the code if it recognizes your regular login pattern!


So youve obviously never heard of IP spoofing have you. Im not the only one whose pointed this out...please read previous posts before making a reply like this.
85 Human Paladin
2820
Cool!
100 Troll Shaman
7635
This does NOT give me a sense of security. Please return this to the previous method of asking us every single time. I'd rather be asked to make the extra effort than not feel comfortable about how my account is being managed.

And this DEFINITELY does NOT give a sense of comfort.

I felt good about my account before, every time I was asked. It's like being reassured that everything is correct. You should ASK us if we want to participate in this rather than leave us hanging not knowing each time... hoping that everything is OK...
90 Worgen Priest
13120
it only takes 5 sec's for you to put the number in this change was not needed please put your time to more better use's..
90 Blood Elf Rogue
12870
Thank you bluspacecow, very insightfull
90 Undead Mage
8800
I'm curious to what prompted this change. Have I missed the hundreds of complaint thread where people complain about having to type in the code their authenticator spits out?

Terrible change.


Exactly. The authenticator is an opt-in process in the first place. We bought it because we wanted one and we wanted to type in the code every time.

If you didn't want to type in the code, you didn't get an authenticator. Simple.

I can see some merit to this system but it needs to be something we can choose to opt-in or opt-out.
85 Goblin Death Knight
6595
So I sort of wasted money on an authenticator? Why wasn't this just implemented previously? I am disappoint...
85 Human Paladin
14940
I would however be open if Blizzard made this change Optional, something you can enable/disable in your Battle.net account settings (but not on by default). In some cases, for certain individuals this kind of a change could defeat the purpose of the Authenticator.
91 Blood Elf Priest
13035
So first login after the change, I still don't like it, I'm at the same location I always am when I play wow, I am not in the least bit worried about my home security (account sharing, children, wives, husbands etc etc), I really hope they make it so we can opt out of this.
85 Human Paladin
14940
I'm curious to what prompted this change. Have I missed the hundreds of complaint thread where people complain about having to type in the code their authenticator spits out?

Terrible change.


Exactly. The authenticator is an opt-in process in the first place. We bought it because we wanted one and we wanted to type in the code every time.

If you didn't want to type in the code, you didn't get an authenticator. Simple.

I can see some merit to this system but it needs to be something we can choose to opt-in or opt-out.


^ Exactly this.
100 Blood Elf Warlock
9820
I suppose I don't understand IP Spoofing enough to know how truly vulnerable our accounts would be to it. I do not have any of the personal, home issues of security, but rather I am hypervigilant about attacks from outside sources. I do not, however, know enough about the effectiveness of IP/Geolocational spoofing or if there are means of defense against it. Enlightenment on such things in a practical manner with as little technical jargon as possible would do a lot to ease my mind on this issue.
85 Dwarf Hunter
6795
Good lord, you guys are all spazzing out about how horrible an idea this is.

Do you really think it'll not be optional?

Chill and be rational. If you don't like it, don't use it.

It's a good idea, and I'd personally use it, but obviously it'd have to be a choice.
90 Pandaren Hunter
10330
06/16/2011 03:04 PMPosted by Divrp
So youve obviously never heard of IP spoofing have you. Im not the only one whose pointed this out...please read previous posts before making a reply like this.

And those hackers have always been capable of doing that since the release of authenticators. Like I said, you shouldn't give your password to family members if you're worried they're trying to get on your account.
100 Troll Shaman
7635
You should ASK us if we want to participate in this rather than leave us hanging not knowing each time... hoping that everything is OK. If we opt-in then yeah. Let those that don't care take part. But I do not like this on MY account.
85 Blood Elf Death Knight
10325
06/16/2011 02:55 PMPosted by Grandma
If that was the case then Blizzard wouldn't have done this. I'm pretty sure they planned this out for months and talked about it. Blizzard cares about security the most out of anything.


In method - relying on a computer program's "intelligence" to figure out this answer, rather than a manually called-upon code, with as we know it so far, "the same IP" as a criteria. For all we know it could be all IPs as long as it shares a certain range. Or a base check, which a spoofer or tunnel could easily mimic.

In mentality - by having to have the authenticator in hand, we as players are given direct control over our security. We are reminded we play part in it. Giving the passage of security to a computer and removing that crucial step from the human involved in the process in turn makes people focus less on security.

This process was not needed to make accounts more secure. In fact, it makes them less secure in the end, for the sake of player convenience.
Edited by Dynast on 6/16/2011 3:10 PM PDT
100 Troll Shaman
7635
...you DO know it's active and NOT "optional" right??
100 Draenei Shaman
17175
I hope I'm able to opt out fo this, even though this is the only computer I log into WoW on, I feel more comfortable with knowing only I can do it regardless.
- Technical Support
90 Blood Elf Hunter
17510
06/16/2011 03:00 PMPosted by Bluspacecow
Possibly to circumvent the man in the middle attack.


Right, a good point. A-KO and I were talking about this in #wowtech a bit. There's malware out there that would sit on your computer, waiting until you tried to log into WoW. After you input your credentials, it would snatch the authenticator code and send it off elsewhere so that your account could still be compromised.

This change is actually a bit more secure when you look at it that way. I've become rather acquainted to entering the code every time I log in, but that doesn't mean that such an attack isn't possible.

There are a few valid reasons to keep using your authenticator at every login regardless of whichever system you log in from, but overall, this is a change that will benefit the players. Would making it optional hurt? Probably not. That is ultimately up to Blizzard, though.
________________________________________________
The wise speak only of what they know. - J.R.R. Tolkien
CORE I7 3.8GHz | 12GB RAM | ATI 5970+5870 | F120 SSD
Live Support: irc://chat.freenode.net/wowtech
100 Troll Shaman
16870
What people are not understanding is that it will not ask for an authenticator code at a place you login from all the time. So you're at home logging in. Doesn't ask for a code. Okay, cool. But someone from China is trying to login. Since the system does not recognize that, then it's going to ask for a code.

I'm not sure why people are demanding refunds or think they're gonna get hacked.


Thrall's package! Speaking of learning how to read, why not try reading the multiple posts where people EXPLAIN why they're worried about getting hacked! Let me lay it out one more time. Blizzard's computers do not magically know where you are. They only know because part of the information transmitted from my computer to Blizz's is information that includes geographic location (and an ID for my computer). A keylogger is a malicious program that traps any information you type in and/or transmit from your computer, depending on the type. It is not hard for a hacker to pretend that his computer is mine, and that he is transmitting from a very different place than he actually is. Like, for example, from my home instead of wherever he happens to be. Does that clear things up for you?
- Technical Support
100 Human Warrior
22135
06/16/2011 03:04 PMPosted by Divrp

Then do NOT give your password to your family.
What is so hard about that?

And if someone is trying to login from China they're going to ask for the authenticator code. Read! It won't ask for the code if it recognizes your regular login pattern!


So youve obviously never heard of IP spoofing have you. Im not the only one whose pointed this out...please read previous posts before making a reply like this.


ip caching is a little bit more then just remembering an IP address, you think that's all blizzard looks at? you know how much data wow collects and sends server when you login? they know a lot more then your IP, they now your hardware address. they know your geographical location, and probably tons of other things. IP spoofing is only going to make someone have same IP, but it willn ot fake everything else, it's not going to fool this. You are all making baseless asumptions blizzard didn't assess all of this stuff before making change.
This topic has reached its post limit. You may no longer post or reply to posts for this topic.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)

Reported!

[Close]