Battle.net Authenticator Changes

1 Draenei Paladin
0
Good lord, you guys are all spazzing out about how horrible an idea this is.

Do you really think it'll not be optional?

Chill and be rational. If you don't like it, don't use it.

It's a good idea, and I'd personally use it, but obviously it'd have to be a choice.


The system is already in place. There is no opt-out.
43 Night Elf Hunter
11020
lol its kind of funny that we paid $6.50 for a protective device that asks us to enter a number before we can log in to the game and now you've basically just disabled it. Can I have my $6.50 back?
100 Gnome Mage
21335
06/16/2011 03:07 PMPosted by Grandma
So youve obviously never heard of IP spoofing have you. Im not the only one whose pointed this out...please read previous posts before making a reply like this.

And those hackers have always been capable of doing that since the release of authenticators. Like I said, you shouldn't give your password to family members if you're worried they're trying to get on your account.


Personally not an issue for me, however as I pointed out in a post further down depending on the reasons someone may have bought the authenticator, this could defeat the purpose and compromise the security feature entirely. However...I would be fully open to the idea if it was OPTIONAL. For some cases where family or personal computer security is not an issue, this change could be beneficial. Also as stated earlier, the reason someone bought the authenticator in the first place was so that they HAD to enter the code each and every time, and knew that this was a requirement going into it.
- Technical Support
90 Blood Elf Hunter
17510
One more point I would like to add: Blizzard is likely using more data than solely IP address. I'm sure they use other system information as well, such as hardware IDs. With companies being compromised left and right, you can rest assured that Blizzard isn't going to do anything to hinder their security at this point.
________________________________________________
The wise speak only of what they know. - J.R.R. Tolkien
CORE I7 3.8GHz | 12GB RAM | ATI 5970+5870 | F120 SSD
Live Support: irc://chat.freenode.net/wowtech
Edited by Kodiack on 6/16/2011 3:11 PM PDT
90 Pandaren Hunter
10330
Calm down, people. With the number of complaints, I'm sure they'll add an opt out option for this eventually.
88 Human Warrior
10180
I would also prefer to opt out. This change nearly defeats the purpose of two-factor authentication. Not that WoW security needs the rigor of, say, a financial business, but if you're going to use authenticators why not continue doing it right?
90 Undead Mage
8800
06/16/2011 03:10 PMPosted by Slim
It's a great idea, and I personally LOVE this. Don't cave in to all this QQ :3


I don't recall seeing anyone saying to disable this "feature", everyone is asking for it to be a choice that each user can make.

What Blizzard think is a good idea is not always what we think is a good idea.
91 Blood Elf Priest
13035
Good lord, you guys are all spazzing out about how horrible an idea this is.

Do you really think it'll not be optional?

Chill and be rational. If you don't like it, don't use it.

It's a good idea, and I'd personally use it, but obviously it'd have to be a choice.


It is NOT optional, we were NOT asked. Don't use it? We really don't have a choice at the moment, or by "Don't use", you mean don't play Wow? I paid my 2 month subscription and I paid the $6 for the authenticator, that now appears is obsolete in a lot of cases here. We are not 'spazzing out' we are concerned for our accounts security. This idea was just thrown at us with no notice.

Hopefully all this QQ will make it optional.
This is an excellent idea.

I can only see one problem, and it would be a personal problem of the account holder.

Basically, lets say their authenticator says, "Ok, he has logged in the last 6 months from Houston, TX. Today he logs in from California. Throw up the authenticator."

System working as intended, great. Awesome even.

If you post somewhere 'where you live', then they have an idea of a city, and can spoof the IP to make it 'look' like they're in your area.

That's the only problem. I would put a suggestion in, to allow us to turn that 'smart authenticator' security level in the bnet site to smart or normal. I personally love typing in the numbers. It makes me know that someone doesn't have my authenticator. I might lose it if I realize that I don't need to carry it around with me anymore...
- Technical Support
100 Human Warrior
22150
One more point I would like to add: Blizzard is likely using more data than solely IP address. I'm sure they use other system information as well, such as hardware IDs. With companies being compromised left and right, you can rest assured that Blizzard isn't going to do anything to hinder their security at this point.


exactly my point. login caching is a little more compex then just storing an IP
100 Tauren Druid
6235
I want to keep using my Authenticator.

I don't want to open my account up to an attack with VNC/remote computing/spoofing my machine profile and IP.

Using my authenticator everytime ensures that they can only get my account by prying my token or phone off my dead body.
Edited by Malcho on 6/16/2011 3:15 PM PDT
85 Worgen Druid
7385
What people are not understanding is that it will not ask for an authenticator code at a place you login from all the time. So you're at home logging in. Doesn't ask for a code. Okay, cool. But someone from China is trying to login. Since the system does not recognize that, then it's going to ask for a code.

I'm not sure why people are demanding refunds or think they're gonna get hacked.


Thrall's package! Speaking of learning how to read, why not try reading the multiple posts where people EXPLAIN why they're worried about getting hacked! Let me lay it out one more time. Blizzard's computers do not magically know where you are. They only know because part of the information transmitted from my computer to Blizz's is information that includes geographic location (and an ID for my computer). A keylogger is a malicious program that traps any information you type in and/or transmit from your computer, depending on the type. It is not hard for a hacker to pretend that his computer is mine, and that he is transmitting from a very different place than he actually is. Like, for example, from my home instead of wherever he happens to be. Does that clear things up for you?


You completely misjudge Blizzard's security teams if you think they'd make it easy for a hacker to "impersonate" your computer and connection information. Though they're not going to release the details on what metrics they use, I would imagine it's something very similar to the Windows Activation system though a bit customized for WoW.

There's likely a threshold: If enough things are different, it's a different PC. If certain things change too much, no matter what, it's a different PC.
85 Orc Shaman
6310
Please make this feature optional. I'd rather take a few seconds to type the authenticator code in each time.
85 Draenei Shaman
5135
06/16/2011 03:14 PMPosted by Dtinak
Please make this feature optional. I'd rather take a few seconds to type the authenticator code in each time.
90 Human Paladin
0
Bad idea.

If someone can setup a keylogger on someone's computer they can very well setup a tunneling application that phones home and allows a hacker to use that persons internet connection. This is already being done in games like Aion.
100 Blood Elf Warlock
9920
As I said in my earlier post that got sort of swamped, I guess a bit of elaboration on just how effective IP spoofing can be, and what kind of defensive measures can be used to prevent it. For all of our peace of mind.
85 Human Priest
5145
Thank god. Will this apply to SC2 and future blizzard titles too?
85 Dwarf Hunter
6795
Good lord, you guys are all spazzing out about how horrible an idea this is.

Do you really think it'll not be optional?

Chill and be rational. If you don't like it, don't use it.

It's a good idea, and I'd personally use it, but obviously it'd have to be a choice.


It is NOT optional, we were NOT asked. Don't use it? We really don't have a choice at the moment, or by "Don't use", you mean don't play Wow? I paid my 2 month subscription and I paid the $6 for the authenticator, that now appears is obsolete in a lot of cases here. We are not 'spazzing out' we are concerned for our accounts security. This idea was just thrown at us with no notice.

Hopefully all this QQ will make it optional.


Just because they haven't made it optional yet doesn't mean they aren't going to.

And honestly, do you think the developers over at Blizzard are so stupid that they aren't aware of IP spoofing? Honestly? They are not making a system to make things less secure, and if they find that it IS less secure, they'll either fix it or nix it.

Seriously, some of you seem to think Blizzard is run by 13 year olds playing around with Perl in the basement or something. They're professionals and value security.

So again, chill.
This topic has reached its post limit. You may no longer post or reply to posts for this topic.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)

Reported!

[Close]