Battle.net Authenticator Changes (Cont.)

- Technical Support
90 Blood Elf Hunter
17735
This topic has reached its post cap! You can continue discussion here:
http://us.battle.net/wow/en/forum/topic/2674980195


Continued from:

http://us.battle.net/wow/en/forum/topic/2674529777

If you use an authenticator – and we hope you do – you may soon notice that an authenticator prompt may not appear with every login. We’ve recently updated our authentication system to intelligently track your login locations, and if you’re logging in consistently from the same place, you may not be asked for an authenticator code. This change is being made to make the authenticator process less intrusive when we’re sure the person logging in to your account is you.

We hope to continue improving the authenticator system to ensure the same or greater security, while improving and adding features to make having one a more user friendly experience. If you don’t already have a Battle.net Authenticator attached to your account, don’t wait until it’s too late - http://us.battle.net/en/security/checklist

________________________________________________
The wise speak only of what they know. - J.R.R. Tolkien
CORE I7 3.8GHz | 12GB RAM | ATI 5970+5870 | F120 SSD
Live Support: irc://chat.freenode.net/wowtech
Edited by Kodiack on 6/17/2011 12:55 AM PDT
90 Human Paladin
12355
I've said it in other threads, but I'll repeat here in the offical thread for continuity sake. PLEASE give us the option to opt out of this. It isn't that hard to spoof a location.

I'm sure others will chime in as well, but this is a really bad idea, please give me the option to complete my peace of mind.
90 Blood Elf Mage
7820
Thank you for starting another thread, Kodiack. I, too, would like an opt-out setting for this new feature.
85 Blood Elf Hunter
2430
I'd prefer to be able to enter it every time.

I got logged off when switching characters today, and then did not get my authenticator prompt. Not having seen this notice, I panic'd that someone was hacking my account after somehow getting the authenticator removed! Thankfully I checked my account status, saw authenticator was still attached, and then came here to see what was up.

I do not mind entering the code each login; its only a few seconds more, and I feel more comfortable.
- Technical Support
90 Blood Elf Hunter
17735
PLEASE give us the option to opt out of this. It isn't that hard to spoof a location.


The authentication uses data outside of IP addresses/location. It probably uses a few details such as hardware IDs which aren't as easily spoofed.

I'll copy/paste the post I have in the original thread regarding security here.

I shall use the third post slot to my advantage!

First off, this will not negatively affect your account's security from outside sources.

http://twitter.com/#!/BlizzardCS/statuses/81485048242651136

Blizzard's security developers are far more intelligent than they're often given credit for. With dozens upon dozens of company databases compromised within the last few weeks, Blizzard's bound to be doing everything they can to ensure their system is locked down as tightly as possible. Now would be one of the absolute worst of times for Blizzard to even think about using laxer security methods.

http://twitter.com/#!/BlizzardCS/statuses/81493177147727872

You will not be able to be compromised through IP spoofing or the like. Such an elaborate system is going to be well-designed and use information beyond just location. While we won't know exactly what data is collected, it isn't data that would be easily duplicated (e.g. hardware IDs).

Additionally, please note that there was a so-called "man-in-the-middle" compromise that would snatch an authenticator code after it was entered and then crash WoW's executable, submitting the valid code to someone hoping to break into your account. While this method will still function, it will be defunct on systems that are already affected by this change. No authenticator code to enter means no authenticator code to steal.

________________________________________________
The wise speak only of what they know. - J.R.R. Tolkien
CORE I7 3.8GHz | 12GB RAM | ATI 5970+5870 | F120 SSD
Live Support: irc://chat.freenode.net/wowtech
90 Blood Elf Hunter
10450
I don't know if anyone else in this thread realizes this, but Blizz has been tracking your location and login data for a while now. In fact, my husband and I recently went on a weekend trip for his brother's wedding, and when we came back home (four days later) Blizz made us both change our passwords because we had a different login schedule from the norm. I don't know how they do it (nor do I particularly care to know) but they have to have something in place to make sure that you won't need an authenticator at all times, and there are many ways that hackers can access your account even if you had typed out that six digit code every time. If you're saving your login data/have similar data for your bnet account that you do other sites, in such a manner that someone using your computer could easily access your account, I really doubt that you're much safer with your authenticator than a person without one anyway.

Thanks Blizz, because getting kicked out of a successful AV because I was busy messing about with my authenticator is baaaad, and this idea is goooood :)
85 Draenei Mage
3255
It doesnt take much for us to enter that code. I have always and will always carry my authenticator with me, so I can play at work when Im not studying for class. Im all for improving the authentication system but I just dont think having it remember our IP address is the way to do it. Especially those who use a public wifi access port.
60 Gnome Death Knight
620
Sitahl, a hacker can't remove your authenticator without calling in, or logging into your account management page (and they need an authenticator to do that!).

I just had the same issue. Been playing all day and logged off for a bit. Logged on and thought my account got hacked for a second. Honestly, I'd really prefer an opt-out of this feature as well. It may only be psychological, but I prefer the increased sense of security.
74 Draenei Hunter
760
Still would like the option to enter the code. Just SEEMS safer and the peace of mind is nice.
90 Dwarf Hunter
14160
Please allow an "opt out" option for this. I bought an authenticator for a reason.
- Technical Support
90 Blood Elf Hunter
17735
http://twitter.com/#!/BlizzardCS/statuses/81528545976909824

BlizzardCS's status regarding an opt-in.
________________________________________________
The wise speak only of what they know. - J.R.R. Tolkien
CORE I7 3.8GHz | 12GB RAM | ATI 5970+5870 | F120 SSD
Live Support: irc://chat.freenode.net/wowtech
90 Human Paladin
12355
It may use the MAC/Hardware address, but my point is that the location CAN be spoofed. This is a weak link in account security.
I STRONGLY am against this. The satisfaction of knowing you have the authenticator to get into your account without it is great. i sincerely didnt mind whatsoever about the 5 seconds typing in the numbers.




PLEASE MAKE IT AN OPTION TO BE ABLE TO PUT IT IN EVERY LOGIN.
70 Human Paladin
9245
It just scared the crap out of me not asking for my authenticator. I thought the first time was a mistake and logged out to try again before coming here. (The "breaking news" no longer seems to be showing on the login screen btw).

I was pretty sure someone had logged into my account and removed the authenticator and I was being hacked.

Relieved of course to see I am not being hacked, but like other people I am not sure I like this change.

If for no other reason than having to use my authenticator every time I login (which can be a few times a day) disciplines me to keep my authenticator always handy. I just know it's somehow going to get lost now in the nightmare that is my desk and I'll probably have to remove it from my account when the time comes that I am eventually prompted to use it because I can't find it!
- Technical Support
90 Blood Elf Hunter
17735
06/16/2011 06:15 PMPosted by Drashnar
It may use the MAC/Hardware address, but my point is that the location CAN be spoofed. This is a weak link in account security.


Well, to be fair, authenticator codes can be snatched as well. The man-in-the-middle method already utilizes a technique to grab accounts with authenticators attached.

If a "hacker" really wants into your account and knows their stuff, they will find a way in. No security is foolproof.
________________________________________________
The wise speak only of what they know. - J.R.R. Tolkien
CORE I7 3.8GHz | 12GB RAM | ATI 5970+5870 | F120 SSD
Live Support: irc://chat.freenode.net/wowtech
90 Human Paladin
12355
True, I'll give you that much. No security is 100% secure. I've worked a computer security job or 2 for the Air Force, so I'm confident to say I at least know a little bit. And this isn't a good idea in my opinion.
90 Draenei Hunter
7535
I don't like this change. Please revert it, or make it an option to change.

I am willing to take the extra 3 seconds to enter my code every time. That is the REASON authenticators were implemented.
90 Tauren Priest
10385
This is a terrible idea if you cannot opt out of it. While it is great for those that do not log into other locations.. I am sure that (as others have said) have this extra level of protection from a roommate, brother/sister who can now log in.

For those that say "Dont share your password", there isnt a way to totally protect yourself when they put a keylogger on your system.

As I said.. terrible idea and hope they have an opt out option.

This topic has reached its post limit. You may no longer post or reply to posts for this topic.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)
Submit Cancel

Reported!

[Close]