Battle.net Authenticator Changes (Cont. #5)

85 Night Elf Death Knight
3220
06/18/2011 01:21 AMPosted by Drulyssa
Sigh, if people dont know your password and your smart enough to make it almost impossible to guess, why worry about this change really.


keyloggers and other malicous software you may not even know you have, this was talked about a page or two back in this thread.


I am well aware of key loggers etc, but im not worried about this change because i know my account is secure and ill know if something happens to compromise my account because i wont be able to access it, with or without an authenticator (which i have) and the likely email ill get from blizz stating my account has been locked due to suspicious activity, then i know i need to take steps to ensure my pc is secure which likely means a reformat and problem solved pc is secure again and they still wont gain access to the account because of said authenticator. I know because i had a similar experience recently while i was reactivating my account
Sigh.

A lot of misinformation and blind panic is going to ruin this fantastic feature.


This makes me want to keep these threads going as I hate this feature and if they refuse to make it optional I want to see it ruined
88 Blood Elf Paladin
5400
It doesn't have to ruin the feature. just have an option.

Advanced authenticator feature (ON/OFF) easy.
this should have never gotten through QA without some kind of contingency for those of us who would be uncomfortable with the "perceived" lack of security.

I think that most of us are pist because of the way it has been handled. imagine if your bank suddenly stopped needing you password when you logged in without asking you first.

yes you can have your browser save it for you. but thats an option.
Edited by Elianna on 6/18/2011 1:28 AM PDT
90 Draenei Mage
6770
i think Anii was meaning more that regardless of how complex the passwrod is, a keylogger will defeat it... hence why she said she still got hacked. : )
51 Human Warlock
250
I wish I could unsub from this game again! What a bunch of maroons!


So if people don't agree with you, you call them morons and leave the game? Nice one. Everyone is entitled to their opinion, even if you don't agree with it, mate. Thgat's why this is called a "public" forum.
Edited by Luminol on 6/18/2011 1:30 AM PDT
100 Blood Elf Priest
13385
Sigh.

A lot of misinformation and blind panic is going to ruin this fantastic feature.


Sigh.

A lot of this panic and "misinformation" could have been avoided with a little better communication from Blizz.


I totally agree with that.
mine was a complex PW(probably as complex as Blizzard's system allows)
it was still hacked, only way I could make it more complex is add characters Blizzard's system does not allow in the PW


And would a more complex password help if you had a keylogger on your computer ?

Last time I checked you can't brute force the wow login servers. You have a certain number of tries before the account is locked down and/or goes into a cooldown before it allows you to keep trying again.
________________________________________________
Bringing you walls of text and cookies since 2005 :)

Mac Tech Support MVP (moonlights in other forums)
Here to Help :)

not sure on the number of tries, I know one Battlenet site(fixed since then) was allowing unlimited tries
I know my computer scanned clean numerous ways after I was hacked
about the only way to make my acct more secure was add the authenticator, I did
now I don't trust it again, because this is the opposite of security standards for improved security
06/18/2011 01:29 AMPosted by Luminol
I wish I could unsub from this game again! What a bunch of maroons!


So if people don't agree with you, you call them morons and leave the game? Nice one. Everyone is entitled to their opinion, even if you don't agree with it, mate. Thgat's why this is called a "public" forum.


He was meaning that insult toward the developers.
90 Night Elf Druid
5610
06/18/2011 01:26 AMPosted by Elianna
I think that most of us are pist because of the way it has been handled. imagine if your bank suddenly stopped needing you password when you logged in without asking you first.


Exactly! Good analogy, Elianna, there shouldn't be "surprises" when it comes to security!
90 Draenei Mage
6770
well put Elianna : )
i agree 100%
06/18/2011 01:28 AMPosted by Drulyssa
i think Anii was meaning more that regardless of how complex the passwrod is, a keylogger will defeat it... hence why she said she still got hacked. : )

actually I did not have a keylogger
yet I still got hacked

a keylogger would have just made it easier for them to hack me

I could easily put one on my roommates laptop if I wanted, would take me less than 45minutes including bypassing his PW(not removing it)
how many people trust their roommates/siblings/kids/parents 100%?
Edited by Anii on 6/18/2011 1:33 AM PDT
90 Draenei Mage
6770
i trust my husband to log onto my account and transfer gold to his toons if he needs it for AH purposes, lol. well, he did it once and with my permission of course, but it actually kind of proves Anii's point. afterall, how many kids/ siblings/ parents will try to log onto another's account just to see if they could? isn't that how most hackers start thier "careers" anyway? just to see if they could, a phrase almost as common as "he/she did it!" lol

give us the option Blizz, and let us KNOW if you do (or don't for that matter) so we know what to expect and look for, please.
MVP - Technical Support
100 Draenei Mage
6810
not sure on the number of tries, I know one Battlenet site(fixed since then) was allowing unlimited tries
I know my computer scanned clean numerous ways after I was hacked
about the only way to make my acct more secure was add the authenticator, I did
now I don't trust it again, because this is the opposite of security standards for improved security


That's interesting. Did you make a post on the tech support forums about how you were hacked when you got hacked ?

Which software did you use to scan with ?. I know there's currently a really bad root kit that's currently at the 9th variant going around. AFAIK it's one which crashes you tho.

I would test this brute force lock out thing myself but I'm at work over the next few days and I live in NZ so it would be very difficult for me to ring Billing to get my account unlocked if I do get it locked.
________________________________________________
Bringing you walls of text and cookies since 2005 :)

Mac Tech Support MVP (moonlights in other forums)
Here to Help :)
One more heart attack when I thought the authentication was hacked.

One more person who thinks this should have been an optional feature (default being the way it was)

One more vote that a message on the login and/or launcher screen would have been a better place to tell people about this change than Twitter.

One more satirical joke. Now that Blizzard no longer needs to prove who I am by using a random string of eight digits that are single use, have a life span of 30 seconds, and are created by a device I carry on my person.... Why do I still need to type in a password, which can easily be less secure, guessed, stolen, and the same for years?

Seems like if you're not using the authenticator in my pocket, you shouldn't need the password from my keyboard. When I click "Play" I should go straight to character select.
85 Night Elf Warrior
6795
The login page should have said something about this change. Very confusing and not communicated well. I did not see anything on it in the KB as well. I would like this to be an option, I don't mind entering the key.
85 Orc Shaman
10550
Even though IP spoofing may work, if they have your password then there is already a keylogger on your PC and who knows what else. It could be as easy as them remoting into your PC or using it as a proxy to make my authenticator useless.

I want the option to opt-out. Thanks.
100 Dwarf Paladin
10010
Ok so I figured this out

Open RegEdit
Navigate to this folder withing the left window pane:
HKEY_CURRENT_USER\Software\Blizzard Entertainment\Battle.net\Authenticator

In the right pane 2 keys will show up.
Key 1: (Default) - REG_SZ
Key 2: Cached-XXXXXXXXX - REG_BINARY

all the X's will be different based on your system configuration.

Only delete the second one that starts with "Cached-". Mine says Cached-D07F1C03F7B45A46


Now back on the left pane, right click on Authenticator and select Permissions.
Select your Windows Profile and in the second window under where it says "Permissions for (username of account)

Check the two boxes that say "Deny" next to "Full Control" and "Read". Then click OK.

(EDIT:) Then click Yes on the next window that comes up.

When I did this, each time I logged in it started asking for the authenticator code every time I logged in.

I know this is a registry hack but it works, and I know noone should ever have to do this but this is the one solution that I've found works. You will only have to do this one time and even if they've implemented it on their other platforms they to will continue to prompt for your auth code.

(EDIT 2:) Under any circumstances, DO NOT edit anything else in the registry unless you absolutely know what you are doing.
Edited by Argrenda on 6/18/2011 1:51 AM PDT
90 Draenei Mage
6770
aside from the heart attack, i fit those descriptions, lol.
would it be so hard for Blizz to make it an option? i mean isn't it something they could easily do or is it something they have to re-engineer half the UI for it to work and would it work properly the first time around? i think that's something to consider. personally i'd rather see it returned to the way it was if it is going to take alot for it to become an option for peace of mind, but that is just my opinion. i'd rather see the option to turn it on/ off more than anything.
85 Worgen Death Knight
4845
Ya you all say dont share your password. thats what everyone said when hacking first became a problem. give me the option to keep my sense of security. thats why I bought an autenticator, to use it. Either let me use it or send me my money back!!!!!
90 Draenei Mage
6770
thanks for sharing all of this on how to "hack" your registry into asking for the auth code every time, but i'm scared to death to even try anything like this. i've goofed up entering my hotmail details into my outlook software and that was with a MS rep walking me through it.

so unless the user is absolutely sure about thier ability to do something like this, waiting for Blizz to take care of (or at least acknowledge) this issue, i'd avoid it... but it was great of you to share it nonetheless, Argrenda : )
This topic has reached its post limit. You may no longer post or reply to posts for this topic.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)
Submit Cancel

Reported!

[Close]