Battle.net Authenticator Changes(Cont. #13)

(Locked)

90 Blood Elf Hunter
15265
Just wanted to add one more thing about the MitM attack. The Back in October of last year: Blizzard instituted a new security protocol; where if the system senses a change in our access patterns, it will lock you out of your account, until you reset your password. This "Change in Access Pattern" lockout will happen irregardless, if you have an authenticator or not.

It is this change that helps protect you from, or at least slows down the MitM attack, and not the new change to the authenticator system. A lot of people have confused, or do not understand, the 2 different changes, and think of them as being one and the same. They are not! They are 2 totally different systems, and occurred several months apart.

Lastly: The "Change in Access Pattern" lockout system does not protect, against a Hacker that uses a spoof IP that is in one of your IP's range. That is why it is wise to have a Authenticator too. However if the Hacker is using a MitM attack, as well as a Spoof IP, they got you.

problem is that one is broken as hell too
if search was working, i'd find my post but

the long story short, AFTER the pattern lockout went live(late Nov, for a funeral)
I played in CT(I work weird hrs, so I am always up), went to my work/intern site, went to Bradley(Hartford airport), logged on at Bradley waiting for my flight
flew to Charlotte, NC. logged on at Charlotte airport waiting for my connecting flight
flew to Wilmington, NC. went to room, logged on there too
flew to Philly, logged on there
flew to CT, went home, played there

it had me change my pw exactly 0 times


I think that over the months since then they have tighten and improved the sensitivity of the system.
90 Troll Shaman
13605

problem is that one is broken as hell too
if search was working, i'd find my post but

the long story short, AFTER the pattern lockout went live(late Nov, for a funeral)
I played in CT(I work weird hrs, so I am always up), went to my work/intern site, went to Bradley(Hartford airport), logged on at Bradley waiting for my flight
flew to Charlotte, NC. logged on at Charlotte airport waiting for my connecting flight
flew to Wilmington, NC. went to room, logged on there too
flew to Philly, logged on there
flew to CT, went home, played there

it had me change my pw exactly 0 times


I think that over the months since then they have tighten and improved the sensitivity of the system.


Then why is the system reported to still be showing this behavior? I seem to recall seeing multiple incidents listed in the previous threads.


Thinking of calling CS in the morning and asking them for reasons, ANY reason, to leave the auth on my account. (aside from the core hound puppy) The conversation should be informative, at the very least. Probably too much to hope for to surprise some actual info out of them, though. /sigh How did it come to this...?
90 Blood Elf Hunter
15265


I think that over the months since then they have tighten and improved the sensitivity of the system.


Then why is the system reported to still be showing this behavior? I seem to recall seeing multiple incidents listed in the previous threads.


Thinking of calling CS in the morning and asking them for reasons, ANY reason, to leave the auth on my account. (aside from the core hound puppy) The conversation should be informative, at the very least. Probably too much to hope for to surprise some actual info out of them, though. /sigh How did it come to this...?


I was posting how the "Change in Access Pattern" is suppose to work, not how it works in all cases.

I would advise against removing your Authenticator. While I do believe the changes to the the authenticator system, is a bad idea, and weakens our security: It is still better then not having one at all.
90 Draenei Shaman
0
I'm not sure if anyone else has noticed this but I did...

Why is it that we're not prompted to enter our authenticator code in the game but once a week...while logging in on the website/forums still requires it each time? Seems like a double standard when it comes to our account security.

Possible resolutions:
1.) Create an opt in/out choice for us.
2.) Change it back to how it used to be and improve security from there. (preferred)
3.) Piss a lot of people off by keeping things this way without many answers.

Blizzard, the choice is yours. You can keep customers, or you can lose a lot of them.
85 Undead Warrior
8140
3.) Piss a lot of people off by keeping things this way without many answers.

Blizzard, the choice is yours. You can keep customers, or you can lose a lot of them.


That is not being constructive. Its post like these that make Blizzard wonder if we are being childish or sincere. So instead of working against those with a real concern please be more considerate and grown up in your responses.
90 Night Elf Priest
8060
Actually, I've been thinking it over, and Kohrynda's point is making more and more sense. I don't want my account hacked, but under the current circumstances, I'll take the greater chance of being hacked over a reduced chance of getting hacked, but with the caveat that I wouldn't get my account back.

Shadow's a fairly old character. If she got wiped out, I COULD start over, but I really don't want to have to. More than that, she carries things in her inventory that are fond mementos of the past several years (such as the dress she wore during my first WoW date with my then-long-distance boyfriend), or items that are frankly irreplaceable. I protect my computer and account as best as I'm able. But in this case, what am I supposed to do? Sit back and trust a system that's been proven to have multiple flaws, and hope that the worst never comes to pass? Or remove a weakened layer of security so that if I DO get hacked, I'll be able to get restored? Do I remove and re-attach my authenticator every single time I log off so that the next person to log in (no matter who and from where) has to enter a code? D? IS there an option D? What are we supposed to do?


There is a registry change that will force the new system to ask for you authenticator. However you would need to feel comfortable in doing it and I would think not everyone would feel that way.

http://www.wowinterface.com/downloads/info19998-ForceAuthenticatoronlogin.html


I'd be comfortable doing that if I were trapped in Windows hell, but, fortunately I am not.

Is there a way to fix this on Mac?
90 Draenei Shaman
0
Quite frankly, I'm being nice about this whole thing. I was absolutely infuriated when Blizzard made this change because I paid EXTRA money to make sure that my account was as secure as it can be by getting this authenticator. And now, given the new changes, I only get to use it once per week unless I change IP addresses..and even then, I use 2 locations to play and it now recognizes both of them and I only use my authenticator to login to forums like this to state my dissatisfaction with the changes.

I've been a customer, gamer, and supporter of Blizzard Entertainment for a few years now and I'd like to stay that way. But when things like this happen, it makes me question whether or not it's worth the cost any longer.

(On a side note, Anshahak, I'm pretty sure your opinion of my "sincerity" is irrelevant considering I've seen more harshly written posts on this thread. Picking mine out of the other 9238402934 that are on here is a bit childish too and I'd appreciate if you kept your personal feelings about my thoughts to yourself because I really don't care to know about them.)
85 Undead Warrior
8140
07/13/2011 11:24 AMPosted by Rentaspirit
Is there a way to fix this on Mac?

Sacrifice Steve Jobs.

edit: seems there was a workaround in one of the threads.
Edited by Anshahak on 7/14/2011 5:46 AM PDT
90 Blood Elf Hunter
15265


There is a registry change that will force the new system to ask for you authenticator. However you would need to feel comfortable in doing it and I would think not everyone would feel that way.

http://www.wowinterface.com/downloads/info19998-ForceAuthenticatoronlogin.html


I'd be comfortable doing that if I were trapped in Windows hell, but, fortunately I am not.

Is there a way to fix this on Mac?


I believe someone did post something about a MAC work around, somewhere in this thread, or the one just before. Sorry I don't have a link to it, you will just have to check post by post to find it. I apologize in advance if I am sending you on a wild goose chase.
85 Draenei Shaman
3280
07/13/2011 01:37 PMPosted by Ewing
I believe someone did post something about a MAC work around, somewhere in this thread, or the one just before. Sorry I don't have a link to it, you will just have to check post by post to find it. I apologize in advance if I am sending you on a wild goose chase.


You are correct. Vudusinge(not sure if I spelled this right) posted one. I believe it was in this thread. If not then the one before this. But it seemed like a real pain in the ass to do.
85 Draenei Shaman
3280
Sweet I found it. And I did spell the name right...

Mac Work around....

So for those that are curious on a workaround to force authentication with each login in Mac OS X, I made a simple procedure to use:

*NOTE* I do not recommend making the following change unless you are familiar with changing file permissions in a Mac OS X / UNIX / Linux operating environment. Follow the procedure below at your own risk! Also, this change only effects a single computer. You will need to make this change on every computer you play from in order to be asked for your authenticator every time you log in.

1) Navigate to /Users/%username%/Library/Preferences/
%username% = Your personal username on your Mac

2) Find the file named:
net.battle.Authenticator.prefs

3) Open the file with TextEdit:
Right Click > Open With > Other... > Applications > TextEdit

4) Delete all text inside the file in text editor, then save the file. You will have a blank document now. The empty file should maintain the same name as the original file.

5) In finder, open the info for the empty document
Right Click > Get Info

6) Under "Sharing & Permissions" ensure that all Users / Groups listed have their permissions modified to "Read Only"

And that's it. You will now be asked for your authenticator every time.

To revert back to the original behavior, simply change the permissions for the file back to Read & Write for your user account.
90 Night Elf Druid
15840
the worst thing for me about this change is now even if i do have an authenticator, i'm getting locked out when i'm logging in while traveling. before, i could use my authenticator to save myself a password reset. i might as well be authenticator-less. prior to the change i went on vacation and was able to avoid having to reset my password each log in by having the authenticator input. post-change, i've gotten locked out of my account for just visiting my parent's house, and i'm not 500 miles out like i was when i went on vacation.

i generally trust Blizzard's judgment but this time my faith's a little shaken.

i posted in the original very first thread, and i'll say here again: how come it's only for WoW? SC2 still requires authentication code each log-in if an authenticator is attached to that account.

07/12/2011 09:12 PMPosted by Ewing
Back in October of last year: Blizzard instituted a new security protocol; where if the system senses a change in our access patterns, it will lock you out of your account, until you reset your password. This "Change in Access Pattern" lockout will happen irregardless, if you have an authenticator or not.

this is impossible as i was able to login at different locations without a lock on my account because of my authenticator code, in the month of may, year 2011. this only applied to accounts without authenticators, because i do remember having had to reset my password while visiting relatives (in the month of december 2010), but i didn't have an authenticator on my account at the time.
90 Blood Elf Hunter
15265
the worst thing for me about this change is now even if i do have an authenticator, i'm getting locked out when i'm logging in while traveling. before, i could use my authenticator to save myself a password reset. i might as well be authenticator-less. prior to the change i went on vacation and was able to avoid having to reset my password each log in by having the authenticator input. post-change, i've gotten locked out of my account for just visiting my parent's house, and i'm not 500 miles out like i was when i went on vacation.

i generally trust Blizzard's judgment but this time my faith's a little shaken.

i posted in the original very first thread, and i'll say here again: how come it's only for WoW? SC2 still requires authentication code each log-in if an authenticator is attached to that account.

Back in October of last year: Blizzard instituted a new security protocol; where if the system senses a change in our access patterns, it will lock you out of your account, until you reset your password. This "Change in Access Pattern" lockout will happen irregardless, if you have an authenticator or not.

this is impossible as i was able to login at different locations without a lock on my account because of my authenticator code, in the month of may, year 2011. this only applied to accounts without authenticators, because i do remember having had to reset my password while visiting relatives (in the month of december 2010), but i didn't have an authenticator on my account at the time.


That is when Blizzard instituted the "Change in Access Pattern" lockout protocol. However it was not as strong as it is now. Sometime around February or March. they appeared to have added/tightened up on Mobile Broadband internet.
90 Night Elf Hunter
8855
Traveling on vacation and locked out due to a new IP address even though Log on, password and authenticator info all match up is a really crappy design.

I'd rather just log my authenticator every time. This new process didn't make it that much more convenient for me. I didn't think it was that big a deal to put in my numbers each time I logged on.

People do travel and shouldn't be made to go through red tap just because they are on vacation or traveling for business.
90 Dwarf Paladin
8670
I have an idea for a new type of ignition for your car:

The ignition will be installed on your car without permission. It will only need the use of your key one time to start the car and on occasion when we randomly ask for it. The old door key will open the door if you lock it however, the key is not needed to start the car and drive off.

I'm going to start installing these ignition switches on the cars parked at all the Blizzard facilities right away! It will be great, more secure then ever, and since I'm maintaining absolute silence about it, no one will know how to steal the car!
85 Undead Warrior
8140
I have an idea for a new type of ignition for your car:

The ignition will be installed on your car without permission. It will only need the use of your key one time to start the car and on occasion when we randomly ask for it. The old door key will open the door if you lock it however, the key is not needed to start the car and drive off.

I'm going to start installing these ignition switches on the cars parked at all the Blizzard facilities right away! It will be great, more secure then ever, and since I'm maintaining absolute silence about it, no one will know how to steal the car!

I actually had a car like that >.>

srsly, the pins in locking locking mechanism and the key teeth had worn down so much I just had to get past a certain point and I could remove the key and just turn the ignition to start my car. Only time I had to use my key is if I hit the button that let you turn the ignition all the way back and did so.
90 Dwarf Paladin
8670
and BTW my account is now canceled out. Grats blizzard, you've lost a 10yr loyal blizzard customer because you can't seem to accept the fact that people want answers, and I work in a retail game reseller, I'm pulling all of the blizzard products off the shelf and don't plan on promoting anymore of your products. If you arn't treating me correctly, then I know you won't treat my customers correctly, and I don't want to subject my customers to that.
90 Dwarf Paladin
8670
07/14/2011 02:32 PMPosted by Anshahak
I actually had a car like that >.>



I have an old 1982 Olds Delta 88 that you can just use plyers on top of the steering column to start the car.
90 Blood Elf Paladin
7565
Please give us the option to use our authenticator each time we log in. Yes, I'm going to keep asking.
85 Human Rogue
10045
07/14/2011 05:26 PMPosted by Rideout
Please give us the option to use our authenticator each time we log in. Yes, I'm going to keep asking.
This topic is locked.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)
Submit Cancel

Reported!

[Close]