Just wanted to add one more thing about the MitM attack. The Back in October of last year: Blizzard instituted a new security protocol; where if the system senses a change in our access patterns, it will lock you out of your account, until you reset your password. This "Change in Access Pattern" lockout will happen irregardless, if you have an authenticator or not.
It is this change that helps protect you from, or at least slows down the MitM attack, and not the new change to the authenticator system. A lot of people have confused, or do not understand, the 2 different changes, and think of them as being one and the same. They are not! They are 2 totally different systems, and occurred several months apart.
Lastly: The "Change in Access Pattern" lockout system does not protect, against a Hacker that uses a spoof IP that is in one of your IP's range. That is why it is wise to have a Authenticator too. However if the Hacker is using a MitM attack, as well as a Spoof IP, they got you.
problem is that one is broken as hell too
if search was working, i'd find my post but
the long story short, AFTER the pattern lockout went live(late Nov, for a funeral)
I played in CT(I work weird hrs, so I am always up), went to my work/intern site, went to Bradley(Hartford airport), logged on at Bradley waiting for my flight
flew to Charlotte, NC. logged on at Charlotte airport waiting for my connecting flight
flew to Wilmington, NC. went to room, logged on there too
flew to Philly, logged on there
flew to CT, went home, played there
it had me change my pw exactly 0 times
I think that over the months since then they have tighten and improved the sensitivity of the system.