as of now numerous players have quit or are quitting(my acct expires in days) as we are unhappy about the change and the lack of response from Blizzard
I expect this to be deleted in short order, but as the one on the Tech forum(and we suspect soon the one on the CS forum) have already been ignored and / or deleted
(yes this is a cut and paste)
System start date
A computer may have been marked as authorised before the system went into effect
Computers marked as authorised may not need to be individually re-authorised
Computers marked as authorised may not need to be individually re-authorised, even if in different locations
A change in location and ISP may not prompt for an Authenticator code
The WoW client uses a registry key on the client machine to determine if an Authenticator code is required
The system is designed to prompt for the Authenticator code weekly
Blizzard are still advertising the Authenticator as a 'use for every login' device
There has been no official response from Blizzard on the US forums, but there have been two responses to a much smaller discussion on the European forums
A player also claims to have tested a proof of concept attack that duplicates the stored registry key onto a virtual machine to allow un-authorised login
Whilst the registry hack will cause an authenticator prompt at login, this obviously won't effect any other 'authorised' computers.
I would also note that it would be relatively easy for a variant of the existing man in the middle attack to use this registry hack to force an authenticator prompt.
Whilst I acknowledge that there will be issues that Blizzard and I disagree on, I find it very disappointing that they have elected not to respond to player concerns, and even more disappointing that they are now deleting threads.