Get the Desktop App for Battle.net Now
- All your games in 1 place
- Log in once
- Automatic game updates
CompTIA A+ and Network+ certified. Not sure how to verify my credentials with a board troll without violating ToS.
I don't have an issue with people I live with. I own my own home and my own internet access. I have multiple firewalls and AV and anit-malware. I have a strong, unassociated username email, and even stronger password. So I'm not sure where your "people you live with" and "password sharing" comments come from.
2 is more than 1. Added security is better than decresed security. I don't know why you can't wrap your head around a concept that should be so simple.
I refuse to respond to you after this, as you are objoiusly trolling. 9/10 though. Good job.
There has finally been a blue response. This should mean the thread is done and we can talk about kittens and eat cookies, right?
Nope. Instead, there is the usual griping that follows any blue post. Just as I predicted a couple of times in this thread already.
Sometimes, it's depressing to be cynical. Then again, at least I'm never disappointed.
Anyway, thanks for the update, Zarhym. That pretty much covered what most people in this thread wanted to hear. Have a cup & a cookie on me.
/cup of coffee
Again another half witted decision by your the team.
The person saying "by your the team" has no room calling anyone half witted. Really?
So how would your account be compromised because of this change? Oh right it wouldn't. Again more hot air.
How 'bout an example that actually happened?
A Flash exploit was used to distribute keyloggers to people who visited wow-related web sites. The "hackers" bought ad time through Google. So, go to Curse, Wowhead or Allakhazam and with no user interaction, a keylogger is installed.
Back when this was actually happening, the authenticator protected your account.
Now? Well, in order to install the keylogger, their malware got root access. So install the keylogger and a modified version of VNC. Once you've captured the username and password, wait for the inactivity timer to get very high. Then mute the sound card and turn off the video out. Then use your VNC client to log into WoW from the victim's computer. Since Blizzard thinks the computer is 'safe', no authenticator prompt. Use the keylogged username/password and clear out the account.
Gonna come back with something dumb like "use noscript" or disable flash? It's not like flash is the only vulnerable software on a computer.
Far fetched? Not really. None of the stuff I described is difficult to do. The hard part is finding an exploit. Once that's found, the payload is pretty easy. And you're gonna want that exploit for the non-authenticator accounts anyway.
Will 'hackers' go through the trouble? Maybe. Like all businesspeople, they'll do it if the ROI is high enough.
Edited by Texi on 7/26/2011 5:03 PM PDT
It would have been nice if you guys got feedback on a change like this before you pushed it live, un-announced. Since Cata launched communication from Blizzard has been as bad as I can remember it being. Too many un-announced changes with wide ranging impact.
Changes to security protocols like this should not be opt out. They should be opt in. Blizzard fundamentally reduced the security of the system without authorization from their customers. I paid to be prompted on every login, that's why I got the damn authenticator.
Honestly, I am disturbed that the flag whether you get prompted for authentication or not is stored client-side. Was anyone thinking when they did that?
Oh, while we're on it, I get locked out of my account any time my ADSL modem refreshes its IP address. Why are you enforcing IP lockouts for persons who have authenticators? As it stands, about 2-3 times a week I have to go through the account unlock process, and it always corresponds to my ADSL modem refreshing its IP. I can make it happen on demand.
And I get told by Blizzard support they can't disable that "feature" permanently because they won't do anything that reduces the security on my account, and then they introduce this bollocks with client-side registry keys controlling whether you're prompted for authentication?
What a joke.
Threats of violence. We take these seriously and will alert the proper authorities.
Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.
Harassing or discriminatory language. This will not be tolerated.