About the Recent Authenticator Change

90 Human Paladin
5530

Over-generalizing can lead to all sorts of problems.

Using the same email address as you use for everything else as your login name is a huge NO NO. So, what did I do when we moved to Battle.Net? I created a brand-new email, one that didn't use an obvious name or words. In fact, I made it as complex as I ~should~ have originally made my Account names. No one is magically coming up with my email address used as a login.

My original account names were LESS secure. Why? One was the name of one of my NeoPets. The other was a common user name I had on sites such as Slashdot. I know computers and security, and yet those were my account names.

As I said above - the one proven fact is that Authenticator > No Authenticator. There's a very clear, impossible to argue difference in number of account compromises with accounts that have either the keyfob or mobile app authenticator. With or without an option, with or without the extra algorithms to decide we are using the same computer, that Authenticator does make us more secure.


Agreed 100%.

Heck, I never even log into the e-mail addy I use for my wow accounts. So if someone's sending me phishing e-mails there, they are SoL.
Reply Quote
90 Human Paladin
5530
07/27/2011 04:28 PMPosted by Genghiskhan
I have a great idea stop going to !@#$ sites and clicking clip attachments in your email.. Then use a long more safe password. GG


been stated already.
Reply Quote
98 Worgen Hunter
7645
System works for me.

I haven't read all of these posts, but do people realize that banks use a similar system for logging into their bank accounts?
Reply Quote
90 Human Paladin
5530
System works for me.

I haven't read all of these posts, but do people realize that banks use a similar system for logging into their bank accounts?


If there's a bank using a keychain fob to access the online banking, then let me know cause I'll transfer in a heartbeat.

I'm aware of what you're really talking about though. Whether you agree to deem the PC you are logging into as safe or not is irrelevant. Why? Because when you log into the bank for the first time, it gives you the OPTION to make the computer safe. We currently do not have this option with WoW. Hopefully we will soon.
Reply Quote
90 Troll Druid
10885
What exactly is the problem with the change to the authenticator system?

Blizzard is basically guaranteeing that you are logging in securely if they know you have an authenticator and they intentionally bypass a prompt for it. If someone does hack your account, Blizzard is effectively obligated to restore your account to it's pre-hack state. After all, you paid for a device specifically to keep your account secure.

Have I just missed something? Has Blizzard been letting accounts get hacked and then screwing users?

I don't think so.
Reply Quote
90 Human Paladin
5530
What exactly is the problem with the change to the authenticator system?

Blizzard is basically guaranteeing that you are logging in securely if they know you have an authenticator and they intentionally bypass a prompt for it. If someone does hack your account, Blizzard is effectively obligated to restore your account to it's pre-hack state. After all, you paid for a device specifically to keep your account secure.

Have I just missed something? Has Blizzard been letting accounts get hacked and then screwing users?

I don't think so.


You missed the part where under the new system, Blizzard confirms it was you at the keyboard, not a hacker, and no restoration will take place. They are no longer obligated to do a restore because as far as they know, the new system confirmed it was you that logged in.

EDIT: Cause I'm spelling impared, it seems.
Edited by Gallante on 7/27/2011 5:04 PM PDT
Reply Quote
90 Troll Druid
10885
If there's a bank using a keychain fob to access the online banking, then let me know cause I'll transfer in a heartbeat.

I'm aware of what you're really talking about though. Whether you agree to deem the PC you are logging into as safe or not is irrelevant. Why? Because when you log into the bank for the first time, it gives you the OPTION to make the computer safe. We currently do not have this option with WoW. Hopefully we will soon.


You're wrong on a couple levels.

First, a static number on a bank card is far less secure than a dynamic number on a key fob. Both require secondary static information to be logged-in to. Your bank card requires your PIN, and your WoW account requires your e-mail address and password.

Second, Warcraft is constantly running an anti-hack program on your computer while you play WoW. It's called Warden. So you weren't given the option to make your comptuer safe because you are obligated to make sure it is safe every single time you run Warcraft.

Your Warcraft account is way more secure than your bank account, provided you aren't stupid about your personal information. Actually, that goes for both.
Reply Quote
85 Draenei Paladin
3325
Over-generalizing can lead to all sorts of problems.Using the same email address as you use for everything else as your login name is a huge NO NO. So, what did I do when we moved to Battle.Net? I created a brand-new email, one that didn't use an obvious name or words. In fact, I made it as complex as I ~should~ have originally made my Account names. No one is magically coming up with my email address used as a login.


Another thing to point out about that is that since your username is now your email address, you can change your "username" any time you want. That's something you could not do before Battle.net. If you think you're at risk using your main email address as your login name, you can always us another.

07/27/2011 05:00 PMPosted by Dreoid
Blizzard is effectively obligated to restore your account to it's pre-hack state. After all, you paid for a device specifically to keep your account secure.


Not exactly. Blizzard will restore your items for you, but they are not obligated.

You missed the part where under the new system, Blizzard confirms it was you ate the keyboard, not a hacker, and no restoration will take place. They are no longer obligated to do a restore because as far as they know, the new system confirmed it was you that logged in.


That's a blatant lie. Blizzard will indeed investigate an account that has been hacked, and they will restore an account if items/gold were stolen. However they will NOT restore an account if account sharing was involved. There is indeed a difference. You log in next morning and you see that your toons were all transferred/deleted by your little brother, they'll probably fix that.. especially if you let them know immediately. However, if there is evidence that an account was being shared by two players, then they're most likely to going to leave it alone.

And as a reminder, the authenticator was never designed to prevent personal attacks like that. They are designed to keep gold-sellers out of your account.
Edited by Tiberias on 7/27/2011 5:13 PM PDT
Reply Quote
90 Troll Druid
10885
You missed the part where under the new system, Blizzard confirms it was you at the keyboard, not a hacker, and no restoration will take place. They are no longer obligated to do a restore because as far as they know, the new system confirmed it was you that logged in.


This basically requires the hacker to stalk you in real life and use the same public computer after you, or break into your apartment.

tl;dr - poor discussion point.
Reply Quote
90 Troll Hunter
8690
[quote]

You missed the part where under the new system, Blizzard confirms it was you at the keyboard, not a hacker, and no restoration will take place. They are no longer obligated to do a restore because as far as they know, the new system confirmed it was you that logged in.

EDIT: Cause I'm spelling impared, it seems.


where does it say they will not replace your gear if you are hacked while useing an authenticator?

Reply Quote
90 Troll Druid
10885
07/27/2011 05:07 PMPosted by Tiberias
Not exactly. Blizzard will restore your items for you, but they are not obligated.


Yeah, if they sell you a device to keep your account secure, and it doesn't do that, either they agree it doesn't work and won't help you, and thus are selling a faulty product (which they are not doing), or they are obligated to hold up their end of the deal which is to keep your account secure and restore it if someone gets past this extra security.

A security company is obligated to monitor your security system if you pay them to secure your house, and if they do not monitor your security system one evening and stuff is stolen from the house, they are obligated to replace that stuff due to their security failure.
Reply Quote
90 Human Paladin
5530

where does it say they will not replace your gear if you are hacked while useing an authenticator?


I am under the impression that they review every compromise on a case by case basis. If they (or you) can't prove it was someone other than you at that particular computer logging in, then they will not restore. Correct me if I'm wrong about that.
Reply Quote
90 Human Paladin
5530
07/27/2011 05:12 PMPosted by Dreoid
Not exactly. Blizzard will restore your items for you, but they are not obligated.


Probably spot on.
Reply Quote
90 Troll Druid
10885
I am under the impression that they review every compromise on a case by case basis. If they (or you) can't prove it was someone other than you at that particular computer logging in, then they will not restore. Correct me if I'm wrong about that.


So you often find yourself in situations where you are hacked and can't prove it?

You sound like a liar.
Reply Quote
85 Draenei Paladin
3325
07/27/2011 05:12 PMPosted by Dreoid
Yeah, if they sell you a device to keep your account secure, and it doesn't do that, either they agree it doesn't work and won't help you, and thus are selling a faulty product (which they are not doing), or they are obligated to hold up their end of the deal which is to keep your account secure and restore it if someone gets past this extra security.


The authenticator is a supplement to your account security, and even though it's one of the best supplements, it is not your only security. Also, account security is and has always been the responsibility of the player. Blizzard is not obligated to give you any virtual or monetary compensation if your account is hacked. So sayeth the Terms of Use.
Reply Quote
90 Human Paladin
5530
07/27/2011 05:16 PMPosted by Dreoid
I am under the impression that they review every compromise on a case by case basis. If they (or you) can't prove it was someone other than you at that particular computer logging in, then they will not restore. Correct me if I'm wrong about that.


So you often find yourself in situations where you are hacked and can't prove it?

You sound like a liar.


Believe what you want.
Reply Quote
90 Troll Druid
10885
07/27/2011 05:20 PMPosted by Tiberias
The authenticator is a supplement to your account security, and even though it's one of the best supplements, it is not your only security. Also, account security is and has always been the responsibility of the player. Blizzard is not obligated to give you any virtual or monetary compensation if your account is hacked. So sayeth the Terms of Use.


Compensation does not equal restoration of goods you once had.

Compensation
Something, typically money, awarded to someone as a recompense for loss, injury, or suffering.

What they are talking about is refunding your money IRL for game time loss on your subscription, or more game time / an item as a reward for being hacked. Restoration of items one had before someone hijacked your account (assuming it is not a result of you sharing information with a friend or third-party by buying gold or power-leveling) is NOT compensation.
Reply Quote
90 Troll Druid
10885
Just think about it people - a verifiable increase in security breaches due to poor business practices is not something Blizzard, or any parent company of blizzard, wants or would tolerate. Do you think they would voluntarily take this step to make it easier for you to log in from home without caring about security and their reputation? Of course not. It would be suicide for WoW, which is already feeling emptier than when Cata dropped. Heads would roll. People would lose jobs. So chill out and have a beer or something. Jesus.
Reply Quote
85 Draenei Paladin
3325
Restorations are a part of compensation. Restorations are compensations for virtual property lost. And Blizzard holds the sole ownership of the account that you play on. Blizzard has every right to do a full restoration or no restoration at all considering those items/gold never belonged to you in the first place.

The point being is with that considered, Blizzard still does the restorations, and they do it quickly. That's more than can be said about other companies *cough* Sony *cough*

But I agree with you. There really isn't any problem with this change. There is about as much chance of someone keylogging your computer at an ecafe to steal your stuff as there is for a hacker from China to fly out to do it personally. It's massively less likely of an issue than Man-in-the-middle attacks are.. which are rare to say the least.
Edited by Tiberias on 7/27/2011 6:00 PM PDT
Reply Quote

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)
Submit Cancel

Reported!

[Close]