About the Recent Authenticator Change

85 Draenei Paladin
3325
07/29/2011 05:23 AMPosted by Anshahak
Yes they did. Try actually reading the 13 threads in the tech services forum.


No they did not prove it was possible. They proved nothing. See the difference is what you consider proof. The "tests" going on in that thread are a whole bunch of people tinkering with logging in from different locations trying to figure out how it works and coming up to conclusions. Those conclusions are highly influenced by your opinion that the change weakens the authenticators security, and therefor, are completely biased.

If you want real testing, you'd have to have someone that KNOWS exactly how the authenticator system functions, and knows the full details on the fingerprinting system, then to try to break through it. It's called regression testing. Regression testers are there to investigate every way possible to hack the authenticator. Blizzard has very likely been doing this for months before the authenticator change went live, and they would not have released it if they didn't think it was ready.

Like I said earlier, I'll take the testing done by Blizzard's professionals over the testing done by the "forum IT professionals" any day of the week.
Edited by Tiberias on 7/29/2011 6:08 AM PDT
Reply Quote
86 Goblin Hunter
3145
Didnt read entire thread, but I like the change. I like not having to put the authenticator code every time i log in.

Also to those concerned about security the only way youd get hacked is if someone had your password AND was on the same network as you.

Guess I can understand if you play from an unsecured network, but the chances of someone logging into your network just to hack your account are insignificant.
Reply Quote
85 Undead Warrior
8140
Yes they did. Try actually reading the 13 threads in the tech services forum.


No they did not prove it was possible. They proved nothing. See the difference is what you consider proof. The "tests" going on in that thread are a whole bunch of people tinkering with logging in from different locations trying to figure out how it works and coming up to conclusions. Those conclusions are highly influenced by your opinion that the change weakens the authenticators security, and therefor, are completely biased.

If you want real testing, you'd have to have someone that KNOWS exactly how the authenticator system functions, and knows the full details on the fingerprinting system, then to try to break through it. It's called regression testing. Regression testers are there to investigate every way possible to hack the authenticator. Blizzard has very likely been doing this for months before the authenticator change went live, and they would not have released it if they didn't think it was ready.

Like I said earlier, I'll take the testing done by Blizzard's professionals over the testing done by the "forum IT professionals" any day of the week.


Yes they did prove it. Like I said before, actually try reading the threads.
Edited by Anshahak on 7/29/2011 8:28 AM PDT
Reply Quote
85 Draenei Paladin
3325
07/29/2011 08:28 AMPosted by Anshahak
Yes they did prove it. Like I said before, actually try reading the threads.


You can say that all you want. They didn't prove jack. And I did read them. I've read every thread since the beginning.
Edited by Tiberias on 7/29/2011 8:33 AM PDT
Reply Quote
85 Undead Warrior
8140
07/29/2011 08:31 AMPosted by Tiberias
Yes they did prove it. Like I said before, actually try reading the threads.


You can say that all you want. They didn't prove jack. And I did read them. I've read every thread since the beginning.


Okay so you read them, then you know they proved its possible to circumvent the authenticator.
Reply Quote
85 Draenei Paladin
3325
/sigh.. I'm not going to argue with you about that anymore. Saying the same thing over and over again doesn't make it true.
Reply Quote
85 Undead Warrior
8140
07/29/2011 10:35 AMPosted by Tiberias
/sigh.. I'm not going to argue with you about that anymore. Saying the same thing over and over again doesn't make it true.

Exactly, which is what you have been doing, saying over and over again it hasn't been proven.

1.Computers get controlled every day by people other than their owners. (botnets)
2.People get keyloggers on their computer.
3.You don't have to use your authenticator everytime you login.

Those three things right there are a recipe for authenticator circumvention.

You can say it wont work but that's like saying water isn't wet and fire is cold.
Reply Quote
85 Draenei Paladin
3325
Oh my gosh, go back under your bridge troll.

No that is not proving that the authenticator is less secure, that's something you're assuming because you don't understand how the authenticator works, and you're putting your blind faith in "forum security experts" who also don't know anymore about the authenticator system than you do. My opinion is based on the fact that there is no more people getting hacked than before, and Blizzard has explicitly said that the authenticator offers the same level of protection as before. That's enough "proof" for me.

In addition to watching the entire discussion in that 13 thread bickerfest, I also went through each and every compromise report in the Customer support forums since June 16th, and I did not find one person that got hacked with an authenticator. It's now been almost a month and a half and people with authetnicators are still not getting hacked.

If what you say is true, and it's as easy to get into someone elses account as you stated above, then people would be getting hacked left and right. So no.. You have not "proven" anything.

BTW: Those 3 steps you gave, do not mean that someone can get through the authenticator system.
Edited by Tiberias on 7/29/2011 11:21 AM PDT
Reply Quote
90 Troll Shaman
3520
07/29/2011 06:04 AMPosted by Tiberias
If you want real testing, you'd have to have someone that KNOWS exactly how the authenticator system functions, and knows the full details on the fingerprinting system, then to try to break through it. It's called regression testing.

Regression testing does not require knowing exactly how changes being tested work.
Basically regression tests are done to find bugs introduced or reintroduced by rerunning a subset of the functional tests and systems tests used in acceptance of the original and/or last iteration of the software that a change has been made to.

Functional testing also, by definition, is black box and doesn’t require intimate knowledge of the underlying code, in fact in the case of functional testing it’s considered to be a problem if the people running the test cases have such knowledge as it can bias their judgment.

I have never seen any software with more than trivial functionality that didn’t have issues revealed during customer beta, although admittedly I never worked in the gamming industry and was mostly responsible for testing high end graphics products before my retirement.

I’m sure you’re correct that Activision Blizzard tested the changes internally, but I suspect that the obvious increase in overall security that would result from an increase in the number of players using an authenticator, if such an increase should happen, would have been seen as outweighing the much smaller number of accounts where security was degraded, making the change an overall gain from a management perspective.

However an opt-in opt-out would keep the positive effect without the negative; so I also assume that option was simply not considered during the development phase of this project.

Those last two paragraphs are obviously mere conjecture, but they are one scenario that fits the observable facts.

By the way, including ad hominem attacks in almost every post (constantly calling people stupid, paranoid, whiners or liars if they don’t happen to agree with you) detracts from rather than supports your arguments.

Based on most of your posts I still assume you’re simply trolling, so you get another point on your troll score because I did respond to one of your posts again, congratulations.
Reply Quote
85 Draenei Paladin
3325
07/29/2011 12:01 PMPosted by Tomten
Based on most of your posts I still assume you’re simply trolling, so you get another point on your troll score because I did respond to one of your posts again, congratulations.


And the pot called the kettle black.
Reply Quote
29 Orc Warlock
90
Recently computer security experts broke into a system 'similar' to the Authenticator. It was touted as being 100% safe and could not be hacked. They were wrong. There are hackers who are trying their best to break the Authenticator. They brag about it on the net. There is a forum, some of you may know which one I refer too, where they congregate to discuss their progress. So far the Digipass Go 6 (the Authenticator) has thwarted their attempts to hack them.

The Authenticator is very strong security against hacking, but there is progress being made. Fortunately they have hit a solid wall they can't get around. With this new development of the other 100% safe system, this may be changing. Let's hope not. Taking away the need to input the code every time you we log in has opened other avenues they can try now. There is a lot of excitement because of the change. If they exploit what they now think is a real possibility, then Blizzard has opened the door wide for them by this unwise change in log in procedure.
Reply Quote
90 Troll Shaman
3520
07/29/2011 12:05 PMPosted by Tiberias
And the pot called the kettle black.

Not really, I don’t end my posts by calling those I disagree with idiots or start them by calling them liars, the definition of a troll is someone who posts outrageous contentions or personal insults simply to get a reaction, I don’t know your modivation but otherwise you fit the definition. You use personal insults in most of your posts; unless you think calling you a troll is an insult I haven’t done any such thing. The only reason for insulting posts other than trolling is blatant immaturity, assuming you’re trolling is giving you the benefit of the doubt.
Reply Quote
85 Draenei Paladin
3325
@Emulous

That's a whole lot of ifs. Besides, Blizzard never said anything was 100% safe. Anyone that would say that about their security system is a fool. Still, I think that this concept is solid, and if anyone is willing to put in the effort to legitimately crack it, then they are going to have a very tough time. That being said, it's very unlikely a gold-seller is willing to put in that effort when there is a plethora of accounts without authetnicators.
Edited by Tiberias on 7/29/2011 12:35 PM PDT
Reply Quote
85 Draenei Paladin
3325
Not really, I don’t end my posts by calling those I disagree with idiots or start them by calling them liars, the definition of a troll is someone who posts outrageous contentions or personal insults simply to get a reaction, I don’t know your modivation but otherwise you fit the definition. You use personal insults in most of your posts; unless you think calling you a troll is an insult I haven’t done any such thing. The only reason for insulting posts other than trolling is blatant immaturity, assuming you’re trolling is giving you the benefit of the doubt.


If you lie, I'm going to call you out on lying. If your tests are weak, I'm going to call you out on your tests being weak. I'm not calling you an idiot. If I did in the past, then I apologize, but I'll call you a liar if you're spreading misinformation.

And I'm not finding any posts I made calling you an idiot, but I have said that your tests and comments are biased. That's only a personal attack if you take it as one. And you're talking about "ad hominem", but I'm not the one going out of my way trying to call someone out on it.
Edited by Tiberias on 7/29/2011 12:37 PM PDT
Reply Quote
85 Undead Warrior
8140
07/29/2011 11:09 AMPosted by Tiberias
No that is not proving that the authenticator is less secure

Yes it does. Because if someone has the persons login and password(gotten with a keylogger) and access(remote or physical) to the computer they don't need the authenticator, which could be far far away.

07/29/2011 11:09 AMPosted by Tiberias
BTW: Those 3 steps you gave, do not mean that someone can get through the authenticator system.

Those are not steps they are facts. And its not for going through the authenticator system. It's for going around it, which is possible because the authenticator is not needed all the time.
Reply Quote
90 Human Paladin
5530
07/29/2011 12:21 PMPosted by Tomten
And the pot called the kettle black.

Not really, I don’t end my posts by calling those I disagree with idiots or start them by calling them liars, the definition of a troll is someone who posts outrageous contentions or personal insults simply to get a reaction, I don’t know your modivation but otherwise you fit the definition. You use personal insults in most of your posts; unless you think calling you a troll is an insult I haven’t done any such thing. The only reason for insulting posts other than trolling is blatant immaturity, assuming you’re trolling is giving you the benefit of the doubt.


Don't feed. Ignore.
Reply Quote
90 Tauren Druid
11500
My issue with authenticators - rather than starting my own thread. I like them, I think they serve a purpose. I like that when I log in from home, you recognize that I've logged from there quite a bit and don't prompt for authentication.

But for Pete's sake, if I'm logging from a 'new' IP address that I haven't in the past, prompt me for the authenticator, don't disable my account AFTER I put in my authenticator code, making me change my password.

I travel, I use hotel internet a lot, I'm sick of having to change my password at each hotel.

Thanks.
Edited by Ntah on 7/29/2011 1:41 PM PDT
Reply Quote
85 Undead Warrior
8140
My issue with authenticators - rather than starting my own thread. I like them, I think they serve a purpose. I like that when I log in from home, you recognize that I've logged from there quite a bit and don't prompt for authentication.

But for Pete's sake, if I'm logging from a 'new' IP address that I haven't in the past, prompt me for the authenticator, don't disable my account AFTER I put in my authenticator code, making me change my password.

I travel, I use hotel internet a lot, I'm sick of having to change my password at each hotel.

Thanks.

Hopefully this will be solved with the opt out. But the trade off will be that you will have to use your authenticator every time you are at home. Unless you switch the option for when you are home or traveling.
Reply Quote
90 Troll Shaman
3520
07/29/2011 12:25 PMPosted by Tiberias
If you lie, I'm going to call you out on lying.

You have accused people of lying when you had no way of knowing if they were or not.

Taking any unconfirmed statement from an anonymous on-line forum as fact is not wise, but out right accusing someone of lying because you think their statement is unlikely is rude, bombastic and insulting.

You haven’t accused me of lying or lacking intelligence yet; however I’m referring to the tone of many of your posts when I say you tend to use condescending and rude remarks as often as logic in your arguments.

07/29/2011 12:25 PMPosted by Tiberias
I have said that your tests and comments are biased.

What tests?

My comments are based on simple logic, personal experience and posts from Blizzard employees. What comment have I made that was biased? What was the bias it showed?

Several people have posted results of tests they’ve made, but I have not.

I think you’re confusing who said what.


The arguments for an opt-out, as I have said before, range from logical through emotional to borderline paranoid. But the posters for the most part relive what they are saying, So I understand why these people want the opt-out.

But other than the rather cliché argument that fixing this would divert resources from other more important projects I haven’t actually seen any logical arguments against an opt-out at all.

I can’t say if TW was correct when he said it would be a simple toggle, and I may be wrong in assuming it is as easy as it looks (and it does look easy) and yes it is another change and could require another QA test cycle, again I have no first hand knowledge of Activision Blizzards internal methods and procedures.

So perhaps I’m being unfair in assuming you’re simply trolling, but I fail to understand the passion for preventing a change that would have no negative impact on you or your game play, or anybody else’s for that matter.
Reply Quote
85 Tauren Hunter
3235
if i have two email accouts how do i get the authinicator off my droid??
Reply Quote

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)
Submit Cancel

Reported!

[Close]