About the Recent Authenticator Change

90 Human Paladin
5530

In fact two factor authentication still exists. Your password is the first, the PC is the second. The authenticator was just a third form to allow the second form.


No.

UN and PW = What you know
Authenticator = What You Have

Your PC is not generating the code. I am not my computer. If the PC were an acceptable form on authentication, then we wouldn't need the keychain FOB at all.
Reply Quote
85 Blood Elf Rogue
8350
The authenticator is a courtesy given to you to protect your account. If you don't like the way the authentication system works, don't use it.

This had to be put in place because people can't protect themselves, this isn't Blizzards job to protect your computer.
Reply Quote
90 Human Paladin
5530
According to a Tech Support rep I talked to this afternoon, the new smart login system is supposed to do a few things that we have observed it NOT doing.

For example: according to her, the system is only supposed to remember the LAST computer you logged in from. If the next login is NOT from that computer, it is supposed to prompt you. Multiple people have stated that it does not do this for them, including me.

Further, your IP address IS a part of the code on your computer that 'proves' that it's you. If your IP changes, it's supposed to prompt you. This one seems to be about a 50/50 chance. We've had a lot of people saying that it did so. Unfortunately, we've also had a lot of people stating that it did NOT for them.

From these two points alone, unless the Support rep was very mistaken on her info, the system is not working properly for a large number of people. I encourage people to test these two points on their own and post the results. If the results are as I suspect, we have just found two extremely large holes in the system that need to be patched. Please, test and post your results, positive or negative.


I have tested in the past. 5 PCs (three desktops and two laptops) all but one running Windows 7 (one desktop running Ubuntu 11.04 "Natty"). I was able to run through and get the prompt on all computers one by one on the first attempt. The second and third passes I made, no authenticator prompt on any of them. Different LOCAL IP, sharing the same WAN IP given to me by my ISP.

Ran the test after resetting LOCAL IPs. No prompt. Restarted my Modem, ISP assigned me a new WAN IP. All 5 prompted on first attempt, then never again afterwards.

Another test...I went on vacation out of state and took my netbook with me. Different loaction, different ISP. Did not prompt me once. Now, keep in mind, I hadn't logged in on this computer in over a week, mostly cause I use my best desktop PC to run instances to avoid lag. So shouln't the "once a week" prompt have appeared, let alone something to kick in that says "you're at another location", like that PW change garbage that is unrealted to this issue?

So not only is it deeming ALL of the computers I logged into as "safe", apparently the "once a week" prompt is more like a "once in a blue moon". Take this info for what it's worth, I'm only sharing what happened to me. Alot of people have had all kinds of different results from what i hear.
Reply Quote
52 Human Paladin
670
The authenticator is a courtesy given to you to protect your account. If you don't like the way the authentication system works, don't use it.

This had to be put in place because people can't protect themselves, this isn't Blizzards job to protect your computer.


All this. Instead of holding out for a response and re-posting thread topics that have been deleted, why not just take the authenticator off? I don't understand why anyone would feel entitled to receive a response to this to begin with. It's common sense to stop using something you are not satisfied with.

You are not forced to use an authenticator, and certainly if you're doing everything you can to make sure your pc, laptops, etc. are malware/virus free there should not be a problem in removing the authenticator (if you are unhappy with the way it works).
Reply Quote
90 Human Paladin
5530
The authenticator is a courtesy given to you to protect your account. If you don't like the way the authentication system works, don't use it.

This had to be put in place because people can't protect themselves, this isn't Blizzards job to protect your computer.


All this. Instead of holding out for a response and re-posting thread topics that have been deleted, why not just take the authenticator off? I don't understand why anyone would feel entitled to receive a response to this to begin with. It's common sense to stop using something you are not satisfied with.

You are not forced to use an authenticator, and certainly if you're doing everything you can to make sure your pc, laptops, etc. are malware/virus free there should not be a problem in removing the authenticator (if you are unhappy with the way it works).


Therein lies the problem. It may be swiss cheese, but I'd rather have swiss on my burger than no cheese at all.

Of course that doesn't mean i won't still complain they didn't use colby or mozzerella.
Reply Quote
85 Dwarf Hunter
2855
So changing the local IP doesn't give you the prompt, because it's not going off local IP but WAN IP. You said it yourself, after changing your WAN IP you were prompted every time. I see no problem there.

The only issue I might see is if people use WoW at an internet cafe -OR- someone steals their laptop, but then they still need your password.
Reply Quote
90 Troll Shaman
13565
Update time. According to ANOTHER Tech Support rep I just got off of the phone with, a key piece of information I got this afternoon is incorrect. The system is NOT supposed to only remember the last computer you logged into.

One good piece of news, however. During the conversation I brought up multiple issues, including the fact that being prompted for an authenticator code on ONE computer re-confirms ALL of the other computers you've ever logged into for the next week. From his reaction, this may be a bug and if so, we may see it patched! Cheers!
Reply Quote
20 Gnome Warrior
60
07/25/2011 04:57 PMPosted by Gallante
For example: according to her, the system is only supposed to remember the LAST computer you logged in from. If the next login is NOT from that computer, it is supposed to prompt you. Multiple people have stated that it does not do this for them, including me.


It did this for me. I logged at a buddy's house and it asked me for my Authenticator, which I keep on my keychain.

When I logged in at home, it prompted me for it again. This was the Sunday before yesterday.
Edited by Gearbolt on 7/25/2011 6:10 PM PDT
Reply Quote
90 Troll Shaman
3510
07/25/2011 04:10 PMPosted by Nougat
Anyone who is using an authenticator to keep their brother/sister/boyfriend/girlfriend/roommate off of their WoW account have put themselves at risk. The whole point of a password is it is something that you know that you don't tell anyone else. If you're stupid enough to have such an easy password that they can guess it, you deserve to have them getting into your account.

The problem is that, although you have decided this is not an appropriate use for the authenticator, neither you nor I have any standing on this subject and it was Blizzard employees that recommended the authenticator as the appropriate solution in such situations.

07/25/2011 04:28 PMPosted by Dermach
Considering how long it has been, how much of an outcry there has been (almost to the same level as the Real ID on the forums fiasco) the fact that the system is still the same tells me that Blizzard is NOT going to budge on this issue.

We could spend all day debating why it is a fact, but the fact is that this has not actually received as much of an outcry as the Real ID on forums fiasco. A major response yes, but no way as large as that one was. Sorry.

07/25/2011 05:02 PMPosted by Ex
All this. Instead of holding out for a response and re-posting thread topics that have been deleted, why not just take the authenticator off?

An account with an authenticator is more secure than an account without one. However in some circumstances it is less secure than it was a few weeks ago.

My account is still secure, but the game environment I play in is less secure.

If having your guild bank cleaned out by someone who had less security than you, or having the main tank your guild uses stripped because he is not as good at security as you are doesn’t have any impact on you fine, I don’t belong to a guild so it doesn’t do me any harm either; but if these scenarios would impact your game then you should care about protecting the accounts of those less technically competent than yourself.
Reply Quote
The authenticator is a courtesy given to you to protect your account. If you don't like the way the authentication system works, don't use it.

This had to be put in place because people can't protect themselves, this isn't Blizzards job to protect your computer.


I'm not really in agreement with the OP, but your post begged me to respond.

The Authenticator is not a "courtesy" given to me by Blizzard. It is a service, which I purchased.

There is a world of difference between the two.

This argument, as I understand it, has to do with people's dissatisfaction with how the service they paid for is being rendered. Whether you agree with them or not, they have a right to air their concerns.

TL;DR button your lip and read a dictionary.
Reply Quote
29 Undead Warlock
200
The authenticator is a courtesy given to you to protect your account. If you don't like the way the authentication system works, don't use it.

This had to be put in place because people can't protect themselves, this isn't Blizzards job to protect your computer.


I'm not really in agreement with the OP, but your post begged me to respond.

The Authenticator is not a "courtesy" given to me by Blizzard. It is a service, which I purchased.

There is a world of difference between the two.

This argument, as I understand it, has to do with people's dissatisfaction with how the service they paid for is being rendered. Whether you agree with them or not, they have a right to air their concerns.

TL;DR button your lip and read a dictionary.

No, the authentication service is a service. The authenticator key fob is a piece of hardware. If Blizzard closed WoW tomorrow, the disks you paid for to install it would be worthless. Yet it is still in their right to cancel your access to the service of playing the game.

The service itself is free. My authenticator was free, I don't pay for the service. Therefore, it is up to them to decide how it will be implemented, whether to continue it, or not. So yes, the above poster is correct, it is a courtesy given to you by Blizzard.
Reply Quote
So, you've wasted how much of your time to try to avoid wasting 30-45 mins getting your account back IF (and thats a big if assuming you have an authenticator, even with these changes) you ever get hacked? Nice job. Keep it up.

My friend (no authenticator) got hacked the other day and had his account and everything back within an hour. Hell if you have to wait two hours then what? You've still wasted more time on the forums whining about it.
Edited by Slorebox on 7/25/2011 6:50 PM PDT
Reply Quote
No, the authentication service is a service. The authenticator key fob is a piece of hardware. If Blizzard closed WoW tomorrow, the disks you paid for to install it would be worthless. Yet it is still in their right to cancel your access to the service of playing the game.

The service itself is free. My authenticator was free, I don't pay for the service. Therefore, it is up to them to decide how it will be implemented, whether to continue it, or not. So yes, the above poster is correct, it is a courtesy given to you by Blizzard.


If this was a courtesy, then everyone would have a authenticator. It would be packaged with the disks, gratis.

Such is not the case.

In fact, the only "free" authenticator, is the smartphone app. The app that Blizzard admitted had been compromised. This is the reason I ordered, and paid for, an authenticator.

Additionally, if the authenticator was a "courtesy" available to everyone, there would be no need for authenticator-only ranks for guild bank access.

If I had never purchased the authenticator, then I would not be subject to the additional security protocols that it imposes.

Therefore, the authenticator is a service, not a courtesy. Q.E.D.

Edit: in other words, the above poster is still wrong.
Edited by Azuula on 7/25/2011 6:57 PM PDT
Reply Quote
You paid for this: "Log in with both and you can rest easy knowing that your account is now even more secure from malicious attacks such as keyloggers and trojans."

With the authenticator your account is still more secure than without. You got what you paid for whether you think its a courtesy or service.

The bottom line here is Blizzard feels comfortable enough (security speaking) to make it a little easier for people to login with authenticators. I'm sure they log how many people call to reclaim hacked accounts and if the number jumps after this update then they'll roll it back. If it were worse it would cost them more money in paying the people to answer phones and recover accounts than it would to just roll back the change.

Can we stop acting like we know how everything in the world works now?
Edited by Slorebox on 7/25/2011 7:11 PM PDT
Reply Quote
29 Undead Warlock
200
No, the authentication service is a service. The authenticator key fob is a piece of hardware. If Blizzard closed WoW tomorrow, the disks you paid for to install it would be worthless. Yet it is still in their right to cancel your access to the service of playing the game.

The service itself is free. My authenticator was free, I don't pay for the service. Therefore, it is up to them to decide how it will be implemented, whether to continue it, or not. So yes, the above poster is correct, it is a courtesy given to you by Blizzard.


If this was a courtesy, then everyone would have a authenticator. It would be packaged with the disks, gratis.

Such is not the case.

In fact, the only "free" authenticator, is the smartphone app. The app that Blizzard admitted had been compromised. This is the reason I ordered, and paid for, an authenticator.

Additionally, if the authenticator was a "courtesy" available to everyone, there would be no need for authenticator-only ranks for guild bank access.

If I had never purchased the authenticator, then I would not be subject to the additional security protocols that it imposes.

Therefore, the authenticator is a service, not a courtesy. Q.E.D.

Edit: in other words, the above poster is still wrong.

Under some circumstances an airline will give you a courtesy upgrade to first class. All passengers don't get this upgrade, but that doesn't change the fact that it's a courtesy upgrade, and not required to be given. You are not entitled to this service. Blizzard could turn it off and make your fob worthless tomorrow. The can do what they want, you aren't paying for it.

Say what you want, but you have no right or entitlement to this free service, no matter what you feel like calling it. You neither purchased the service nor pay for it.
Reply Quote
90 Troll Shaman
13565
/sigh. Apparently you two are happy with the new system. Great, I'm very happy for you. So why is it any skin off of your noses if we would like the OPTION to continue to use the old system? I could see it if we were asking for a rollback, but we're asking for an OPTION.
Reply Quote
29 Undead Warlock
200
07/25/2011 07:30 PMPosted by Shadowwind
/sigh. Apparently you two are happy with the new system. Great, I'm very happy for you. So why is it any skin off of your noses if we would like the OPTION to continue to use the old system? I could see it if we were asking for a rollback, but we're asking for an OPTION.

No this thread is asking for a Blue response (see title). Which you already got, and they are looking into it. The rest is simply spam.
Reply Quote
Under some circumstances an airline will give you a courtesy upgrade to first class. All passengers don't get this upgrade, but that doesn't change the fact that it's a courtesy upgrade, and not required to be given. You are not entitled to this service. Blizzard could turn it off and make your fob worthless tomorrow. The can do what they want, you aren't paying for it.

Say what you want, but you have no right or entitlement to this free service, no matter what you feel like calling it. You neither purchased the service nor pay for it.


A courtesy upgrade is a gift, i.e. something that is not paid for.

I bought my authenticator from the Blizzard Online Store. Ergo, I paid for the service that comes with the hardware. Blizzard can choose to alter how the system works, or discontinue it forever. Until they do so, I do have a right and an entitlement to the service associated with the hardware that I purchased.

My point stands.

I am not saying that the system is fatally flawed, or that it is a deal breaker for me. Personally, I think it's working fine and Blizzard is trying to close any actual loopholes in the system(as opposed to perceived loopholes).

I just feel that calling the authenticator a "courtesy" is false, as well as an attempt to derail this thread by dismissing the concerns of the OP(& their supporters) as irrelevant.

Additionally, I find your logic...flawed.

Whether you and I agree with their concerns, isn't the point. They exchanged money for a service. That service is no longer working as advertised, so they have requested clarification to soothe their concerns.

Clarification has not been forthcoming.

Along the way, there has been a great deal of doom & gloom(mostly unrealized), as well as obfuscation about the heart of the matter. The simple fact is this:

They have concerns, and a right to some sort of response.

At this point(as I said earlier in the thread), I think a response is not only unlikely, but would be counterproductive. The time to respond to this was thirteen threads ago. A response at this time would do nothing more than stir up additional controversy, for no useful reason.

On that note, I think I'm done for the night. Goodnight all.
Reply Quote

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)
Submit Cancel

Reported!

[Close]