Battle.net Authenticator By-Pass Now Active

Community Manager
A Battle.net Authenticator can represent an excellent way to add an additional layer of security to your Battle.net account. We appreciate that our players make use of their authenticators, and to help make them more convenient, we’ve introduced the authenticator by-pass. Those of you that have World of Warcraft accounts may already be familiar with how it works: when you log into a Blizzard game from the same location, you won’t always be prompted for an authentication code until you attempt to log in from a different location.

The authenticator bypass is active for StarCraft II, and is enabled by default. Those of you who wish to disable this feature can do so by opting out of the bypass on your Battle.net account management page. If you opt out of the by-pass, you will be prompted by Battle.net for an authentication code each time you log in.
Reply Quote
85 Human Priest
4395
Thank you for adding the opt out feature!
Reply Quote
MVP
90 Worgen Warlock
10465
I am so glad you guys decided to add this in. Perhaps many won't make use of it, but it makes a huge difference for those of us who will.
Reply Quote
MVP
86 Night Elf Priest
7720
11/29/2011 12:46 PMPosted by Broonster
Thank you for adding the opt out feature!

So very very much this. Greatly appreciated!
Reply Quote
85 Undead Mage
7330
I have a question.

Randomly I get asked for the authenticator lately. Lets say I get asked for a code 1 out of every 10 times I log in. Does this mean that someone else is trying to log into my account?

For a point of reference, this only happened in the last 2-3 months, not today.

Thank you for your time.
Reply Quote
85 Night Elf Hunter
6115
I have a question.

Randomly I get asked for the authenticator lately. Lets say I get asked for a code 1 out of every 10 times I log in. Does this mean that someone else is trying to log into my account?

For a point of reference, this only happened in the last 2-3 months, not today.

Thank you for your time.


I get asked for my code every 7 days or the next time I log in after that.
Reply Quote
85 Undead Mage
7330
Much appreciate Beani. I was a little paranoid hehe.

Thanks!
Reply Quote
90 Tauren Druid
10435
I too have to enter my code again after a few days of it being by-passed, and i most definetly did not login from a different computer. I want to see if this is a known bug/issue/supposed to happen, or if it is from someone else trying to gain access to my account

Thanks
Reply Quote
85 Blood Elf Warrior
3190
It (generally) has nothing to do with someone logging into your account. They take note of your IP address (given to you by your service provider) and as long as it looks like you are still playing from home/work, It will not bother you again. However, most internet service providers (ISP) will only give you the address for a limited time (between a week, 2 weeks, few days, or just a modem reset) when this address changes, Blizzard gets a red flag on your account saying: "This guy seems to be logging in from a new location" and asks you to prove you are the owner of the game/validator.

If you want to see this in action:
1. Log into the game
2. google "ipchicken" (or something similar) and take note of your IP address
3. next time it requests your validator, check and see, there's a very good chance your IP is different from last time you checked.

I hope this helps alleviate the concern some of you are having, There's a very good chance you are not having hacking attempts on your account each week, and the validator only makes you safer :)
Reply Quote
90 Human Priest
17505
I try not to post when I have little to add, but I'm making an exception here:

Very big thank you for allowing my authenticator to work as it did when I purchased it, I was more than a bit upset when it was disabled without my choice. The fact you originally changed it without warning at all, and didn't allow an opt-out for many months was fairly terrible planning and customer service. But at least its set up correctly now, again thanks.
Reply Quote
Randomly I get asked for the authenticator lately. Lets say I get asked for a code 1 out of every 10 times I log in. Does this mean that someone else is trying to log into my account?


11/29/2011 01:14 PMPosted by Beani
I get asked for my code every 7 days or the next time I log in after that.


One thing that can cause behavior like this is if your internet service provider (ISP) changed the IP address you use with them. Some ISPs will keep you on the same IP address for a long time, other ISPs may shuffle you around now and then.

If your ISP gives you a new IP address, the Blizzard login sees this as a new location, and may ask for the authenticator.
Reply Quote
90 Gnome Mage
9270
It (generally) has nothing to do with someone logging into your account. They take note of your IP address (given to you by your service provider) and as long as it looks like you are still playing from home/work, It will not bother you again. However, most internet service providers (ISP) will only give you the address for a limited time (between a week, 2 weeks, few days, or just a modem reset) when this address changes, Blizzard gets a red flag on your account saying: "This guy seems to be logging in from a new location" and asks you to prove you are the owner of the game/validator.

If you want to see this in action:
1. Log into the game
2. google "ipchicken" (or something similar) and take note of your IP address
3. next time it requests your validator, check and see, there's a very good chance your IP is different from last time you checked.

I hope this helps alleviate the concern some of you are having, There's a very good chance you are not having hacking attempts on your account each week, and the validator only makes you safer :)


While logging in from a different IP will trigger the request for the authenticator code, it is not the only trigger. There is still a periodic (I believe every 7 days or so) trigger. How do I know this? My system at home (the only place I play WoW from) has a static IP address; yet I still see the periodic request for the authenticator.
Reply Quote
85 Blood Elf Warrior
3190
There are clearly other factors to reset it, but I was just allaying the concerns with a basic explanation of whats happening behind the scenes. I'm using a static addresses as well and have been for many years.

This is nothing to do with the inner workings of their validation system, I just felt it would be nice to have these people less concerned that they are being hacked every couple hours - which is very much not the case.

You are not contributing anything here by nit picking at what wasn't intended to be a comprehensive explanation.

Once again, getting and using the validator is the best thing you can do for your account security. They are free if you get one for your smart phone (brands supported are listed on blizzard's website) and have been used (SecureID) for years to keep safe much more important things than your video game accounts, such as government defense documents and various sensitive networks. Enjoy the core-hound pet as well, pointing out to the would-be hackers of your server; that your account is considerably harder to access than one without :)
Reply Quote
MVP - Technical Support
90 Blood Elf Hunter
17635
I'm glad to see this trend being continued; hopefully there isn't nearly as much drama this time around as last! The authenticator is a very useful tool, but it can be a bit tedious to have to put it back in each time you log into a game, especially after a patch when you're constantly changing configuration options and may need to continually relog from the game.

It would definitely be more difficult to implement, but it would be interesting to see this implemented on the website as well. We don't transfer the same sort of data when logging into the website, although there may be some way to work around that. Wishful thinking? :)

**EDIT
And for those of you that care to see the previous discussion on this change:

http://us.battle.net/wow/en/forum/topic/2674529777

It continued on through several threads. You may need to do a bit of searching if you want to see everything.

Also, quite happy to see this:

11/29/2011 12:44 PMPosted by Daxxarri
Those of you who wish to disable this feature can do so by opting out of the bypass on your Battle.net account management page. If you opt out of the by-pass, you will be prompted by Battle.net for an authentication code each time you log in.


That should remove any and all objections to this change. In the end this is an excellent feature!
________________________________________________
The wise speak only of what they know. - J.R.R. Tolkien
CORE I7 3.8GHz | 12GB RAM | ATI 5970+5870 | F120 SSD
Live Support: irc://chat.freenode.net/wowtech
Edited by Kodiack on 11/29/2011 3:43 PM PST
Reply Quote
85 Undead Priest
9900
11/29/2011 03:40 PMPosted by Kodiack
but it would be interesting to see this implemented on the website as well. We don't transfer the same sort of data when logging into the website, although there may be some way to work around that. Wishful thinking? :)


I have been wondering this also. This is a website feature I would love.
Reply Quote
90 Blood Elf Paladin
11680
This was a great thing to add. Effectively you're 'Greylisting' logins so that you have a good balance between security and ease of use. Initially, I found having to enter the code every time a hassle, but entering it periodically from different IP's is perfectly suitable, as a successful login from one IP is likely to be a valid user and there's no need to recheck upon subsequent logins for at least a few days.

Almost everyone I know w/o an authenticator has been hacked, and they've been totally fine since adding one to their account. This adds a whole lot of headache when you have people with guild access rights that can lead to GB thefts as well as personal accounts, and at this point we do not give much authorization at all to players w/o an authenticator due to a few mishaps in the past.

I've had one since I joined WoW, primarily b/c it was soon after I got my first iPhone and immediately noticed that the authenticator app was available for free. Between the different mobile platforms this has done a LOT of good for making account authentication very accessible, reducing both user woes and Blizz support resources. Extending the bypass to SC2 (and eventually, presumably D3) is really a given.

I agree with other posters' comments about battle.net logins themselves - would it be possible to allow bypass but to still require entering in the auth codes when viewing any page that involves account management changes?
Reply Quote
MVP - Customer Support
90 Tauren Druid
12960
Thank you very much for implementing this. For us overly-paranoid folks, a little extra peace of mind is always nice.
________________________________________________
Customer Support Forum MVP
HDL - http://hdl-the-guild.com/~nodrama/
E-mail - neppyman.no@spam.gmail.com
"Wiggle, wiggle, wiggle, wiggle, wiggle."
Reply Quote
1 Orc Shaman
0
11/29/2011 12:44 PMPosted by Daxxarri
Those of you that have World of Warcraft accounts may already be familiar with how it works: when you log into a Blizzard game from the same location, you won’t always be prompted for an authentication code until you attempt to log in from a different location.


Every time I log in from a different location, I get a message saying my account has been compromised and I need to reset my password etc...

It would be NICE if what the OP said was the case, but it's not, so this Authenticator option is useless to me. If I log in from a different location then its about 20 minutes story trying to get access to my account again. Absurd.
Reply Quote
90 Dwarf Warrior
0
11/29/2011 12:44 PMPosted by Daxxarri
Those of you who wish to disable this feature can do so by opting out of the bypass on your Battle.net account management page. If you opt out of the by-pass, you will be prompted by Battle.net for an authentication code each time you log in.

This is appalling security practice. 'Hey guys, you know how for the last few years we've been telling you all that the Authenticator will prompt you each time you login, well without asking you we've lowered the security on your account'. Not even a Fair Notice email about it. Well, maybe they are mailing us but personally I'd rather have heard about this a week or so before implementation, not after the fact.
I've not been playing the game recently. Haven't put the latest patch on yet. No idea if it's mentioned in the patch notes that the security of my account has been lowered without my consent and without proper disclosure to me as the account holder.
I would have been completely unaware of the lowering of my security if I hadn't thought about sticking my head in to CSF to see how the new patch was shaking out, merely from a geeky interest point of view.
I appreciate Daxxarri's post, moreso because I had NO knowledge of the change in security, as well as Kodiac's pointer to (practically) some other random thread.
I just boggle at the lack of notification beyond some forum posts that if I'd not seen, I would've been in the dark. On class changes, game changes etc., I can deal with that. Lack of notification on lowering of default security settings is inexcusable. Seems the only reason Blizz wanted to contact me recently is to flog me an annual pass. This tells me that $ > safety. Far less inclined to resub now than ever before.
/rant
Reply Quote
90 Tauren Warrior
4625
Just for clarification, this means that IP-detection is no longer effective and I can log in from any location I want outside of my home, without having to change my password?
Reply Quote

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)
Submit Cancel

Reported!

[Close]