Authenticator Changes

Technical Support
Prev 1 23 24 25 26 Next
Please let me opt out of this option. I feel the 5 seconds it takes to enter the code is a fair price for security.

You are hopelessly clueless. And you make a LIVING in an IT field of some kind? You can not change your routable network address to any IP address you wish and get traffic. The very first router in the chain would send packet traffic to its proper destination.

Please stop posting.

Might wanna read up on BGP, chief.
I don't like this at all. I bought an authenticator so that you have to use it to access my account. I do not want someone else in my household or that gets access to my computer to be able to access my account.

If they want to make it more user friendly, make this an OPTION for those who want it. For those of us who would prefer to keep the security on our account as tight as possible, leave it alone! PLEASE. Thank you.

As has been mentioned in other posts, how will we know if our account has been compromised and our authenticator is removed? If we are not required to use the code when we log in from home, we may be unaware if our authenticator gets detached. Just don't like it...

I'd PREFER it be an OPT IN or OUT toggle, as it should perhaps be an option or only saved within 24 hours so if we get disconnected or switch accounts during that timeframe we don't have to re-enter but if we don't log in for a day or two, we're prompted again. I'd be cool with that. I'd still prefer to be able to opt in or out but at least I'd feel BETTER if I knew it was only saving it temporarily and I'll need to authenticate when I log in again after a couple days. Then I'd enjoy the convenience in the play session where I log in or out and get disconnected (though it did not cause me any issues, the time it took for the code was nothing, the time is all in loading the client and loading back in which would have been the same without an authenticator) and I'd still not freak out when the first time I log in my authenticator box doesn't pop up.

I personally wasn't comfortable with the mobile authenticator and other authentication options so went for the actual authenticator. Now I'm being told to trust Blizzard to save whatever information they need and perhaps never need to be asked again. Blizzard could be hacked as well. At least if this was something temporarily saved for a certain "session" of play time I would get the convenience of not having to use the code every time (which I actually don't mind and opted IN to by purchasing the physical token) and would also get some peace of mind by being asked for my code when I log in the next day or if I don't log in for a couple days.

And no, I don't want them to explain their procedure to me. That's ridiculous. However, I do want the option to opt in or out. If I can't have that, I want to still have to authenticate every so often, even if it isn't every log in. So I'm suggesting it in the rare hope they actually bother to read the posts and take our concerns into account. I do expect they announce things like this better and not just in a forum post and let us know the customer service side of it and not just take the functionality of the authenticator away.

By now most should realize it's already in place, I've already raised my fist at the screen as it didn't ask again for the code when I logged in again in the same day. So stop telling us to stop spazzing out as it's already happened with no opt in or out option. The location indicators were in place prior to this as well. I have had to reset my password when my router was reset already.

As for those talking about bank account issues, that's not a Blizzard concern but I have used an authenticator for banking as well. There are also usually random questions I have to answer on top of the password. If my bank suddenly said they wouldn't require the authentication code if I used the same work computer, I'd bet business clients would be just as upset and clamoring for the security of using the code. That's what it is there for in the first place. An additional level of security.
06/16/2011 05:17 PMPosted by Squinkle
People seriously educate yourselves before you cry about this it essentially changes nothing as long as you don't share your password.

I haven't seen anyone "QQ"ing. People have the right to feel however they want. We pay for this game montly we should have the option on how we keep our accounts secure. We should have to option to choose to be able to log in with or without authenticators. It is our preference for our personal reasons. We want an option to use it or not just like with RealID.
I'm fine with an opt out option. I'm specifically talking about the people complaining that now that you don't have to type a code in that they are going to get hacked because that is wrong.

Simply: No.

[Please insert the bile-filled invective equivalent of a Code of Conduct nuclear strike here.]

I don't know enough about the system to make any authoritative assertions. Likewise, anybody without first-hand experience designing this system is in the same boat. I'm certain that in these 22 pages of replies there have been well articulated reasons against this change. Pretend I quoted them all.

I simply have no interest in trusting a system to properly identify the agent attempting to log into my accounts (be it me, a hacker, or a drunk ferret) in exchange for the "convenience" of hitting the button on my token and punching in a few numbers. I do not consider this a balanced trade-off.

I'm not saying to not use this system, simply make it opt-in for those who wish to participate and allow the rest of us to retain our default inconvenience.

PS - I'm thankful that Blizzard was lucky enough to choose Vasco over RSA as the token vendor. Maybe Vasco's reply to the RFP was more assuring in terms of company security, but I'm a touch cynical.
06/16/2011 05:12 PMPosted by Ewing
Blizzard, Will you please explain EXACTLY how this works but don't use any big words because obviously these people can't handle it. It's secure folks please quit QQing blizzard gets enough of it.

Oh! Then just how did the accounts "protected" by the Dial-In-Authenticator get hacked then. The keyfob and cell phone Authenticators Were proactive, where as the Dial-In Authenticator is reactive. Now with the this change keyfob and cell phone Authenticators are now reactive as well.

With the keyfob and cell phone Authenticators, you were prompted to enter a code each and every time you access the game and account management. However with the Dial-In Authenticator , you were only prompted to enter a code, when it senses a change in your login pattern/location.

With a reactive system Like the Dial-in Authenticator if you have been hacked before, the hacker's location may now be part of your login pattern, therefore the dial-in Authenticator may not be any protection for you.

If you play, while traveling; Each time you successfully logs-in from a different location, you add that GeoIP range to your log-in pattern. This in turn weakens the effectiveness of a reactive Authenticator.

Lets say you travel through an area know as a hot bed of hackers, and logs into WoW from there. That area is now part of your log-in pattern, therefore any hacker trying to access your account from there, will not trigger the reactive Authenticator system. This makes Playing while traveling, or from any location other then home a very bad idea.

I'm pretty sure after 10 minutes of being logged out from that specific location you'll have to enter the authenticator code. If it was permanent then that would just be mildly retarded. Also, I am 99% sure this won't just be going off of IP itself but your game client mac address etc.
First we get warned at about security, we take the step of making a stronger login proccess by adding an authenticator, LEAVE IT ALONE it doesnt take alot of time or effort so dropping a security feature even sometimes is not really helping anyone, i payed for an authenticaor please let me use it every time for my safety
I will admit that when this first happened to me, it gave me a bit of a scare. I signed in and saw the lack of a need for my authenticator. Till I went to the actual site and signed in there and saw it still tagged to my account and decided to look and see if there were some changes to the system.

A bit more warning would have been nice. But overall its a good idea. I like not needing to use it all the time
Sorry...I thought the whole reason to purchase an Authenticator was to add alittle extra comfort and control of my account? I'm not feeling it....I think typing in a code was a Great idea and have been very happy with this system. I didn't want to log on in fear that something was not right. Please reconsider this idea....if players are complaining about typing in 6 numbers then I'm sure those are the players I can do without!!!! Thanks for letting me vent! :)
With how much time Blizzard spends combating hackers, I know they wouldn't make this decision unless they were absolutely sure that it worked 100% while still allowing the ease of use that some players have been requesting. More importantly, I hope this encourages more players to actually leave their authenticators attached. More often than not we get those in the Customer Support forum who start off with "I can't get into my account, please unlock it and I'll put my authenticator back on." It's not effective if players are removing it because they feel it's an inconvenience.

However, from a personal standpoint I would feel much more comfortable if I were prompted to enter my authenticator code each and every time, simply because I don't find it an inconvenience at all. It's only 6 digits and it provides me with a peace of mind that some nebulous 'behind-the-scenes" mechanisms that I have no information on is able to. I'd love to see a user-preference that allows us to have the ability to demand the authenticator code (a break-out for in-game or Web Services would be even better, so that I could post without using the code, but so be it). I feel that even if this is an opt-in feature, those who would like it have the opportunity while players who feel the authenticator is a necessary inconvenience have the additional layer of security without the frequent prompting.
Jesus Christ, just please announce that there will be an opt-out feature so these imbeciles will quit QQing about things they obviously know nothing about.
To everyone else, Blizzard is a massive company. You cant be a massive company making millions if you are ran by idiots. Instead of thinking "OH GAWD THIS CANT BE GOOD AT ALL, IM SMARTER THAN DEM." think "I wonder what caused them to add this feature. There has to be some good in it, otherwise they wouldn't have done it."

I bet people thought the same thing about Sony a few months ago.
06/16/2011 05:19 PMPosted by Texi
Might wanna read up on BGP, chief.

No, I think you should. Then come here and explain to all of us, how you, on any network, can casually use the routable IP address of another network and have all traffic routed to you.
"Helm's Deep has but one weakness. It's outer wall is solid rock for except for a small culvert in space, which is little more than a drain."

Even Helm's Deep's smallest hole, denied by arrogant men, crumbled the wall when exploited. Don't make this mistake, Blizzard. It's like you made one step forward, two steps back.
This is absolutely unacceptable!

If other people have access to or control of a PC you regularly log in from <a pc at work, school, your roomates pc, your relatives pc !!!!> they can now simply keylog your info and then use your wow acccount.

The authenticator was the one saving grace.........not any more.

PLEASE, PLEASE, PLEASE make this an *optional* feature!

Join the Conversation

Return to Forum