Authenticator Changes

Technical Support
Prev 1 3 4 5 26 Next
06/16/2011 02:44 PMPosted by Optec
Please return it to it's former self. I feel VERY MUCH more safe having to punch it in each time I log in. I got the Authenticator because I was hacked once. This just makes it pointless to even have it now.

No, it does not. If someone's trying to login your account from a place the system does not recognize, it's going to ask for an authenticator code. Jesus, wish people knew how to read.
Bad idea ever. I buyed a authenticator to "authenticate" when I login.

I just don´t realize how blizzard sell a product to improve security and later just make a change to don´t use (or give minor importance) to the product we buyed.

Please make this "change" be a choice and not be obrigatory.

p.s sorry my poor english.
To bring a bit of perspective. Many think that the authenticator makes an account impervious to compromise. However, there is a specific type of attack that can steal a valid authenticator code as a user tries to submit it from the client.

This change effectively will make those types of attacks, which are involved and are not common but they DO happen from time to time, much harder to carry out. By removing the need to always submit an authenticator code goes a long way to defeating the "man-in-the-middle" types of attacks.

That said, I do think an option to always prompt for an authenticator would be a nice option to have. And I do not think it would be too much to ask nor be significantly riskier even with the threat of MITM.
06/16/2011 02:36 PMPosted by Holybell
And if I have a child whom I share the account with, and use the authenticator to monitor their playtime?

Your really not supposed to be able to do that from what I hear, if they want to play they need their own account.

100% incorrect
What in all of creation is so "smart" about someone being able to get onto your account, even if it's from the same location???? Did you even consider people attending a party at your house and getting on your computer without your knowledge, PO'ed wife/brother/sister, boyfriend/girlfriend accessing your account without permission, etc. etc.????? yeah, yreah...there's always the password...but it's still possible they could get hold of that. C'mon Blizz...whoever thought THIS one up oughta have their head well as the person who approved the idea.

Rethink and get RID of this "feature". I don't MIND the extra couple of secs it takes to punch the numbers in. Here we go...let's start watering down security measures....

Please...we would now like to put in our pre-orders for the official AntiAutomatic Authentication Authenticator those of us who bought Authenticator #1 so that we are the ONLY ones who can access our account from our computer....thank you.
Personally, I'd be much happier only being able to log in from this one locataion.
Honestly, most of this QQ is from people who share their home, in all honestly, KEEP YOUR INFORMATION PRIVATE!

With that simple rule, you have stopped people in your house from accessing the account, wow!
Because its so hard to MAC/IP spoof, OH WAIT! Yea, this change will just make authenticators hackable. Before, you had to man-in-the-middle attack within a short time frame. Now, you just spoof your IP and maybe MAC and you are in.
It's always good to see Blizzard working on the most important issues facing this game... oh wait, this was never a problem in the first place.

Blizzard: if it ain't broke, don't fix it. This system was working perfectly fine the way it was.
06/16/2011 02:47 PMPosted by Opftk
If you don't do anything stupid, you shouldn't have anything to worry about anyways. In order to get hacked, they'd have to get your information in the first place, they don't just magically have your login information. Some clarifications on how this will work would still be nice.

While it wouldn't affect this particular change, quite a few databases have been compromised over the last few weeks. I'm sure that a large portion of the WoW playerbase uses identical login credentials for multiple accounts. A lot of people had their Facebook, Twitter, dating site and various other accounts compromised after nothing more than their email login information went public. Yes, better security measures would prevent that from happening, but how many people do you believe think through that carefully?

Right now is one of those moments where people fear for their security like they never have before. Most people don't have much to worry about, but just that small extra blanket of protection can make a person feel more comfortable.
The wise speak only of what they know. - J.R.R. Tolkien
CORE I7 3.8GHz | 12GB RAM | ATI 5970+5870 | F120 SSD
Live Support: irc://
I do not like this idea. Too much of a risk of spoofing or other tricks to make a program think you are at a location you're not, and it's a risk that we should not even be opened up for as players without our consent.

The 15 seconds used to type in an authenticator code weren't any real issue. This is a step backwards on account security both in method and mentality. If anything, the lockouts were the issue, not the seconds spent inputting the authenticator code every time. Too much risk, not enough benefit.
What people are not understanding is that it will not ask for an authenticator code at a place you login from all the time. So you're at home logging in. Doesn't ask for a code. Okay, cool. But someone from China is trying to login. Since the system does not recognize that, then it's going to ask for a code.

I'm not sure why people are demanding refunds or think they're gonna get hacked.
I'm absolutely sure that Blizzard would use some form of verification that utilizes a computer's MAC address (or MAC addresses), public IP address and possibly the LAN IP address coupled with some sort of hash sent from the server back to the client from the last successful login using the authenticator. I'm also sure they would allow users to have to opt in to this instead of out (and be able to do so).

I'm absolutely SURE about this, because that is what I would do, and I would hope the minds at Blizzard get paid more than I do and know more than I do. I would hope.

This is not effectively unique data.

I worked for an ISP help desk once. One night we had thousands of customers over three states unable to connect because they all had the same MAC address.(I suspect a flawed driver update went out that day). Most hardware lets you change the MAC, and you can tell your system to use whatever IP address you want it to(whether other systems will actually talk to you at that address or not is another matter).

Even a GPS chip could be spoofed to feed Blizzard whatever the hacker wants to feed Blizzard.

This is just an absolutely disastrous idea.
06/16/2011 02:36 PMPosted by Holybell
And if I have a child whom I share the account with, and use the authenticator to monitor their playtime?

Your really not supposed to be able to do that from what I hear, if they want to play they need their own account.

A single minor child is allowed to "share" an account with their parent. This is the only exception to account sharing.
I am guessing people think that its not going to require you to input your real password? >_>
Yeah I don't really like this. All someone has to do is get my IP address and spoof it to log in. I just wish they would put the box back on the main login screen for the authenticator.
06/16/2011 02:52 PMPosted by Dynast
This is a step backwards on account security both in method and mentality.

If that was the case then Blizzard wouldn't have done this. I'm pretty sure they planned this out for months and talked about it. Blizzard cares about security the most out of anything.
Bad idea. I got hacked once, Blizzard gave me my stuff back, and got an authenticator. While it can be a pain, I'd rather have it on all the time knowing that my account is secure. No offense to you Blizzard or your nifty super software, but I prefer entering in the codes. Call me paranoid, but I don't like this idea one bit.
06/16/2011 02:29 PMPosted by Kodiack
Out of curiosity, will it be possible to opt out of that? While I'm sure the developers will roll out software that is indeed quite "intelligent" and does the job well, I would like to have the option to always use my authenticator regardless of where I'm logging in from.

I just came here to ask the exact same thing. I have a static IP, I always login from it, I even VPN in to my network when I'm on the road (to avoid getting locked out for logging in from a random location) so that I always come from the same IP. However, I'd still like to type my code in just to be safe.
the general consensus here seems to be that this is a bad idea. i agree. dont bother wasting anymore time developing this feature blizzard.

Join the Conversation

Return to Forum