Battle.net Authenticator Changes

Technical Support
Prev 1 5 6 7 26 Next
06/16/2011 03:01 PMPosted by Grandma
This is a really bad idea. What if in some cases the person is using the authenticator to protect against family or someone else that may use the same computer. This change would leave the persons account completely open if the person has the password but not the authenticator. Please do not implement this change.

Then do NOT give your password to your family.
What is so hard about that?

And if someone is trying to login from China they're going to ask for the authenticator code. Read! It won't ask for the code if it recognizes your regular login pattern!


So youve obviously never heard of IP spoofing have you. Im not the only one whose pointed this out...please read previous posts before making a reply like this.
Cool!
This does NOT give me a sense of security. Please return this to the previous method of asking us every single time. I'd rather be asked to make the extra effort than not feel comfortable about how my account is being managed.

And this DEFINITELY does NOT give a sense of comfort.

I felt good about my account before, every time I was asked. It's like being reassured that everything is correct. You should ASK us if we want to participate in this rather than leave us hanging not knowing each time... hoping that everything is OK...
it only takes 5 sec's for you to put the number in this change was not needed please put your time to more better use's..
Thank you bluspacecow, very insightfull
I'm curious to what prompted this change. Have I missed the hundreds of complaint thread where people complain about having to type in the code their authenticator spits out?

Terrible change.


Exactly. The authenticator is an opt-in process in the first place. We bought it because we wanted one and we wanted to type in the code every time.

If you didn't want to type in the code, you didn't get an authenticator. Simple.

I can see some merit to this system but it needs to be something we can choose to opt-in or opt-out.
So I sort of wasted money on an authenticator? Why wasn't this just implemented previously? I am disappoint...
I would however be open if Blizzard made this change Optional, something you can enable/disable in your Battle.net account settings (but not on by default). In some cases, for certain individuals this kind of a change could defeat the purpose of the Authenticator.
So first login after the change, I still don't like it, I'm at the same location I always am when I play wow, I am not in the least bit worried about my home security (account sharing, children, wives, husbands etc etc), I really hope they make it so we can opt out of this.
I'm curious to what prompted this change. Have I missed the hundreds of complaint thread where people complain about having to type in the code their authenticator spits out?

Terrible change.


Exactly. The authenticator is an opt-in process in the first place. We bought it because we wanted one and we wanted to type in the code every time.

If you didn't want to type in the code, you didn't get an authenticator. Simple.

I can see some merit to this system but it needs to be something we can choose to opt-in or opt-out.


^ Exactly this.
I suppose I don't understand IP Spoofing enough to know how truly vulnerable our accounts would be to it. I do not have any of the personal, home issues of security, but rather I am hypervigilant about attacks from outside sources. I do not, however, know enough about the effectiveness of IP/Geolocational spoofing or if there are means of defense against it. Enlightenment on such things in a practical manner with as little technical jargon as possible would do a lot to ease my mind on this issue.
Good lord, you guys are all spazzing out about how horrible an idea this is.

Do you really think it'll not be optional?

Chill and be rational. If you don't like it, don't use it.

It's a good idea, and I'd personally use it, but obviously it'd have to be a choice.
06/16/2011 03:04 PMPosted by Divrp
So youve obviously never heard of IP spoofing have you. Im not the only one whose pointed this out...please read previous posts before making a reply like this.

And those hackers have always been capable of doing that since the release of authenticators. Like I said, you shouldn't give your password to family members if you're worried they're trying to get on your account.
You should ASK us if we want to participate in this rather than leave us hanging not knowing each time... hoping that everything is OK. If we opt-in then yeah. Let those that don't care take part. But I do not like this on MY account.
06/16/2011 02:55 PMPosted by Grandma
If that was the case then Blizzard wouldn't have done this. I'm pretty sure they planned this out for months and talked about it. Blizzard cares about security the most out of anything.


In method - relying on a computer program's "intelligence" to figure out this answer, rather than a manually called-upon code, with as we know it so far, "the same IP" as a criteria. For all we know it could be all IPs as long as it shares a certain range. Or a base check, which a spoofer or tunnel could easily mimic.

In mentality - by having to have the authenticator in hand, we as players are given direct control over our security. We are reminded we play part in it. Giving the passage of security to a computer and removing that crucial step from the human involved in the process in turn makes people focus less on security.

This process was not needed to make accounts more secure. In fact, it makes them less secure in the end, for the sake of player convenience.
...you DO know it's active and NOT "optional" right??
I hope I'm able to opt out fo this, even though this is the only computer I log into WoW on, I feel more comfortable with knowing only I can do it regardless.
06/16/2011 03:00 PMPosted by Bluspacecow
Possibly to circumvent the man in the middle attack.


Right, a good point. A-KO and I were talking about this in #wowtech a bit. There's malware out there that would sit on your computer, waiting until you tried to log into WoW. After you input your credentials, it would snatch the authenticator code and send it off elsewhere so that your account could still be compromised.

This change is actually a bit more secure when you look at it that way. I've become rather acquainted to entering the code every time I log in, but that doesn't mean that such an attack isn't possible.

There are a few valid reasons to keep using your authenticator at every login regardless of whichever system you log in from, but overall, this is a change that will benefit the players. Would making it optional hurt? Probably not. That is ultimately up to Blizzard, though.
________________________________________________
The wise speak only of what they know. - J.R.R. Tolkien
CORE I7 3.8GHz | 12GB RAM | ATI 5970+5870 | F120 SSD
Live Support: irc://chat.freenode.net/wowtech
What people are not understanding is that it will not ask for an authenticator code at a place you login from all the time. So you're at home logging in. Doesn't ask for a code. Okay, cool. But someone from China is trying to login. Since the system does not recognize that, then it's going to ask for a code.

I'm not sure why people are demanding refunds or think they're gonna get hacked.


Thrall's package! Speaking of learning how to read, why not try reading the multiple posts where people EXPLAIN why they're worried about getting hacked! Let me lay it out one more time. Blizzard's computers do not magically know where you are. They only know because part of the information transmitted from my computer to Blizz's is information that includes geographic location (and an ID for my computer). A keylogger is a malicious program that traps any information you type in and/or transmit from your computer, depending on the type. It is not hard for a hacker to pretend that his computer is mine, and that he is transmitting from a very different place than he actually is. Like, for example, from my home instead of wherever he happens to be. Does that clear things up for you?
06/16/2011 03:04 PMPosted by Divrp

Then do NOT give your password to your family.
What is so hard about that?

And if someone is trying to login from China they're going to ask for the authenticator code. Read! It won't ask for the code if it recognizes your regular login pattern!


So youve obviously never heard of IP spoofing have you. Im not the only one whose pointed this out...please read previous posts before making a reply like this.


ip caching is a little bit more then just remembering an IP address, you think that's all blizzard looks at? you know how much data wow collects and sends server when you login? they know a lot more then your IP, they now your hardware address. they know your geographical location, and probably tons of other things. IP spoofing is only going to make someone have same IP, but it willn ot fake everything else, it's not going to fool this. You are all making baseless asumptions blizzard didn't assess all of this stuff before making change.

Join the Conversation

Return to Forum