Battle.net Authenticator Changes

Technical Support
Prev 1 6 7 8 26 Next
Good lord, you guys are all spazzing out about how horrible an idea this is.

Do you really think it'll not be optional?

Chill and be rational. If you don't like it, don't use it.

It's a good idea, and I'd personally use it, but obviously it'd have to be a choice.


The system is already in place. There is no opt-out.
lol its kind of funny that we paid $6.50 for a protective device that asks us to enter a number before we can log in to the game and now you've basically just disabled it. Can I have my $6.50 back?
06/16/2011 03:07 PMPosted by Grandma
So youve obviously never heard of IP spoofing have you. Im not the only one whose pointed this out...please read previous posts before making a reply like this.

And those hackers have always been capable of doing that since the release of authenticators. Like I said, you shouldn't give your password to family members if you're worried they're trying to get on your account.


Personally not an issue for me, however as I pointed out in a post further down depending on the reasons someone may have bought the authenticator, this could defeat the purpose and compromise the security feature entirely. However...I would be fully open to the idea if it was OPTIONAL. For some cases where family or personal computer security is not an issue, this change could be beneficial. Also as stated earlier, the reason someone bought the authenticator in the first place was so that they HAD to enter the code each and every time, and knew that this was a requirement going into it.
One more point I would like to add: Blizzard is likely using more data than solely IP address. I'm sure they use other system information as well, such as hardware IDs. With companies being compromised left and right, you can rest assured that Blizzard isn't going to do anything to hinder their security at this point.
________________________________________________
The wise speak only of what they know. - J.R.R. Tolkien
CORE I7 3.8GHz | 12GB RAM | ATI 5970+5870 | F120 SSD
Live Support: irc://chat.freenode.net/wowtech
Calm down, people. With the number of complaints, I'm sure they'll add an opt out option for this eventually.
I would also prefer to opt out. This change nearly defeats the purpose of two-factor authentication. Not that WoW security needs the rigor of, say, a financial business, but if you're going to use authenticators why not continue doing it right?
06/16/2011 03:10 PMPosted by Slim
It's a great idea, and I personally LOVE this. Don't cave in to all this QQ :3


I don't recall seeing anyone saying to disable this "feature", everyone is asking for it to be a choice that each user can make.

What Blizzard think is a good idea is not always what we think is a good idea.
Good lord, you guys are all spazzing out about how horrible an idea this is.

Do you really think it'll not be optional?

Chill and be rational. If you don't like it, don't use it.

It's a good idea, and I'd personally use it, but obviously it'd have to be a choice.


It is NOT optional, we were NOT asked. Don't use it? We really don't have a choice at the moment, or by "Don't use", you mean don't play Wow? I paid my 2 month subscription and I paid the $6 for the authenticator, that now appears is obsolete in a lot of cases here. We are not 'spazzing out' we are concerned for our accounts security. This idea was just thrown at us with no notice.

Hopefully all this QQ will make it optional.
This is an excellent idea.

I can only see one problem, and it would be a personal problem of the account holder.

Basically, lets say their authenticator says, "Ok, he has logged in the last 6 months from Houston, TX. Today he logs in from California. Throw up the authenticator."

System working as intended, great. Awesome even.

If you post somewhere 'where you live', then they have an idea of a city, and can spoof the IP to make it 'look' like they're in your area.

That's the only problem. I would put a suggestion in, to allow us to turn that 'smart authenticator' security level in the bnet site to smart or normal. I personally love typing in the numbers. It makes me know that someone doesn't have my authenticator. I might lose it if I realize that I don't need to carry it around with me anymore...
One more point I would like to add: Blizzard is likely using more data than solely IP address. I'm sure they use other system information as well, such as hardware IDs. With companies being compromised left and right, you can rest assured that Blizzard isn't going to do anything to hinder their security at this point.


exactly my point. login caching is a little more compex then just storing an IP
I want to keep using my Authenticator.

I don't want to open my account up to an attack with VNC/remote computing/spoofing my machine profile and IP.

Using my authenticator everytime ensures that they can only get my account by prying my token or phone off my dead body.
What people are not understanding is that it will not ask for an authenticator code at a place you login from all the time. So you're at home logging in. Doesn't ask for a code. Okay, cool. But someone from China is trying to login. Since the system does not recognize that, then it's going to ask for a code.

I'm not sure why people are demanding refunds or think they're gonna get hacked.


Thrall's package! Speaking of learning how to read, why not try reading the multiple posts where people EXPLAIN why they're worried about getting hacked! Let me lay it out one more time. Blizzard's computers do not magically know where you are. They only know because part of the information transmitted from my computer to Blizz's is information that includes geographic location (and an ID for my computer). A keylogger is a malicious program that traps any information you type in and/or transmit from your computer, depending on the type. It is not hard for a hacker to pretend that his computer is mine, and that he is transmitting from a very different place than he actually is. Like, for example, from my home instead of wherever he happens to be. Does that clear things up for you?


You completely misjudge Blizzard's security teams if you think they'd make it easy for a hacker to "impersonate" your computer and connection information. Though they're not going to release the details on what metrics they use, I would imagine it's something very similar to the Windows Activation system though a bit customized for WoW.

There's likely a threshold: If enough things are different, it's a different PC. If certain things change too much, no matter what, it's a different PC.
Please make this feature optional. I'd rather take a few seconds to type the authenticator code in each time.
06/16/2011 03:14 PMPosted by Dtinak
Please make this feature optional. I'd rather take a few seconds to type the authenticator code in each time.
Bad idea.

If someone can setup a keylogger on someone's computer they can very well setup a tunneling application that phones home and allows a hacker to use that persons internet connection. This is already being done in games like Aion.
As I said in my earlier post that got sort of swamped, I guess a bit of elaboration on just how effective IP spoofing can be, and what kind of defensive measures can be used to prevent it. For all of our peace of mind.
Thank god. Will this apply to SC2 and future blizzard titles too?
Good lord, you guys are all spazzing out about how horrible an idea this is.

Do you really think it'll not be optional?

Chill and be rational. If you don't like it, don't use it.

It's a good idea, and I'd personally use it, but obviously it'd have to be a choice.


It is NOT optional, we were NOT asked. Don't use it? We really don't have a choice at the moment, or by "Don't use", you mean don't play Wow? I paid my 2 month subscription and I paid the $6 for the authenticator, that now appears is obsolete in a lot of cases here. We are not 'spazzing out' we are concerned for our accounts security. This idea was just thrown at us with no notice.

Hopefully all this QQ will make it optional.


Just because they haven't made it optional yet doesn't mean they aren't going to.

And honestly, do you think the developers over at Blizzard are so stupid that they aren't aware of IP spoofing? Honestly? They are not making a system to make things less secure, and if they find that it IS less secure, they'll either fix it or nix it.

Seriously, some of you seem to think Blizzard is run by 13 year olds playing around with Perl in the basement or something. They're professionals and value security.

So again, chill.

Join the Conversation

Return to Forum