About the Recent Authenticator Change

General Discussion
Prev 1 5 6 7 25 Next
not a removal
an opt out of the 'smart' system

we just wanted it to ask us every log in, every location, every time
Where is all of this empirical data being kept at?

Seriously, I keep reading about all these tests and I have yet to see one shred of proof.

You see, I did some testing myself when this first came out. I share a wireless network with my roommate who also (on and off) plays WoW and it was relatively easy to prove that this change did nothing to make me any less secure. Same thing for the shared computer we use as a backup and to run our entertainment center.

I asked him to log in to my account from the shared computer. He grabbed my phone, pulled up the authenticator app and then looked at me and said "What's your password?".

After his failure, I then logged on to my account from the shared computer. First time, authenticator query. From his computer...authenticator query.

The problem with all this is that my "test data" is also nothing more than hear say. Since you can't trust anything on the internet, and since none of you work for Blizzard, not one iota of proof has been generated.

And for all of the lame "Real ID" arguments...that should be proof that Blizzard is smart enough to reverse a bad decision.
lol - people complain about anything and everything
"So and so ran his own tests and proved to himself the system works."

"So and so ran his own tests and proved to himself the system is flawed and insecure."

To you it's all heresay.

My concern is I ran my own tests on my own systems and believe the system FOR ME is flawed enough to want to opt out. It's heresay to you, but PROVEN FACT to me. Again, i am not here to change anyone's opinion on the issue. I'm here to ask Blizzard to give ME back two-factor authentication.
07/25/2011 01:43 PMPosted by Ramshakkle
People in hell want ice water. Doesn't mean they'll get it. An repeatedly "petitioning" Beelzebub won't accomplish anything. Take the hint.


I would generally agree with this, and the fact that the title should not specifically ask for a Blue response.

However, there are numerous topics in which it could at least be argued that excessive posting about a certain issue does show to either 1. Get a response, 2. Get them to look into the issue, or 3. Make changes.

On topic: I was logged in at a hotel out of state this past weekend. It asked me for my authenticator the first time, no security questions at all. That was the only time I needed my authenticator the entire trip.
07/25/2011 01:43 PMPosted by Ramshakkle
People in hell want ice water. Doesn't mean they'll get it. An repeatedly "petitioning" Beelzebub won't accomplish anything. Take the hint.


Prove people in hell want ice water.

Doesn't change the fact that I want two-factor authentication, the same thing they sold to me over a year ago. I'm not asking for ice water.
They posted on the EU forums that they are looking in to it. They know you know about that one. So basically you have 14 threads now of QQ, and are whining now because you want a blue post of your very own, in your thread.

They are aware of your opinions and wants, and have nothing more to say at the moment.
They posted on the EU forums that they are looking in to it. They know you know about that one. So basically you have 14 threads now of QQ, and are whining now because you want a blue post of your very own, in your thread.

They are aware of your opinions and wants, and have nothing more to say at the moment.


So?
They posted on the EU forums that they are looking in to it. They know you know about that one. So basically you have 14 threads now of QQ, and are whining now because you want a blue post of your very own, in your thread.

They are aware of your opinions and wants, and have nothing more to say at the moment.


So?

after a month
a 'we are looking into it'
a ' !@#$ you n00bs'
a 'sorry we replied on the EU forums - <link here> '
would have probably sated us for a while

So go be sated. You got a 'we are looking into it'. That was the intended purpose of this thread. No reason for Blue to point you there if you've already seen it.


So?

after a month
a 'we are looking into it'
a ' !@#$ you n00bs'
a 'sorry we replied on the EU forums - <link here> '
would have probably sated us for a while

So go be sated. You got a 'we are looking into it'. That was the intended purpose of this thread. No reason for Blue to point you there if you've already seen it.


So?
Anyone who is using an authenticator to keep their brother/sister/boyfriend/girlfriend/roommate off of their WoW account have put themselves at risk. The whole point of a password is it is something that you know that you don't tell anyone else. If you're stupid enough to have such an easy password that they can guess it, you deserve to have them getting into your account.
07/25/2011 04:10 PMPosted by Nougat
Anyone who is using an authenticator to keep their brother/sister/boyfriend/girlfriend/roommate off of their WoW account have put themselves at risk. The whole point of a password is it is something that you know that you don't tell anyone else. If you're stupid enough to have such an easy password that they can guess it, you deserve to have them getting into your account.


Don't have to guess if they're using a keylogger. And not many people know to check their usb ports every time they log in.
Don't have to guess if they're using a keylogger. And not many people know to check their usb ports every time they log in.


Well you know, if they are willing to go to the extreme of plugging in a keylogger, why the hell would you even live with such a person?
@Gallante

You're not getting two-factor authentication back.

Considering how long it has been, how much of an outcry there has been (almost to the same level as the Real ID on the forums fiasco) the fact that the system is still the same tells me that Blizzard is NOT going to budge on this issue.

So you have two choices.

Deal with it or quit. Choose one.
07/25/2011 04:28 PMPosted by Dermach
You're not getting two-factor authentication back


In fact two factor authentication still exists. Your password is the first, the PC is the second. The authenticator was just a third form to allow the second form.
(almost to the same level as the Real ID on the forums fiasco)


LOL. Not even close.
According to a Tech Support rep I talked to this afternoon, the new smart login system is supposed to do a few things that we have observed it NOT doing.

For example: according to her, the system is only supposed to remember the LAST computer you logged in from. If the next login is NOT from that computer, it is supposed to prompt you. Multiple people have stated that it does not do this for them, including me.

Further, your IP address IS a part of the code on your computer that 'proves' that it's you. If your IP changes, it's supposed to prompt you. This one seems to be about a 50/50 chance. We've had a lot of people saying that it did so. Unfortunately, we've also had a lot of people stating that it did NOT for them.

From these two points alone, unless the Support rep was very mistaken on her info, the system is not working properly for a large number of people. I encourage people to test these two points on their own and post the results. If the results are as I suspect, we have just found two extremely large holes in the system that need to be patched. Please, test and post your results, positive or negative.

EDIT: update. According to another Tech Support rep I spoke with this evening, the information about the system only remembering the last computer you logged into, is incorrect. The system still remembers every computer you've logged into during the past seven months. The one flicker of hope is that his reaction to the news that authenticating your account on one computer grandfathered in every one of the OTHER computers as well, indicated that this might be a bug and that we may have a chance of seeing it fixed.

Join the Conversation

Return to Forum