A Blizzard-fangirl reply

[Wildflowers]

So, this weekend, I spent most of my time doing stuff that wasn't playing WoW. Like playing Rockband. Because I enjoy Rockband.
But when I logged in to WoW, to my abject terror, it didn't ask me for my authenticator. No little window saying 'you need our double-blind system to verify who you are!'.
A quick google search later, and the blue posts told me that;
http://us.battle.net/wow/en/forum/topic/2674529777
That's right! Blizzard has actually made it LESS obtrusive to get into my games! I carry that authenticator around religiously, but on a rare occasion or two have had to literally drive home during lunch on raid days to grab it and get back so I can raid from work. And now Blizzard, who supplied this ingeniously good system, is making it even smarter for me?

It inspires me to write this because I just watched Jimquisition and.. for the first time.. I fully agree. We are having to put more and more malarky into more places. Blizzard removing a level of malarky? That's just.. so.. wow.
Btw, Steam? If you ask for me to check my email ONE MORE F**KING TIME WHEN IM ON THE SAME IP?! I will cry and ***** and moan and keep using you. Just know I'm upset about it.

(Side note - people are recruiting for guilds for SW:TOR on my server's trade chat. Lol?)
(Captcha - act of god. How.. Blizzard appropriate)

 

[Alfador_VII]

Why? Just... why? I like having that Authenticator prompt whenever I try to log in, it makes me feel more secure. Not to mention how everyone and their dog is getting hacked lately. This just seems like a terrible idea.

Yes it is a good thing, in general. If you're the only one logging into WoW in your house, then it's great. Doesn't reduce security at all, and speeds up login with less faffing about for your keyfob or smartphone.

The only problem comes if you share your PC, or possibly share a LAN with another PC, and are worried about someone else at the same location trying to use it.

Maybe there should be an opt-in for Always Authenticate?

 

[Scizophrenic Llama]

It does seem odd to make something easier to hack unless they've done some serious stuff in the background to make that obsolete(which I doubt).

The authentication should be an opt-in if they aren't going to enforce it, at least make it available.

Now I'm off to play some Rock Band, because I too enjoy doing that, and haven't in some time.

 

[Wolfram23]

I don't know what authenticator you're talking about, I guess they implemented that sometime after I quit playing... wasted too many years... Err, anyway, what I was going to say is - are you sure you should be raiding from work? lol! Reminds me of that probably gay guy on the enemy guild in The Guild.

 

[Jamboxdotcom]

Oh look, Blizzard got tired of making their raids and levelling easier, so now they've gone and made it easier to steal accounts. Snarkiness aside, this does kinda seem like a bad idea. Pretty sure someone could come up with malware that could copy a cookie, or copy your computer's id or whatever, while simultaneously keylogging you. And yes, i realize someone could keylog your authenticator code even now, but realistically, the window in which they could do it is pretty small. I dunno, though...maybe that wouldn't be any easier than reverse-engineering the authenticators or something. Ignore me, i r Luddite.

 

[Johnnyallstar]

This is one of the things that make me glad I quit 4 years ago. My father and brothers keep getting their accounts hacked, and won't listen to me when I say "Don't download any guides of any kind" and my dad thinks it's just forum trolling that keeps letting the hackers in, which it could be, but it's one thread with no links.

 

[Seanfall]

Hmm...I don't know how I feel about this...Is just tracking the physical location, or the IP address. Cause...I think either can be faked. Though...most hackers wouldn't bother unless they really wanted to fuck up your shit. I agree this should be an optional thing. Since I don't know...I PAID FOR THE DAMN THING TO USE THE DAMN THING!

 

[Avaholic03]

I'd rather just make hacking someone's account (any kind of account, from email to gaming) a capital offense. It's just such a shitty thing to do.

 

[Jordi]

So, this weekend, I spent most of my time doing stuff that wasn't playing WoW. Like playing Rockband. Because I enjoy Rockband.
But when I logged in to WoW, to my abject terror, it didn't ask me for my authenticator. No little window saying 'you need our double-blind system to verify who you are!'.
A quick google search later, and the blue posts told me that;
http://us.battle.net/wow/en/forum/topic/2674529777
That's right! Blizzard has actually made it LESS obtrusive to get into my games! I carry that authenticator around religiously, but on a rare occasion or two have had to literally drive home during lunch on raid days to grab it and get back so I can raid from work. And now Blizzard, who supplied this ingeniously good system, is making it even smarter for me?

It inspires me to write this because I just watched Jimquisition and.. for the first time.. I fully agree. We are having to put more and more malarky into more places. Blizzard removing a level of malarky? That's just.. so.. wow.
Btw, Steam? If you ask for me to check my email ONE MORE F**KING TIME WHEN IM ON THE SAME IP?! I will cry and ***** and moan and keep using you. Just know I'm upset about it.

(Side note - people are recruiting for guilds for SW:TOR on my server's trade chat. Lol?)
(Captcha - act of god. How.. Blizzard appropriate)

I have no idea what this authenticator thing is, but if (removing) it works for you, then great! I'm just really curious what kind of job you have that let's you play WoW.

 

[Cheesus333]

I'm sorry for being a retard, but what is an "Authenticator"?

Basically a little keychain gadget/smartphone app that generates a random code that you type in when you want to log in to World of Warcraft. It prevents account theft, apparently.

The problem is, if you don't have a sufficiently smart phone, you have to pay for the little keychain thing.

 

[Scabadus]

I thought the Steam thing checked your hardware serial numbers and not your IP address? Which... I guess actually makes it worse that it sometimes askes multiple times when you're on the same computer (well I was on the same computer anyway).

 

[Canid117]

I'm sorry for being a retard, but what is an "Authenticator"?

It provides a code that is linked to your account when you try to log in. This makes it significantly more difficult for third parties to log into your account without permission and makes it more difficult to steal characters.

OP: You raid from work? I can not see your boss being happy about that.

 

[KeyMaster45]

In June 2008, Blizzard announced the Blizzard Authenticator, available as a hardware security token or mobile application that provides two factor security. The token generates a one-time password based code that the player supplies when logging on. The password, used in addition to the user's own password, is only valid for a couple minutes, thus providing extra security against keylogging malware.

There's the info for those who don't know what the OP is talking about. To elaborate on it more it's pretty simple. You can either pay roughly $5 for the little key-chain authenticator or download the free app for your smartphone. Before anyone begins to piss and moan about the $5 (because someone inevitably will) the key-chain ones are sold at 0 profit for blizzard from what I understand. While your account could still be hacked it becomes significantly harder for the hackers to do so. The only known method at the moment is you have to willingly install a program onto your computer that acts as a middle man and snatches your authenticator code mid-login; returning an error for you and giving the hacker enough time to jack your account. It's still pretty damned unhackable and extremely effective; it's a much stronger wall of protection despite the prompt before each login. Even still it's totally optional and I speak from experience when I say that I went the years before it's introduction without ever getting my account hacked.

Of course every weapon of good eventually is adopted by evil and hackers soon realized they could use the authenticators to lock their victims out of their own accounts. Different from just changing the password it requires far more time for Blizzard CS to remove an unwanted authenticator from a battle.net account. (this is because a significant amount of proof is required from the actual account owner to verify the action)

So yeah, it's pretty much another step in the arms race for account theft, though it's a damn sturdy one.

Which brings me to the actual topic at hand. Can't say I agree with the smart disabling of authentication requirement as I imagine there are plenty of ways it can be compromised. I would much rather always need my authenticator handy to login. Hell it's why I got it in the first place. I feel that this only opens a window for the hackers to get in, and that Blizzard would probably be better off if they give users the option to not use the smart disabling.

 

[RanD00M]

Wait, wait wait wait wait wait wait, JUST FUCKING HOLD IT! You need an authenticator to get into WoW nowadays. Wow, just wow. And here I was hoping Blizzard to be rede- Who am I kidding, Blizzard has gone down the drains.

 

[Wildflowers]

In response to everyone;
I work for a software company, and I only raid after hours. I farm during stupid people tech phone calls about things that are so easy to fix, my eyes could bleed. Which they did actually, after this one phone call that took 3 hours. Anyways..
And I got hired because I tank, and my boss tanks. The entire interview was 'do you know how to remove a virus? My response - boot into safe mode, open registr--' and then he cut me off and we talked about WoW for an hour.

For those who don't know what the authenticator is, my basic understanding is this;
They generate a long ass list of numbers.
They generate another long ass list of numbers.
They generate a third long ass list of numbers.
They then match the first and third numbers, through come cockamamie algorythm, and then sync it to a time stamp (which is held in the authenticator and check by Bliz when you register). Essentially, there is no way to circumvent it because there isnt a place where the key is held after they delete the second list.

Could people not just slam Bliz and look at the subject matter at hand?
Yes, Bliz accounts got hacked a lot. Because they are big enough to warrant it. (Re: Macs vs PC). So they introduced an optional pay service for it.
You can choose to never use it.
You can choose to keep using the authenticator regardless of your home IP (or so a follow up post said).
And pro tip; any website you go to, any game you log in to, anywhere, any time, logs your IP address with something. You log into escapist? Or even GO to the site? They have your IP. Lets not be so naive to assume that they don't.

 

[Keava]

Wait, wait wait wait wait wait wait, JUST FUCKING HOLD IT! You need an authenticator to get into WoW nowadays. Wow, just wow. And here I was hoping Blizzard to be rede- Who am I kidding, Blizzard has gone down the drains.

You don't have to. But if you don't use it and have no idea about how to keep your PC clean and secure you do want it, hell you might want it anyway because it's another layer of security and the mobile app costs a 1$ or so. There is pretty much no reason to not use it considering the amount of hacking the game attracts.

Im not sure however if location check that disables the need for authenticator is good idea, depending how complex the system is and how accurate (like also pulling hardware data ontop of just ip) it may or may not allow to bypass the authenticator.

 

[Ranorak]

Wait, wait wait wait wait wait wait, JUST FUCKING HOLD IT! You need an authenticator to get into WoW nowadays. Wow, just wow. And here I was hoping Blizzard to be rede- Who am I kidding, Blizzard has gone down the drains.

You don't NEED it, it's totally optional.
It does however, greatly reduces the chance you get hacked.
And the 5 dollar price goes solely to Digipass, the company that makes it.

So yeah, down the drain indeed for giving players a chance to protect their online characters and giving away free in-game vanity pets with the purchase as well. evil evil blizzard!