MMO-Champion - Battle.net Authenticator Changes
Forum Software Update - We updated the site to the latest version of vBulletin and you might have noticed that the text editor changed. If you want to revert back to the old editor go at the bottom of your profile settings and select the Basic or Standard editor.

Battle.net Authenticator Changes
Originally Posted by Zarhym (Blue Tracker / Official Forums)
If you use an authenticator – and we hope you do – you may soon notice that an authenticator prompt may not appear with every login. We’ve recently updated our authentication system to intelligently track your login locations, and if you’re logging in consistently from the same place, you may not be asked for an authenticator code. This change is being made to make the authenticator process less intrusive when we’re sure the person logging in to your account is you.

We hope to continue improving the authenticator system to ensure the same or greater security, while improving and adding features to make having one a more user friendly experience. If you don’t already have a Battle.net Authenticator attached to your account, don’t wait until it’s too late - http://us.battle.net/en/security/checklist
This article was originally published in forum thread: Battle.net Authenticator Changes started by Boubouille View original post
Comments 410 Comments
  1. det's Avatar
    The amount of uneducated and spontaneous QQ without ever thinking appears staggering. Only people who constantly log from the same place get this convinience. If you log from random places a lot, you still see a authenticator code. Yes, this is risky when you are held hostage in your home, your unprotected laptop is on and the authenticator nearby - but you might have slighly larger problems in this case than worrying if the criminal in your home is gonna take your WoW purpleZ. ^^
  1. Guyon's Avatar
    They should log in your profile every login and login attempt so you can track easily if someone is trying to scam you
  1. Cruesli's Avatar
    Quote Originally Posted by huldu View Post
    This is a very risky move. If i already have your login/password through a trojan it means i already infected your computer. From there on i can easily probe your computer and route my connection through yours, and then it would appear that it is *you* connecting and not me. Hence the authenticator would be useless as it wouldn't even ask *you* for the pin. Bad, bad... Let's kick it up a notch, since they're doing this for money it means they most likely have the tools. I'd launch WoW from your computer when you're not even playing. Even if you detected it, it would be no different from you trying to log in while they are shifting your gold elsewhere. I remember the good old days of netbus. Was that not fun.
    Really? When people manage to do all that you really think the first thing they're gonna do is login on an account from some random game? You really overvalue your wow account lol.
  1. Kryos's Avatar
    Quote Originally Posted by Blackspur View Post
    2) Proxy IP server. Do you really think a multi-billion dollar company would solely base your location off of your IP, seriously?
    After what we saw in the past - sure, I don't trust any security in the gaming industrie. Security costs money and because you don't see it, it's one of the first things they try to minimize to economize.

    ---------- Post added 2011-06-17 at 08:37 AM ----------

    Quote Originally Posted by Cruesli View Post
    Really? When people manage to do all that you really think the first thing they're gonna do is login on an account from some random game? You really overvalue your wow account lol.
    In my guild alone 6 people have been hacked in the past - it's very common to get your account hacked if you don't use the authenticator. That's why I really don't want this new feature enabled. I prefer to type in my code every time just to be sure.
  1. Msi's Avatar
    Quote Originally Posted by Blaze View Post
    MASSIVE load of degenerates posting comments.
    Please, if you have no idea what you're talking about, do not post.
    Mega reponsepost incoming.


    Are you stupid?
    THEY WOULD STILL NEED TO INPUT YOUR PASSWORD, unless you are an absolute fool and keep all your passwords (including your World of Warcraft one) in a text file on your desktop under the name "ALL MY PASSWORDS.txt".
    If your laptop gets taken from you, whilst you are sitting there, logged in to your account and then you get hacked because of it, well sir, you deserve to be hacked.


    Idiot. Don't try and pretend to be smart.


    "w/e its blizzards choice" - Don't make ignorant remarks.
    Nothing has changed for you.


    This makes no sense at all?
    Nothing has changed, you will still be inputting Authenticator codes if you do not log into said account numerous times from one location? Which you clearly don't as they are your friends, who play at home usually, right?






    You are all morons.


    You really think "LulzSec/Anonymous" are the only groups of hackers around? Think again.
    You really think this has only been happening "lately" ? Think again.
    There are bigger and worse organisations, but I would think these groups have bigger targets to deal with than hacking into YOUR World of Warcraft account and stealing all your gold coins. Which anyhow, if said event does take place, you can easily ticket a GM and have everything stolen back within an hour.

    - Simple responses for simple individuals.


    Well said Sir, it's good to see some have brains in this community.
    + praise to numerous others as well but this post is already long enough.


    I myself have gamed online for plentiful years and never been hacked once. Want to know why I haven't, and numerous other people like me also haven't?
    I do not click retard links that claim I've won a prize on websites.
    I do not click retard links that direct me to a FREE WOW GOLD WEBSITE.
    I do not click links to obvious phishing websites (and when I say obvious, YES THEY ARE FUCKING OBVIOUS - LOOK AT THE URLS)
    I do not follow links in stupid spam emails.
    I do not download retard programs that claim will double my money and create me epic swords.
    And above all, I am not a fucking idiot.
    At the end of the day if you get hacked, it's your own fault 99.99% of the time, simple as that.

    This is not an "EXTREMELY RISKY MOVE" on Blizzard's part.

    I'm glad I don't play this game with ridiculous human beings such as yourselves anymore.
    Good day.
    +1 for you sir
  1. Jdd89's Avatar
    Quote Originally Posted by poachingbear View Post
    This new change is not liked by me at all. What if somebody managed to take my laptop when i wasnt looking? Accounts could be hacked soo easily, waste of an authenticator. And to save time when youre dc'd in a raid? It takes two seconds to enter in a SIX digit number...
    If someone takes your laptop then they will still likely be asked for your auth key as your laptop does not have its very own IP address. IP address comes from the physical location not the object used to login at that location.
  1. L05_PL's Avatar
    i just see the change beeing rewerted after 2-3days of getting tons of "omg i just got hacked"... i guess they dont really know how much information you can stole and use it to "lie" the auth server... gg
  1. Djuntas's Avatar
    DO. NOT. FUCKING. WANT. THAT.

    Are they stupid, seriously? It takes 6-10 secs to type it inn, now they just make authenticator useless to me. Im not internet-e-hero-security dude, but anyone knows thats bloody stupid.
  1. Keosen's Avatar
    Quote Originally Posted by L05_PL View Post
    i just see the change beeing rewerted after 2-3days of getting tons of "omg i just got hacked"... i guess they dont really know how much information you can stole and use it to "lie" the auth server... gg
    Clueless poster is clueless.
    A combination of data from a PC can make it unique in the entire world adding encryption algorithms to it can make it even stronger.
    But trying to explain things like this to you would be a waste of time i better explain it to a cow.

    The new system is perfectly safe and it's a very nice and intelligent move to get rid of the authenticator input while keeping the same level of security.
  1. Terrorbladez's Avatar
    personally i think its a great change, it doesn't change a thing really. unless someone broke into my house and was a wow addict and sat at my computer to play, but hed still need a pssword lol. so tbh all this hate posts have no clue how it truely works and/or don't own a authenticator already.
  1. Velthy's Avatar
    I love the change. I stopped using authenticator for months cos was too lazy to type the code every time, now its win.
  1. Terrorbladez's Avatar
    Quote Originally Posted by Nightelfsb View Post
    DO. NOT. FUCKING. WANT. THAT.

    Are they stupid, seriously? It takes 6-10 secs to type it inn, now they just make authenticator useless to me. Im not internet-e-hero-security dude, but anyone knows thats bloody stupid.
    It dont make it useless to you at all, if you log on from a different location, i.e round your mates. itll ask for the code. subsequently, if your account is being accessed from a totally wierd location it'll ask for the code, so your account is still secured by the authenticator unless thefts like using your comp to play wow while their stealing your belongings
  1. Smygulf's Avatar
    Ive worked several years with network security for companies. Honestly i really dont see a problem with this...seems everything is covered. Im all for it!
  1. Keosen's Avatar
    Well to all that worrying about security but don't have the technical background to understand how it works.

    There are countless ways of creating a UUID (universally unique identifier) for a PC there is no way for someone to fake this ID unless the encryption algorithms or whatever Blizzard is using to create this ID get stolen or something or if someone broke into your house and log in from your pc.

    A simple example (not entirely accurate though) will be creating an ID by reading the serial numbers of various hardware parts hashing with a unique key like the mac address of your router and voila you got your own unique key than cannot be copied unless you know how it was created in first place.

    The ID is unique by all means, it's like your retinal signature, it's perfectly safe and you can safely stop whining and embarrassing yourself.
  1. Yuefairchild's Avatar
    When they introduced the dial-in authenticator, I switched to it, and got hacked almost immediately. Didn't pick it up at all.

    I'm concerned.
  1. Doldoc's Avatar
    I do hope they just check for your MAC adress Problem solved for all the dislikers here.
  1. Gramexer's Avatar
    Quote Originally Posted by Keosen View Post
    Well to all that worrying about security but don't have the technical background to understand how it works.

    There are countless ways of creating a UUID (universally unique identifier) for a PC there is no way for someone to fake this ID unless the encryption algorithms or whatever Blizzard is using to create this ID get stolen or something or if someone broke into your house and log in from your pc.

    A simple example will be creating an ID by reading the serial numbers of various hardware parts hashing with a unique key like the mac address of your router and voila you got your own unique key than cannot be copied unless you know how it was created in first place.

    The ID is unique by all means, it's like your retinal signature, it's perfectly safe and you can safely stop whining and embarrassing yourself.
    This.

    And if someone really stoles your computer, he needs your password. If you're stupid enough to save your password to notepad, then it's your own fault.
  1. Lolman's Avatar
    Such silly ideas, why would you need authenticator in the first place? Can't you be careful? Maybe get a second hand PC to watch all the porn and virus contained sites. Jesus chirst monkey balls, how hard can it be? I never got hacked, and i had no authenticator at all. Keep you PC clean and you have nothing to worry about (and not to log in to phishing sites). You should not need it if you watch for phishing sites and virus infected porns.
  1. Asmodias's Avatar
    Im skeptical about this change, but Blizz knows what its doing (most of the time). The only real problem I see is friends potentially messing with you. I dunno though. I guess I will sit back and hope that it works for the best.
  1. donPilgaard's Avatar
    This is stupid. Just plain stupid. I'd rather spend the 4 seconds it takes to login with the authenticator..

Site Navigation