MMO-Champion - Battle.net Authenticator Changes
Forum Software Update - We updated the site to the latest version of vBulletin and you might have noticed that the text editor changed. If you want to revert back to the old editor go at the bottom of your profile settings and select the Basic or Standard editor.

Battle.net Authenticator Changes
Originally Posted by Zarhym (Blue Tracker / Official Forums)
If you use an authenticator – and we hope you do – you may soon notice that an authenticator prompt may not appear with every login. We’ve recently updated our authentication system to intelligently track your login locations, and if you’re logging in consistently from the same place, you may not be asked for an authenticator code. This change is being made to make the authenticator process less intrusive when we’re sure the person logging in to your account is you.

We hope to continue improving the authenticator system to ensure the same or greater security, while improving and adding features to make having one a more user friendly experience. If you don’t already have a Battle.net Authenticator attached to your account, don’t wait until it’s too late - http://us.battle.net/en/security/checklist
This article was originally published in forum thread: Battle.net Authenticator Changes started by Boubouille View original post
Comments 410 Comments
  1. Tzo's Avatar
    Should be able to opt out of this service.
  1. stumpy's Avatar
    Quote Originally Posted by ptwonline View Post
    Knowing Blizzard, they haven't thought this the whole way through. These are the same people who wanted your account name to be much more freely visible without your control, remember?
    This is also the same community that shat bricks over the battle.net 2.0 merger two years ago, flooding the forums with demands that it be reversed or made optional and dire predictions of the death of account security.
  1. zhero's Avatar
    Quote Originally Posted by Fizzlethorpe View Post
    Because absolutely nothing can spoof an IP address.
    you do understand that if someone spoofs your IP they DO NOT receive anything back, especially with them responding to the spoofed IP address?
  1. Spammeister's Avatar
    I would like to subscribe to everyone's newsletter :P

    If you like it or not, it doesn't matter; it's here to stay. Beating dead horses or preaching to choirs won't change anything...So grab a beer and CHILL THE HECK OUT.
  1. Exera's Avatar
    Understanding something before going in an angry mob modus is always helpful, but hey this is MMO Champion where the majority of posters and readers read headlines and nothing else.
  1. orzhagen's Avatar
    Quote Originally Posted by Blaze View Post
    MASSIVE load of degenerates posting comments.
    Please, if you have no idea what you're talking about, do not post.
    Mega reponsepost incoming.


    Are you stupid?
    THEY WOULD STILL NEED TO INPUT YOUR PASSWORD, unless you are an absolute fool and keep all your passwords (including your World of Warcraft one) in a text file on your desktop under the name "ALL MY PASSWORDS.txt".
    If your laptop gets taken from you, whilst you are sitting there, logged in to your account and then you get hacked because of it, well sir, you deserve to be hacked.


    Idiot. Don't try and pretend to be smart.


    "w/e its blizzards choice" - Don't make ignorant remarks.
    Nothing has changed for you.


    This makes no sense at all?
    Nothing has changed, you will still be inputting Authenticator codes if you do not log into said account numerous times from one location? Which you clearly don't as they are your friends, who play at home usually, right?






    You are all morons.


    You really think "LulzSec/Anonymous" are the only groups of hackers around? Think again.
    You really think this has only been happening "lately" ? Think again.
    There are bigger and worse organisations, but I would think these groups have bigger targets to deal with than hacking into YOUR World of Warcraft account and stealing all your gold coins. Which anyhow, if said event does take place, you can easily ticket a GM and have everything stolen back within an hour.

    - Simple responses for simple individuals.


    Well said Sir, it's good to see some have brains in this community.
    + praise to numerous others as well but this post is already long enough.


    I myself have gamed online for plentiful years and never been hacked once. Want to know why I haven't, and numerous other people like me also haven't?
    I do not click retard links that claim I've won a prize on websites.
    I do not click retard links that direct me to a FREE WOW GOLD WEBSITE.
    I do not click links to obvious phishing websites (and when I say obvious, YES THEY ARE FUCKING OBVIOUS - LOOK AT THE URLS)
    I do not follow links in stupid spam emails.
    I do not download retard programs that claim will double my money and create me epic swords.
    And above all, I am not a fucking idiot.
    At the end of the day if you get hacked, it's your own fault 99.99% of the time, simple as that.

    This is not an "EXTREMELY RISKY MOVE" on Blizzard's part.

    I'm glad I don't play this game with ridiculous human beings such as yourselves anymore.
    Good day.
    Who gives you the right to call people stupid and "you don't know what you're talking about, so don't post".
    This is an open forum for anyone to come and post their own thoughts/ideas and opinions.
    Let them speak their mind. You wrote a big essay here about how you are not a RETARD yourself. Applauds to you.
    Deal with the comments or don't read them in the first place.
  1. c2dholla619's Avatar
    this is good is was so annoying to disconnect and then have to grab my phone open app enter code such a headache
  1. Perendi's Avatar
    I appreciate Blizzard making changes to battle.net to assist in making World of Warcraft a little easier for everyone involved. Unfortunately I have a couple concerns with the new authenticator changes. My first concern is account security.
    We’ve recently updated our authentication system to intelligently track your login locations, and if you’re logging in consistently from the same place, you may not be asked for an authenticator code.
    Now we can assume that Blizzard will track IP addresses but it is not 100% clear in this posting. So will they be tracking specific IP addresses or just common locations we as players are logging in from? I am concerned mainly in part because I can imagine that some of the millions of players play from internet cafe's on a regular basis, or play from a computer that is not their own. Before this change authenticators gave them security, and now that is no longer an option. My second concern is friendly fraud.
    This change is being made to make the authenticator process less intrusive when we’re sure the person logging in to your account is you.
    This is a great idea Blizzard but like any other system there will be flaws. There is no 100% way to confirm that you the registered user on the account is logging in but with an authenticator it was very close. The concern here is if someone lives with someone they trust (i.e. a family member, or a spouse) they did not have to be concerned about their account because of an authenticator. If something happens to disrupt the relationship or trust, the current changes to the authentication system now put the user's account in danger until they are at a location where they can change their password. An example would be if a married couple were to split up or have a falling out and one of them maliciously logged in from a trusted IP and destroy characters or even worse, the account as a whole. A way that these concerns could be addressed by Blizzard is very simple. Give the players who wish to still be prompted for an authenticator code every time they log in, the option to do so. Put in an option in the battle.net account settings to, A) Prompt me for my authenticator every time I log in to battle.net. or B) Use the Smart Authenticator system. or Trusted Authenticator system. The solution is simple and hopefully someone, somewhere at Blizzard will read this and give those players who feel safer punching in codes the option to do so.
  1. Dawnslayer's Avatar
    This should be an option to turn on and off, we pay our subscription fee's which in turn has our details and payment methods on it and blizzard just take it upon themselves to say this change has happened and there is nothing you can do about it. Make it an option don't dictate what can or can't be done on our accounts we pay for. i also noticed that the blizzard battlenet login still asks you for your authenticator code so why is it still on there and not on our game. If this is so secure remove it from the battlenet, then we'll see some actions from hackers.
  1. Suikoden's Avatar
    I consider it idiotic because there is simply no "opt out" option ANYWHERE.
  1. Korth's Avatar
    Though it feels rather irrational, I would still like to have the option to opt out of this. I spent all day digging my phone out of my pocket every time I logged in anyway, just out of habit. I know I'll break that pretty soon, but the change doesn't strike me as that convenient. *shrug*
  1. bbr's Avatar
    This will save some battery life as well
  1. argrenda's Avatar
    Ok So I'm new to MMO Champ but I posted this on the WoW forums and it seams to fix the problem, however its more of a hack then a fix.

    Open RegEdit
    Navigate to this folder withing the left window pane:
    HKEY_CURRENT_USER\Software\Blizzard Entertainment\Battle.net\Authenticator

    In the right pane 2 keys will show up.
    Key 1: (Default) - REG_SZ
    Key 2: Cached-XXXXXXXXX - REG_BINARY

    all the X's will be different based on your system configuration.

    Only delete the second one that starts with "Cached-". Mine says Cached-D07F1C03F7B45A46


    Now back on the left pane, right click on Authenticator and select Permissions.
    Select your Windows Profile and in the second window under where it says "Permissions for (username of account)

    Check the two boxes that say "Deny" next to "Full Control" and "Read". Then click OK.

    (EDIT Then click Yes on the next window that comes up.

    When I did this, each time I logged in it started asking for the authenticator code every time I logged in.

    I know this is a registry hack but it works, and I know noone should ever have to do this but this is the one solution that I've found works. You will only have to do this one time and even if they've implemented it on their other platforms they to will continue to prompt for your auth code.

    (EDIT 2 Under any circumstances, DO NOT edit anything else in the registry unless you absolutely know what you are doing.
  1. Nezrahm's Avatar
    Quote Originally Posted by argrenda View Post
    Ok So I'm new to MMO Champ but I posted this on the WoW forums and it seams to fix the problem, however its more of a hack then a fix.

    Open RegEdit
    Navigate to this folder withing the left window pane:
    HKEY_CURRENT_USER\Software\Blizzard Entertainment\Battle.net\Authenticator

    In the right pane 2 keys will show up.
    Key 1: (Default) - REG_SZ
    Key 2: Cached-XXXXXXXXX - REG_BINARY

    all the X's will be different based on your system configuration.

    Only delete the second one that starts with "Cached-". Mine says Cached-D07F1C03F7B45A46


    Now back on the left pane, right click on Authenticator and select Permissions.
    Select your Windows Profile and in the second window under where it says "Permissions for (username of account)

    Check the two boxes that say "Deny" next to "Full Control" and "Read". Then click OK.

    (EDIT Then click Yes on the next window that comes up.

    When I did this, each time I logged in it started asking for the authenticator code every time I logged in.

    I know this is a registry hack but it works, and I know noone should ever have to do this but this is the one solution that I've found works. You will only have to do this one time and even if they've implemented it on their other platforms they to will continue to prompt for your auth code.

    (EDIT 2 Under any circumstances, DO NOT edit anything else in the registry unless you absolutely know what you are doing.
    This is not an acceptable solution. What you have done is forcing the use of an Authenticator on _your_ computer but it's still very much possible for your authentication to get cached on another computer (Internet cafe etc). What I want is an option in the battle.net account settings to toggle this behaviour for my account and not a hack for a specific computer.
  1. dazmck10's Avatar
    hmmmm what about key-loggers....
  1. Ausr's Avatar
    Quote Originally Posted by dazmck10 View Post
    hmmmm what about key-loggers....
    If the person trying to hack into your account is on another computer, it'll prompt him with the window. Unless he also somehow knows where you live, that's the only way he'll get inside of it.

    Honestly people, please read up on this and actually understand this before you whine.

    edit: the whining part does not apply to the person I responded to, sorry.
  1. AlysonMeyer's Avatar
    Soo much paranoia in here. "What if someone steal my computer, huh? HUH!?" Chances are, if someone is going to steal your computer, they aren't doing it for your WoW account. And if you're frequently logging on at a friend's place, then you should be able to trust them enough to not think they'd hack you the moment this change got through.

    I've put out getting an authenticator because my internet is unstable at times, and I don't want to type in the code along with my password whenever I disconnect. This change might actually make me want to get one.
  1. ccckkk's Avatar
    Just "wow" - another example of how people will qq about absolutely anything.

    Why not open a text file and just type in the code from your authenticator if it makes you feel better? Maybe someone could write something that skins the textbook for added realism?

    Nice change - I'm logging in and out just for the fun of it right now. I may even put my authenticator in a drawer later today and have a tidier desk - good times! And I still haven't been hacked (and something tells me that in x years time I still won't be...)
  1. narcan's Avatar
    just add a proxy service to your keylogging virus and ta-dah, mighty auth with their nice 30s ttl password instantly made useless.
  1. Symithlol's Avatar
    That's awesome news

Site Navigation