Technically, only ways of getting hacked with authenticator is by someone hacking Blizzard servers, and there's absolutely nothing you can do with that. Other way is that you have a specific keylogger trojan on your computer that steals your authentication code as you type it and uses it simultaneously. It's possible and those kind of software are around, but it only happens if your own computer is infected. If you have an anti-virus software installed and updated, it's safe to say the latter will never happen. Then again, if you deal with any real money transactions on your computer and don't have an anti-virus software, someone hacking your battle.net account is the least of your worries.
you got word of mouth on 1 person i have yet to hear of 1 true case were someone got hacked while having an active autenticator on their account
and your story isn't sounding right if your officer DID get hacked he/she could have made a ticket along along with the gm and got the money back
MMO-Champ the place where calling out trolls get you into more trouble than trolling.
No offense..but when has WoW ever been "Hacked"?
Hacking is a felony(a rather severe one at that), The silly stuff you see in game is usually just exploiting, or packet sending/altering. The difference between hacking and the stuff you see in game is like the difference of Jaywalking and Serial killing. They aren't even in the same ball park.
As for how this would be handled - It's the exact same as someone whose Debt Card gets stolen. Only this would probably never happen since you need to do it from the IP the original account holder uses. I'm sure their'll be a lot of fail safes since we're dealing with real money - that only the biggest idiot could screw up.
IE Theirs a way for your acct to be compromised with the authenticater but it's incredibly difficult. You basically have to GIVE your authenticater numbers to a fake site AND your password, then not do anything about it for 5-10 minutes. It's no different from any other phishing site for your credit card info. If you're dumb with it, you'll lose it, the end. :P
Last edited by Yoshimiko; 2011-11-21 at 07:48 PM.
please supply a source.
not that I don't find it plausible but I'd like a source nevertheless.
either way you might or might not have noticed this but credit card information is rarely stored accessible to a user, i.e if you look at the credit card number it usually says **** **** **** 1234 or something like that.
this is essentially "online security for dummies", i.e "do not save valuable data in plain text".
also I would like to point out that the few times an authenticator-style security has been broken it has been in a controlled environment for the sole purpose of breaking it.
without going into too much detail authenticator codes are only valid for a very short period of time.
this means that whoever is trying to hack you can't just wait for you to login, steal your code and use it tomorrow. no he has to use it on the spot or else it won't work. this time critical step is a huge issue for attack methods such as key loggers.
it is just not feasible for a hacker to waste so much effort on an authenticator-protected account.
real life example:
who'd you rather date out of two twins, the one who is all over you or the one who ignores you?
Last edited by mmoc63f6c1cc20; 2011-11-21 at 07:59 PM.
Actually far from the truth, They have not released such a statement because there has been people that have been hacked it was on the front page about how it works when authenticators were released.
Its called a man in the middle attack and it basically blocks the code you entered from being sent to blizzards' servers, thus giving you an error, meanwhile they use the code that went to them instead to login.
It can be done its just quite rare.
OT: personally yes i do believe that anything that is using the RMAH should have extra "defences" Someone said that you have to put funds into your Battle.net account and not actually through anything else which is a good idea tbf, but i also think there needs to be something else I just personally can't figure out what.
No system is 100% secure. The obvious solution to bypass an authenticator is to use a man-in-the-middle attack. It's an attack that entails the hackers to intercept the message on the way to blizzards auth servers.
User enters username, password
System prompts for auth code
Man-in-the-middle forces system to display an invalid code error
Hacker on the other end of the man in the middle is waiting with the correct code and promptly uses it access b.net account
Last edited by Tyrianth; 2011-11-21 at 08:16 PM.
(This signature was removed for violation of the Avatar & Signature Guidelines)
they released that statement to cover their ass if and when someone did get hit by a mitm attack
i have yet to see one real claim over someone being hacked while having an authenticator please feel free to prove me wrong
till then while i know it is possible it is very very unlikely to happen and will continue to believe no one has been hit by one
Last edited by Orange Joe; 2011-11-21 at 09:56 PM.
MMO-Champ the place where calling out trolls get you into more trouble than trolling.
Like previously stated, if you have an authenticator on your account, if they don't have your authenticator, then they're not getting into your account, unless it's intercepted, and used, within 30 seconds of becoming active. Even less, due to human reaction time via typing and the code possibly not being refreshed at the exact second you look at it.
If you see yourself get disconnected within 30 seconds of logging in and get notice that your account tried to log in somewhere else besides your normal location and think "meh whatever I wont bother", then who's fault is that?