Blizzard sued over authenticator

[Mekh]

While it may add up over 10M players, take note: Somebody there is going to court for 7 bucks.

[Deleted]

and you can play the game without authenticator so u are not forced.
and its available for free on mobile or comp as apps.

Total bullshit. I started playing just after cataclysm release, I had not used an authenticator and within 1 month of playing, someone had managed to hack my account. Wasn't a key logger on my pc, seemed to be a brute force attack and my bad with a weak password. Blizzard restored my stuff and told me I should use an authenticatior.

Blizzard should be doing more to secure accounts, I have played a game which implements a 2 password system. 1 is a password you set normally and another is similar to an authenticator but is set via a 4 digit code, bit like a pin code for your debit/credit card. Even an attempt checker to block your account after 5 tryies, would be 100 times better then what they currently have.

I'm not saying the lawsuit was justified, but hopefully this will be a wake up call to blizzard and now maybe we will get some better security features on our accounts, by default.

[Mekh]

If your password can be brute-forced, there's nop hope for you.

Could Blizz make unbreakable accounts? Of course. Why don't they do it? Same reason users pick weak passwords to begin with. They want fast access and don't feel like jumping through half a dozen hoops every time they log into the game. The moment they implemented a bigger lock, people would start complaining about the time it takes them to get the key out of their pants.

[nyc81991]

Total bullshit. I started playing just after cataclysm release, I had not used an authenticator and within 1 month of playing, someone had managed to hack my account. Wasn't a key logger on my pc, seemed to be a brute force attack and my bad with a weak password. Blizzard restored my stuff and told me I should use an authenticatior.

Blizzard should be doing more to secure accounts, I have played a game which implements a 2 password system. 1 is a password you set normally and another is similar to an authenticator but is set via a 4 digit code, bit like a pin code for your debit/credit card. Even an attempt checker to block your account after 5 tryies, would be 100 times better then what they currently have.

I'm not saying the lawsuit was justified, but hopefully this will be a wake up call to blizzard and now maybe we will get some better security features on our accounts, by default.

Blizzard is one the best companies when it comes to people being hacked. They never give you a problem getting your stuff back. Many other companies just say "too bad" and don't even offer authenticators.

It isn't their fault that people visit websites that steal their information and or use passwords for more than one thing.

[Deleted]

If your password can be brute-forced, there's nop hope for you.

Could Blizz make unbreakable accounts? Of course. Why don't they do it? Same reason users pick weak passwords to begin with. They want fast access and don't feel like jumping through half a dozen hoops every time they log into the game. The moment they implemented a bigger lock, people would start complaining about the time it takes them to get the key out of their pants.

Any password can be brute forced, depending on the time limit and the amount of loops per minute. Also yes, people don't want bigger loops to jump through, i still get annoyed when my IP resets and it asked for my authenticator code, but what is stopping blizzard giving the famous 5 tries = lock method? Any normal user will not notice a difference. I mean even if you forget your password, after the 3rd attempt you would normally just resort into resetting it anyway. I honestly do not see a reason why Blizzard has not added this, seems like common sense imo.

[Hyve]

The case will collapse. Blizzard won't be sued over this. No Lawyer, Judge or Jury would ever see this is a case.

---------- Post added 2012-11-12 at 02:12 PM ----------

Wasn't a key logger on my pc, seemed to be a brute force attack and my bad with a weak password. Blizzard restored my stuff and told me I should use an authenticatior.

Blizzard should be doing more to secure accounts, I have played a game which implements a 2 password system.

Those two statements make me laugh. They really do.

[Mekh]

Any password can be brute forced, depending on the time limit and the amount of loops per minute. Also yes, people don't want bigger loops to jump through, i still get annoyed when my IP resets and it asked for my authenticator code, but what is stopping blizzard giving the famous 5 tries = lock method? Any normal user will not notice a difference. I mean even if you forget your password, after the 3rd attempt you would normally just resort into resetting it anyway. I honestly do not see a reason why Blizzard has not added this, seems like common sense imo.

Standard brute-force methods usually take a dictionary and don't go AAAAAA, AAAAAB, AAAAAC... An easily memorized password such as [yourmomsmaidenname][yourdadsbirthday][dog/cat/horse] would likely already have enough permutations to outlast humanity, even at one attempt per second, unless her maiden name was pretty short, in which case you substitute your favourite dinosaur.

[Anjerith]

This is hilarious, the article purports that the people suing them say that Blizzard hasn't taken necessary steps to inform players how important authenticators are. There is a tooltip in-game, and they have a bloody quote they paste on any account security posts. Anything *remotely* related to account security has this thing on the end.

And they don't sell the authenticators, they are free. the $5.00 *barely* covers shipping. Also, what the hell? Use one of the free options. There is no reason in hell not to have an authenticator.

[MasterHamster]

That is a possibility. There are even people that offer their services to do this for free.

Sometimes I wish every thread would be monitored against naive posters. Could also have stopped one of my drunk threads

They do nothing against them? Yeah, that's easy to say since once a bot is banned, you don't notice them, do ya? We don't know how Blizzard handles the reports, or how they combat how bots exploit the games codes, but yeah, I am confident that I can speak for Blizzard and say that they are doing what they can.

Although I'll be frank and say that a huge banwave is loooong overdue.

[Seranthor]

Blizzard sued over authenticator

Hopefully this is a wake up call for them. I want to see them sued over bots in BGs too, bots are disallowed according to the EULA yet they do absolutely nothing about them.

Funny thing about nusiance lawsuits, the one that bring them have to pay for them, just because you CLAIM Blizzard isn't doing anything about bots, all they have to do is ban just a single person to shoot your claim full of holes. As far as the lawsuit you are referencing, it isn't and wont be going anywhere because they dont FORCE YOU to buy the damn authenticator. Those folks are gonna get tossed out of court pretty fast

[IRunSoFarAway]

Those two statements make me laugh. They really do.

And I thought 123456 was such a good password....damn you Blizzard!!!!! YOUR FAULT!!!

[Seranthor]

How do you know they do? You believe all the blue posts? The eu battleground forums are continuously full of complaints about bots, we get no official statements from Blizzard at all on the matter. We get crap like "Please use the report cheating feature", which doesn't work.

How do you know they DONT. They dont have to prove their innocence, you have to prove their guilt.

[Mekh]

And I thought 123456 was such a good password....damn you Blizzard!!!!! YOUR FAULT!!!

[Adam Jensen]

That's patently ridiculous. They're suing Blizzard because Blizzard is trying to provide protection for player accounts from malicious users? A device that costs $6 to buy, or is free on a smart phone? That is incredibly stupid.

That's like suing the police when someone steals from you for providing you with a security system . . .

[Deleted]

Standard brute-force methods usually take a dictionary and don't go AAAAAA, AAAAAB, AAAAAC... An easily memorized password such as [yourmomsmaidenname][yourdadsbirthday][dog/cat/horse] would likely already have enough permutations to outlast humanity, even at one attempt per second, unless her maiden name was pretty short, in which case you substitute your favourite dinosaur.

I guess you need to read up on brute force attacks a little more. What you described was a dictionary attack, brute force is where it will take, as you said, AAAAAA, AAAAAB, AAAAAC and go through the list.

Brute Force Attack: A Brute Force attack is a type of password guessing attack and it consists of trying every possible code, combination, or password until you find the correct one. This type of attack may take long time to complete. A complex password can make the time for identifying the password by brute force long.

Dictionary Attack: A dictionary attack is another type of password guessing attack which uses a dictionary of common words to identify the user’s password.

[Anjerith]

That's patently ridiculous. They're suing Blizzard because Blizzard is trying to provide protection for player accounts from malicious users? A device that costs $6 to buy, or is free on a smart phone? That is incredibly stupid.

That's like suing the police when someone steals from you for providing you with a security system . . .

It's like suing a waitress for giving you good service and then them expecting you to tip them!

[Adam Jensen]

That is a possibility. There are even people that offer their services to do this for free.

Hmm, yes, brilliant. Hire thousands of GMs for each battleground that plays at every minute of the day.

Guess that beats Barack Obama's Jobs Bill idea.

[Mekh]

I guess you need to read up on brute force attacks a little more. What you described was a dictionary attack, brute force is where it will take, as you said, AAAAAA, AAAAAB, AAAAAC and go through the list.

Your point being? Any decent password worth its salt cannot be brute-forced in a human lifetime. And every brute-force attack will naturally eventually go through dictionary words. A dictionary attack is quite simply more focused on most likely solutions and can still have a systematic or randomized generator attached to it, trying non-sensical variants as soon as real words have failed. And even then the energy source powering it will have already stopped working unless coincidence struck first, in which case it'd be just as likely to have struck within the 5 'free' attempts you are suggesting.

[Samaramon]

Wake up call for who? The guy who couldn't be arsed to download an app?

[Seranthor]

That is a possibility. There are even people that offer their services to do this for free.

Yes, Yes, and its possible that a great big space rock falls in front of your house and out jump the Swedish Bikini Team... as far as people offering their 'services'... what makes them or YOU qualfied for something like that?

Sure, they could hire a GM for every single battleground... and then they'd have to pass that cost along to the subscribers... Are you really and truly prepared to see your subscription feel increased by 20-30x... not 20-30$... but 20 or 30 times... as in instead of 15$ a month you'd pay 300$ a month.. think you can handle that kind of fee for the kind of special attention you are demanding?

---------- Post added 2012-11-12 at 08:34 AM ----------

Not necessarily disbelieve, but I do know that all are they is propaganda, you will never get a reply when you query such a post at least not on the EU forums, what are we supposed to think?

Just because you dont SEE any action means they aren't doing anything? is that it? Tell me something else... why should we believe YOUR claims over that of what Blizzard says?

---------- Post added 2012-11-12 at 08:36 AM ----------

The guy sueing them really needs to think about what hes doing.
"blizzard make money on the authenticaters", However a recall a bluepost not to long back stating they sell them at a loss (you pay for shipping basically)
"you are forced to use one on battlenet" again is a load of crap. Yes some guilds will force their use, but thats not blizard
Seems like a desperate grasp at money really, i hope blizzard steamroll him

I am pretty sure that there is a section in the EULA about causing a disruption in service... perhaps they'll use that clause to BAN those bringing or participating in the nuisance lawsuits.

---------- Post added 2012-11-12 at 08:42 AM ----------

Total bullshit. I started playing just after cataclysm release, I had not used an authenticator and within 1 month of playing, someone had managed to hack my account. Wasn't a key logger on my pc, seemed to be a brute force attack and my bad with a weak password. Blizzard restored my stuff and told me I should use an authenticatior.

Blizzard should be doing more to secure accounts, I have played a game which implements a 2 password system. 1 is a password you set normally and another is similar to an authenticator but is set via a 4 digit code, bit like a pin code for your debit/credit card. Even an attempt checker to block your account after 5 tryies, would be 100 times better then what they currently have.

I'm not saying the lawsuit was justified, but hopefully this will be a wake up call to blizzard and now maybe we will get some better security features on our accounts, by default.

here is a list of things you can do to safeguard your Wow account.

1. Stay the FUCK off the gold buying websites.
2. Dont use the email address on your Battle.net account for anything BUT that.
3. Dont use the same damn password for your Battle.net account that you use for the gold buying website you use. Use a completely different password.

and that right there is ALL THE DAMN SECURITY YOU NEED.

in 15 years of online gaming with dozens of games I've never been hacked, not a single damn time.