Page 1 of 3
1
2
3
LastLast
  1. #1
    Field Marshal
    Join Date
    Jul 2009
    Location
    Denmark
    Posts
    64

    Blizzard Authenticator - How secure is it?

    Hello,

    I have been using the Blizzard Authenticator for a long time now and I have been thinking about how secure it really is.

    Is it still possible to get hacked using the authenticator? Personally, I don't see how it should be possible when you need the authenticator in your physical possession.

  2. #2
    It's very secure.

    It's still possible to get hacked though, but it's extremely unlikely. https://en.wikipedia.org/wiki/Man-in-the-middle_attack
    "The secret of life is to appreciate the pleasure of being terribly, terribly deceived." -Oscar Wilde

    http://eu.battle.net/wow/en/characte...dinga/advanced

  3. #3
    Brewmaster juzalol's Avatar
    Join Date
    Dec 2009
    Location
    Finland
    Posts
    1,283
    The only way you get hacked with an authenticator is that you type your account information AND the authenticator
    code to a look a like website which will then log to you account with those information in the next 30 seconds.

    Other than that, I don't see you getting hacked with an authenticator.

  4. #4
    MarkeeDragon did a video on Auths about how it got cracked, That was in 2010 tho so its probably better now.

    Youtube "WoW Authenticators Cracked!" Since I can't post links ;_;

  5. #5
    You can still be hacked if someone wants your specific account badly enough. The gold farming hackers in general however wont bother. Its a deterrent, personally i got hacked about 3 times before i got one (twice before they were introduced) i didnt get hacked again until i broke my iphone and have the authenticator removed from my account. i was hacked again within 2 days of removing it and never again since putting it back on.

    consider that without an authenticator on your account when everyone else is using them, your account is more appealing to hackers. Considering its not costing you anything to use other then having to enter a code when you change IP address its best to keep it on there.

  6. #6
    Field Marshal
    Join Date
    Jul 2009
    Location
    Denmark
    Posts
    64
    Quote Originally Posted by pwnjitsu View Post
    You can still be hacked if someone wants your specific account badly enough. The gold farming hackers in general however wont bother. Its a deterrent, personally i got hacked about 3 times before i got one (twice before they were introduced) i didnt get hacked again until i broke my iphone and have the authenticator removed from my account. i was hacked again within 2 days of removing it and never again since putting it back on.

    consider that without an authenticator on your account when everyone else is using them, your account is more appealing to hackers. Considering its not costing you anything to use other then having to enter a code when you change IP address its best to keep it on there.
    I was also hacked once before I got the authenticator. Haven't had any problems since.

  7. #7
    What the.. If you get hacked so often, consider doing something about your obviously compromised PC.

  8. #8
    Quote Originally Posted by tejpis View Post
    What the.. If you get hacked so often, consider doing something about your obviously compromised PC.
    this, a little bit. Run a browser like firefox with noscript and adblock for a while. See just how many things are involved in each site, you can allow ads on sites you support like this one; but with this site as an example: There are 11 different sites to be allowed or blocked in NoScript. Most are not a problem, either related sites, information (like allowing wowhead, or servers they store info on), but some are trackers, adware, etc. that you are much better off leaving blocked. That is on a 'good' site such as this ... now if you are browsing unknown or untrusted sites, the argument for this self-protection is increased exponentially.

    My wife, who didn't use this form of protection, was using google chrome at the time I think, got the man in the middle or one of the other aggressive ones ... that steal your account info, including your authenticator, from the WoW login screen; and they start attempting immediately. She was getting booted and someone else was logging in, she'd log in and it'd boot them, but I was able to report it to a GM in game, while she was on the phone calling, trying to continue to get them booted. They managed to clear out a bit, and get to a neutral AH ... but it was stopped within minutes.

    They suggested scanning with malwarebytes, it found it ... you don't have to buy it. This was a couple years ago now. She also has a physical auth, not a phone one.


    I, on the other hand, so far, haven't been hacked. I use a phone auth, and have been using firefox with noscript for as long as I can recall. She has been attacked many times, but she also usually has a good bit of gold, usually a GM with a bank full of current xpac goodies, and leveled gathering profs, which they've actually used farming bots on her hacked account in the past.

    the auth is more secure than not having it, by far ... but taking other steps to keep not only your account secure, but your pc/self in general is just as helpful. Never follow email links. Always verify you are going to the battle.net to log in directly, any info they need to communicate with you, will be on your account page there, etc.

  9. #9
    Banned Superman-BladesEdge's Avatar
    Join Date
    Feb 2013
    Location
    Polishing the foot I plan to park in Blizzard's ass
    Posts
    5,359
    Have one on my Droid. It's kept me from getting hacked for a year now. Never had one before... will never be WITHOUT it again. Completely free on the phone, easy to use, great to have, and you get a Corehound pup pet just for getting it.

  10. #10
    Quote Originally Posted by tejpis View Post
    What the.. If you get hacked so often, consider doing something about your obviously compromised PC.

    I made the mistake of buying gold. MY account has had a target on it ever since. DONT BUY GOLD!

  11. #11
    I tried it for a while and found it to be a huge annoyance. If you don't do anything retarded on your PC, you won't have to worry about your account.

  12. #12
    Quote Originally Posted by Crysthalica View Post
    It's very secure.

    It's still possible to get hacked though, but it's extremely unlikely. https://en.wikipedia.org/wiki/Man-in-the-middle_attack
    Just wanted to quote this. A Man-in-the-middle attack is pretty much the only way to get around an blizz authenticator. That is generally more work then it's worth however.

    In theory it would be possible to reverse engineer them and that way make copies of a specific authenticator, but then you would still need to know the internal number of each autenticator, which (provided that Blizz are not idiots) are not the same thing as the number on the back of your authenticator.

  13. #13
    Well we had some officers in a casual guild long time ago, then some stuff happened in btw them one of them left taking most golds of guild bank. The other officer threatened him if he doesn't give back the gold he would hack his account etc, then the other guy was like haha you can't I got account authenticator etc. The other day he couldn't log in after 1 2 days of account recovery he noticed all his toons are naked and all his gold is gone. Seems if they know your email they can start a fake account recovery process with a fake ID and change the email. after that they hacked him again. Then when he (the victom) contacted Blizzard, Blizzard warned him you are doing stuff against ToS or something, it would be the last time they would recover the account.... He never played again lol
    Last edited by Xjev; 2013-05-21 at 02:49 PM.

  14. #14
    Your authenticator is basically like an alarm system for your house. It'll be a huge deterrent for the majority of hackers/attacks/etc out there, but if someone REALLY wants to hack your account, it's not 100% fool proof.

    That said, no reason NOT to use one. It's free and takes an extra 5 seconds at most at login.

  15. #15
    I've never had an issue with my authenticator so far. I'd say they're very secure and a lot better than some of the more awkward security features used elsewhere. Just be careful not to lose it!

  16. #16
    Used it since I started, not been hacked once.
    Believing in the Dominance theory/Alpha theory when it comes to dog handling, is the same as still believing that our planet is flat, moronic. Give your dog a better life, stop bullying it because you are afraid of something that doesn't exist.
    http://www.apdt.com/petowners/choose/dominance.aspx
    "Animals are not intelligent"...of course they are, the question is...are you? A different intelligence does NOT equal a lack of intelligence.

  17. #17
    Legendary! TJ's Avatar
    Join Date
    Jan 2010
    Location
    North Wales
    Posts
    6,205
    Quote Originally Posted by Crysthalica View Post
    It's very secure.

    It's still possible to get hacked though, but it's extremely unlikely. https://en.wikipedia.org/wiki/Man-in-the-middle_attack
    Yeah, agree. It improves the security of your account greatly, but that doesn't mean it's impossible, very unlikely but not impossible. I'm very happy with mine and the job it does.

  18. #18
    Elemental Lord Hyve's Avatar
    Join Date
    May 2011
    Location
    United Kingdom
    Posts
    8,208
    Nothing is 100% hack proof, but the Blizzard Authenticator is about 98% secure.

  19. #19
    I was hacked twice before I got one, and not since. Nothing is a guarantee, of course, but I would still say it is well worth the tiny cost.

  20. #20
    Its probably the strongest seccurity measure out there (not fail safe though). Since it was introduced I think Ive heard of a single case in which an avid hacker manage to use the last code to actually access the account. It was quickly resolved though.

    Its a measure that really makes it tough for hackers to bypass.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •