Page 1 of 3
1
2
3
LastLast
  1. #1
    Deleted

    Blizzard Authenticator - How secure is it?

    Hello,

    I have been using the Blizzard Authenticator for a long time now and I have been thinking about how secure it really is.

    Is it still possible to get hacked using the authenticator? Personally, I don't see how it should be possible when you need the authenticator in your physical possession.

  2. #2
    Deleted
    It's very secure.

    It's still possible to get hacked though, but it's extremely unlikely. https://en.wikipedia.org/wiki/Man-in-the-middle_attack

  3. #3
    Brewmaster juzalol's Avatar
    10+ Year Old Account
    Join Date
    Dec 2009
    Location
    Finland
    Posts
    1,285
    The only way you get hacked with an authenticator is that you type your account information AND the authenticator
    code to a look a like website which will then log to you account with those information in the next 30 seconds.

    Other than that, I don't see you getting hacked with an authenticator.

  4. #4
    Deleted
    MarkeeDragon did a video on Auths about how it got cracked, That was in 2010 tho so its probably better now.

    Youtube "WoW Authenticators Cracked!" Since I can't post links ;_;

  5. #5
    You can still be hacked if someone wants your specific account badly enough. The gold farming hackers in general however wont bother. Its a deterrent, personally i got hacked about 3 times before i got one (twice before they were introduced) i didnt get hacked again until i broke my iphone and have the authenticator removed from my account. i was hacked again within 2 days of removing it and never again since putting it back on.

    consider that without an authenticator on your account when everyone else is using them, your account is more appealing to hackers. Considering its not costing you anything to use other then having to enter a code when you change IP address its best to keep it on there.

  6. #6
    Deleted
    Quote Originally Posted by pwnjitsu View Post
    You can still be hacked if someone wants your specific account badly enough. The gold farming hackers in general however wont bother. Its a deterrent, personally i got hacked about 3 times before i got one (twice before they were introduced) i didnt get hacked again until i broke my iphone and have the authenticator removed from my account. i was hacked again within 2 days of removing it and never again since putting it back on.

    consider that without an authenticator on your account when everyone else is using them, your account is more appealing to hackers. Considering its not costing you anything to use other then having to enter a code when you change IP address its best to keep it on there.
    I was also hacked once before I got the authenticator. Haven't had any problems since.

  7. #7
    What the.. If you get hacked so often, consider doing something about your obviously compromised PC.

  8. #8
    Quote Originally Posted by tejpis View Post
    What the.. If you get hacked so often, consider doing something about your obviously compromised PC.
    this, a little bit. Run a browser like firefox with noscript and adblock for a while. See just how many things are involved in each site, you can allow ads on sites you support like this one; but with this site as an example: There are 11 different sites to be allowed or blocked in NoScript. Most are not a problem, either related sites, information (like allowing wowhead, or servers they store info on), but some are trackers, adware, etc. that you are much better off leaving blocked. That is on a 'good' site such as this ... now if you are browsing unknown or untrusted sites, the argument for this self-protection is increased exponentially.

    My wife, who didn't use this form of protection, was using google chrome at the time I think, got the man in the middle or one of the other aggressive ones ... that steal your account info, including your authenticator, from the WoW login screen; and they start attempting immediately. She was getting booted and someone else was logging in, she'd log in and it'd boot them, but I was able to report it to a GM in game, while she was on the phone calling, trying to continue to get them booted. They managed to clear out a bit, and get to a neutral AH ... but it was stopped within minutes.

    They suggested scanning with malwarebytes, it found it ... you don't have to buy it. This was a couple years ago now. She also has a physical auth, not a phone one.


    I, on the other hand, so far, haven't been hacked. I use a phone auth, and have been using firefox with noscript for as long as I can recall. She has been attacked many times, but she also usually has a good bit of gold, usually a GM with a bank full of current xpac goodies, and leveled gathering profs, which they've actually used farming bots on her hacked account in the past.

    the auth is more secure than not having it, by far ... but taking other steps to keep not only your account secure, but your pc/self in general is just as helpful. Never follow email links. Always verify you are going to the battle.net to log in directly, any info they need to communicate with you, will be on your account page there, etc.

  9. #9
    Banned -Superman-'s Avatar
    10+ Year Old Account
    Join Date
    Feb 2013
    Location
    Unsubbed til flight returns.
    Posts
    10,079
    Have one on my Droid. It's kept me from getting hacked for a year now. Never had one before... will never be WITHOUT it again. Completely free on the phone, easy to use, great to have, and you get a Corehound pup pet just for getting it.

  10. #10
    Quote Originally Posted by tejpis View Post
    What the.. If you get hacked so often, consider doing something about your obviously compromised PC.

    I made the mistake of buying gold. MY account has had a target on it ever since. DONT BUY GOLD!

  11. #11
    Banned Illiterate's Avatar
    10+ Year Old Account
    Join Date
    Feb 2012
    Location
    US-Emerald Dream
    Posts
    3,047
    I tried it for a while and found it to be a huge annoyance. If you don't do anything retarded on your PC, you won't have to worry about your account.

  12. #12
    Deleted
    Quote Originally Posted by Crysthalica View Post
    It's very secure.

    It's still possible to get hacked though, but it's extremely unlikely. https://en.wikipedia.org/wiki/Man-in-the-middle_attack
    Just wanted to quote this. A Man-in-the-middle attack is pretty much the only way to get around an blizz authenticator. That is generally more work then it's worth however.

    In theory it would be possible to reverse engineer them and that way make copies of a specific authenticator, but then you would still need to know the internal number of each autenticator, which (provided that Blizz are not idiots) are not the same thing as the number on the back of your authenticator.

  13. #13
    Well we had some officers in a casual guild long time ago, then some stuff happened in btw them one of them left taking most golds of guild bank. The other officer threatened him if he doesn't give back the gold he would hack his account etc, then the other guy was like haha you can't I got account authenticator etc. The other day he couldn't log in after 1 2 days of account recovery he noticed all his toons are naked and all his gold is gone. Seems if they know your email they can start a fake account recovery process with a fake ID and change the email. after that they hacked him again. Then when he (the victom) contacted Blizzard, Blizzard warned him you are doing stuff against ToS or something, it would be the last time they would recover the account.... He never played again lol
    Last edited by Xjev; 2013-05-21 at 02:49 PM.

  14. #14
    Your authenticator is basically like an alarm system for your house. It'll be a huge deterrent for the majority of hackers/attacks/etc out there, but if someone REALLY wants to hack your account, it's not 100% fool proof.

    That said, no reason NOT to use one. It's free and takes an extra 5 seconds at most at login.

  15. #15
    I've never had an issue with my authenticator so far. I'd say they're very secure and a lot better than some of the more awkward security features used elsewhere. Just be careful not to lose it!

  16. #16
    Used it since I started, not been hacked once.

  17. #17
    Elemental Lord TJ's Avatar
    10+ Year Old Account
    Join Date
    Jan 2010
    Location
    North Wales
    Posts
    8,015
    Quote Originally Posted by Crysthalica View Post
    It's very secure.

    It's still possible to get hacked though, but it's extremely unlikely. https://en.wikipedia.org/wiki/Man-in-the-middle_attack
    Yeah, agree. It improves the security of your account greatly, but that doesn't mean it's impossible, very unlikely but not impossible. I'm very happy with mine and the job it does.

  18. #18
    Nothing is 100% hack proof, but the Blizzard Authenticator is about 98% secure.

  19. #19
    I was hacked twice before I got one, and not since. Nothing is a guarantee, of course, but I would still say it is well worth the tiny cost.

  20. #20
    I was brute force hacked once back in 2005. Came back from deployment to find that my account had been banned for exploiting the economy (aka gold farming/selling).

    Started the game again on a new account in 2006, and haven't been hacked since. I have had an authenticator keyfob on the account for several years now, and have a second unused authenticator keyfob in my desk (in case the original is damaged or stops working).

    In addition, I have a modern droid phone which I run the Armory app on. Pretty sure the mobile authenticator will be simple.

    It is possible to be 'hacked' (phished is the appropriate term) with an authenticator on the account. However, that is mostly attributed to user error and nothing Blizzard can realistically prevent.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •