Page 16 of 16 FirstFirst ...
6
14
15
16
  1. #301

    Re: Mandatory authenticators?

    Quote Originally Posted by Deng
    Read this then:

    http://www.technologyreview.com/computing/23488/page1/

    WoW logon can be automated via external software. You get the info from the phishing website (or by any other means, I can think about at least two more) in the realtime then the software does everything else for you. You don't even have to sit around.

    Then all the goldseller have to do is to check sometimes if any of his bots are logged in on the stolen logins and empty the banks/bags/gear/whatever.
    The hackers did not compromise the one-time password system itself, but instead did remote control on machine that is already logged in. Also this article demonstrates the one vulnerability of two-factor authentication. The system needs to be completely locked down or you can run any malicious software after legitimately authenticating into the online bank like happened here. Doing this in WoW is whole lot harder since it's hard to remotely access somebody's game without them noticing it, and do it in a way which by-passes Blizzard's Warden. I'm not saying it's impossible, but it is much harder.

    If the online bank in question would've used bit stronger security (asking for the 6-digit code for each transaction separately) this wouldn't have succeeded. And no, it's not a problem for even big corporations who could just do a batch transaction and authenticate whole batch at once, as long as they have enough security in place to verify the integrity of the whole batch.
    Never going to log into this garbage forum again as long as calling obvious troll obvious troll is the easiest way to get banned.
    Trolling should be.

  2. #302

    Re: Mandatory authenticators?

    What I find hilarious is all the people who scoff at the authenticator under the pretense that they're 'security experts'. In reality, if they knew anything about security they'd have been the first in line to get one. These people will never post when they get hacked, but man, you can just picture it cant you?

    Oh no, the inconvenience of having to press a button and type in a handful of numbers. OH GOD NO anything but that!

  3. #303

    Re: Mandatory authenticators?

    I log in alot, so I simply cba remembering a bunch of numbers every time.

    I like just being able to type in a password mindlessly in a reflex kind of way when the login screen pops, and then do something else while it loads (like grabbing a drink).

  4. #304

    Re: Mandatory authenticators?

    Quote Originally Posted by achaeon
    What I find hilarious is all the people who scoff at the authenticator under the pretense that they're 'security experts'. In reality, if they knew anything about security they'd have been the first in line to get one. These people will never post when they get hacked, but man, you can just picture it cant you?

    Oh no, the inconvenience of having to press a button and type in a handful of numbers. OH GOD NO anything but that!
    I play on a shitty connection. As such, I DC often and need to relog. So yes, getting an authenticator would be a giant pain in the ass.

    Funny that people are still trying to tell themselves authenticators take them off some hacker's list of potential targets.

  5. #305

    Re: Mandatory authenticators?

    Quote Originally Posted by Taelos
    I've been using a physical authenticator and then the mobile version once I got an iPhone. It is amazing knowing someone could have my login and password and still be totally screwed.

    An easier thing to do than giving out 11 million of these would be to allow us to setup allowed IP addresses. To handle DHCP, addresses with the same first three octets would be allowed to request changes, verified by email before they apply, to the approved list.
    You do realize that just about everything you said in the second paragraph went over most people's heads don't you? IP address is probably the only thing they understand, and even then they most likely don't know what it actually is/does.

  6. #306

    Re: Mandatory authenticators?

    Making authenticators manditory would do more than anything else ever could to show that Blizzard is directing the game towards brainless downbreeds.

    Been playing since Jan. '05, even shared info a few times, nobody has ever logged onto my account that I didn't give permission to. It's not that hard.
    Actually, Mr. Lennon, I CAN imagine a world with no hatred, religion, war, or violence.
    I can also imagine attacking such a world, because they would never see it coming.

    http://mhkeehn.tripod.com/trashcan.jpg
    http://politicalhumor.about.com/libr...s/carville.jpe

    For once, Carville was a man ahead of his time.

  7. #307

    Re: Mandatory authenticators?

    Quote Originally Posted by Coronius
    http://www.wow.com/2010/01/08/blizza...authenticator/

    Not really unexpected, but people have different opinions regarding the authenticators. Now would be a good time for Blizzard to implement this, since the authenticators could be shipped with Cataclysm once it's been released.

    What do you think about this?
    My guild has required officers to have them for sometime and I encouraged our guild as a whole to do the same. They should start sending them with new games and give people a discounted price. There's no reason not to have one its like 6 bucks
    Check out my Ret Paladin YouTube channel: https://www.youtube.com/c/VarabenGaming

    #RETPRESENT

  8. #308

    Re: Mandatory authenticators?

    Quote Originally Posted by Grimlor
    But if they add a free authenticator in the Cataclysm box, everyone can be happy.

    People who don't have an authenticator yet have one now, and people who already have an authenticator have a spare one just in case the batteries of the first one start dieing, or it gets lost.

    Everyone's happy. I really like this idea.
    Economics 101

    http://en.wikipedia.org/wiki/Free_lunch

    The saying "there ain't no such thing as a free lunch", often abbeviated to TANSTAAFL, refers to this custom, meaning that things which appear to be free are always paid for in some way. The free-market economist Milton Friedman also popularized the phrase by using it as the title of a 1975 book, and it often appears in economics textbooks; Campbell McConnell writes that the idea is "at the core of economics".

    If one individual or group gets something at no cost, somebody else ends up paying for it. If there appears to be no direct cost to any single individual, there is a social cost. Similarly, someone can benefit for "free" from an externality or from a public good, but someone has to pay the cost of producing these benefits.
    Snarky: Adjective - Any language that contains quips or comments containing sarcastic or satirical witticisms intended as blunt irony. Usually delivered in a manner that is somewhat abrupt and out of context and intended to stun and amuse.

  9. #309

    Re: Mandatory authenticators?

    Quote Originally Posted by Abandon
    *sigh*

    Blizzard don't care if your character loses all of it's items. You do. Blizzard could just say "It's your own fault for giving away your account information, not protecting your computer or just being stupid." and they would be completely right. They are basically babysitting people and giving them back everything they can when you keep making the same deeply stupid mistakes over and over and over.
    What about this expac gives you the notion that Blizz gives a rat's ass about gear and gold? The economy is exploding players have tens in not hundreds of times more gold than they did and everyone has T9 sets. It doesn’t hurt them to give you gear and if they stone wall your request saying that it's your fault and you're SoL then they risk loosing your monthly fee.

    Blizz is in the business of appeasement. Make as many people as happy as possible while spending the least money doing so. Blizz will never take a hard line with hacked customers and tell them the truth "you're stupid and you deserve to have nothing". And Blizz will never make authenticators mandatory (it's expensive and lots of people don’t want the hassle).

    What I predict is a free authenticator service you get with your purchase of Cata. Mail in the coupon and get a free authenticator mailed back. You don’t have to mail it in if you don’t want to. As for sticking it to the internet morons who don’t protect their information and get hacked serially, sorry but they are a nice fat pay check and Blizz will continue babying them so long as they keep up with their subscription fee.
    Quote Originally Posted by FireBorne
    mongoloid?! wtf is that, you sound like a festeezio(see i can make up words too)

  10. #310

    Re: Mandatory authenticators?

    Just in case nobody else has mentioned this already in this thread: wow.com is not a reliable source of news, they just like to make up sensationalist stories, or twist existing information to make it sensationalist.

    One example of this is the care package "scandal" they "uncovered" in which they deliberately misinterpreted the whole situation as Blizzard forcing people to accept care packages in lieu of full character restoration, instead of what was actually going on, which was Blizzard giving the option to people to try and shortening character restoration queues for those that had enough stuff on their account that the care package wouldn't cover.

    wow.com then claimed victory in "forcing" Blizzard to change their practices in informing people that the care package was simply an alternative to full character restoration, which they did to begin with

    So, never trust wow.com to supply you with actual news, what they do is opinion and fluff pieces and occasionally some useful tips about gameplay, nothing more, nothing less.

    OT: Considering they don't even offer shipping to several countries alone suggests that this will never happen. Not to mention the huge scale production of authenticators they would need to order to supply 11+ million people with one each, while they currently can't keep the damn things in stock for more than a couple of days in the past.

    The most they could ever do (which wouldn't be shooting themselves in the foot)would be to offer them free of charge with free shipping, but let people decide for themselves if they want one. At least that way, they could lower their overhead and at the same time shorten character restoration queues by reducing the number of hacked accounts somewhat.

  11. #311

    Re: Mandatory authenticators?

    Quote Originally Posted by bullseyed
    Economics 101

    http://en.wikipedia.org/wiki/Free_lunch

    The saying "there ain't no such thing as a free lunch", often abbeviated to TANSTAAFL, refers to this custom, meaning that things which appear to be free are always paid for in some way. The free-market economist Milton Friedman also popularized the phrase by using it as the title of a 1975 book, and it often appears in economics textbooks;
    Friedman was a fucking idiot, and why the entire Chicago school of economics hasn't been laughed out of existence after 40 years of continuous failure is above and beyond me.

    There is, in fact, no such thing as a free lunch, but sometimes it turns out that cooking your lunch with your neighbors microwave is cheaper for everyone involved than cooking it over your own Bic lighter. In this case, though, the people that wind up paying for it is blizzard. Because handing out "not really free" authenticators is cheaper than hiring staff to recover a thousand hacked people's lewts every day, and telling them "you are screwed because you are an idiot" is not an option.

    I banish you back to your Ayn Rand!

  12. #312

    Re: Mandatory authenticators?

    Quote Originally Posted by jontaxe
    Friedman was a fucking idiot, and why the entire Chicago school of economics hasn't been laughed out of existence after 40 years of continuous failure is above and beyond me.

    There is, in fact, no such thing as a free lunch, but sometimes it turns out that cooking your lunch with your neighbors microwave is cheaper for everyone involved than cooking it over your own Bic lighter. In this case, though, the people that wind up paying for it is blizzard. Because handing out "not really free" authenticators is cheaper than hiring staff to recover a thousand hacked people's lewts every day, and telling them "you are screwed because you are an idiot" is not an option.

    I banish you back to your Ayn Rand!
    You are too kind.

    Also, cheaper for everyone else, except for your neighbor from whom you are stealing from, by way of opportunity cost.



    Blizzard doesn't technically charge us for authenticators anyway (supposedly). The fee for acquiring one is supposedly only enough to cover the processing and shipping of the device to our hands. This means we are all already paying for the authenticators, whether you individually choose to use one or not.

    At the same time, if they included them with Cata, since the box is shipped to the store which is paid for by the retailer, it should be provided to us at "no cost". Now, how they would do that without duplication of effort for people who already got one, I'm not sure.

    IMO they should have sent them out when they made them to everyone and just rolled the cost into the funding for Cata and been done with it. We're paying for it anyway.
    Snarky: Adjective - Any language that contains quips or comments containing sarcastic or satirical witticisms intended as blunt irony. Usually delivered in a manner that is somewhat abrupt and out of context and intended to stun and amuse.

  13. #313

    Re: Mandatory authenticators?

    Quote Originally Posted by bullseyed
    You are too kind.

    Also, cheaper for everyone else, except for your neighbor from whom you are stealing from, by way of opportunity cost.

    IMO they should have sent them out when they made them to everyone and just rolled the cost into the funding for Cata and been done with it. We're paying for it anyway.
    It's not opportunity cost for you to use your neighbors microwave, unless and only unless your neighbor was using his microwave to cook burritos that he sold, and you stopped him from doing this in order to cook your lunch.

    It is a real cost because you are using his electricity.

    TANSTAAFL is a pithy little saying to underscore the point that there are cost tradeoffs to anything. It is really only useful for people who can't analyze cost tradeoffs and like complex problems wrapped into pithy sayings. Sometimes, though, your buddy has a discount card to Subway and it's better if he picks up the tab. Sometimes you figure out how to quadruple world food production, the price of a Big Mac goes to a nickel, and it doesn't matter who picks up the tab. Sometimes some sleazy sales rep buys you lunch just to pitch his crap to you. It's free for you, for him it's "cost of doing business."

    In short, "it's not that simple".

    As for "we are paying for it anyway". I've never set foot in Ironforge (well, except that once to kill the king dude). Yet, "I'm paying for it anyway." If you take the "I won't pay for it if I'm not using it" attitude to the extreme (like Vanilla Ice) you'd wind up with absurd situations like a $.05 fee to enter a dungeon instance.

  14. #314

    Re: Mandatory authenticators?

    You will be able to buy them in stores soon anyways. Hopefully they can sell them for cheap in stores.
    Lead Game Designer

    YouTube Channel

    https://www.youtube.com/@Nateanderthal

  15. #315
    Epic! ScorchHellfire's Avatar
    10+ Year Old Account
    Join Date
    Oct 2009
    Location
    The Slaughtered Lamb, Stormwind City
    Posts
    1,683

    Re: Mandatory authenticators?

    I bought an authenticator the week they came out... I never give my account info out or visit shadey sites but its still nice to know I have that extra barrier just in case... So yeah personally I wouldn't care if they made authenticators manditory because I already have one and am glad of it... I wouldn't be surprised if they just lower the price on them more or put them in an optional version of Cata with an authenticator included in the box... I also wouldn't be surprised if they put them in all the Cata CE's by default...

  16. #316

    Re: Mandatory authenticators?

    I approve if the authenticator is free.
    - buy Cataclysm and get the authenticator as well.

  17. #317

    Re: Mandatory authenticators?

    i think mandatory authenticators are a good idea. i have one, allthough i've never been "hacked" and i'm pretty sure i never would have been, even without it. but who knows... i like to be sure.

    the main reason why i think that it's a good idea to make authenticators mandatory, is that our guildbank has been robbed four times already by people who stole our guildmates accounts. why should others suffer the consequences of a stolen account, just because one player got hacked?

    someone could say that it's our fault, since there's no need to make the guild bank accessable to every guild member. but in my opinion, this would kinda eliminate the reason to have a guild bank... if no one can access it, we could just aswell use guild bank characters, like we did in vanilla. and still there's no guarantee, that the ones with access would never get hacked.

    also, i can't understand why some people nerdrage against this... if there's an authenticator in every cataclysm box, what harm does it do? so yeah, you will be forced to type in those 6 numbers before every login, whoooo... what an incredible waste of time... two seconds per login... roarrrrr!

  18. #318

    Re: Mandatory authenticators?

    Quote Originally Posted by vesseblah
    The hackers did not compromise the one-time password system itself, but instead did remote control on machine that is already logged in.
    Again, noone says about hacking the one-time password system itself. It would be pointless if doable at all. The weakest link is always the man before the machine.

    The system needs to be completely locked down or you can run any malicious software after legitimately authenticating into the online bank like happened here. Doing this in WoW is whole lot harder since it's hard to remotely access somebody's game without them noticing it, and do it in a way which by-passes Blizzard's Warden. I'm not saying it's impossible, but it is much harder.
    You don't need an access to their game. You don't need an access to their computer. You don't hack their computer. All you need is an user, password and one-time password. You can obtain it for example via phishing (hey, look at new things in armory, you just need to log in! etc). Then you have one minute to "enter world" and that can be done automagically on goldsellers pc (they don't care about using external software to automate things in wow, remember). There's absolutely close to none time involved on the hacker's side (except for the setup of website, sending spam/buying some adverts and setup the automated logon, nothing that takes more than one hour though).

    Phishing website is only an example of how easy it is. The very same goes for keylogger and replacing wow/launcher/scan/whatever else. And I'm pretty sure I didn't cover all the easy possibilities.

    Quote Originally Posted by remain
    The effort and time put into doing this is not worth the end result for a wow account. Creating a malware to infiltrate one company takes weeks to prepare, and they knew exactly when and where they would be hitting the company. 500,000 > 1 wow account for the effort put into breaking an authenticator code.
    You don't need a keylogger/remote control, it's only one possibility of compromising an account, as for examples - see above.
    Feral4Life since 2005
    cpu: Intel i9-9900K mobo: ASUS Maximus XI Extreme
    cooling: BeQuiet! Dark Rock 4 Pro gpu: ASUS RTX-2080 Ti
    ssd: Samsung 970Pro, 960 Evo, 860 Evo sound: sadly onboard
    case: Silverstone Fortress 2 Limited Edition (WRI) (I love that beauty)
    ram: 32G G.Skill 3200 C14 display: ACER X27 (G-Sync HDR IPS)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •