Mandatory authenticators?

[Unholyground]

The only way they can make it mandatory is by making it free of both charge and shipping (The 1st one that is, its not their fault if you break it and need a new one.) Or as other have stated not just Cataclysm but to begin packing it with all new World of Warcraft Battle chests, Lich King, and Cataclysm.

[VanquishersFate82]

For reals, they better make this shit FREE then, because I don't want to feed them more money for something I personally don't need, because other retards don't know how to keep their computer safe, nor hand out their information to friends.

[Lightfist]

For reals

It was at this point your argument lost all validity.

[Kharay1977]

The only way they can make it mandatory is by making it free of both charge and shipping (The 1st one that is, its not their fault if you break it and need a new one.)

Or... even easier, as it doesn't involve shipping&handling - making the Mobile Authenticator available on more models of phones and simply distributing that one for free. At least for a while.

Had the Mobile Authenticator been made available for the Nokia N96, I would've gotten it long, long ago.

[VanquishersFate82]

It was at this point your argument lost all validity.

Why would you even comment about the first two words of my post? You post alone has no relevance to the discussion, except to bash myself. It's the internet!

http://xkcd.com/386/

[Coronius]

It was at this point your argument lost all validity.

His argument is completely valid. I'd appreciate if you could come up with a decent answer yourself, instead of just complaining when you haven't contributed to the discussion at all yourself.

[Zeelian]

Sooooooooooooooooooooooo

you think you press the button on the autheticator and it contacts the blizzard server?

How exactly?

The authenticator has a build in clock, it "knows" what time it is. Blizzards servers also knows what time it is.

The combination of date and time is used along with the authenticators own unique code (the one thats used to register it with your account) and a encoding algorithm (thats specific to the system) to create a 6digit code, the servers run the same calculation and compares the result, if they match ur let in.

[jai151]

The authenticator has a build in clock, it "knows" what time it is. Blizzards servers also knows what time it is.

The combination of date and time is used along with the authenticators own unique code (the one thats used to register it with your account) and a encoding algorithm (thats specific to the system) to create a 6digit code, the servers run the same calculation and compares the result, if they match ur let in.

There's a little more to it. The server actually runs three checks, the current code, the last code, and the next code. If what you type matches any one of those three, it lets you in. This is to allow for slight variance in the internal clock and lag time.

It is still bordering on impossible to break the security. These are the same kind of authenticators used by the government, military, banking industries, and various private sector companies that handle secret information to secure their VPN logins.

[Deng]

It is still bordering on impossible to break the security.

It (one time pass/tokens) was broken already many times via man-in-the-middle method.

http://en.wikipedia.org/wiki/One-time_password
http://en.wikipedia.org/wiki/SecurID...ulnerabilities

and the best example what people can do with your (unwilling) help:

http://www.technologyreview.com/computing/23488/page1/

Still it's best you can do as for now in wow.

[Itsdarkandcoldoutside]

I somehow managed to get a virus on my computer that no program could find and so in a slight panic I reformatted my entire pc. Generally what it did was stop wow connecting to the net when it gets to the authentication part and then just give the wrong password thing. So you put your password in then your authenticator code and bam. I know that the password is right since I went on my other computer and checked and it worked fine. So yea, be carefull even with an authenticator.

[asway]

But if they add a free authenticator in the Cataclysm box, everyone can be happy.

People who don't have an authenticator yet have one now, and people who already have an authenticator have a spare one just in case the batteries of the first one start dieing, or it gets lost.

Everyone's happy. I really like this idea.

^ I really think they might, it would be a great idea. It would save them a lot of time. Instead of having to fix a hacked account, they can work on other stuff that will help the game.

[Cactrot]

I'm all for it. I already have an authenticator so it doesnt affect me.

However, what does affect me is the 3-4 day queue times for GM tickets because other boneheads decide not to keep their account information secure and refuse to spend 6 bucks on the best form of security for the game. If blizzard does make authenticators manditory, the GM response time should be back down to an acceptable range.

You do realize that some of us aren't avoiding Authenticators because of money right? I've got 2 from going to blizzcon that I don't use. I feel no urge to add inconvenience to logging in when I am perfectly capable of keeping my computer secure and not answering phishing e-mails, things I should be doing anyway.

Don't give me that "zomg but it'll never be 100% secure" crap either. It's a weak argument. It is pretty easy to keep your computer 99.9% secure, and hackers aren't going to bother trying to hack you SPECIFICALLY when there are so many other easy targets out there. You're not that special.

It (one time pass/tokens) was broken already many times via man-in-the-middle method.

http://en.wikipedia.org/wiki/One-time_password
http://en.wikipedia.org/wiki/SecurID...ulnerabilities

and the best example what people can do with your (unwilling) help:

http://www.technologyreview.com/computing/23488/page1/

Still it's best you can do as for now in wow.

It is way way WAY more than enough to protect wow accounts. Great, someone can intercept it. Yippee. That means they need to be watching constantly for it, and log in as soon as you use it. Not gonna happen.

If someone is taking the time to break an authenticator, they're going to be taking their time breaking into a bank account, corporate account, or government account. Your wow account is not worth the time. That's what people need to understand.

[Asheowyn]

Yes.
Go ahead.

[Lexxe]

I don't feel its needed(per se) but I do think its a good idea. I, myself, don't have one or want one for that matter. I feel that I'm protective enough, and secure enough on my computer that I shouldn't have an issue.

[leelad]

I feel no urge to add inconvenience to logging in when I am perfectly capable of keeping my computer secure and not answering phishing e-mails, things I should be doing anyway.

Load of crap, sorry.

You know not to visit a site with flash ads the second an expliot is discovered? you know to stop using your browser the moment a compromise found? Over confidence WILL get the better of you. and you WILL be hacked.
Fact is you're 100% dependant on Adobe, mozilla, microsoft the list goes on, to know about expliots the second Mr CGF knows about them work on a fix and deploy it. Even a 12 hour turn around on a fix leaves plenty of time for you to unwittingly browse to your favorite website and get dicked before you have even heard about an issue.

Look at the recent explorer exploit, 4-5 days to ship a hotfix? that's potentially you and 1000's of others

No website no matter how reputable is safe either. thottbot was done over with scripts in ads for example.

Risk countless raiding hours farming hours grinding hours for the sake of typing in 8 numbers? You're insane.

[Cactrot]

Load of crap, sorry.

You know not to visit a site with flash ads the second an expliot is discovered? you know to stop using your browser the moment a compromise found? Over confidence WILL get the better of you. and you WILL be hacked.
Fact is you're 100% dependant on Adobe, mozilla, microsoft the list goes on, to know about expliots the second Mr CGF knows about them work on a fix and deploy it. Even a 12 hour turn around on a fix leaves plenty of time for you to unwittingly browse to your favorite website and get dicked before you have even heard about an issue.

Look at the recent explorer exploit, 4-5 days to ship a hotfix? that's potentially you and 1000's of others

No website no matter how reputable is safe either. thottbot was done over with scripts in ads for example.

Risk countless raiding hours farming hours grinding hours for the sake of typing in 8 numbers? You're insane.

You clearly don't know much about computer security. Zero day exploits are pretty rare. Furthermore getting them onto a website I'd visit without noscript on is another challenge entirely.

It WILL get me huh? Funny how I've played MMOs since long before WoW even came out, and I've never been hacked in any of them. Nor have any of my many friends who have also played since long before WoW. The only person I know who has been "hacked" wasn't actually hacked. He told his password to a friend who then took all his shit.

You think that people find out about an exploit, create a method to actually use it, and get it onto a popular website in 12 hours? Sorry man, it just doesn't work like that. Furthermore, WoW accounts aren't really the target of good hackers. They aren't worth the time. It's far easier to send out a bunch of phish e-mails or rely on things that aren't exploits at all, just idiots running things they shouldn't.

Just because an exploit exists doesn't mean that some website is actually running it. It just doesn't work like that.

[Gemazarus]

I'm all for Mandatory Authenticators.

I don't have one. And I'll tell you why.

Blizz are asking us to protect their software and invest in their time (in not having to deal with hacked accounts) and save them thousands and thousands of pounds a month. And they want us to pay them for that?!

Blizzard. I will gladly help protect YOUR account. That I LEASE from you. But I will not pay extra for the privelage. You want my help in that, give me the tools for free. If you don't, you WILL spend your money to fix the product I am paying for should your account ever be hacked.

As a previous poster said, many players are savvy, and will not open phishing emails etc, or risk viruses by acting like idiots. But some people are not.

Free Authenticators in Cataclysm sounds like a very very good idea.

[Bisley]

goes back to the first page.

Authenticators dont protect YOU. they protect the community:

Gold spammers stop getting easy access the gold from some level 80 holy pally wearing a full green quality leather dps set. The less margin for profit there is for gold companies, the less and less they'll do it. (Humanitarians may argue that this forces the gold companies to abuse their workers to farm longer hours. whatevs)

Power leveling services are done for. Unless you want to mail them your authenticator or let them attach an authenticator to your account. Yeah.... no.

Sooo many people complain on my server about long GM wait times. They're probably fixing the leather dps holy pally's account cause he got hacked. Making that guy use an authenticator benefits you.

No. it wont solve every problem in wow magically. it does make things a lot easier for blizzard. it makes things a lot nicer for you (even if you dont necessarily realize it). I dont necessarily have my phone (i use a battle.net mobile authenticator) with me all the time. I have to run across the room and grab it in the time between i click the WoW icon and when it finishes loading (just a few seconds) and then it takes like 3 seconds to put the code in (maybe more if my phone isnt finished loading). Its hardly an inconvenience

[Necrotan]

I'm all for Mandatory Authenticators.

I don't have one. And I'll tell you why.

Blizz are asking us to protect their software and invest in their time (in not having to deal with hacked accounts) and save them thousands and thousands of pounds a month. And they want us to pay them for that?!

Blizzard. I will gladly help protect YOUR account. That I LEASE from you. But I will not pay extra for the privelage. You want my help in that, give me the tools for free. If you don't, you WILL spend your money to fix the product I am paying for should your account ever be hacked.

As a previous poster said, many players are savvy, and will not open phishing emails etc, or risk viruses by acting like idiots. But some people are not.

Free Authenticators in Cataclysm sounds like a very very good idea.

This.

I will not pay more than what I already am for something. Free? Sure.

[Aliceinhell]

It's bad enough that people get Dc'd in a boss fight. Authenticators can be the differance between them logging back on while they're still alive >.>

Not a big fan of them myself but I can see how some people may need them.