Originally Posted by
Kewi
Changing credit card information can trigger it (mainly name/account mismatches)... Unusual IP Addresses (as in, a Class A/B/C change that you've never used before).
As for not access to phone: Simply don't use the feature. It's not required, it likely never will be FORCED on you. Although if you want an alternative, Google Voice will give you a phone # that you can then route to your cell and home number, or you can call in from *any* available phone, then use that to route your call to the 1800 number -- and that is all free. You could also likely tie in GVoice to skype or other VOIP phone numbers.
But like physical authenticators, they just don't work if you don't have access to them/forget them/loose them.. Just like your password doesn't work if you forget it... These are just extra security steps, extra security requires extra responsibility.... generally... (though this phone in method is a lot less responsibility and a lot easier to manage, which is why I'm glad they offer it (read: not force it)
Wrong password multiple times: Not likely to trigger the issue, unless another flag is raised
I am also glad that it is not mandatory. Though I do think a similar method to remove an existing authenticator would also be good option to offer (read: not force) (Meaning, to remove a physical authenticator you must call in to an automated system)
---------- Post added 2010-11-09 at 11:47 PM ----------
@Simca:
MITM is still a possible method though ;-) and I'd *probably* throw an injection/keylogger in the MITM category anyway -- It's suppressing/altering the message to blizzard, and then the MITM resends the data you meant to send...
But yes, technically it's more one sided as it's not fooling the blizzard server to think it's logging into the client PC -- though that would be necessary with a dial-in authenticator (to spoof IP & Sys ID)...
But I'm not a security expert, just an IT lurker >.>