Forum Software Update - We updated the site to the latest version of vBulletin and you might have noticed that the text editor changed. If you want to revert back to the old editor go at the bottom of your profile settings and select the Basic or Standard editor.

Battle.net Authenticator Changes
Originally Posted by Zarhym (Blue Tracker / Official Forums)
If you use an authenticator – and we hope you do – you may soon notice that an authenticator prompt may not appear with every login. We’ve recently updated our authentication system to intelligently track your login locations, and if you’re logging in consistently from the same place, you may not be asked for an authenticator code. This change is being made to make the authenticator process less intrusive when we’re sure the person logging in to your account is you.

We hope to continue improving the authenticator system to ensure the same or greater security, while improving and adding features to make having one a more user friendly experience. If you don’t already have a Battle.net Authenticator attached to your account, don’t wait until it’s too late - http://us.battle.net/en/security/checklist
This article was originally published in forum thread: Battle.net Authenticator Changes started by Boubouille View original post
Comments 407 Comments
  1. alaskanfreezer's Avatar
    Quote Originally Posted by poachingbear View Post
    This new change is not liked by me at all. What if somebody managed to take my laptop when i wasnt looking? Accounts could be hacked soo easily, waste of an authenticator. And to save time when youre dc'd in a raid? It takes two seconds to enter in a SIX digit number...
    You do realize that if someone steals your laptop, it doesn't count as logging in from the same location, correct? It all depends on the IP history that Blizz has stored
  1. andy_mitchelluk's Avatar
    Quote Originally Posted by poachingbear View Post
    This new change is not liked by me at all. What if somebody managed to take my laptop when i wasnt looking? Accounts could be hacked soo easily, waste of an authenticator. And to save time when youre dc'd in a raid? It takes two seconds to enter in a SIX digit number...
    If someone stole my laptop while I wasn't looking I'd be a bit more interested in the laptop! Sod Warcraft!
  1. Paulosio's Avatar
    Quote Originally Posted by Exavie View Post
    Whyyyyy did i stop playing AFTER they implement this change?
    A change that saves you about 3 seconds when logging in would be the difference between you quitting and continuing to play :| ?

    I like this change but it's not something that would have even 1% influence on my decision to play the game.

    In reply to the people with security concerns. It may allow you to choose if you to be asked for your authenticator every time you login regardless of location. We don't really know how it will work yet.
  1. Mystery123's Avatar
    Quote Originally Posted by poachingbear View Post
    This new change is not liked by me at all. What if somebody managed to take my laptop when i wasnt looking? Accounts could be hacked soo easily, waste of an authenticator. And to save time when youre dc'd in a raid? It takes two seconds to enter in a SIX digit number...
    I'm pretty sure you have bigger problems then your world of warcraft account getting hacked if you get your laptop stolen...
  1. Nekosom's Avatar
    Quote Originally Posted by Rhys View Post
    What if the people I'm trying to keep out of my account have access to my computer? This option should be togglable.
    Then change your password. I mean, how did they get your password in the first place?
  1. Redasurc's Avatar
    Thats not an option really, coz if they encourage 2 factor they dont resolve to 1 factor authentication just coz u login from same IP. Atleast there should be an option to force 2 factor authentication regardless of IP source? If not you can just aswell do without it the security is 0.1% better with this sloppy move from Blizzard.
  1. greyghost's Avatar
    Quote Originally Posted by Purplekitti View Post
    I suggest you read these two Blizzard CS twitter posts that were already posted in the thread this blue post came from:

    http://twitter.com/#!/BlizzardCS/statuses/81493177147727872
    http://twitter.com/#!/BlizzardCS/statuses/81485048242651136

    This system is going to use much more than your IP address alone. That would be plain stupid.
    Please, people, read those posts.

    It's going to be okay.
  1. Irisel's Avatar
    Quote Originally Posted by MintJam View Post
    I think it'd be neat if they made it into an optional feature for those players who are paranoid enough to not like this. Personally it'll save me from having to strain my eyes in the dark at night trying to read the numbers.
    These is my thoughts exactly.
  1. andy_mitchelluk's Avatar
    I'd imagine that as well as IP detection they'd probably check the MAC address from your router as well. Not to mention there will probably be some sort of background check on your PC or some sort of small verification file stored in your WOW folder. I guess there will be more clarification on how they check your system to determine if it's you or not soon enough.
  1. Zeddicious's Avatar
    Ok so what if over the course of time you have some malicious software lurking around your computer and you dont know it.. One time not logging in using the authenticator could mean your account getting compromised... i honestly dont see the point of an authenticator if its only used half the time.
  1. greyghost's Avatar
    Quote Originally Posted by Needalight View Post
    Let me get this straight, your password can still get keylogged from your computer, (point a) but the other person can't use it to log in from point b?
    Considering how many people use the same password for almost every other service, how is this a good idea?

    JW..jw
    In that scenario an authenticator with the functionality that it's had for the last 2 years wouldn't even protect your other accounts. What is your point?
  1. Snowmist's Avatar
    I'd rather have it ask every time, makes me feel safer. I hope there's an option to change this.
  1. Redasurc's Avatar
    Quote Originally Posted by greyghost View Post
    Please, people, read those posts.

    It's going to be okay.
    So are they installing a rootkit or some software to see source mac adress? With NAT on the router they have no other option except what IP the router has.
  1. andy_mitchelluk's Avatar
    Quote Originally Posted by Zeddicious View Post
    Ok so what if over the course of time you have some malicious software lurking around your computer and you dont know it.. One time not logging in using the authenticator could mean your account getting compromised... i honestly dont see the point of an authenticator if its only used half the time.
    No because if someone from a different PC tried logging in, he/she would get the authenticator request. It's only the PC that your account is frequently used on that WON'T be repeatedly asked for the authenticator. Different PC = authenticator request.
  1. Blackspur's Avatar
    Right let me lay this out for all you to inept to understand this most basic of concepts.
    Currently the Authenticator system asks you for your code every time you log in, now for some this is slightly annoying especially if you have a terrible connection and may be prone to D/C's. This new system however detects if you are logging on in the same location repeatedly, and if so then it will not ask you for your code. The two made 'arguments I have seen in this thread.

    1) herp derp i cant play a freiends house herp derp. Seriously did you not read the post? If you happen to log in at a different location then it will prompt you for an authenticator code as it does now.

    2) Proxy IP server. Do you really think a multi-billion dollar company would solely base your location off of your IP, seriously?
  1. link_991's Avatar
    Quote Originally Posted by Needalight View Post
    Let me get this straight, your password can still get keylogged from your computer, (point a) but the other person can't use it to log in from point b?
    Considering how many people use the same password for almost every other service, how is this a good idea?

    JW..jw
    What you just described is possible with the previous system.

    Quote Originally Posted by Zeddicious View Post
    Ok so what if over the course of time you have some malicious software lurking around your computer and you dont know it.. One time not logging in using the authenticator could mean your account getting compromised... i honestly dont see the point of an authenticator if its only used half the time.
    What? I don't think you understand how this change or the authenticator in general works at all
  1. andy_mitchelluk's Avatar
    Quote Originally Posted by staal View Post
    So are they installing a rootkit or some software to see source mac adress? With NAT on the router they have no other option except what IP the router has.
    The PC network card itself also has it's own unique MAC as well as the router.
  1. Michalev's Avatar
    I think it is funny that a few people have already complained about a SIX digit number, apparently they have never used an authenticator, because, in fact, it is an EIGHT digit number
  1. Redasurc's Avatar
    Quote Originally Posted by andy_mitchelluk View Post
    The PC network card itself also has it's own unique MAC as well as the router.
    But if youre behind a NATed network the receiving adress (blizzard) only see the NAT source adress wich is your router, they dont even know your pc exist. Im talking strictly TCP/IP here, not some jumbo mumbo software that blizz leech from your hardwareconfig and most likely send to the server uncrypted...
  1. Makronette's Avatar
    People already seem to be blowing this out of proportion, I am pretty sure Blizzard have taken the steps to make sure that your account is still secure and that this new feature is safe to use too, though for those who are stupidly paranoid I hope they do add an option so you can opt in/out of it.

Site Navigation