Forum Software Update - We updated the site to the latest version of vBulletin and you might have noticed that the text editor changed. If you want to revert back to the old editor go at the bottom of your profile settings and select the Basic or Standard editor. Authenticator Changes
Originally Posted by Zarhym (Blue Tracker / Official Forums)
If you use an authenticator – and we hope you do – you may soon notice that an authenticator prompt may not appear with every login. We’ve recently updated our authentication system to intelligently track your login locations, and if you’re logging in consistently from the same place, you may not be asked for an authenticator code. This change is being made to make the authenticator process less intrusive when we’re sure the person logging in to your account is you.

We hope to continue improving the authenticator system to ensure the same or greater security, while improving and adding features to make having one a more user friendly experience. If you don’t already have a Authenticator attached to your account, don’t wait until it’s too late -
This article was originally published in forum thread: Authenticator Changes started by Boubouille View original post
Comments 410 Comments
  1. Knopperz's Avatar
    And ive logged in today and almost got a Heart Stroke :P (shiaaaat been hacked... hahah)
  1. Shakari's Avatar
    Quote Originally Posted by poachingbear View Post
    This new change is not liked by me at all. What if somebody managed to take my laptop when i wasnt looking? Accounts could be hacked soo easily, waste of an authenticator. And to save time when youre dc'd in a raid? It takes two seconds to enter in a SIX digit number...
    Well the authenticator is meant to protect the account not protect you from having your laptop stolen. The security of your home etc and the possibility of someone stealing your physical property is soley your concern. Blizzard cannot cover all eventualities lol
  1. Gargz's Avatar
    Do not like. I thought my account had been hacked and the authenticator had been removed. I changed my PW and everything.
  1. mercutiouk's Avatar
    Quote Originally Posted by Taiki420 View Post
    Terrible. Every time I have friends over for a Raid (they bring their laptops to my place since I have the best internet) we're going to have to deal with crap.Or (OMG ACCOUNT SHARING) when a friend gets stuck in sw and cant log back in during peak times, I usually log them in and run them out of the city.As for me, entering 6 numbers isn't a hassle, and takes 5-10 seconds at most. Lazy Lazy.
    Friends bringing a laptop over will cause issue the first time. That system is nothing to do with this change to authenticators but more generally looks at the subnet of your internet IP. If it's changed, it assumes it's someone else logging in and the account is locked until you prove otherwise.

    This system is purely about authenticator popup. It will go from being every time you log in to being occasionally or whenever certain "things" change about the environment wow is logging in from. Considering they have the warden program running on the back end it probably has plenty of things to go at like how many bits are running in the bottom right/clock area, the processor type, amount of graphics memory etc etc, there's LOTS of things about our system that are unique and don't change that often.

    With this system in place you now won't get the popup every time. How is that more hassle or a major problem or some other negative? This is whining for the sake of it or a VERY uninformed rant.

    ---------- Post added 2011-06-18 at 03:28 PM ----------

    Quote Originally Posted by Gargz View Post
    Do not like. I thought my account had been hacked and the authenticator had been removed. I changed my PW and everything.
    Well, now you've read and know better and of irrational panic.

    I get REALLY tired of the "OMG THEY CHANGED SOMETHING - HOW VERY DARE THEY!!!! BLIZZ SUCK!!!" type statements from dribbling morons. Things change, usually for the better. Get used to it.

    I actually had someone in my guild bitching about how not having to login every single day to do his daily and being able to choose when to spend his time in easy dungeons was a massive negative and awful thing for blizzard to implement... Those who will look REALLY hard for the bad in anything blizzard do REALLY need to have their head checked. If you think they are the enemy, stop paying for subsciption, go out, enjoy life away from something that's awful, bad, horrible and generally not nice... or continue to be a raving moron on an internet forum with poorly considered rants about how something changing and being better made your life so much harder and how you hate them for it....
  1. Eloona's Avatar
    How many ignorant posts are people going to make whining about this? Do your research this is actually VERY safe. It's not putting anything at risk. I don't even know a lot about computers but do you really think that blizzard would implement something that puts your account at risk!? I think not.....get your heads checked and quit being so darn paranoid.
  1. rogorous's Avatar
    I don't see how this is exactly improvement. They can mask their ip address and still access wow from your computer if the hacker isn't an idiot.
  1. Calene's Avatar
    Quote Originally Posted by rogorous View Post
    I don't see how this is exactly improvement. They can mask their ip address and still access wow from your computer if the hacker isn't an idiot.
    How can you mask my IP? Let's say I am not using a wireless network and my doors are locked. How would you manage to get the same IP as me (from Sky Broadband)? You can't.
  1. macdaygo619's Avatar
    Quote Originally Posted by Michalev View Post
    I think it is funny that a few people have already complained about a SIX digit number, apparently they have never used an authenticator, because, in fact, it is an EIGHT digit number
    well apparently you use the mobile authenicator cause the battlenet authenicator is 6 digits so yea know your facts before you post
  1. andy_mitchelluk's Avatar
    Quote Originally Posted by rogorous View Post
    I don't see how this is exactly improvement. They can mask their ip address and still access wow from your computer if the hacker isn't an idiot.
    Really? You didn't read the other 19 pages?


    There's more than one way to determine what PC you're using and where you are!

    My god.

    You still have an authenticator. It still works. The only change is now Blizzard track where you are and if you consistently use the same PC AND connection, you won't be asked for your authenticator code on THAT PC/connection. If you go to a mates, the authenticator request will pop up!
  1. Crazin's Avatar
    This is so convenient when playing. Don't have to take out my phone whenever I am logging in.
  1. russykh's Avatar
    Quote Originally Posted by Dawnslayer View Post
    This should be an option to turn on and off, we pay our subscription fee's which in turn has our details and payment methods on it and blizzard just take it upon themselves to say this change has happened and there is nothing you can do about it. Make it an option don't dictate what can or can't be done on our accounts we pay for. i also noticed that the blizzard battlenet login still asks you for your authenticator code so why is it still on there and not on our game. If this is so secure remove it from the battlenet, then we'll see some actions from hackers.
    Ugh. Now you're just looking for a "gotcha!" without engaging your brain. Performing system checks while launching a program is one thing, doing it from a website is another. It should be pretty obvious that you cant use a website to perform the same kind of checks the WoW executable will use when you run it.

    And while you pay for your account, Blizzard still owns it and can do what they want with it. You gave them that right when you clicked "accept" on the ToU screen.
  1. dwharies's Avatar
    If you try to log on your account it will ask every time you log on. In order for them to access or hack your account they need the authenticator. If you have a decent internet connection and do not download un safe programs you will have a better chance of not getting hacked. Not only do they log you IP address they also log your MAC address(this is your individual address on you computer, it is unique.) Keylogging programs come from programs you have to download, which in essence is your fault for downloading. Another big key to help out people is to secure your connection, I.E. Add a password for your wireless. Add a password that does not include names, 4-6 letter words and mix it up with numbers, letters and sign. Remember getting hacked or keylogged you must start the process. It is the same as you getting a trojan. Same thing as any virus that steals information. Problem is most people do not know how people hack or get corrupted HD's. 99% is the users fault. Security, trusted sites and among other things do not give your password out.
  1. khali-shi's Avatar
    I do not like this, yes it is annoying that I have to add my authenticator code every time I try to log in or disconnect but at the same time as someone who has been hacked 3 times and never clicked on or went to stupid links or sites that "Blizzard" reps have sent me to aka gold sellers I feel safer with my account that i've worked hard to build on I do not like this and hope that blizzard will reconsider making this change
  1. pryra's Avatar
    Quote Originally Posted by poachingbear View Post
    This new change is not liked by me at all. What if somebody managed to take my laptop when i wasnt looking? Accounts could be hacked soo easily, waste of an authenticator. And to save time when youre dc'd in a raid? It takes two seconds to enter in a SIX digit number...
    If they steal your computer the only way that will work is if its a wireless network, if your plugged in through a CAT5 cable then no they cannot hack you your computer does not keep the IP the modem does. and furthermore this is prolly the best feature they ever added. You dont have to keep putting in the code and even if you change IP's say u go to your friends yes you have to add it in but only once and then again when you go back home. I highly doubt that a guy from china is gonna come down break into your house and steal your laptop all for 10k gold on your wow account...
  1. pryra's Avatar
    Quote Originally Posted by Kujja View Post
    Don't give your password to people then you have nothing to worry about? Anyway, if they take your laptop what's stopping them from taking your authenticator as well?
    You are just as safe with this feature as you were before i dont see why people cant just accept it, because all the people that doubt this feature are the ones who are uneducated on the subject, they need to stop bitching about something that dont understand.

    ---------- Post added 2011-06-19 at 03:15 PM ----------

    Your as safe as you were before, this just makes it easier for you to log in each day, so what if you use multiple accounts on a single IP if your little brother has your account info thats your fault, i highly doubt hes gonna steal your gold but if he does it is 100% your fault.
  1. taronlock's Avatar
    I think only this! If Blizzard want we use Authenticator for our security, why they create a system to bypass this one? There is many system to stealth a programs and thief the account password on your computer. Now with this new feature there can will be created many new troians to thief the account. I use an Auth. and I hope not to be attacked bu this new one problem. If I lost my account caused by this new Blizzard features, I can think to start an action again Blizz. I WANT USE my authenticator. I Have payed to protect myself.
  1. Glaxton's Avatar
    this is a relief to know that im not getting hacked.... ATM...but I'm troubled that Blizz would do this without giving the community a chance to hear or sign up for the added feature.. i rather type in the number then just assume it is me signing in.. We deserve a choice about this .. lets be clear about the whole thing though.. i like them wanting to make things better.. but let us choose.. i feel like im at risk now every time i log in cause im not being ask for my code.. GIVE US A CHOICE BLIZZ DONT JUST MAKE THIS MANDATORY FOR ALL.. Trust me this is a big mistake to force this on people.. if i get hacked.. im done with your game period..
  1. Feoras's Avatar
    Take for example the Microsoft Windows authentication method.
    Your serial number gets verified by a system that logs your hardware composition, ip-address and mac address.
    It is considerably safe; However.

    Mac addresses can be spoofed, so can ip-addresses and hardware composition might be hard to guess but is not so hard to BF.
    All together i'd like to know what they are going to base this 'It is you' on, or the nifty gold farmers might have an easier job.

    It's not unthinkable that if they find out what blizzard bases the hardware signature on;
    They will be able to intercept the security string with a trojan this way being able to spoof the same signature to the blizzard servers.

    People who despute this will lower security should think again.
    There is a reason why 'good' authenticators should be physical and not be influenced by any network, go check RSA.
  1. squad's Avatar
    Quote Originally Posted by Spl4sh3r View Post
    Nice! I thought they would add another system like this though. I mean I read something about the phone authentication, where they would call you if you logged in on an odd location, guess they added that part to normal authenticators aswell which is nice.
    Used to be when you left home and went back to the campus you could get in vent or call home for authenticator code. Now my account gets suspended for 'suspicious' activity when I change locations. People play from work, home and school. Before the authenticator protected us, now we just get hassles.
  1. underdogba's Avatar
    The contents of machine-specific strings that are submitted on authentication can be hacked and spoofed, and it is trivial for a trojan that delivers a keylogger payload to also install a proxy server and a program that phones home with system specs.

    Just because Blizzard makes claims with absolutely no technical elaboration that this doesn't increase your likelihood of being hacked simply does not make it so. The kinds of attacks that are possible against this kind of setup are potentially much easier to execute than a man-in-the-middle attack, and the downside is that once these attack vectors are in place, there is no way for Blizzard to know it wasn't you goldselling/botting once your account gets compromised.

Site Navigation