Chances of getting hacked with an Authenticator

[deathtakes]

I'm pretty lazy when it come to account security, and I know this, so I bought one just in case. I constantly get phishing emails and I've actually clicked on one once. Haven't had an issue. I don't have any virus scan or anything like that either. Perhaps it's because I have a Mac, I dunno, I'm not computer whiz. Just a technology retard.

[Knightsun]

So, a few of the people in my guild refuse to shell out the £6 (!) for an authenticator because they say that it doesn't make enough of a difference.

It makes a big difference. With no authenticator, all that needs to happen is your information to be logged and sent off. They can use it anytime they want. To bypass the authenticator, you need a keylogger that sends information right away, or a live update as the keys are actual being hit, and there has to be the hacker themselves ready to use that information, in less than a minute, to change your password and remove or change the authenticator currently tied to your account. It's certainly possible, it has happened, but it's much less likely to happen. If you plan to have a WoW subscription for any length of time, I'd buy one.

I played for 3 years and never got my account hacked, I just decided to get one to help eliminate the possibility.

[Benser]

I actually knew someone who began to get hacked so often he was once hacked the day after having his account recovered. It was literally every week or two and he couldnt tell why. His gf bought him an authenticator, he hasn't been hacked since.

I bought mine the last time I was hacked, I do find it hard to believe my account is even slightly at risk anymore, sometimes it stops even ME logging in.

I've also heard of hackers attaching authenticators to accounts they hack which makes them almost impossible to recover, would adding your own prevent that or can you add more than one? I dont remember

[Reyzzz]

IF the hacker has time to try to hack 1 account sure they can, but if they create the software that can try to log in with each number combination (there are total of 1 million combinations) each 2 seconds, it would take just over 23 days to go through every possibility, not to mention the number changes over time, not when you log in.

[Kittahsmash]

A guildy of mine has an authenticator on his account (as do I and most other guildies).. back when 3.3 hit, the servers were up and down a lot, so he removed his authenticator temporarily, because he hated having to type it in every 20 seconds because of the disconnects. So he did that, and after the servers came back up, an hour later or so, he was hacked :P Before then, and since then, completely safe. Claims he still uses the same password, which is kinda dumb, but the authenticator alone is supposedly saving him, if the hacker kept his password around since then.

Your guildies are absolute idiots if they refuse to get an authenticator just because it's only 6 pounds. Wait for the day when they do get hacked, and just keep saying "I TOLD YOU SO" when you talk to them :P

[Kurkon]

I find it so funny when people say they are hacked.
Almost everyone I know who has been "hacked" went on a gold buying/selling site, or some other shady site.
Pretty much every "hacking" I've heard of is usually someone trying to hide the fact they screwed up and refuse to take any responsibility for their own lack of security understanding.

That being said not a single person I know who has been hacked had an authenticator at the time. They all have them now and haven't had an issue since.

With how easy it is to get one of the different types now it's pretty much just stupidity or stubbornness preventing people from getting one.

[Gracin]

Claims he still uses the same password, which is kinda dumb, but the authenticator alone is supposedly saving him, if the hacker kept his password around since then.

Hell, I was the first person in my guild to get an Authenticator and the day of I was on vent and was challenging friends to target my account. Told them my acct name and pw. Have yet to change my pw since that day.

[rofl]

None of you guys have ever been hacked.

[Lucifra]

I have complete faith in my authenticator, heck, I'm like 90% sure that some chinese organisation has my password, yet I can't be bothered to change it since they can't do anything with it anyway. Authenticators don't provide 100% security, but they sure do significantly reduce the amount of malicious software that's capable of hacking your account by at least twenty fold (statistics made up but presumably realistic or too low).

[Deleted]

None of you guys have ever been hacked.

Fortunately (touch wood) no I have yet to be hacked, but then I was among the first to buy the authenticators when they first came out, and have since switched to the mobile version. and while I don't think I am 100% "safe" I am as close as I am ever going to be (and yes I do run the usual regular scans as a matter of course, not just for WoW's benefit)

[harky]

IF the hacker has time to try to hack 1 account sure they can, but if they create the software that can try to log in with each number combination (there are total of 1 million combinations) each 2 seconds, it would take just over 23 days to go through every possibility, not to mention the number changes over time, not when you log in.

The probability of brute-force attacks works is extremely small. The standard authenticator has 10^6 possible solutions. You will have ~5 chances to attempt such an attack per number. Because of how the authentication works you can actually search for 3 solutions per attempt. This means 15 solutions tested per cycle. This will then change and must begin again. So you have a 1 in ~66,666 chance to be hacked per cycle. Each cycle has a wait period of a half hour. This is not ~23 days. It is ~1,388 days. Thirty-three thousand man hours spent to attack an account which will likely net ~50-200$ worth of profit. When hackers find an account is authenticated they do not try to force a hack. They simply get another account and try again. This allows them to check thousands of accounts in a day. Of these about 30% will not be authenticated.

[Callace]

No one in their right mind would go to the effort necessary to hack someone with an authenticator, even if they were capable of doing so in the first place.

If you have an authenticator and you've been hacked, it's because your authenticator was stolen.

Otherwise, you have a better chance of being hit by lightning.

[Bleachi]

ITT: really stupid people who probably still have tons of malware on their systems.

If your account gets hacked while it has an authenticator on it, your computer is probably already part of a botnet.

Like someone else said, it takes a man-in-the-middle attack to compromise an authenticator. This will probably become the norm in time, because people are slowly learning about authenticators, but they still have no idea what NoScript is.

I highly recommend an authenticator, simply because it makes your account virtually immune to "brute force" attacks. These brute force attacks aren't really true ones, because Blizzard has protections against that. Instead, they brute force other accounts that don't have as much protection, then try your password you use for everything because you're an idiot.

An authenticator is one of many precautions you should take to protect your account. If you get hacked, it's your fault. You did something stupid.

[Deathmaw]

I actually knew someone who began to get hacked so often he was once hacked the day after having his account recovered. It was literally every week or two and he couldnt tell why. His gf bought him an authenticator, he hasn't been hacked since.

I bought mine the last time I was hacked, I do find it hard to believe my account is even slightly at risk anymore, sometimes it stops even ME logging in.

I've also heard of hackers attaching authenticators to accounts they hack which makes them almost impossible to recover, would adding your own prevent that or can you add more than one? I dont remember

Unfortunately you cannot add more than one authenticator to your account. I really wanted to be able to have two, one that I would keep on my desk and one that I would keep on my keychain so I could log in away from home, but I guess the way the system works won't allow it. You can have one assigned to multiple accounts, but not the other way around.

[Azerate]

I've been playing online games since 2003 never been hacked and I'll never be probably. I also cba to type stupid codes each time i log in ;]

[Dread Pirate Roberts]

I've heard of ppl getting hacked with an authenticator from Blizzard reports, but no one I've ever met has had any problems

[P4R45171K]

Unless they hand said person who wants into their account with the log in information, wont happen.

[Supafly87]

Just downloaded an authenticator on Android for free so i can get the free pet lol but ye im sure its alot better even though my last password was 12 letter/numbers long

[Oerba Yun Fang]

I had the mobile authenticator app on my iPhone for a while, but I ended up getting the standalone device instead. I didn't like having to pull out my phone every time I wanted to log in to WoW, and the standalone device just sits on my desk and gives me the code at the touch of a button (as opposed to having to unlock my iPhone and load the app before). Well worth the $6 IMO. I wish more MMOs offered this sort of security, because I would definitely buy one for them as well.

As for the poll: Nope. Never known anyone with an authenticator that has gotten hacked. Known plenty that have gotten hacked and then got an authenticator, though.

[Deleted]

I've been playing online games since 2003 never been hacked and I'll never be probably. I also cba to type stupid codes each time i log in ;]

This was the argument that the guy gave right up until the point where he got hacked. Unfortunately, he was an officer and we had to spend ages putting the guild bank shit back together.

That argument doesn't hold forever.