Chances of getting hacked with an Authenticator

[Jeleh]

If people were not so stupid using the same email to sign up for everything, clicking idiotic links visiting shady sites and just generally using pathetic passwords such as yellow123lol, they would be fine.

Maybe i have just been lucky but i have been playing online games non stop for almost 11 years now and not once in that time have i been hacked on any of the games i have played. Despite many of them being rampant with people who somehow managed to get hacked without it being their fault.

[Deleted]

it doesn't make enough of a difference.

lol. The one way you could get 'hacked' with an authenticator is if some hacker has a keylogger on your computer and is monitoring every sign you type when you type it, and then quickly types in username, password and authenticator code the few seconds it remains active. Then they will be able to log in once and what then? Your friends are stupid, an authenticator is worth gold^10

[Aeriedk]

I have seen the thing about a hacked account with an authenticator on the front page a year ago but nothing else.

I haven't seen or heard anything since that, simply enough the chance is minimal and the authenticator is worth having.

[Dazu]

There was a reported one with an authenticator but I have never seen proof to back up someones account being hacked with one. Lots of people say it, but reality is the code is unable to be cracked, which leads the only possible way to hack it is to be able to beat the login of someone typing it in (ie Man in the Middle). Now, if you copy and paste your password and afterwards alter what was entered (ie copying abcdefgh12345 in total where real password is actually abcfgh1345) it is near impossible for a keylogger to get the required information in time. Keyloggers can see your clipboard but cannot tell exactly where you remove letters and numbers from normally.

People always claim they were hacked with an authenticator, the keychain one is pretty much impossible, its a technology which has been proven reliable for years, even military and security forces use similar means (constantly shifting codes). However, if someone has your password and username, spamming a 6 digit code with an automated login program could uncover your code by blind luck if it happens to bounce to the same number at the same interval. So keep your account secure with a good password also.

Also, do not type in your code and leave it sit on the screen for even a few seconds before logging in.

[MatsT]

It's not about the $6 or whatever, it's about the 20+ seconds each time you want to log in. I would rather get hacked once per year than use an authenticator. But if you like running suspicious executables or visiting chinese web pages with internet explorer, by all means go for it.

[Demonidze]

it makes a huge difference, but its possible you will be hacked even if you have one. there was one guildie who got hacked while having an authenticator, but it was just one case, ive seen hundreds of people all around got hacked, and when asked them if they had authenticator when they got hacked, the answer allways been no.

[Seezer]

I have been hacked once with an authenticator.
Actually they hacked my account the first time and the second time I got it back they did it again.
Both time's using an authenticator.
It's not 100% security but it's a lot better.

Yeah, this is just not true.

[Ulrac]

I know someone who was hacked the other day, he has an authenticator but took it off because he hated having to type in the code every time he logged in...

[Roasty]

Except for the fact that once you log in with a code, you can't log in again with the same code (really annoying as I have multiple accounts), so I call bullshit on that.

Incorrect. It is completely possible to log in within the same 60 second window that the code generated is valid, having done it multiple times myself.

[Seresumuerte]

Without an authenticator people with enough time can gain access to your account easily by trying every combination.

No.... you get hacked because of malicious software such as trojans which contain keyloggers; or you enter your password on a phishing website, aka (not a real link) tryingtogetyouraccount.battlez.net.

That or your best friend hacks your account.

Lets say with a 20 word maximum password, with all available alpha numeric keys (not absolutely sure on this) There are 24 letters and 10 numbers, used in any combination for up to 20 characters?

The number of possible outcomes are way more than a human can count to outloud during the span of their lifetime.

[Deleted]

It is currently possible to be hacked even with an authenticator. It happened to my friend not long ago and Blizzard even said it themselves (this I can't confirm and may be hearsay) that it has been cracked. Even so the chances of being hacked still decreases quite massively if you get an authenticator. It's worth it, simply.

[Deleted]

Yeah... pretty much the only way to getting hacked with an Authenticator is if you catch some keylogger or related tool, and even that would have to have been created with circumventing authenticators in mind, cause each generated number is only valid for 30seconds/1 minute, not sure. They can't just "steal" a number and just it days/weeks later or something.

There's no way they could just generated a correct number on their own, even if they knew the correct algorithm (and that's a big, big IF), look a bit into security/password generating algorithms if you wanna know how complicated that shit is. They'd also have to know the Authenticator serial number for that which they could only get if you were stupid enough to give it to them (phishing) or it got keylogged.

So I can't really believe the 25 people who currently voted YES.

Your password by itself could *theoretically* be bruteforce-hacked (entered my password incorrectly a couple times, never hit a "you cannot enter a password for 15 minutes now" warning or something), even if your computer were perfectly clean. They'd still have to know your username (in the past), e-mail account you use for battle.net, for though. But bruteforcing the authenticator code in that 30 seconds window without the serial number? No effing way.

Your WoW account isn't Fort Knox, no one's gonna go to extraordinary lenghts to crack this thing, for it's couple hundreds/few thousands if you're very, very lucky dollars worth.

To get hacked with an Authenticator the hackers would have to know your e-mail, your password, your authenticator code/your authenticator serial number, all of which can be stolen via phishing/keylogging.

[Thergal]

It's not about the $6 or whatever, it's about the 20+ seconds each time you want to log in. I would rather get hacked once per year than use an authenticator. But if you like running suspicious executables or visiting chinese web pages with internet explorer, by all means go for it.

Sausage fingers is a bitch

[Seresumuerte]

It's not about the $6 or whatever, it's about the 20+ seconds each time you want to log in. I would rather get hacked once per year than use an authenticator. But if you like running suspicious executables or visiting chinese web pages with internet explorer, by all means go for it.

Do you like watching harmless youtube videos too? Because there wasn't an adobe hack about a year ago that infected peoples machines with a keylogger.

[Deleted]

I've had my account compromised(the only time oddly enough) with an authenticator attached, however the difference is: with an authenticator you get to keep your in game possessions.
Without an authenticator, if they have your login information they are free to do whatever, however even if they have your details, they require your code. Unless they're using a MitM attack explained here they will NOT manage to get on your account. (even if they do, the chance of them doing damage is so minor as you can just re-log in, and it will force a disconnect on them, and both authenticator codes will become invalid as they have been used.

[kushlol]

My dad use to play on the same computer as me. He had an authenticator and I did not and he was hacked twice and I have never been hacked ever.
I'm pretty sure if a skilled enough hacker wanted your account info though they could have it as they pleased.

[Deleted]

One of the warlocks in my guild had his account hacked the other week. So he called Blizzard and they said ' You'r lucky you had an authenticator attached to you'r account, because the hacker could not log into you chars '. So even if he was hacked, nothing happened to his account really.

[mercutiouk]

There IS a VERY small chance that you can be compromised at machine level. Hooks can be placed in the system (like the HOSTS file) that direct traffic intended for one location to another. With this setup even with the authenticator you will get hacked IF you enter your details twice, without thinking about it (takes 2 different authenticator codes to remove it from your account). The system goes "invalid login details" but the details HAVE been collected. It relies on these details being picked up and used realtime as well. Again, really, really hard to do.

This does though require a VERY lax approach to system security. If you get hold of a decent virus checker, use something like firefox+noscripts, dont open attachements in stupid emails or fall for blatant fishing AND have an authenticator you are 100% safe. It would take a serious run of unfortunate events to end up with a virus that performed the hack without being detected and without you realising something was amiss long enough for them to go log in your account and change password.

TL: DR - the authenticator is 100% safe if you aren't stupid and go "oh, i'm sure I typed my details in right the last 2/3 times but it says not, oh well, imma gonna go play something else". If like most people you'd then go check account management and forums etc you'll be more or less fine with an authenticator.

[silentsyco]

Also worth noting is that when you add an authenticator to your account (the keyfob one anyway, not sure about the mobile phone app) it actually steps up your account security parameters. If you have recently logged into your account from your home and someone attempts a login to your account from an IP that is registered in another country, even with all the correct info (username/pass/authenticator code) it will not allow them to login AND it will lock your account to prevent any successful logins from anywhere until you unlock it. Without an authenticator, no such luck with your account auto-locking when it logs a distant login attempt.

[terrahero]

Authenticators are very safe. The only way they could remotely hack you is if they are directly viewing your actions and that gives them a very small window of oppertunity to wich they can actually use your authenticator code.

Altough im not sure just 1 code is enough to remove the authenticator from the acount. So in the end, people that got hacked with an authenticator either have a scumbag friend that swiped it or are lying.

And with the large amount of free ways to get an authenticator (and how cheap is is to buy one) it feels like little reason NOT to use one. In the end everyone can get hacked.