This site makes extensive use of JavaScript.
Please
enable JavaScript
in your browser.
Live
PTR
Beta
Classic
Blizzard Giving Thought to Mandatory Authenticator?
Post Reply
Return to board index
Post by
bluspacecow
Looked up the Authenticators on wow wiki today and learnt something new.
You can apparently got the mobile authenticator for mobiles other then an iPhone.
Here is the link :
http://mobile.blizzard.com/shared/blizzard_download.php
Post by
Zaronto
Looked up the Authenticators on wow wiki today and learnt something new.
You can apparently got the mobile authenticator for mobiles other then an iPhone.
Here is the link :
http://mobile.blizzard.com/shared/blizzard_download.php
So when I follow your link, I get a whole ton more phone options than if I try to download it straight from the mobile.blizzard.com website.
(Which is handy because they didn't have my blackberry tour on the main page)
Edit:
Just because the phone is listed with the link above does NOT mean that it is compatible with your phone. Check this list to see if it is.
http://mobile.blizzard.com/support-compat.html/
Post by
90137
This post was from a user who has deleted their account.
Post by
Eminence
giving the authenticator with cataclysm is a good idea
however, what if you dont ugprade?
Post by
404362
This post was from a user who has deleted their account.
Post by
Katalliaan
snowsurge, if they made a program for the computer to act as an authenticator, then someone who uses malware to take people's accounts could probably use the info that the malware collects to reverse engineer the number generation in order to predict an authenticator code. In fact, all it would take is three accurate guesses to steal someone's account (one to get into the target's Battle.net page, and two to remove the authenticator).
Post by
Interest
And then there's the problem of if you lose the authenticator....
It's called keeping the serial key filed away and when you lose it just call Blizzard and get it removed. :D
Hmm. Good point. But wouldn't the mandatory need for an Authenticator cause the account to become frozen for a time?
Post by
Strandvaskeren
The easiest way to go about doing this is to either A. hand out authenticators with cataclysm or B. Create a program for your computer or if it's possible, a personal browser authenticator program.
NO! The whole point of adding an authenticator is that hackers seems to be able to sneak dodgy software onto your computer. All those people are being keylogged because their computers aren't kept safe or they are tricked into downloading malware somehow. Having a software authenticator on the very same computer that are being compromised by a keylogger is pointless..
An authenticator works from the concept that even if a bad guy is able to compromise your computer, he also has to be able to get hold of your keychain authenticator or the authenticator software on your cell phone to get into your wow, and that's why it needs to be on a different platform than your pc..
Post by
113166
This post was from a user who has deleted their account.
Post by
TheReal
I LOVE mine. The extra 10 seconds to login is 5000% worth it.
Pretty much this (fixed a bit). I'm 100% for making these one-time password generators mandatory, and I believe bundling them with Cataclysm is the perfect method for more-or-less securing almost everyone's accounts.
By knowing that these will be mandatory, Blizz can give advance notice to their authenticator factory that (number of active WoW accounts) - (number of authenticators in use) number of authenticators will need to be produced. Personally, I don't foresee any problems with supply.
Post by
196216
This post was from a user who has deleted their account.
Post by
Ippon
Someone on my server got hacked
even though they have
an authenticator. Don't ask me how, but that's ridiculous..
Because he's an idiot and got socially engineered.
No system can prevent against abject user idiocy, authenticators included.
Post by
Strandvaskeren
Someone on my server got hacked
even though they have
an authenticator. Don't ask me how, but that's ridiculous..
Only way I can see that happen is:
Victim wants to log into his battle.net account to add game time or whatever. He uses his battle.net bookmark, but haven't notices that some malware has changed the url, and he ends up on a false battle.net login page that looks just like the real one. He enters the required email, password and authenticator number after which the false webpage repeats those data to the real battle.net and puts the victim through to his real battle.net account page. Victim never saw anything out of the ordinary.
Thief now has Victims email, password and an authenticator number that is still valid for a minute or two. He can't change the account password or disable the authenticator without confirming with a new code from the original authenticator (which he don't have). He can however use the email, password and authenticator code to log into wow and start selling, mailing and deleting stuff, but he has to work fast, because next time Victim logs into his wow Thief will be disconnected.
How can Victim avoid this? All he has to do is log onto wow after visiting battle.net, that invalidates the authenticator code used to log into battle.net. Always follow a visit to your battle.net account with a visit to your wow account.
Oh, and don't do stupid stuff like go to a net cafe or lan party, log into your wow account and then leave it unattended while you go to the toilet.
Post by
Barkend
There are a lot of problems, mainly for those who doesn't live in countries where Blizzard have an "office", like me.
I'm from Brazil and I play in US realms. I would need to buy the autenticator in the Blizz Store, see it price grow up 200% due to taxes and wait around 2 weeks to put my hands on it.
That's is the situation of all brazilians playing WoW (some thousands), and also of people from a lot of other countries.
Post by
322464
This post was from a user who has deleted their account.
Post by
204878
This post was from a user who has deleted their account.
Post by
Justinmcg67
As an iPhone authenticator user, I can say that it never adds more than a few seconds to login times. Just gotta be careful to remove and re-add whenever there's an update.
I use the iPhone app as well and really like it. Became very helpful having it on the iPhone so I can log into my account if I went to a friends house or something, that way I didn't have to take the actual authenticator with me; and since I always have my phone on me it just became more practical.
iPhone+Authenticator=Win
Post by
thelaks
Thief now has Victims email, password and an authenticator number that is still valid for a minute or two. He can't change the account password or disable the authenticator without confirming with a new code from the original authenticator (which he don't have).
30 seconds. And you need two consecutive codes to disable the authenticator.
How can Victim avoid this? All he has to do is log onto wow after visiting battle.net, that invalidates the authenticator code used to log into battle.net. Always follow a visit to your battle.net account with a visit to your wow account.
You can use the same code, it's purely time-dependent.
Post by
Strandvaskeren
You can use the same code, it's purely time-dependent.
You can reuse the code used for logging into battle.net. Even though the authenticator creates a new code every 30 seconds, the authenticator server at Blizzard will actually allow the code to work for a couple of minutes to compensate for a time difference between the server time and the internal time of your authenticator.
Logging into battle.net and then reusing the same authenticator code to log into wow is possible within a time span of a minute or two.
Logging into wow and then reusing the same authenticator code for logging into wow or battle.net doesn't work. The code is scratched immediately after it's used in wow.
I've tested with two machines and my two accounts, entering the same authenticator code for both accounts and hit enter on both machines at the same time. One gets in, the other gets a message claiming I used the wrong password.. One time use only!
Battle.net doesn't invalidate your code after use, that's why it's a great idea to invalidate the code manually afterwards by logging into wow..
Post by
132826
This post was from a user who has deleted their account.
Post Reply
You are not logged in. Please
log in
to post a reply or
register
if you don't already have an account.
© 2021 Fanbyte
