Blizzard Authenticators May Become Mandatory 248
An anonymous reader writes "WoW.com is reporting that a trusted source has informed them that Blizzard is giving serious consideration to making authenticators mandatory on all World of Warcraft accounts. The authenticators function the same as ones provided by most banks — in order to log in, you must generate a number on the external device. Blizzard already provides a free iPhone app that functions as an authenticator. The source stated, 'it is a virtually forgone conclusion that it will happen.' This comes after large spates of compromised accounts left Bizzard game masters severely backlogged by restoration requests."
Re:No thanks (Score:2, Informative)
Most of them are not USB devices. Just simple fobs with a push button and cheapo LCD display.
Re:No thanks (Score:4, Informative)
They're $6.50.
http://us.blizzard.com/store/details.xml?id=1100000822 [blizzard.com]
Re:No thanks (Score:5, Informative)
The authenticator is hardly $25. In the US [blizzard.com], it's $6.50 with free shipping, and in the EU [blizzard.com] it's EUR6.99 also with free shipping. The price covers the cost of the physical unit and (obviously) the shipping. Blizzard's hardly making a killing on these.
For mobile authenticators, the Blizzard Website [blizzard.com] has more detail. The short version is that the Mobile Authenticator is available on a wide range of phones, depending on provider. Support isn't universal, though.
That said, the only time Blizzard could make Authenticators mandatory would be at a game-changing event, like the release of the next expansion. If they go ahead and do that, they'd probably throw Authenticators in the box, to automatically have near-total distribution. Their biggest concern is probably whether they can source a few million of them.
The long and short of it is that account theft is a big problem, both for Blizzard and for people who play WoW. Not everyone has a locked-down system, and phishers are using tactics formerly reserved for actual banks to try to get account info. Players have to deal with having their account possibly stolen, Blizzard has to deal with perpetual requests (some possibly fraudulent!) to restore characters/items, and the game as a whole suffers from the RMT that goes on.
I, for one, welcome our Keyfob and Mobile-Authenticating Overlords.
Re:Waste o'money (Score:3, Informative)
If you have an iPhone you can get the authenticator for free as an app, and they have said they would like to bring it to more platforms in the future (presumably android, blackberry, minmo and the other major smartphone os's).
Re:No thanks (Score:5, Informative)
You seem to have totally misunderstood how the authenticators work. They are decidedly NOT USB dongles.
An authenticator is a changing key generator, which shows you a one time key when you hit a display button. You then type this key in after entering your username and password to log onto the game. This is very similar to the RSA SecurID token my work requires I use to log onto a our VPN.
Basically the keyfob contains a psuedo random number generator which generates a new key every few seconds. The authenticating server knows the original seed, and can figure out the currently "valid" number shown on the key. Since each code is only valid for about 30 seconds, this makes is significantly harder to hack the account.
In fact this system is more secure than any system my bank uses, as very few banks in the US even give you the option of using a system like this.
The Authenticator is a good idea (Score:2, Informative)
I have been using Blizzard's Authenticator on my iPhone for a quite a while now and I'm very pleased with it. I can't imagine the devastation I would be in if my wow account got hijacked. I've spent days and nights developing my characters and It would be a huge loss if I lost them to some script kiddie.
The iPhone Authenticator is like you holding a physical key to your account. Good idea.
Re:The Authenticator is a good idea (Score:3, Informative)
For a while. You can jump through a number of hoops with Blizzard support to get the account unlinked from the authenticator.
I think it took about 48 hours when I had to do it back when my authenticator decided it no longer wanted to turn itself on.
A word of caution to any in a similar boat: CALL Blizzard. They can take a week or two to get to the email, you probably don't want to wait that long.
Re:The Authenticator is a good idea (Score:3, Informative)
It's not really script kiddies who are doing this anymore. It's all tied to the RMT "industry" - essentially, organized crime.
Re:MORE money? (Score:5, Informative)
Lest anyone think you're insightful or interesting or informative (because your post indicates you are none of these things):
Blizzard is eating the cost of shipping on these inside the US and Europe. They are charging less than $7 for them, which, in addition to the shipping, has got to be pretty near break even. I sourced tokens a couple of years back and we were quoted $10-25 each depending on the supplier.
They are also offering a free version over the iPhone/iPod and for a variety of other devices like Blackberries.
The end result is about 4-5 seconds added to your time to log in, you don't get your account (that you've spent hundreds/thousands of hours on) stolen, and when you do have a legitimate issue in game that requires support there's a better chance someone will be able to help you sooner rather than 3 days from now.
Of course, I suspect based on your post that you don't actually play this game, and probably came in here just to be smug. Is "I won't pay MORE money to play a game I ALREADY paid for" the new "I don't own/watch tv"?
Re:The Authenticator is a good idea (Score:5, Informative)
The word is lose.
Re:get used to it. this is going to be common (Score:5, Informative)
Dongles were use to curb piracy. Blizzard doesn't have that concern because of the subscription model.
However a large portion of Blizzard's customers access their WoW account from internet cafés and gaming bars. Since some of these public machines have key logging software installed, Blizzard is experiencing a large number of customer service requests complaining about "hacked" accounts. One way to counter the key logger is by requiring an Authenticator.
Currently use of the Authenticator is optional. Blizzard has learned a lesson that if it's optional it won't work because people don't see the need to spend the extra money or download a free app.
Re:So... (Score:1, Informative)
Actually, it won't. I'm currently playing WoW on Linux, with an authenticator -- no problems here.
Re:No thanks (Score:2, Informative)
I have an authenticator and not the best eyesight and do not have a problem reading the numbers. Of course, I only got the authenticator because they were giving an in-game pet with it and I am such a geek, I had to have it :) I have been playing since launch, and have never been hacked, but when one of the officers of my guild got hacked and the GB cleaned out (and it took weeks to get only 80% restored) I figured that the investment is well worth it.
Re:very wrong (Score:3, Informative)
Blizzard has _nothing_ to do with incompentence of users which allow keyloggers and stuff on their computers. The fact that Blizz allows the recovery of your items/gold on _their_ costs, is a fact that you will never find anywhere else.
That's a bit extreme. Plenty of MMOs handle theft the same way. Customers tend to not resubscribe when their stuff is stolen and never returned.
Re:get used to it. this is going to be common (Score:4, Informative)
I also worked for companies that had this problem. What I did was buy a USB card that had an internal slot, and not just all external ports. I then plugged the dongle into that. This way, if someone wanted to take the licensing controller, they would have to take the machine off the rack (decently secure datacenter, locked rack enclosure, security screws [1],) and crack it open (padlocked and sealed [2] case, intrusion sensors) which would certainly be noticed. [3]
[1]: They are not secure against a determined attacker who would slot the screw with a Dremel tool, but it will slow someone down, and be obvious to the cameras present.
[2]: http://www.americancasting.com/info-padlock-seals-xpc-2.asp [americancasting.com] is what I use on the back of cases. I could use the plastic seals, but with these, there is no excuse of "accidently" snapping one off. Disclaimer: I am not affiliated in any way with either of these products, but these do the job for the security needs.
[3]: Musicians have a similar issue. People know that certain music products have license key dongles and that if it gets stolen, the software vender will not replace them, so thieves will prowl nightclubs to look for the dongles and yank them out of laptops. My solution to this with musicians who have rackmount equipment is a 2-3U locking drawer that has a USB hub in the back and the cable threaded in such a way that a strong pull only will detach the cable, and not bring along any goodies with it.
Re:Not going to solve your problems (Score:3, Informative)