Forgot your password?
typodupeerror
Security Games

Blizzard Authenticators May Become Mandatory 248

Posted by Soulskill
from the gotta-take-off-your-shoes-too dept.
An anonymous reader writes "WoW.com is reporting that a trusted source has informed them that Blizzard is giving serious consideration to making authenticators mandatory on all World of Warcraft accounts. The authenticators function the same as ones provided by most banks — in order to log in, you must generate a number on the external device. Blizzard already provides a free iPhone app that functions as an authenticator. The source stated, 'it is a virtually forgone conclusion that it will happen.' This comes after large spates of compromised accounts left Bizzard game masters severely backlogged by restoration requests."
This discussion has been archived. No new comments can be posted.

Blizzard Authenticators May Become Mandatory

Comments Filter:
  • by timmarhy (659436) on Saturday January 09, 2010 @04:35AM (#30705728)
    it's ironic that 10 years ago many professional applications used dongles for licensing and access. now it's basiclly comming back in.

    i think it's a good thing though, if it wasn't for lax security there wouldn't be so many theifing pricks in the world. no we just need to convince credit companies to use the same level of security that a bloody computer game uses and we might all be better off.

    • Hope it's not flamebait but: You must have some huge balls on you, using 'ironic' on Slashdot and thinking that you're not going to get a firm talking to for your use of the word.

    • by Bill_the_Engineer (772575) on Saturday January 09, 2010 @10:35AM (#30707134)

      Dongles were use to curb piracy. Blizzard doesn't have that concern because of the subscription model.

      However a large portion of Blizzard's customers access their WoW account from internet cafés and gaming bars. Since some of these public machines have key logging software installed, Blizzard is experiencing a large number of customer service requests complaining about "hacked" accounts. One way to counter the key logger is by requiring an Authenticator.

      Currently use of the Authenticator is optional. Blizzard has learned a lesson that if it's optional it won't work because people don't see the need to spend the extra money or download a free app.

    • by Chemisor (97276)

      Yeah, and where are those apps now? People hated dongles for a reason; they were inconvenient as hell. The same is true of all these ridiculous authenticator fobs; I'd ditch my bank in a second if they required one, and I certainly wouldn't have any qualms about ditching any game that requires one. But, of course, it's not like a large company like Blizzard cares about a few lost customers...

    • by Snaller (147050)

      No, the world is full of thieving pricks still - they'll just have to find other means of doing it - or attack someone else.

  • Many US banks will text or email you a one-time authentication code. It's certainly a lot cheaper than buying a piece of hardware.

    They aren't doing it this way...why?

    • Re: (Score:3, Insightful)

      by compro01 (777531)

      You want to have to go through email/text every single time you log in vs. pushing a button on a key fob and typing in 6 numbers?

      The hardware in question costs $6.50. This is a game you're already spending $15/month on.

      • Re: (Score:3, Interesting)

        by neokushan (932374)

        No doubt if Blizzard made this mandatory, they'd cover the cost of the devices themselves. Its probably not going to go down well if they suddenly prevent players logging in unless they pay an additional, one-off fee. Many people would see it as a bad precedent.
        Furthermore, they'll probably either supply them with new copies of the game, or only "enable" it (and send it out) to accounts that are more than say 3 months old (as they're arguably not going to have much worth stealing and by then the cost of the

    • Re: (Score:3, Informative)

      by slyn (1111419)

      If you have an iPhone you can get the authenticator for free as an app, and they have said they would like to bring it to more platforms in the future (presumably android, blackberry, minmo and the other major smartphone os's).

      • They already offer it on a number of platforms, but unfortunately the BlackBerry offerings are for rather ancient devices, and they do charge for them.
  • I wonder if they could give you a soft token, which works for the iphone app.
    http://images.google.com/images?q=rsa%20app%20iphone&hl=en [google.com]
    A mate showed me this, pretty damn cool. I'm not an encryption guru so I couldn't tell you how or why it's just as good as the real physical dongle but I'm sure it would be or they wouldn't release it. (Someone here will no doubt reply with more info on this)
    Shame my crappy Government remote authentication software is a couple of versions out of date for me to make use

    • Re: (Score:3, Insightful)

      by Jthon (595383)

      Blizzard does have several soft token schemes which don't require that you purchase a physical authenticator. There's an iPhone app you can get for free and use to do generate an access code. They also have apps for a few other phones available.

      The only thing they don't offer is a PC application and this is intentional. Using a PC app means some virus/trojan could run your pc authenticator and capture the code which makes it decidedly less useful.

  • I have been using Blizzard's Authenticator on my iPhone for a quite a while now and I'm very pleased with it. I can't imagine the devastation I would be in if my wow account got hijacked. I've spent days and nights developing my characters and It would be a huge loss if I lost them to some script kiddie.

    The iPhone Authenticator is like you holding a physical key to your account. Good idea.

    • Re: (Score:3, Informative)

      by Dachannien (617929)

      It's not really script kiddies who are doing this anymore. It's all tied to the RMT "industry" - essentially, organized crime.

  • by selven (1556643) on Saturday January 09, 2010 @07:47AM (#30706458)

    2008: Oh no, I forgot my password! I need to call Blizzard for help!

    2011: Oh no, I lost my authenticator! I need to call Blizzard for help!

  • Blizzfail! (Score:3, Interesting)

    by Naaythann (1416151) on Saturday January 09, 2010 @09:22AM (#30706790) Journal
    I have to admit this is quite funny, in the last few days i had my battlenet/WOW account banned for gold farming. Not played it in about a year, so i went throught the process of trying to establish what happened. Got passwords and so on reset but the git attached the said "Blizzard Activator" to my account and i'm back at square one and locked out of battlenet/WOW.
  • I think this idea is great in achieving what it is intended for. Less abuse/hacking of accounts. But what if more games take this up. Is it smart to buy a new cabinet to store all those devices now, or should I wait a bit, see if prices of cabinets drop?
  • by ukyoCE (106879) on Saturday January 09, 2010 @12:16PM (#30707706) Journal

    Let's not forget the real reason authenticators are becoming mandatory. It's because accounts are getting hacked, sure, but why are accounts getting hacked?

    Because there are idiots paying real life $$ for in-game money, which they get by hacking accounts and selling off their stuff. The customers of these websites are paying these hackers to take over people's accounts, effectively.

    Do away with the monetary incentive, and accounts wouldn't be getting hacked.

  • by cfalcon (779563) on Saturday January 09, 2010 @03:25PM (#30708982)

    I want two or more authenticators, and I want them both to be recognized as valid. For instance, if I were to buy an authenticator and then try to log in, it would look at my username, my password, and then do the calculation based on the key- if it matches, it lets me in. If not, it does not. I would like to check my username, my password, and then calculate all the keys I have tied to the account (perhaps there would be a max of five, or ten). If the input matches ANY of them, it lets me in.

    Currently, I don't have an authenticator because I travel all the time and I normally wherever I go, I at least remember to include my brain. Currently I could:

    1- Lose an authenticator.
    2- Bash it into a wall while tripping over anything.
    3- Fall into a fountain- probably it wouldn't get too wet in that time, but hey!
    4- Have it stolen- it wouldn't be useful to a thief, but they wouldn't know that.
    5- Have the battery be bad or rot.

    I've gone through a few cellphones, and a few days with no cellphone can really be bad. I would definitely not want to be on travel for two weeks and be unable to use my fancy laptop to play WoW! Especially given that with a cellphone I can go to any mall and be chatting again in a few hours if it becomes important, but for WoW you have to call up some hotline and identify yourself using whatever secret question I thought would be a great idea 4.5 years ago. The few times I've tested this hotline (granted, not in the last year), I eventually hang up because I'm bored and I can't talk to a human. I would sure hate to be doing that dance for real.

    I also don't like the loss of user freedom- currently I can call any of four RL friends up and give said friend my login info if there's something that needs to happen in game, and a few guildies would also probably work. A single authenticator would shut that down unless I was on the phone with them. Blizzard might see this as a feature: according to their extensive ToS, not even your *spouse* is allowed to log into your account.

I am a computer. I am dumber than any human and smarter than any administrator.

Working...