Blizzard Sued Over Battle.net Authentication 217
An anonymous reader writes "A man has initiated a class-action suit against Blizzard over a product used to shore up Battle.net security. Benjamin Bell alleges that Blizzard's sale of Authenticators — devices that enable basic two-tier authentication — represents deceptive and unfair additional costs to their basic games. (Blizzard sells the key fob versions for $6.50, and provides a free mobile app as an alternative. Neither are mandatory.) The complaint accuses Blizzard of making $26 million in Authenticator sales. In response, Blizzard made a statement refuting some of the complaint's claims and voicing their intention to 'vigorously defend' themselves."
This is ridiculous (Score:5, Insightful)
Not only does the $6.50 help cover postage and pay for the dongle, its completely optional and Blizzard makes the app available to as many platforms as they can. You can even install the authenticator on a Android simulator on a computer.
I'm in shock as to how entitled this person is. I honestly just can't fathom how he can claim that Blizzard "makes money" off these authenticators.
Re: (Score:2, Informative)
Shouldn't the $60 purchase price and (possible) $15 monthly fee "help cover postage and pay for the dongle"?
It's not "completely" optional, use of Diablo 3 RMAH requires it and/or the mobile app, and if you don't have a phone that can run the mobile app, then the authenticator is the only way to use an advertised feature of the game.
Blizzard does profit, however little, from the authenticators. Do you really think that they take a loss on them? Or that $6.50 is the magical round number that represents exact
Re: (Score:2)
You don't need a phone to run the mobile app. The fact that you can run android apps on a SDK on the computer has been known for a while now. See: http://www.mmo-champion.com/threads/713865-How-to-get-Battle-net-Mobile-Authenticator-COMPLETELY-free [mmo-champion.com]
Re:This is ridiculous (Score:5, Funny)
It's the principle of making the customer pay for this after the fact. If the game requires authenticators to use its features, it should come in the box.
I'm billing Ford for my gas, oil changes, and regular maintainance. I'm also suing because the advertisements showed an attractive woman in the car, and mine didn't come with one - I had to buy one separately from some "RussianBride" company. What a rip-off!
Re: (Score:2)
Thanks for the car analogy. I had this long-winded post written up about the "entitlement" of receiving the authenticator with the game, but I think your post responds in a much better manner. :)
Re: (Score:2)
Re: (Score:3)
There are three way to run authenticator;
$6.50 hardware device
App on a smart phone
App on an android simulator on your computer.
There are three ways to run it; two of which are free. The only reason to buy the dongle is for convenience.
Re:This is ridiculous (Score:5, Informative)
Re: (Score:3)
Not only does the $6.50 help cover postage and pay for the dongle, its completely optional and Blizzard makes the app available to as many platforms as they can.
Their authentication software is available for the two dominant phone os platforms, Android and iOS. That's it.
Just to put things in perspective, the Google authenticator, which is open source (Apache license), uses open authentication standards, and which could be used for free by Blizzard, can also be run from the command-line on Linux, Mac OS, and Windows, in addition to iOS, Android, and Blackberry.
You can even install the authenticator on a Android simulator on a computer.
How convenient.
First of all, Android doesn't really have a simulator, it has an emulator. It's slow. It's
Re: (Score:2)
How convenient.
First of all, Android doesn't really have a simulator, it has an emulator. It's slow. It's heavy-weight. It's not much of a solution for the average joe. Speaking as someone who works with it daily, I don't think the Android emulator is something that should be required for a consumer who wants to play a game he supposedly just purchased.
It's also neither offered by nor supported by Blizzard.
The availability of an unsupported third party product[*] does in no way lessen any onus on Blizzard to provide customers who fulfil the requirements on the box with what's otherwise needed to play the game in full. Including the auction house.
[*]: An SDK and an emulator, the set-up of which is so user-unfriendly that I'm sure a majority of Blizzard customers would give up during the initial installation, to say nothing about actually getting softwar
Re:This is ridiculous (Score:5, Insightful)
Right, because the keyfobs and shipping are free to Blizzard.
How does this guy know that Blizz made $26 mil from them? Does he have access to the sales reports? Remember, "the complaint accuses Blizzard of making $26 million in Authenticator sales." Accusing someone of making money and them -actually- making that much money is two completely different things.
Re:This is ridiculous (Score:5, Insightful)
Re:This is ridiculous (Score:5, Insightful)
His number is extremely bogus.
Even if we ignore manufacturing costs, maintenance costs, shipping costs...hell, ALL of the costs...it still means that they would have sold 4M of these dongles at $6.50 each in order to make $26M. Mind you, Blizzard offers free Android and iOS apps that do the exact same thing, and Blizzard caters to the crowd that tends to get these devices, so that would eat into sales of the dongles. Not to mention that 4M sales would represent 1/3 of the WoW players at its peak, which seems like an unreasonably high number. And the numbers only get more ridiculous from there, since even if we were to grant that Blizzard had a hefty 50% profit margin on each dongle, you'd still need to have found 8M people to have bought them.
Class actions can be useful at times. This is not one of those times. This is lunacy.
Re:This is ridiculous (Score:4, Funny)
Re:This is ridiculous (Score:4, Insightful)
Income is not the same as profit. They sold for $6.50 but it cost Blizzard much more to purchase and ship them. From a financial statement point of view making no profit from a sale is bad for the company yet Blizzard is still doing it to support their customers.
Re: (Score:2)
Income is exactly the same as profit. I think you are confusing income with revenue in your post.
Re:This is ridiculous (Score:5, Informative)
If you really want to be correct, income can be either net or gross. Gross income is revenue. Net income is profit. Because he didn't state what kind of income, he's technically still correct. </pedantic>
Re:This is ridiculous (Score:5, Funny)
Re: (Score:2, Insightful)
Technically correct is best correct.
gross income is NOT revenue (Score:2)
No, gross income is not revenue. It is revenue - cost of goods sold
Re: (Score:2)
Ever heard of an Income and expense report the balance of which is either profit or loss? In a number of dictionary entries income and revenue are synonymous.
Re: (Score:2)
Yes, I have seen an income statement. Here's blizzards:
http://finance.yahoo.com/q/is?s=ATVI [yahoo.com]
Notice it has separate lines for
Revenue, gross profit, and net income
That is because they are DIFFERENT
"Different" is when two things are not the same.. like how revenue and gross profit are not the same.
Re: (Score:2)
Fine, I will rephrase;
"Revenue is not the same a profit".
Re: (Score:2)
wow... really? you wrote all that and you couldn't be bothered to look up the definition of gross income?
gross income = revenue - cost of goods sold
Re: (Score:2)
No, revenue less costs is net income.
https://en.wiktionary.org/wiki/net_income [wiktionary.org]
Gross income is total income before costs are deducted.
https://en.wiktionary.org/wiki/gross_income [wiktionary.org]
Re: (Score:2)
gross income for a business is not the same as for your personal income:
here is the business definition of gross income
http://www.investopedia.com/terms/g/grossincome.asp [investopedia.com]
Re: (Score:2)
I don't think wiki world is a good source for that. They aren't even consistent:
"Gross income in United States tax law is receipts and gains from all sources less cost of goods sold."
per http://en.wikipedia.org/wiki/Gross_income [wikipedia.org]
That's the definition most people on this site would rightfully quote.
Re:This is ridiculous (Score:4, Insightful)
A good chunk that (if not almost all) goes for shipping, as well as to Vasco DigiPass GO6 which then is rebranded (adding extra cost).
If Blizzard wanted to make money from these, they could do very easily [1]. However, they don't.
I'm normally a critic of Blizzard, but IMHO, this is one area where they are doing something right, because two-factor authentication is a significant improvement in security.
As far as I know, this lawsuit is pointless. If one doesn't want to give Blizzard cash for an authenticator, the app that does the exact same thing is free on iOS and Android.
[1]: Phase out the apps, then require the physical authentication token to be attached to the account in order for the user to use the AH or trade with other players.
Re:This is ridiculous (Score:4, Interesting)
Theyre optional, and completely unnecessary if you use a good password. That they offer an ADDITIONAL paid service that competitors do not does not in any way obligate gamers to use the authenticators.
If they want to sell guides for creating strong passwords at $10 a pop, and they end up making $500 mil on it, who cares? Its a service that apparently people want. The man doesnt even seem to allege that the device was ineffective-- simply that it was unnecessary and he for some inexplicable reason bought it anyways.
Re: (Score:2)
But there's free options for authenticators. You can use a phone app. If you don't have a smart phone, the phone apps work on the iPod Touch, the iPad, or any Android tablet or "smart" MP3 player; they even work in the phone simulators that Apple and Google provide for free with their developer kits. Granted installing a phone simulator to run an authenticator is a pain in the ass, but it is free.
Re: (Score:2)
Hacked accounts are a loss for Blizzard. Not only do they have to staff GMs to handles these requests, they have to restore items and more often than not they can't remove the stolen items. I firmly believe the $6.50 pays for the keyfob and the postage, and that's it. If they can break even, its a net gain for them since they can reduce the GM ticket queue and free up these expenses and time for other things. Remember how they laid off 600 employees in April? (http://wow.joystiq.com/2012/04/27/the-lawbringe
Re: (Score:3)
You have to be incredibly dense not to see why they would do this. It costs them less to sell authenticators at cost than it is to constantly have staff fixing hacked accounts and having people quit over hacks.
One time fee; Consistently recurring subscription
--or--
Player hacked, costs CS manhours to fix, player potentially quits.
Which one do you think a smart business is going to choose?
Re: (Score:3)
It doesn't create revenue for Blizzard, but it does greatly reduce their support ticket volume (by directly reducing the number of compromised accounts) which allows them to hire less support staff to handle it which reduces their support overhead. There is no doubt in my mind, that despite the fact that they probably LOSE tons of money on authenticators, they "make it back" in spades saving on support costs. But this is a GOOD THING. Players who get their accounts compromised often just use it as an excuse
Going nowhere... (Score:4, Insightful)
Question #1 will be : "Did blizzard make you buy one in order to play the game, and are there any consequences to not doing so?"... "No, and No"...."Case dismissed"
Re: (Score:3)
Question #1 will be : "Did blizzard make you buy one in order to play the game, and are there any consequences to not doing so?"... "No, and No"...."Case dismissed"
No, and Yes. An authenticator is required for some aspects of some of blizzards games, such as the real money auction house in diablo 3. This requirement most certainly was not advertised during initial sales, but the real money auction house feature was advertised during initial sales as a selling point. In fact, you will find slashdot articles about the real money auction house prior to the games release.
Re:Going nowhere... (Score:5, Insightful)
not necessarily, he can always say that it wasn't well indicated on the box or website when he bought the game. So this can be applied under "false advertisement" since it doesn't tell him that he must pay additional money.
But he doesn't have to buy it -- he can pick a secure password and protect it (and protect his computer against keyloggers and other malware). When I buy a car the dealer doesn't tell me that I have to buy a car alarm with it at extra cost. Because I don't. It might be prudent, depending on where I park the car, but it's not necessary.
Re: (Score:3)
You can also for free have them set it up so that they do phone authentication when you login from a different IP address.
They May Be Evil... But No One's Car Lot Evil! (Score:2)
"When I buy a car the dealer doesn't tell me that I have to buy a car alarm with it at extra cost."
You've not bought a car from a dealer lot recently, have you?
Expect to find LoJack (even in markets where the local police have bought zero units), alarms, windshield VIN etching, clear paint protectors, sealants, rust proofing, teflon upholstery protection and a wide variety of exciting floor mats pre installed and added on to the price of every actually available car, taking them way above and beyond the "Starting From..." low, low advertized MSRP on the banners around the lot. Listen to the radio commerc
Re: (Score:2)
"When I buy a car the dealer doesn't tell me that I have to buy a car alarm with it at extra cost."
You've not bought a car from a dealer lot recently, have you?
Expect to find LoJack (even in markets where the local police have bought zero units), alarms, windshield VIN etching, clear paint protectors, sealants, rust proofing, teflon upholstery protection and a wide variety of exciting floor mats pre installed and added on to the price of every actually available car, taking them way above and beyond the "Starting From..." low, low advertized MSRP on the banners around the lot. Listen to the radio commercials where whichever "mile of cars" with "over X thousand vehicles to choose from!" has "three at this price."
"
If you fall for this, then you deserve what you get -- trumped up dealer add-ons have always been a part of the car buying game. Unless you're looking for a hard to find car (in which case you're going to just have to pay whatever the dealer asks), if you don't want a dealer add-on, just tell him you'll get the car elsewhere. He'll either remove them or write them off (since the dealer cost is a small fraction of what they are charging).
I just bought a car a few months ago, and that's exactly what I did --
Re: (Score:2)
not necessarily, he can always say that it wasn't well indicated on the box or website when he bought the game. So this can be applied under "false advertisement" since it doesn't tell him that he must pay additional money.
But he doesn't have to buy it -- he can pick a secure password and protect it (and protect his computer against keyloggers and other malware). When I buy a car the dealer doesn't tell me that I have to buy a car alarm with it at extra cost. Because I don't. It might be prudent, depending on where I park the car, but it's not necessary.
Actually your car analogy doesn't work here. When I bought my car, the dealership installed another car alarm system for higher revenue on the sale.
The analogy still applies - the car dealer installed an alarm system that you wanted, and you paid for it. If you didn't want the alarm system, you wouldn't have paid for it. The dealer may have said "Oh, too late, it's already installed, you have to pay for it", and if you don't want it, you just say "No problem, I'll buy the car at another dealer, and suddenly you'll find that the "non-removable" alarm system can suddenly be removed, or that the $499 alarm system is yours for free. They aren't going to le
Re: (Score:2)
It's a flawed analogy to begin with however, because an alarm with an immobilizer is now required, by law, in enough markets that it's part of the standard kit on just about every car on the market. There's a reason that the market for after-market stereos and alarm systems has pretty much dried up in the last few years: it's because most new cars come with stereos that are good enough for most from the factory, and all new cars come with alarms.
Of course, given that I live in one of the markets where the a
Re:Going nowhere... (Score:5, Insightful)
You have to sign into battle.net to order one, which indicates right away that you do not need one to sign into battle.net. That someone could be confused by this is absurd.
Re: (Score:2)
You have to sign into battle.net to order one, which indicates right away that you do not need one to sign into battle.net.
That's not how authentication usually works. As an admin, I also require my users to use to 2-step verification, but 2-factor authentication requirement doesn't kick in until the second time they log-in.
Free mobile version is free (Score:3)
Like TFS says, the mobile version is free. Just another moron trying to make a quick buck.
My concern with blizzard's authenticator is that they seem to have rolled their own implementation rather than adhering to an open, defined spec (HOTP/TOTP). And like so many of these services, there's no good way to move it to a new device without disabling 2FA temporarily. People do upgrade their phones, after all.
Re:Free mobile version is free (Score:4, Informative)
They introduced a "restore" feature a while back that allows you to migrate devices without removing two-factor authentication. Basically, you enter the restoration code into the new phone/device and both devices will continue to generate the same seeded code. This can also be used to extend the authenticator to multiple devices like having a smartphone and a tablet both generate the same code. This is just an ease-of-use feature, especially when sometimes you can't find one of the devices you installed your authenticator on.
Re: (Score:2)
I actually had to use the restore code last night--it didn't work. The restore code itself worked, but battle.net still said the authenticator code was wrong. It was fairly trivial to get them to remove the authenticator (enter a code sent via SMS), but by then I had "too many login attempts" and had to wait a few hours. Frustrating.
Re: (Score:2)
Not sure about if it's their own implementation or not, but it IS very easy to move to a new device.
They provide a serial number in the app, and a recover code. Simply entering both on the new mobile device and you've got a clone of the original.
Re: (Score:2)
Re: (Score:2)
I'll just leave this here. But feel free to continue thinking you know everything. Also check out RFC 4226 and 6238 and compare it with this wiki article. Enjoy!
Re: (Score:2)
Like TFS says, the mobile version is free. Just another moron trying to make a quick buck.
My concern with blizzard's authenticator is that they seem to have rolled their own implementation rather than adhering to an open, defined spec (HOTP/TOTP). And like so many of these services, there's no good way to move it to a new device without disabling 2FA temporarily. People do upgrade their phones, after all.
How is suing someone a quick buck? Unless they cave and decide to pay you off, you still have to pay filing charges, lawyer fees (providing you got one), and wait for the court date. Seems quite a hassle to be considered 'quick'.
Re: (Score:2)
Not true, you can run it in an Android development emulator.
Re: (Score:2)
Re: (Score:2)
" (in addition to the RAM your game uses)?"
Who cares? it's not like you have to leave the authenticator running while you are playing
How exactly does it work? (Score:2)
Re: (Score:2)
So your computer is so close to minimum spec that you can't run the login screen for a game and the simulator simultaneously? I mean, sure, a lot of these games are somewhat resource intensive during actual play, especially if you have the settings turned way up, but if you can't run the login screen at the same time as an Android emulator, chances are the game will be unplayable anyway.
Re: (Score:2)
Great! (Score:2)
If they win this suit, I'm going after Google to pay my phone bills since they give me the option of using SMS based authentication to protect my Gmail account.
Idiot. (Score:2)
It's not mandatory, and it's a game. A service provided to you, and a limited version that's free to use. The security problem is inherent to all MMOs -- and Blizzard is providing a way for people concerned with hacking to protect their investment in the game, at a reasonable rate. These authenticator tokens often cost a lot more than the cost of a meal at mcdonald's in other industries. The guy doesn't have a leg to stand on. He max-leveled in idiot.
Authenticator is not a Blizzard product... (Score:5, Informative)
Re:Authenticator is not a Blizzard product... (Score:4, Informative)
at $26 million, that would be 4,000,000 at 100% margin, which stretches the bounds of credulity.
Re: (Score:3)
1) Vasco advertises $6.5/unit wholesale for large batches
2) Blizzard buys large batches, then pays to customize them and then pays again to ship them to Blizzard warehouses
3) Blizzard incurs administrative overhead for processing and storage
4) Blizzard sells end-product for $6.5 and covers the cost of shipping 2 day priority ma
Sometimes free (Score:5, Interesting)
A friend of mine got hacked three times. Blizzard sent him an authenticator for free. It costs them less to send the free authenticator that keep fixing his account.
This is just someone trying to make money on a frivolous law suit.
Re: (Score:3)
A friend of mine got hacked three times. Blizzard sent him an authenticator for free. It costs them less to send the free authenticator that keep fixing his account.
What you are saying is that if they got $6.50 out of him instead of giving him the device for free, that it would have been an additional $6.50 in pure profit?
Think about that for a moment.
Re: (Score:3)
No... what they were saying was that fixing the account and ensuring a continued revenue stream of $15/mo was favourable to him cancelling the account for want of a $6.50 one-time cost.
While this is true for every account, and is an argument in favour of simply giving the things away, most accounts never get hacked, and they *do* simply give the things away to anybody with a smartphone. When they do get hacked, the labour costs for fixing the account are what makes sending the authenticator an option.
It's n
Re: (Score:2)
No,what I am saying is that Blizzard decided decrease their losses by spending $6.50 + S&H instead of spending much more every time he was hacked.
The only way it would have been pure profit is if the got $6.50 out of him without sending the device. If the device was sent the profit would be $0 ($6.50 income - $6.50 cost of goods sold).
People really need to understand the terms income, expense, cost of goods sold, and profit. It is a simple equation profit = income - (expenses+cost of goods sold).
Re: (Score:2)
People really need to understand the terms income, expense, cost of goods sold, and profit
"People" clearly includes you.
You are buying a car for $20000. Just before you sign the agreement I run in and hand you a 10% off coupon. Thats $2000 is pure profit. It doesnt matter that the car still costs you $18000.
If your friend had given blizzard $6.50 for that authenticator instead of simply accepting it gratis, its exactly equal to a $6.50 coupon that blizzard cashes in. Pure profit. A windfall.
Re: (Score:2)
Profit is money you didn't have before, What you described is not profit it is less cost. The only person possibly making profit in the transaction you describe is the person selling the car and only if it cost him less that $18000. The definition of profit deal with the seller and not the buyer. It is a simple equation profit = revenue - expenses.
This is irrelevant to the main conversation anyway. The premise of the suit is that Blizzard if profiting from the sale of authenticators and not that the plainti
Re: (Score:2)
A wizard who also happens to have a buddy at the USPS willing to hook him up with free shipping as well.
Personal Responsibility (Score:2)
Instead of taking personal responsibility for the security of their own account, they instead sue Blizzard. Blizzard CANNOT control the end user's computer (not as much as they wish they could, at least). Therefore, the security of your login credentials are the sole responsibility of the account holder. Blizzard can't keep your computer from getting infected with malware, falling for a phishing scam, or sharing your credentials with your little brother.
Easy Solution (Score:2)
2) Include a "Free Authenticator!" in every box, or mail one to people who opt to download the client.
3) Profit.
And in return he expects to get...? (Score:2)
Re: (Score:2)
Re: (Score:2)
He's the actual plaintiff. If he wins (he won't) he'll probably get some ridiculously high number while everyone else are the people who gets nothing.
Then again, he's not going to win this so it's irrelevant anyway.
Re: (Score:2)
I might as well be psychic regarding this case.
*STOP BATTLE.NET REQUIREMENT* (Score:2)
I support it simply for this:
He also seeks to stop Blizzard from requiring players to sign up for a Battle.net account.
Re: (Score:3)
Re: (Score:2)
Did I say I expect to play online games without an account?
However, I expect to play single player games *WITHOUT* a fucking online account, such as StarCraft 2 or Diablo 3.
Further more, I expect to be able to play without having to RESET MY FUCKING PASSWORD EVERYTIME MY ISP CHANGES MY IP ADDRESS. This requirement is help push people towards authenticators.
And real IDs.
Make no mistake. This isn't really about authenticators, this is about collecting real IDs.
two factor authentication is a good thing (Score:3)
So, the company did the right thing in terms of offering two factor authentication (I wish my bank would do that). They made it optional and made free apps available so that people aren't forced to use it. All of that is good.
This lawsuit is frivolous, and the guy should not only lose, but have to pay court and defense costs.
Re: (Score:2)
http://xkcd.com/936/ [xkcd.com]
Re: (Score:3)
Re: (Score:3, Funny)
Also, what's the deal with caps lock? Why the hell is that key still on the keyboard? NOBODY uses it and... I've gone waaaaaaaaaaay off-topic haven't I? I'll shut up and let the rest of the post be insightful.
I use caps lock every day, you insensitive clod! It's cruise control for cool.
Re: (Score:3)
Also, what's the deal with caps lock? Why the hell is that key still on the keyboard? NOBODY uses it
My dad uses it. It's like he's still yelling at me every time he sends me an e-mail. /cry
Re: (Score:2)
Re: (Score:3)
Actually it's likely the exact opposite. Not only do people leave the game after being hacked (or come back from hiatus, see a hacked account and leave for good), but the support costs associated with stolen and hacked accounts constituted a huge amount of support calls and contacts before authenticators. Probably after as well, but as there is not a single account compromise for account with authenticator attached (according to blizzard) their costs must have come crashing down for accounts that have authe
Re:Surprised? (Score:4, Informative)
https://encrypted.google.com/search?complete=0&hl=en&source=hp&q=battle.net%20password%20case%20sensitive&aq=f&aqi=&aql=&oq=&gs_rfai= [google.com]
It's pretty well-documented, including blue posts from Blizz staff.
Re: (Score:2)
... and yet if i change the case on my password, either in game or on the website, I get an authentication failure. Hell, that was true back when Diablo 2 was around
Fact seems to disagree with you.
Re:Surprised? (Score:4, Informative)
Actually no, i'm wrong. What the hell?
Re: (Score:3, Funny)
The stupid, it burns
Re: (Score:3)
... and claiming you know, and admitting when you discover when you were wrong, is another entirely.
Re: (Score:2)
My mind is boggling at this.
Is this new? Or has it always been this way? I swear that as of a few years ago caps-lock could cause your auth to fail.
Re:Surprised? (Score:5, Informative)
Re: (Score:2)
Funnily enough, I only found out that passwords were case insensitive in 2010.
Re:Surprised? (Score:4, Funny)
Well I just found out now, very surprising. And I thought I was uncrackable with PaSsWoRd too :(
Re:Surprised? (Score:5, Informative)
Both the username and the password are converted to uppercase before being SHA-160 hashed and fed into the SRP6 authentication algorithm.
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
How is it reasonable to play an MMO without an account?
Going back to the old standalone account system isn't any better than Battle.net. You can also have multiple Battle.net accounts, so it's not like you have to link every Blizzard game you buy to a single account.
Re: (Score:2)
Re: (Score:2)
Wrong. It is not required to use the RMAH. It's required to link a PayPal account to the RMAH or keep a RMAH balance. Buying things is easily possible without one.
There are also free alternatives to the actual keyfob.
Re: (Score:2)
You do not need the keyfob. You need an AUTHENTICATOR. And that can be had for free (on your phone) or even as a free application on your PC : http://code.google.com/p/winbma/ [google.com]
So the extra cost to get the needed authenticator is exactly $0.