WoW: Blizzard Authenticator
Friday, June 27th, 2008 - 4:32pm
http://us.blizzard.com/support/article.xml?articleId=24660&rhtml=true
Wow, that's pretty crazy. At $6.50 that's worth it since I've been hacked once already.
Unfortunately, if I slash my wrist with my lightsaber it cauterizes instantly. - PurEvil on emo Star Wars plots.
I like how they advertise that blizzard may ask for an authentication number...you just know there will be people exploiting that. Once they get the authentication number the hacker themselves calls customer service and gets an authentication device for that account and blam once again they get into the system. I know it wont be that easy, but advertising that is just giving the hackers an extra boost that they honsetly don't need.
The Gaming Chronicles
PSN ID: Harbinger01
Steam ID: [GWJ] CrashedHardrive
Elysium wrote:
Interesting. The only time I've seen one of these devices in use was by a family member. She needed to read off a number from a credit-card sized device to log into her work accounts from home. She works for some large consulting/banking firm.
Does anyone know offhand the underlying cryptographic scheme supplied by these devices? Is it a rotating set of one-time pads? For some reason I thought the device received updates via radio, but that seems to be unncessarily introducing a weak point when it would be simple enough to receive updates by plugging it into a home base or by swapping out new ones.
In Ultima Online I used to poison hams and leave them on the ground in cities for people to pick up and eat. I can't believe how many people thought street ham was a good thing to eat. -Elliottx
I think it's a random number generator set to a certain initialization number then every x amount of time it changes numbers. Blizzard knows the initialization number you've been given and the number of iterations and thats how they check for authentication (I think).
Fletcher wrote:
Just the serial number, not necessarily anything that can be used to get the code.
Unfortunately, if I slash my wrist with my lightsaber it cauterizes instantly. - PurEvil on emo Star Wars plots.
Typically, it's a complex algorithm based on a serial number and the present date/time. Both Blizzard and the Authenticator know the algorithm. When you press the button, you get that minute's code, which Blizz then computes remotely as well. If you match, you're in. (Blizz will probably allow the code to work for a couple minutes to give you time to type it in.)
This is also called 'two factor' authentication.... you prove who you are with both something you have (the device) and something you know (your password).
As hacking gets more prevalent, you'll probably start to see more of this.
This seems a lot like the notices I've gotten from the electric company lately.
They'll be happy to buffer my house from lighting strikes that hit their system for a fee of $10+ a month. Call me crazy, but isn't that part of their job already?
I'm getting sick of people trying to get me to pay extra for what should be standard service.
GWJ Alliance on Blackhand
Lunazul - Rouge & GWJ Paparazzo
Merdee - Hunter
Lunarel - Druid
Yeah I pretty much agree with this. The only problem I see is where do people draw the line. It is obviously Blizzards responsiblity to make their data systems secure, which from what I can see they have. It is the users responsibility to keep their computers virus(keylogger) free and make sure their password is safe. The case with the lightning is the same thing as keeping the data systems secure, it is the companies responibility.
Frankly I am surprised that Blizzard even restores accounts when someone gets key logged. This extra step is something to help those unfortunate enough to get keylogged, and I think it is definitely something that will help a vast majority of people even if it only offers a peace of mind kind of deal.
The Gaming Chronicles
PSN ID: Harbinger01
Steam ID: [GWJ] CrashedHardrive
Elysium wrote:
I don't see anything wrong with this. This is really outside their job description; they're there to provide a game, in a secure way, which they've done a pretty darn good job of.
If you want extra protection against someone breaking into your computer, they're willing to sell you a device for a very reasonable fee (typically, these devices have been $100+, for the corporate-security types) that will help insure that even if you are keylogged, you won't lose anything.
I don't think it's Blizzard's responsibility to stop keyloggers, and the fact that they're willing to help is pretty cool. Asking you to cover the cost of the device doesn't seem unreasonable.
The power company protecting you against lightning strikes seems different to me; in that case, it's clearly their system that's at fault. They're charging you for something they should already provide. I think it's hard to argue that Blizzard owes us protection against hackers.
Why don't they just go to a two-tiered security system utilizing a PW and an image. Banks and credit card co's seem to feel this type of systems is pretty secure...
Artesia Druid - Tank/mDPS ~ Cyrana Mage - rDPS
BF2142 "Pod Six is jerks!"
XBL RichRambo
Honestly, I expect that Alaysha and I will each get one of these devices for safety's sake. They're priced cheap enough to pass the "heck, why not?" test.
How prevalent is key-logging? Has anyone else here been hacked besides Dr. Ghastly? Do you catch these key-logger viruses from add-ons? If my virus software is up to date, is that enough protection? What's the winning lottery number for tonight?
I'm not lost. I'm locationally challenged.
Spore Profile
Mars, out of several hundred accounts in GWJ Alliance I've known of four accounts that have gotten key logged.
"If Blizzard announces a subscription fee for Diablo III we will have to build a second Internet to make room for all the complaining." - muttonchop
One of them got hacked twice within a couple months.
That which does not kill you, still hurts like Hell. - Anonymous Soldier
None of us is as dumb as ALL of us. - Anonymous Staff Officer
Veni, Vici, Ridebam, Discedebam - "I came, I saw, I laughed, I left"
The authenticators are now on sale at Blizzard's online store.
two factor authentication is pretty much bullet proof. I'm actually a little surprised (and elated) that Blizzard rolled out a gun this big to deal with account theft.
Banks use this for corporate web initiated financial transactions almost exclusively.
Usually not, but it's possible. usually it's by clicking on ads from wowhead or thotbott is where it happens (use wow-db instead).
My guild got hit twice in a month.
Both were officers, and both cleaned out our bank.
WoW: Cuberen(70 Druid)-Dark Iron, Spacecube(70 Shaman)-Dark Iron
WAR: Cube(6 Engineer)-Iron Rock, Huntercube(15 Witch Hunter)-Iron Rock
Here is a link to the store
http://www.blizzard.com/store/details.xml?id=1100000182
I'm amazed at how many people have been hacked, particularly in the WoW blogosphere.
"And my son, too, thinks everything is a launchpad, every bug a meal, and every sunny day a reason to take all your clothes off and roll around in the grass." - rabbit
Wow - SOLD OUT in less than a week.
Artesia Druid - Tank/mDPS ~ Cyrana Mage - rDPS
BF2142 "Pod Six is jerks!"
XBL RichRambo
I run noscript and use Firefox. I change my password every 3 months or so. I use a unique password. I do all those good things, but I will say that, as a guild leader, my account is the weakest link. No matter how well my bank security is, if my account is hacked, it's all gone, and maybe even the guild is disbanded. It's a huge security weakness there. There's no "guild password" once you are logged in to make guild changes, etc.
There are some things that Blizzard won't recover. They won't give you your trade skills back if someone unlearns them. They won't rebuild your guild.
So, I was really hoping to get one of these.
-Bad Mojo
And man that dog looks like he's having a good time, but that monkey is f*cking into it. This isn't his recreation; this is his life and he knows it in a way I will never know anything. --Danjo Olivaw
Yeah these are handy as I don't think Blizzard really owes anyone anything if their account gets hacked. Getting a virus is usually not a passive thing. It usually requires action on the users part, and I am surprised blizzard even gives lost items and gold back to hacked accounts. That's really nice of them.
The Gaming Chronicles
PSN ID: Harbinger01
Steam ID: [GWJ] CrashedHardrive
Elysium wrote:
I don't use noscript, but I use AdBlock and at least 1 other content blocker.
I think the only place I allow even Flash movies to play without me actively clicking on them to play is YouTube.
We recently found that my wife had a whole lot of badness on her machine, including MULTIPLE keyloggers.
On doing some research, it's one that can travel through your router onto trusted networks.
Her system took about 3-4 hours for AdAware to scan.
So we decided I should check my system.
All I had were tracking cookies and the MRU list in normal software.
Looks like the "annoyances" in Vista can actually do some good.
"And my son, too, thinks everything is a launchpad, every bug a meal, and every sunny day a reason to take all your clothes off and roll around in the grass." - rabbit
Just got mine today and attached it to my account.Hope it works well-and I don't lose it.
They are available again... I just ordered mine.
Holy schnikies, that was fast, they're sold out again.
XBox Live / PSN: jonnypolite | WoW: Cait (Warlock) on Blackhand | Twitter
Mine STILL has not shipped. I'm getting annoyed.
ARGH I wanted to order one when they're back in stock
tell her to stop looking at the pr0n...
what would be cool is if it was a USB fob that you just could plug in and the game would automatically get he code, but I guess typing in an eight digit number isn't so terribly difficult.
"Also, I have four legs and am covered in wool. Baa!" *Legion* reveals his inner furry.
Maybe not for you "10 fingered people"...
Xbox Live : Aries GWJ PSN : AriesGWJ Spore : Ariesgwj
Malor-did you check your e-mail lately from Blizzard's store? I heard that a lot of the first authenticator orders were actually cancelled due to the fact that they exceeded their supply but didnt reflect that online yet-thus they had to send out refunds/cancellations.Is it possible you missed yours?(In which case you'll have to reorder,unfortunately.)