Diablo III Catch-All

No. You can get a little key fob that shows a one-time password or you can install an app on a smartphone or tablet that does it.

Here's the key fob. Push the button and the screen displays the number:
IMAGE(http://us.blizzard.com/store/_images/product?productId=1100001471&type=3&loc=en-US)

I just use the app on my Android tablet but I work with a similar key fob product for client security.

[Edit] Shoptroll'ed!

I don't have a smart phone. Looks like they cost $6.50, but that's probably worth it to spare me the headache. I'm still not entirely sure how it works without a direct connection, though. If it's really random then how does Blizzard know which number is right? Does it use a seed?

LobsterMobster wrote:

Does it use a seed?

If it's anything like RSA's fobs, they're using a seed. (I think)

It's not random, it's synced to the authentication server and generated through proprietary algorithms. $6.50 is nothing. These cost my company $100 per user for hardware and license, although we aren't doing quite the bulk that Blizzard is I'm sure.

So far it's been a lot less of a hassle than I thought it would be. You have to use it everytime you log into www.battle.net but with Diablo 3 for example I only had to use it the first time. I guess it adds some sort of cookie or caches your computer's hardware signature because I didn't have to enter it again after that. It works more like the Steam computer verification so far.

Just got my account back. Looks like my WoW account got banned.

Neat!

Edit: Oh god dammit! There were two WoW accounts listed so I clicked the second one and it CREATED A NEW DAMN ACCOUNT.

Double posting is for phished noobs.

There's a serial number on the token, and you enter that into your account info. Once you do that, your token and your account are connected.

The way I understand how it works is, Blizzard has a server whose sole purpose is to spit out these numbers. It then uses your serial number to create the one-time password, which your token also generates. Because the serial number on your token is the same one that Blizzard has, they both always generate the same password. When they match, you can log on.

They create new passwords every thirty seconds or so, and each password is valid for a minute, I believe. This doesn't make you immune to phishing, though. You still need to be vigilant, because they will try to phish an authenticator password out of you, and then immediately log on and attach a different authenticator to the account.

This is all assuming the previous hacker hasn't already attached his own authenticator to the account.

LiquidMantis wrote:

$6.50 is nothing. These cost my company $100 per user for hardware and license, although we aren't doing quite the bulk that Blizzard is I'm sure.

I'm honestly surprised Blizzard isn't just packaging them in with their games at this point.

Even so, I'm 100% certain the smartphone app is an in-house copycat of the same technology that they don't pay anything for, licensing-wise.

LobsterMobster wrote:

Just got my account back. Looks like my WoW account got banned.

Neat!

That... sucks? Honestly, you're better off.

I got hacked last week as well, they have restored all my accounts on WoW, but it is currently banned. It's been turned off for almost 2 years, so I had taken the authenticator off. Needless to say I reattached that, changed all my passwords and such.

I was not being sarcastic (for once). I have no interest in playing WoW.

I put in an order for an authenticator and set up my account to text message me if there's any activity on it. Y'know, if they can put it on a cell phone they should really just make a downloadable free version. If someone has my entire computer, I have bigger problems than my Battle.net account.

I just don't really like the idea of tying my access to a tiny little fob that looks very easy to lose or break, and which will inevitably run out of batteries in a few years.

LobsterMobster wrote:

I was not being sarcastic (for once). I have no interest in playing WoW.

I put in an order for an authenticator and set up my account to text message me if there's any activity on it. Y'know, if they can put it on a cell phone they should really just make a downloadable free version. If someone has my entire computer, I have bigger problems than my Battle.net account.

I just don't really like the idea of tying my access to a tiny little fob that looks very easy to lose or break, and which will inevitably run out of batteries in a few years.

There is a mobile authenticator app for all major phones, if that's what you mean. That's what I use, not the fob, I've had it since it came out.

The fob batteries, assuming no defects, will last 8 years.

What I ended up doing was, I bought some of those 3M Command hooks and attached it to my monitor, and that's where my fob lives. I've had one since right around when Blizzard started offering them and haven't lost it yet.

Happytime Harry wrote:

There is a mobile authenticator app for all major phones, if that's what you mean. That's what I use, not the fob, I've had it since it came out.

I don't own a smart phone.

NSMike wrote:

The fob batteries, assuming no defects, will last 8 years.

What I ended up doing was, I bought some of those 3M Command hooks and attached it to my monitor, and that's where my fob lives. I've had one since right around when Blizzard started offering them and haven't lost it yet.

Suppose I do have some krazy glue I could use...

If you lose/destroy the authenticator, Blizzard support is good about removing it. You have to send them a copy of a government ID and such, but it is doable.

Beta is still live! As much fun as it was playing a battlemage wizard, the monk's flaming whirlwind kick is awesome.

If you lose/destroy the authenticator, Blizzard support is good about removing it. You have to send them a copy of a government ID and such, but it is doable.

This happened to me. I called up support and they asked for some unique detail from my account (I gave them the CC# I used when I bought Starcraft II through battle.net) and then they unbound the authenticator.

LiquidMantis wrote:

Beta is still live! As much fun as it was playing a battlemage wizard, the monk's flaming whirlwind kick is awesome.

Yeah, I think it's live until 10:00AM PST if memory serves.

Please add me to the great D3 playlist in the cloud - SpyNavy#1599

Regarding authenticators - The Old Republic has these too, and Blizzards smartphone app is leaps and bounds better. I'm glad these are finally becoming more mainsteam, it's a really easy to use and effective security option. You can set it up for your Google account as well, which I highly recommend doing.

I want to add that anyone who thinks the smartphone app is more reliable than the FOB, they should consider that any time you need to wipe your phone, you will need to sign in and detach the authenticator, wipe the phone, then reattach it after. Phones are less reliable than FOBs.

drdoak wrote:

I want to add that anyone who thinks the smartphone app is more reliable than the FOB, they should consider that any time you need to wipe your phone, you will need to sign in and detach the authenticator, wipe the phone, then reattach it after. Phones are less reliable than FOBs.

Actually you don't. All you need is a restore code, which the app gives you when you set it up (Blizzard prints, in big red letters, that you should write the code down). If you lose your phone, buy a new phone, or have to wipe your phone, you just punch that code in and it automatically detaches the authenticator so you can set it up again.

I also argue that this is no different than the case of if you lost your FOB. The only difference is that if you lose your phone, you can do all this yourself in 10 minutes, where as if you lose your FOB you have to contact Blizzard and they have to do it all for you. I think the phones are far more convenient, but Lobster points out that not everybody has a smartphone, so I'm glad that both exist.

That feature wasn't around when I actually cared about WoW, so that's a nice thing. It was quite a hassle to remove the authenticator at the time.

Ya they added the restore code for that. I had that happen on 2 consecutive iPhone upgrades when I forgot to do it.

Oh man, is this going to be a problem with Diablo III as well, now that money's going to be involved? :/

I'm sad to say that money is never not involved any more.

Hypatian wrote:

I'm sad to say that money is never not involved any more.

I meant specifically the auction house. Like an in game to out of game economy conversion "money." No ones gonna try to steal, I dunno, my Deus Ex data. this on the other hand... Break into my account, sell off my stuff some how? Hmm.

Atomicvideohead wrote:
Hypatian wrote:

I'm sad to say that money is never not involved any more.

I meant specifically the auction house. Like an in game to out of game economy conversion "money." No ones gonna try to steal, I dunno, my Deus Ex data. this on the other hand... Break into my account, sell off my stuff some how? Hmm.

This is why they're making it so easy to set up the authenticator. If you have that, then your account can't be hacked unless they also steal your FOB or your smartphone.

Another interesting thing about the authenticator and D3 is that when I would quit out and log back in a while later, I didn't have to re-authenticate. Kudos on making it easier!

ahrezmendi wrote:
Atomicvideohead wrote:
Hypatian wrote:

I'm sad to say that money is never not involved any more.

I meant specifically the auction house. Like an in game to out of game economy conversion "money." No ones gonna try to steal, I dunno, my Deus Ex data. this on the other hand... Break into my account, sell off my stuff some how? Hmm.

This is why they're making it so easy to set up the authenticator. If you have that, then your account can't be hacked unless they also steal your FOB or your smartphone.

I get that. It just bums me out, man. Dis heartening. Guess I'll have to get on getting mine set up.

Atomicvideohead wrote:
Hypatian wrote:

I'm sad to say that money is never not involved any more.

I meant specifically the auction house. Like an in game to out of game economy conversion "money." No ones gonna try to steal, I dunno, my Deus Ex data. this on the other hand... Break into my account, sell off my stuff some how? Hmm.

Doesn't the real money auction house just convert to Blizzard FunBux if you decide to cash out?

Back in Diablo II people could've just as easily hacked your realms account dumped all your gear to a mule and made their money on eBay. The authenticators just make a lot of sense even if there wasn't a Blizzard run auction house. It's good practice and as last year demonstrated gaming companies don't exactly put customer security high on the priority list :\

shoptroll wrote:
Atomicvideohead wrote:
Hypatian wrote:

I'm sad to say that money is never not involved any more.

I meant specifically the auction house. Like an in game to out of game economy conversion "money." No ones gonna try to steal, I dunno, my Deus Ex data. this on the other hand... Break into my account, sell off my stuff some how? Hmm.

Doesn't the real money auction house just convert to Blizzard FunBux? Back in Diablo II people could've just as easily hacked your realms account dumped all your gear to a mule and made their money on eBay. The authenticators just make a lot of sense even if there wasn't a Blizzard run auction house. It's good practice and as last year demonstrated gaming companies don't exactly put customer security high on the priority list :

I thought it went both ways -- fun bucks and real bucks.