The new forums will be named Coin Return (based on the most recent vote)! You can check on the status and timeline of the transition to the new forums here.
The Guiding Principles and New Rules document is now in effect.

The Blizzard Authenticator--two-factor security for an MMO

LednehLedneh shinesquawkRegistered User regular
edited July 2008 in MMO Extravaganza
Some of you might use SecurID keyfobs at your place of work for authentication. Press a little button, up pops some number, you enter that with your usual login and password, and you're logged in to your work PC. Pretty secure stuff, since it means keyloggers and such suddenly aren't good enough anymore, you also need a good pickpocket.

Blizzard thought that was a good idea too.

product.jpg

On sale as of today (I guess) for $6.50 ($7 after tax and ground shipping), you can add these to your WoW account(s) (and maybe other Blizzard accounts in the future), and from then on it'll require your current SecurID number along with your login and password. Nerdy as all hell on the one hand, but on the other, what's seven bucks to guard against possibly hundreds of dollars of loss?

Anyone else gonna buy one of these things, or have any experiences using similar systems elsewhere? Any problems with them or that sort of thing?

(e: I wonder if this is more MMO Extravaganza or G&T Proper material?)

Ledneh on
«1

Posts

  • Munkus BeaverMunkus Beaver You don't have to attend every argument you are invited to. Philosophy: Stoicism. Politics: Democratic SocialistRegistered User, ClubPA regular
    edited June 2008
    Aha, holy shit that's pretty awesome.

    Munkus Beaver on
    Humor can be dissected as a frog can, but dies in the process.
  • ThreepioThreepio New Westminster, BCRegistered User regular
    edited June 2008
    *This product can only be shipped to the United States

    Fine. I didn't want one anyway.

    Bastards.

    Threepio on
    142.jpg
  • HarshLanguageHarshLanguage Registered User regular
    edited June 2008
    It's pretty sad that it's come to this, but it sounds effective. The only thing I don't like is that it costs extra, even though the cost is minimal. The gadget should be free, since it's extra work for the customers and the accounts that aren't getting hacked aren't taking up customer support dollars.

    One thing I've always wondered... what're the real numbers on account theft? Do any companies (ie Blizzard) release data on that? I know ArenaNet has tackled the account-theft issue pretty heavily in GW but I never saw numbers on exactly how big the problem was. And what percentage of it is just the result of people being stupid, rather than people being maliciously targeted?

    But man, what does it say about the state of online gaming that an external security device is now a reasonable precaution?

    HarshLanguage on
    QSwearing_trans_smooth_small.gif
    > turn on light

    Good start to the day. Pity it's going to be the worst one of your life. The light is now on.
  • AldoAldo Hippo Hooray Registered User regular
    edited June 2008
    Looks less intrusive than GameGuard. :^:

    But really, most cases of account theft I know about were of people giving their PW to someone for one thing and then being surprised to find out that all their stuff was nicked. There's no defence against stupidity, unfortunately.

    Aldo on
  • DisDis Registered User regular
    edited June 2008
    There's already a FREE character password protection as seen in MAPLE STORY or REQUIEM BLOODYMARE...
    I don't see any reason why Bliz can't do the same...

    Dis on
    [SIGPIC][/SIGPIC]
  • GarthorGarthor Registered User regular
    edited June 2008
    Dis wrote: »
    There's already a FREE character password protection as seen in MAPLE STORY or REQUIEM BLOODYMARE...
    I don't see any reason why Bliz can't do the same...

    Probably because a software solution isn't any more secure than a password. It's just another bit of data stored on your computer that needs to be stolen. In this case, the data required to log into your account only exists in a physical device and on Blizzard's servers.

    Garthor on
  • meatflowermeatflower Registered User regular
    edited June 2008
    I love the FAQ for this.
    Will my Blizzard Authenticator work while I am traveling? Will it work in other countries?

    No, the Blizzard Authenticator includes a GPS linked inhibitor circuit that disables its use outside of the United States.
    Real answer: Yes, the Blizzard Authenticator will work anywhere you can log in to World of Warcraft.

    How is that even a valid question? The person who would ask that probably doesn't even know how to install World of Warcraft, let alone be concerned about their accounts security.

    meatflower on
    archer_sig-2.jpg
  • GarthorGarthor Registered User regular
    edited June 2008
    I prefer:
    Can I keep one Blizzard Authenticator at home and another at work, and have both associated to the same account?

    Read: Blizzard telling people to play World of Warcraft at work.

    Garthor on
  • BasilBasil Registered User regular
    edited June 2008
    Garthor wrote: »
    I prefer:
    Can I keep one Blizzard Authenticator at home and another at work, and have both associated to the same account?

    Read: Blizzard telling people to play World of Warcraft at work.

    I've had a raid leader who made five nights a week from his office. I always wondered who his secretary thought he was yelling at through his headset.

    I wonder how well these will sell, I'd love to see the numbers.

    Basil on
    9KmX8eN.jpg
  • korodullinkorodullin What. SCRegistered User regular
    edited June 2008
    Basil wrote: »
    Garthor wrote: »
    I prefer:
    Can I keep one Blizzard Authenticator at home and another at work, and have both associated to the same account?

    Read: Blizzard telling people to play World of Warcraft at work.

    I've had a raid leader who made five nights a week from his office. I always wondered who his secretary thought he was yelling at through his headset.

    I wonder how well these will sell, I'd love to see the numbers.

    If at least half of the reports of people having their accounts compromised are legit, then I'd say at least a couple million.

    korodullin on
    ZvOMJnu.png
    - The Four Horsemen of the Apocalypse (2017, colorized)
  • Dyrwen66Dyrwen66 the other's insane Denver CORegistered User regular
    edited June 2008
    Garthor wrote: »
    Dis wrote: »
    There's already a FREE character password protection as seen in MAPLE STORY or REQUIEM BLOODYMARE...
    I don't see any reason why Bliz can't do the same...

    Probably because a software solution isn't any more secure than a password. It's just another bit of data stored on your computer that needs to be stolen. In this case, the data required to log into your account only exists in a physical device and on Blizzard's servers.
    Arguably, the Maplestory authentication process is all server side. After entering your password, you go through a enter-a-date process into a randomly generated keypad that can only be accessed via your mouse. The order of the numbers that you input is also different each time. It's not as simple as buying a keychain, but it is free security.

    Dyrwen66 on
    Just an ancient PA person who doesn't leave the house much.
  • WrenWren ninja_bird Registered User regular
    edited June 2008
    I don't have that much security for my online banking, let alone a game where virtual mans hit each other

    Wren on
    tf2sig.jpg
    TF2 - Wren BF3: Wren-fu
  • tehmarkentehmarken BrooklynRegistered User regular
    edited June 2008
    meatflower wrote: »
    I love the FAQ for this.
    Will my Blizzard Authenticator work while I am traveling? Will it work in other countries?

    No, the Blizzard Authenticator includes a GPS linked inhibitor circuit that disables its use outside of the United States.
    Real answer: Yes, the Blizzard Authenticator will work anywhere you can log in to World of Warcraft.

    How is that even a valid question? The person who would ask that probably doesn't even know how to install World of Warcraft, let alone be concerned about their accounts security.

    Wait what. How will you get a new number in another country? I'm guessing it works off a cell-phone line, which allows for the GPS feature. This would suck for people traveling overseas, or people moving overseas.

    tehmarken on
  • AldoAldo Hippo Hooray Registered User regular
    edited June 2008
    Wren wrote: »
    I don't have that much security for my online banking, let alone a game where virtual mans hit each other
    My bank offers more security, also in the form of this device, but then with some additional numbers to punch in. I do consider this a bit of an overdose, though. I mean, geez, it's just a game.

    Aldo on
  • BikkstahBikkstah Registered User regular
    edited June 2008
    Dyrwen66 wrote: »
    Garthor wrote: »
    Dis wrote: »
    There's already a FREE character password protection as seen in MAPLE STORY or REQUIEM BLOODYMARE...
    I don't see any reason why Bliz can't do the same...

    Probably because a software solution isn't any more secure than a password. It's just another bit of data stored on your computer that needs to be stolen. In this case, the data required to log into your account only exists in a physical device and on Blizzard's servers.
    Arguably, the Maplestory authentication process is all server side. After entering your password, you go through a enter-a-date process into a randomly generated keypad that can only be accessed via your mouse. The order of the numbers that you input is also different each time. It's not as simple as buying a keychain, but it is free security.


    Oh, like my military pay site where I have to click my PIN, even though no matter what number I click, it enters 888888 and I haven't been able to see my pay for 2 years.

    Bikkstah on
  • OremLKOremLK Registered User regular
    edited June 2008
    It's pretty sad that it's come to this, but it sounds effective. The only thing I don't like is that it costs extra, even though the cost is minimal. The gadget should be free, since it's extra work for the customers and the accounts that aren't getting hacked aren't taking up customer support dollars.

    Blizzard should definitely start including it in the next run they do of retail WoW copies, though personally I don't think it's a big deal that they're sinking the costs of mass-producing these suckers by selling to existing customers (many of whom are already happy with their current level of security).

    As for software versus hardware authentication, it's two different levels. Software costs less and is less effective. This solution is more secure and costs more for Blizzard, hence the price tag.

    OremLK on
    My zombie survival life simulator They Don't Sleep is out now on Steam if you want to check it out.
  • DisDis Registered User regular
    edited June 2008
    OremLK wrote: »
    It's pretty sad that it's come to this, but it sounds effective. The only thing I don't like is that it costs extra, even though the cost is minimal. The gadget should be free, since it's extra work for the customers and the accounts that aren't getting hacked aren't taking up customer support dollars.

    Blizzard should definitely start including it in the next run they do of retail WoW copies, though personally I don't think it's a big deal that they're sinking the costs of mass-producing these suckers by selling to existing customers (many of whom are already happy with their current level of security).

    As for software versus hardware authentication, it's two different levels. Software costs less and is less effective. This solution is more secure and costs more for Blizzard, hence the price tag.

    Price tag = More Profit for Bliz

    Dis on
    [SIGPIC][/SIGPIC]
  • OremLKOremLK Registered User regular
    edited June 2008
    Well, I won't deny that. But short of simply packaging it with retail copies of WoW, they had to charge something, even if just shipping & handling.

    OremLK on
    My zombie survival life simulator They Don't Sleep is out now on Steam if you want to check it out.
  • WrenWren ninja_bird Registered User regular
    edited June 2008
    they're doing it for the consumers and not to make a nice chunk of change. suuuure

    Wren on
    tf2sig.jpg
    TF2 - Wren BF3: Wren-fu
  • OremLKOremLK Registered User regular
    edited June 2008
    Believe it or not, it can be both.

    OremLK on
    My zombie survival life simulator They Don't Sleep is out now on Steam if you want to check it out.
  • GarthorGarthor Registered User regular
    edited June 2008
    COMPANY ATTEMPTS TO MAKE MONEY

    PUBLIC OUTRAGED

    "This is entirely unprecedented! Does their treachery know no bounds?"

    NEWS AT ELEVEN

    Garthor on
  • OptyOpty Registered User regular
    edited June 2008
    A one-time fee that costs less than how much it does for moving some data between two computers? I'd say they're not profiting much if at all on these things.

    Opty on
  • LednehLedneh shinesquawk Registered User regular
    edited June 2008
    I kind of doubt 7bux is gonna cover for the cost of the doodad, shipping, paying a guy to watch over the database maintaining associations between doodads and accounts, implementing it into WoW, etc--even if every single subscriber bought one

    But to me that's beside the point, to me the point is that I put a fukken lot of time into my account, even with only one 70, and I'd hate to see that disappear in another Flash fiasco or something that catches me off guard similarly

    $7 is a good insurance premium

    Ledneh on
  • OremLKOremLK Registered User regular
    edited June 2008
    Probably more the "paying a guy" and shipping part than anything else (I bet these things cost jack to make)... not sure if they're making you pay S&H or not though.

    OremLK on
    My zombie survival life simulator They Don't Sleep is out now on Steam if you want to check it out.
  • LednehLedneh shinesquawk Registered User regular
    edited June 2008
    OremLK wrote: »
    Probably more the "paying a guy" and shipping part than anything else (I bet these things cost jack to make)... not sure if they're making you pay S&H or not though.

    When I ordered mine the doodad was $6.50 and like 40 cents tax, so no--unless I guess you choose faster shipping

    Ledneh on
  • rizriz Registered User regular
    edited June 2008
    This is all Blizzard's secret plan to stop people from account sharing. How am I supposed to log onto my friend's account to transmute a primal if I don't have his dongle??

    :winky:

    riz on
  • WavechaserWavechaser Registered User regular
    edited June 2008
    Ledneh wrote: »
    I kind of doubt 7bux is gonna cover for the cost of the doodad, shipping, paying a guy to watch over the database maintaining associations between doodads and accounts, implementing it into WoW, etc--even if every single subscriber bought one

    But to me that's beside the point, to me the point is that I put a fukken lot of time into my account, even with only one 70, and I'd hate to see that disappear in another Flash fiasco or something that catches me off guard similarly

    $7 is a good insurance premium

    I agree, seven dollars is just a ridiculously good deal to basically 100% insure nothing will happen to your Blizzard account.

    I've never in my life used anti-virus software, nor have I ever contracted a virus or had my WoW account compromised.

    But for seven dollars, it's kind of like "why not"? I think i'm going to order one just for the peace of mind.

    Wavechaser on
  • DiscoZombieDiscoZombie Registered User regular
    edited June 2008
    I offer an alternate security solution for your WoW account, delivered instantly, that doesn't require you to carry around some stupid clunky keychain: have a brain. ie, don't give out your account name and password to anyone, ever, in-game or out, don't visit suspicious websites, keep your antivirus up-to-date, don't enter your password on phishing sites, etc.

    Now give me my bucks.

    DiscoZombie on
  • WavechaserWavechaser Registered User regular
    edited June 2008
    It's times like this that I really wish we still had the eyeroll smiley.

    This will have to suffice.
    Smiley_Eye_Roll.gif

    Wavechaser on
  • TheEmergedTheEmerged Registered User regular
    edited July 2008
    Finally, the answer to one of my key (pun intended) questions.
    What happens if I lose my Blizzard Authenticator? Do I lose the account it’s linked to?

    If you lose your Blizzard Authenticator, you will need to contact Blizzard’s billing and account services team for assistance. Our representatives will be able to assist you with regaining account access by verifying certain secure information with you.


    Now, disclaimer time: I work a call-in helpdesk on second shift, otherwise known as the VPN & HR shift (because the vastest majority of your calls are going to be employees trying to get in on the VPN, or to the HR site to view/change their benefits/paychecks). I have three of those key fobs within arm's length of my desk and a fourth around my neck. It looks like I'm about to own one...

    They work by having an algorithm (spelling?) that produces a predictable seed of 'random' numbers -- there is no GPS, there is no satellite, there is no cell phone connection. Basically a clock that produces a new number every minute or so (some of them simply store a list and give it to you in that order).

    RE: The "Get a Brain" crack. This will work about 98 percent of the time. But as the flashplayer vulnerability recently showed us, there are exceptions. Is a 2 percent chance worth a one-time 7 buck fee?

    TheEmerged on
    Sometimes, the knights are the monsters
  • KainyKainy Pimpin' and righteous Registered User regular
    edited July 2008
    I'd expect the Get a Brain plan to include running NoScript to block any Flash that wasn't absolutely necessary.

    Kainy on
    IcyLiquid wrote: »
    There's anti-fuckery code in there now :) Sorry :)
  • SanderJKSanderJK Crocodylus Pontifex Sinterklasicus Madrid, 3000 ADRegistered User regular
    edited July 2008
    Yeah, the flash vuln had like what.... 30.000 websites up in the first 24 hours? Each one, if you happened to just go to it (No clicking, downloading, entering pw, your AV/FW didn't stop it), you were infected. It took a while for adobe to release a fixed patch too. I saw the warning on the G&T main page when I woke up and linked my guild to it, and a link to noscript, but it took a while for the word to spread... Blizzard only started warning early evening on the splash page (And that was a sign of the significance itself, how worried they were).

    If this thing gets to europe, I'll buy it. My account is probably a prize hit for a keylogger, with about 3k gold, another 3-5k gold in mats (mostly enchanting and heroic badges), 3 70's including a sunwell geared char. I've seen people who are not total chumps lose a lot of that when they got hit (I don't know if policy changed, but gems/enchants were not reimbursed back then, which is a significant cost hit especially when all your gold is gone too, because they don't reimburse that unless they can trace it back). E5-10 for basicly not having to worry is a great payoff.

    SanderJK on
    Steam: SanderJK Origin: SanderJK
  • IshtaarIshtaar Fun is underrated. Registered User regular
    edited July 2008
    I think even if they're not making money on the hardware/setup itself, they're probably going to end up saving overall on the manpower it takes to research and restore hacked accounts. The Pally in my guild is *still* going back and forth with them a week and a half later.

    I'm paranoid enough to get it... But I'm also paranoid of the day the "authenticator" goes down and I'm disconnected in the middle of a raid and I can't get back in because my second level of security isn't working, and it will of course happen while their offices are closed.

    Ishtaar on
    FFXIV: Sith Lord ~ D3: Ish ~ Steam:Ishie
  • DiscoZombieDiscoZombie Registered User regular
    edited July 2008
    sounds like people took my 'get a brain' comment personally :p I didn't mean to be insulting - I meant to say that being cautious goes much farther in life than buying new security gadgets. that Flash exploit, for instance - sounds like it was particularly insidious, but I believe you had to actively click a link to it while searching the WoW forums or something. it does make me wonder why they didn't go after bank account info instead though...

    I don't know what I'd do if I had to carry around one of these things for every one of my online accounts. I'd need to wear cargo pants everywhere, for starters. If everyone's so keen on erring on the side of caution, I've got some volcano insurance to sell you... what, you say we haven't had a volcano around here in tens of thousands of years? well, don't you think we're due for one?

    DiscoZombie on
  • WavechaserWavechaser Registered User regular
    edited July 2008
    Or you could just leave it at home with your computer.

    Crazy I know.

    Wavechaser on
  • WrenWren ninja_bird Registered User regular
    edited July 2008
    what if burglars break into your house to steal your wow account? blizzard will need a special wow home security system next

    Wren on
    tf2sig.jpg
    TF2 - Wren BF3: Wren-fu
  • WavechaserWavechaser Registered User regular
    edited July 2008
    If a chinese gold farmer is determined enough to literally break into my home to steal my dongel, then he deserves my account.

    But yes hopefully blizzard will offer a "lowjack" option for your dongel, so you can track it down if it is stolen. With an "on-star" keychain addition you can contact someone immediately.

    Wavechaser on
  • projectmayhemprojectmayhem Registered User regular
    edited July 2008
    On one hand I feel that I really have no need for this, and on the other I think of a rogue in my guild who got his account jacked (he got it back after a day). Its indeed interesting just to watch the WoW market and things like this that are needed.

    projectmayhem on
  • ThomamelasThomamelas Only one man can kill this many Russians. Bring his guitar to me! Registered User regular
    edited July 2008
    sounds like people took my 'get a brain' comment personally :p I didn't mean to be insulting - I meant to say that being cautious goes much farther in life than buying new security gadgets. that Flash exploit, for instance - sounds like it was particularly insidious, but I believe you had to actively click a link to it while searching the WoW forums or something. it does make me wonder why they didn't go after bank account info instead though...

    The market for bank info is pretty flooded and plenty of trojans target it. And the flash exploit didn't require the user to do anything but simply go to a site that had a link to the Flash object. And the numbers were around 20,000 or sites that had a redirect due to being SQL injections and other hacks. The theory that "Well I practice safe computing and so therefore I'm immune." is pretty dead. The Flash exploit was a zero day, meaning that it was found in actual use rather then Adobe or a researcher finding it.

    And it's not really the first time there's been an issue like this. Thottbot and Allakazam have had issues in the past with malware coming in through banners.

    Thomamelas on
  • TheEmergedTheEmerged Registered User regular
    edited July 2008
    Source
    Our U.S. online store is currently sold out of the Blizzard Authenticators, and we're working on obtaining additional stock. Please note that due to the nature of the technology in the device and the related manufacturing procedures, it will be several weeks before they're available again. We're working hard to expedite this process as much as possible.
    We're also aware that non-U.S.-based players on our North American realms were unable to purchase the Blizzard Authenticator from the online store when it was available. This was due to shipping-related issues with our store for this device that could not be resolved by the time it first went on sale. Rather than delay the launch, we felt it was important to make the Authenticator available to as many people as possible as quickly as we could. We're continuing to work on a solution for these players and will provide an update as further progress is made.
    The Authenticator helps safeguard account access against third-party programs, such as keyloggers, Trojans, and viruses, that are designed to steal players’ login information. This type of malicious code is often hidden in add-ons/mods and web pages and goes undetected until an account has been compromised and a thief has sold off the valuable items from the characters on that account for gold, which is then sold back to players by the third-party companies benefitting from this practice.

    http://www.worldofwarcraft.com/info/basics/antigold.html

    We appreciate that so many players are opting for the additional layer of security that the Authenticator provides -- playing World of Warcraft is that much more fun when you’re able to do things outside of the game, such as visit websites, with less of a worry that someone out there will be able to get access to all of your login information as a result. To learn more about how to protect yourself from people trying to steal your account name and password, please see the sticky post dedicated to this topic in our Customer Service forum.

    http://forums.worldofwarcraft.com/thread.html?topicId=1778038509&sid=1

    TheEmerged on
    Sometimes, the knights are the monsters
Sign In or Register to comment.