The new forums will be named Coin Return (based on the most recent vote)! You can check on the status and timeline of the transition to the new forums here.
The Guiding Principles and New Rules document is now in effect.
The Blizzard Authenticator--two-factor security for an MMO
Some of you might use SecurID keyfobs at your place of work for authentication. Press a little button, up pops some number, you enter that with your usual login and password, and you're logged in to your work PC. Pretty secure stuff, since it means keyloggers and such suddenly aren't good enough anymore, you also need a good pickpocket.
On sale as of today (I guess) for $6.50 ($7 after tax and ground shipping), you can add these to your WoW account(s) (and maybe other Blizzard accounts in the future), and from then on it'll require your current SecurID number along with your login and password. Nerdy as all hell on the one hand, but on the other, what's seven bucks to guard against possibly hundreds of dollars of loss?
Anyone else gonna buy one of these things, or have any experiences using similar systems elsewhere? Any problems with them or that sort of thing?
(e: I wonder if this is more MMO Extravaganza or G&T Proper material?)
Munkus BeaverYou don't have to attend every argument you are invited to.Philosophy: Stoicism. Politics: Democratic SocialistRegistered User, ClubPAregular
edited June 2008
Aha, holy shit that's pretty awesome.
Munkus Beaver on
Humor can be dissected as a frog can, but dies in the process.
It's pretty sad that it's come to this, but it sounds effective. The only thing I don't like is that it costs extra, even though the cost is minimal. The gadget should be free, since it's extra work for the customers and the accounts that aren't getting hacked aren't taking up customer support dollars.
One thing I've always wondered... what're the real numbers on account theft? Do any companies (ie Blizzard) release data on that? I know ArenaNet has tackled the account-theft issue pretty heavily in GW but I never saw numbers on exactly how big the problem was. And what percentage of it is just the result of people being stupid, rather than people being maliciously targeted?
But man, what does it say about the state of online gaming that an external security device is now a reasonable precaution?
HarshLanguage on
> turn on light Good start to the day. Pity it's going to be the worst one of your life. The light is now on.
But really, most cases of account theft I know about were of people giving their PW to someone for one thing and then being surprised to find out that all their stuff was nicked. There's no defence against stupidity, unfortunately.
There's already a FREE character password protection as seen in MAPLE STORY or REQUIEM BLOODYMARE...
I don't see any reason why Bliz can't do the same...
There's already a FREE character password protection as seen in MAPLE STORY or REQUIEM BLOODYMARE...
I don't see any reason why Bliz can't do the same...
Probably because a software solution isn't any more secure than a password. It's just another bit of data stored on your computer that needs to be stolen. In this case, the data required to log into your account only exists in a physical device and on Blizzard's servers.
Will my Blizzard Authenticator work while I am traveling? Will it work in other countries?
No, the Blizzard Authenticator includes a GPS linked inhibitor circuit that disables its use outside of the United States.
Real answer: Yes, the Blizzard Authenticator will work anywhere you can log in to World of Warcraft.
How is that even a valid question? The person who would ask that probably doesn't even know how to install World of Warcraft, let alone be concerned about their accounts security.
There's already a FREE character password protection as seen in MAPLE STORY or REQUIEM BLOODYMARE...
I don't see any reason why Bliz can't do the same...
Probably because a software solution isn't any more secure than a password. It's just another bit of data stored on your computer that needs to be stolen. In this case, the data required to log into your account only exists in a physical device and on Blizzard's servers.
Arguably, the Maplestory authentication process is all server side. After entering your password, you go through a enter-a-date process into a randomly generated keypad that can only be accessed via your mouse. The order of the numbers that you input is also different each time. It's not as simple as buying a keychain, but it is free security.
Dyrwen66 on
Just an ancient PA person who doesn't leave the house much.
Will my Blizzard Authenticator work while I am traveling? Will it work in other countries?
No, the Blizzard Authenticator includes a GPS linked inhibitor circuit that disables its use outside of the United States.
Real answer: Yes, the Blizzard Authenticator will work anywhere you can log in to World of Warcraft.
How is that even a valid question? The person who would ask that probably doesn't even know how to install World of Warcraft, let alone be concerned about their accounts security.
Wait what. How will you get a new number in another country? I'm guessing it works off a cell-phone line, which allows for the GPS feature. This would suck for people traveling overseas, or people moving overseas.
I don't have that much security for my online banking, let alone a game where virtual mans hit each other
My bank offers more security, also in the form of this device, but then with some additional numbers to punch in. I do consider this a bit of an overdose, though. I mean, geez, it's just a game.
There's already a FREE character password protection as seen in MAPLE STORY or REQUIEM BLOODYMARE...
I don't see any reason why Bliz can't do the same...
Probably because a software solution isn't any more secure than a password. It's just another bit of data stored on your computer that needs to be stolen. In this case, the data required to log into your account only exists in a physical device and on Blizzard's servers.
Arguably, the Maplestory authentication process is all server side. After entering your password, you go through a enter-a-date process into a randomly generated keypad that can only be accessed via your mouse. The order of the numbers that you input is also different each time. It's not as simple as buying a keychain, but it is free security.
Oh, like my military pay site where I have to click my PIN, even though no matter what number I click, it enters 888888 and I haven't been able to see my pay for 2 years.
It's pretty sad that it's come to this, but it sounds effective. The only thing I don't like is that it costs extra, even though the cost is minimal. The gadget should be free, since it's extra work for the customers and the accounts that aren't getting hacked aren't taking up customer support dollars.
Blizzard should definitely start including it in the next run they do of retail WoW copies, though personally I don't think it's a big deal that they're sinking the costs of mass-producing these suckers by selling to existing customers (many of whom are already happy with their current level of security).
As for software versus hardware authentication, it's two different levels. Software costs less and is less effective. This solution is more secure and costs more for Blizzard, hence the price tag.
OremLK on
My zombie survival life simulator They Don't Sleep is out now on Steam if you want to check it out.
It's pretty sad that it's come to this, but it sounds effective. The only thing I don't like is that it costs extra, even though the cost is minimal. The gadget should be free, since it's extra work for the customers and the accounts that aren't getting hacked aren't taking up customer support dollars.
Blizzard should definitely start including it in the next run they do of retail WoW copies, though personally I don't think it's a big deal that they're sinking the costs of mass-producing these suckers by selling to existing customers (many of whom are already happy with their current level of security).
As for software versus hardware authentication, it's two different levels. Software costs less and is less effective. This solution is more secure and costs more for Blizzard, hence the price tag.
A one-time fee that costs less than how much it does for moving some data between two computers? I'd say they're not profiting much if at all on these things.
I kind of doubt 7bux is gonna cover for the cost of the doodad, shipping, paying a guy to watch over the database maintaining associations between doodads and accounts, implementing it into WoW, etc--even if every single subscriber bought one
But to me that's beside the point, to me the point is that I put a fukken lot of time into my account, even with only one 70, and I'd hate to see that disappear in another Flash fiasco or something that catches me off guard similarly
Probably more the "paying a guy" and shipping part than anything else (I bet these things cost jack to make)... not sure if they're making you pay S&H or not though.
OremLK on
My zombie survival life simulator They Don't Sleep is out now on Steam if you want to check it out.
Probably more the "paying a guy" and shipping part than anything else (I bet these things cost jack to make)... not sure if they're making you pay S&H or not though.
When I ordered mine the doodad was $6.50 and like 40 cents tax, so no--unless I guess you choose faster shipping
This is all Blizzard's secret plan to stop people from account sharing. How am I supposed to log onto my friend's account to transmute a primal if I don't have his dongle??
I kind of doubt 7bux is gonna cover for the cost of the doodad, shipping, paying a guy to watch over the database maintaining associations between doodads and accounts, implementing it into WoW, etc--even if every single subscriber bought one
But to me that's beside the point, to me the point is that I put a fukken lot of time into my account, even with only one 70, and I'd hate to see that disappear in another Flash fiasco or something that catches me off guard similarly
$7 is a good insurance premium
I agree, seven dollars is just a ridiculously good deal to basically 100% insure nothing will happen to your Blizzard account.
I've never in my life used anti-virus software, nor have I ever contracted a virus or had my WoW account compromised.
But for seven dollars, it's kind of like "why not"? I think i'm going to order one just for the peace of mind.
I offer an alternate security solution for your WoW account, delivered instantly, that doesn't require you to carry around some stupid clunky keychain: have a brain. ie, don't give out your account name and password to anyone, ever, in-game or out, don't visit suspicious websites, keep your antivirus up-to-date, don't enter your password on phishing sites, etc.
Finally, the answer to one of my key (pun intended) questions.
What happens if I lose my Blizzard Authenticator? Do I lose the account it’s linked to?
If you lose your Blizzard Authenticator, you will need to contact Blizzard’s billing and account services team for assistance. Our representatives will be able to assist you with regaining account access by verifying certain secure information with you.
Now, disclaimer time: I work a call-in helpdesk on second shift, otherwise known as the VPN & HR shift (because the vastest majority of your calls are going to be employees trying to get in on the VPN, or to the HR site to view/change their benefits/paychecks). I have three of those key fobs within arm's length of my desk and a fourth around my neck. It looks like I'm about to own one...
They work by having an algorithm (spelling?) that produces a predictable seed of 'random' numbers -- there is no GPS, there is no satellite, there is no cell phone connection. Basically a clock that produces a new number every minute or so (some of them simply store a list and give it to you in that order).
RE: The "Get a Brain" crack. This will work about 98 percent of the time. But as the flashplayer vulnerability recently showed us, there are exceptions. Is a 2 percent chance worth a one-time 7 buck fee?
Yeah, the flash vuln had like what.... 30.000 websites up in the first 24 hours? Each one, if you happened to just go to it (No clicking, downloading, entering pw, your AV/FW didn't stop it), you were infected. It took a while for adobe to release a fixed patch too. I saw the warning on the G&T main page when I woke up and linked my guild to it, and a link to noscript, but it took a while for the word to spread... Blizzard only started warning early evening on the splash page (And that was a sign of the significance itself, how worried they were).
If this thing gets to europe, I'll buy it. My account is probably a prize hit for a keylogger, with about 3k gold, another 3-5k gold in mats (mostly enchanting and heroic badges), 3 70's including a sunwell geared char. I've seen people who are not total chumps lose a lot of that when they got hit (I don't know if policy changed, but gems/enchants were not reimbursed back then, which is a significant cost hit especially when all your gold is gone too, because they don't reimburse that unless they can trace it back). E5-10 for basicly not having to worry is a great payoff.
I think even if they're not making money on the hardware/setup itself, they're probably going to end up saving overall on the manpower it takes to research and restore hacked accounts. The Pally in my guild is *still* going back and forth with them a week and a half later.
I'm paranoid enough to get it... But I'm also paranoid of the day the "authenticator" goes down and I'm disconnected in the middle of a raid and I can't get back in because my second level of security isn't working, and it will of course happen while their offices are closed.
sounds like people took my 'get a brain' comment personally I didn't mean to be insulting - I meant to say that being cautious goes much farther in life than buying new security gadgets. that Flash exploit, for instance - sounds like it was particularly insidious, but I believe you had to actively click a link to it while searching the WoW forums or something. it does make me wonder why they didn't go after bank account info instead though...
I don't know what I'd do if I had to carry around one of these things for every one of my online accounts. I'd need to wear cargo pants everywhere, for starters. If everyone's so keen on erring on the side of caution, I've got some volcano insurance to sell you... what, you say we haven't had a volcano around here in tens of thousands of years? well, don't you think we're due for one?
If a chinese gold farmer is determined enough to literally break into my home to steal my dongel, then he deserves my account.
But yes hopefully blizzard will offer a "lowjack" option for your dongel, so you can track it down if it is stolen. With an "on-star" keychain addition you can contact someone immediately.
On one hand I feel that I really have no need for this, and on the other I think of a rogue in my guild who got his account jacked (he got it back after a day). Its indeed interesting just to watch the WoW market and things like this that are needed.
sounds like people took my 'get a brain' comment personally I didn't mean to be insulting - I meant to say that being cautious goes much farther in life than buying new security gadgets. that Flash exploit, for instance - sounds like it was particularly insidious, but I believe you had to actively click a link to it while searching the WoW forums or something. it does make me wonder why they didn't go after bank account info instead though...
The market for bank info is pretty flooded and plenty of trojans target it. And the flash exploit didn't require the user to do anything but simply go to a site that had a link to the Flash object. And the numbers were around 20,000 or sites that had a redirect due to being SQL injections and other hacks. The theory that "Well I practice safe computing and so therefore I'm immune." is pretty dead. The Flash exploit was a zero day, meaning that it was found in actual use rather then Adobe or a researcher finding it.
And it's not really the first time there's been an issue like this. Thottbot and Allakazam have had issues in the past with malware coming in through banners.
Our U.S. online store is currently sold out of the Blizzard Authenticators, and we're working on obtaining additional stock. Please note that due to the nature of the technology in the device and the related manufacturing procedures, it will be several weeks before they're available again. We're working hard to expedite this process as much as possible.
We're also aware that non-U.S.-based players on our North American realms were unable to purchase the Blizzard Authenticator from the online store when it was available. This was due to shipping-related issues with our store for this device that could not be resolved by the time it first went on sale. Rather than delay the launch, we felt it was important to make the Authenticator available to as many people as possible as quickly as we could. We're continuing to work on a solution for these players and will provide an update as further progress is made.
The Authenticator helps safeguard account access against third-party programs, such as keyloggers, Trojans, and viruses, that are designed to steal players’ login information. This type of malicious code is often hidden in add-ons/mods and web pages and goes undetected until an account has been compromised and a thief has sold off the valuable items from the characters on that account for gold, which is then sold back to players by the third-party companies benefitting from this practice.
We appreciate that so many players are opting for the additional layer of security that the Authenticator provides -- playing World of Warcraft is that much more fun when you’re able to do things outside of the game, such as visit websites, with less of a worry that someone out there will be able to get access to all of your login information as a result. To learn more about how to protect yourself from people trying to steal your account name and password, please see the sticky post dedicated to this topic in our Customer Service forum.
Posts
Fine. I didn't want one anyway.
Bastards.
One thing I've always wondered... what're the real numbers on account theft? Do any companies (ie Blizzard) release data on that? I know ArenaNet has tackled the account-theft issue pretty heavily in GW but I never saw numbers on exactly how big the problem was. And what percentage of it is just the result of people being stupid, rather than people being maliciously targeted?
But man, what does it say about the state of online gaming that an external security device is now a reasonable precaution?
> turn on light
Good start to the day. Pity it's going to be the worst one of your life. The light is now on.
But really, most cases of account theft I know about were of people giving their PW to someone for one thing and then being surprised to find out that all their stuff was nicked. There's no defence against stupidity, unfortunately.
I don't see any reason why Bliz can't do the same...
Probably because a software solution isn't any more secure than a password. It's just another bit of data stored on your computer that needs to be stolen. In this case, the data required to log into your account only exists in a physical device and on Blizzard's servers.
How is that even a valid question? The person who would ask that probably doesn't even know how to install World of Warcraft, let alone be concerned about their accounts security.
Read: Blizzard telling people to play World of Warcraft at work.
I've had a raid leader who made five nights a week from his office. I always wondered who his secretary thought he was yelling at through his headset.
I wonder how well these will sell, I'd love to see the numbers.
If at least half of the reports of people having their accounts compromised are legit, then I'd say at least a couple million.
- The Four Horsemen of the Apocalypse (2017, colorized)
Wait what. How will you get a new number in another country? I'm guessing it works off a cell-phone line, which allows for the GPS feature. This would suck for people traveling overseas, or people moving overseas.
Oh, like my military pay site where I have to click my PIN, even though no matter what number I click, it enters 888888 and I haven't been able to see my pay for 2 years.
Blizzard should definitely start including it in the next run they do of retail WoW copies, though personally I don't think it's a big deal that they're sinking the costs of mass-producing these suckers by selling to existing customers (many of whom are already happy with their current level of security).
As for software versus hardware authentication, it's two different levels. Software costs less and is less effective. This solution is more secure and costs more for Blizzard, hence the price tag.
Price tag = More Profit for Bliz
PUBLIC OUTRAGED
"This is entirely unprecedented! Does their treachery know no bounds?"
NEWS AT ELEVEN
But to me that's beside the point, to me the point is that I put a fukken lot of time into my account, even with only one 70, and I'd hate to see that disappear in another Flash fiasco or something that catches me off guard similarly
$7 is a good insurance premium
When I ordered mine the doodad was $6.50 and like 40 cents tax, so no--unless I guess you choose faster shipping
:winky:
I agree, seven dollars is just a ridiculously good deal to basically 100% insure nothing will happen to your Blizzard account.
I've never in my life used anti-virus software, nor have I ever contracted a virus or had my WoW account compromised.
But for seven dollars, it's kind of like "why not"? I think i'm going to order one just for the peace of mind.
Now give me my bucks.
This will have to suffice.
Now, disclaimer time: I work a call-in helpdesk on second shift, otherwise known as the VPN & HR shift (because the vastest majority of your calls are going to be employees trying to get in on the VPN, or to the HR site to view/change their benefits/paychecks). I have three of those key fobs within arm's length of my desk and a fourth around my neck. It looks like I'm about to own one...
They work by having an algorithm (spelling?) that produces a predictable seed of 'random' numbers -- there is no GPS, there is no satellite, there is no cell phone connection. Basically a clock that produces a new number every minute or so (some of them simply store a list and give it to you in that order).
RE: The "Get a Brain" crack. This will work about 98 percent of the time. But as the flashplayer vulnerability recently showed us, there are exceptions. Is a 2 percent chance worth a one-time 7 buck fee?
If this thing gets to europe, I'll buy it. My account is probably a prize hit for a keylogger, with about 3k gold, another 3-5k gold in mats (mostly enchanting and heroic badges), 3 70's including a sunwell geared char. I've seen people who are not total chumps lose a lot of that when they got hit (I don't know if policy changed, but gems/enchants were not reimbursed back then, which is a significant cost hit especially when all your gold is gone too, because they don't reimburse that unless they can trace it back). E5-10 for basicly not having to worry is a great payoff.
I'm paranoid enough to get it... But I'm also paranoid of the day the "authenticator" goes down and I'm disconnected in the middle of a raid and I can't get back in because my second level of security isn't working, and it will of course happen while their offices are closed.
I don't know what I'd do if I had to carry around one of these things for every one of my online accounts. I'd need to wear cargo pants everywhere, for starters. If everyone's so keen on erring on the side of caution, I've got some volcano insurance to sell you... what, you say we haven't had a volcano around here in tens of thousands of years? well, don't you think we're due for one?
Crazy I know.
But yes hopefully blizzard will offer a "lowjack" option for your dongel, so you can track it down if it is stolen. With an "on-star" keychain addition you can contact someone immediately.
The market for bank info is pretty flooded and plenty of trojans target it. And the flash exploit didn't require the user to do anything but simply go to a site that had a link to the Flash object. And the numbers were around 20,000 or sites that had a redirect due to being SQL injections and other hacks. The theory that "Well I practice safe computing and so therefore I'm immune." is pretty dead. The Flash exploit was a zero day, meaning that it was found in actual use rather then Adobe or a researcher finding it.
And it's not really the first time there's been an issue like this. Thottbot and Allakazam have had issues in the past with malware coming in through banners.