Some of you might use SecurID keyfobs at your place of work for authentication. Press a little button, up pops some number, you enter that with your usual login and password, and you're logged in to your work PC. Pretty secure stuff, since it means keyloggers and such suddenly aren't good enough anymore, you also need a good pickpocket.
Blizzard thought that was a good idea too.
On sale as of today (I guess) for $6.50 ($7 after tax and ground shipping), you can add these to your WoW account(s) (and maybe other Blizzard accounts in the future), and from then on it'll require your current SecurID number along with your login and password. Nerdy as all hell on the one hand, but on the other, what's seven bucks to guard against possibly hundreds of dollars of loss?
Anyone else gonna
buy one of these things, or have any experiences using similar systems elsewhere? Any problems with them or that sort of thing?
(e: I wonder if this is more MMO Extravaganza or G&T Proper material?)
Posts
Fine. I didn't want one anyway.
Bastards.
One thing I've always wondered... what're the real numbers on account theft? Do any companies (ie Blizzard) release data on that? I know ArenaNet has tackled the account-theft issue pretty heavily in GW but I never saw numbers on exactly how big the problem was. And what percentage of it is just the result of people being stupid, rather than people being maliciously targeted?
But man, what does it say about the state of online gaming that an external security device is now a reasonable precaution?
> turn on light
Good start to the day. Pity it's going to be the worst one of your life. The light is now on.
But really, most cases of account theft I know about were of people giving their PW to someone for one thing and then being surprised to find out that all their stuff was nicked. There's no defence against stupidity, unfortunately.
I don't see any reason why Bliz can't do the same...
Probably because a software solution isn't any more secure than a password. It's just another bit of data stored on your computer that needs to be stolen. In this case, the data required to log into your account only exists in a physical device and on Blizzard's servers.
How is that even a valid question? The person who would ask that probably doesn't even know how to install World of Warcraft, let alone be concerned about their accounts security.
Read: Blizzard telling people to play World of Warcraft at work.
I've had a raid leader who made five nights a week from his office. I always wondered who his secretary thought he was yelling at through his headset.
I wonder how well these will sell, I'd love to see the numbers.
If at least half of the reports of people having their accounts compromised are legit, then I'd say at least a couple million.
- The Four Horsemen of the Apocalypse (2017, colorized)
Wait what. How will you get a new number in another country? I'm guessing it works off a cell-phone line, which allows for the GPS feature. This would suck for people traveling overseas, or people moving overseas.
Oh, like my military pay site where I have to click my PIN, even though no matter what number I click, it enters 888888 and I haven't been able to see my pay for 2 years.
Blizzard should definitely start including it in the next run they do of retail WoW copies, though personally I don't think it's a big deal that they're sinking the costs of mass-producing these suckers by selling to existing customers (many of whom are already happy with their current level of security).
As for software versus hardware authentication, it's two different levels. Software costs less and is less effective. This solution is more secure and costs more for Blizzard, hence the price tag.
Price tag = More Profit for Bliz
PUBLIC OUTRAGED
"This is entirely unprecedented! Does their treachery know no bounds?"
NEWS AT ELEVEN
But to me that's beside the point, to me the point is that I put a fukken lot of time into my account, even with only one 70, and I'd hate to see that disappear in another Flash fiasco or something that catches me off guard similarly
$7 is a good insurance premium
When I ordered mine the doodad was $6.50 and like 40 cents tax, so no--unless I guess you choose faster shipping
:winky:
I agree, seven dollars is just a ridiculously good deal to basically 100% insure nothing will happen to your Blizzard account.
I've never in my life used anti-virus software, nor have I ever contracted a virus or had my WoW account compromised.
But for seven dollars, it's kind of like "why not"? I think i'm going to order one just for the peace of mind.
Now give me my bucks.
This will have to suffice.
Now, disclaimer time: I work a call-in helpdesk on second shift, otherwise known as the VPN & HR shift (because the vastest majority of your calls are going to be employees trying to get in on the VPN, or to the HR site to view/change their benefits/paychecks). I have three of those key fobs within arm's length of my desk and a fourth around my neck. It looks like I'm about to own one...
They work by having an algorithm (spelling?) that produces a predictable seed of 'random' numbers -- there is no GPS, there is no satellite, there is no cell phone connection. Basically a clock that produces a new number every minute or so (some of them simply store a list and give it to you in that order).
RE: The "Get a Brain" crack. This will work about 98 percent of the time. But as the flashplayer vulnerability recently showed us, there are exceptions. Is a 2 percent chance worth a one-time 7 buck fee?
If this thing gets to europe, I'll buy it. My account is probably a prize hit for a keylogger, with about 3k gold, another 3-5k gold in mats (mostly enchanting and heroic badges), 3 70's including a sunwell geared char. I've seen people who are not total chumps lose a lot of that when they got hit (I don't know if policy changed, but gems/enchants were not reimbursed back then, which is a significant cost hit especially when all your gold is gone too, because they don't reimburse that unless they can trace it back). E5-10 for basicly not having to worry is a great payoff.
I'm paranoid enough to get it... But I'm also paranoid of the day the "authenticator" goes down and I'm disconnected in the middle of a raid and I can't get back in because my second level of security isn't working, and it will of course happen while their offices are closed.
I don't know what I'd do if I had to carry around one of these things for every one of my online accounts. I'd need to wear cargo pants everywhere, for starters. If everyone's so keen on erring on the side of caution, I've got some volcano insurance to sell you... what, you say we haven't had a volcano around here in tens of thousands of years? well, don't you think we're due for one?
Crazy I know.
But yes hopefully blizzard will offer a "lowjack" option for your dongel, so you can track it down if it is stolen. With an "on-star" keychain addition you can contact someone immediately.
The market for bank info is pretty flooded and plenty of trojans target it. And the flash exploit didn't require the user to do anything but simply go to a site that had a link to the Flash object. And the numbers were around 20,000 or sites that had a redirect due to being SQL injections and other hacks. The theory that "Well I practice safe computing and so therefore I'm immune." is pretty dead. The Flash exploit was a zero day, meaning that it was found in actual use rather then Adobe or a researcher finding it.
And it's not really the first time there's been an issue like this. Thottbot and Allakazam have had issues in the past with malware coming in through banners.