WoW players, you probably know this, but just in case....

rojones · 24 Jul 2008 at 16:28

hehe, some of the posts here are hilarious.

Okay so perhaps you could hack someone's account who is using one of these RSA Type device's, but lets get real, people hacking WoW account are after fast easy returns, no WoW hacker in the aid of gold farming is going to bother trying to circumvent an RSA solution, because for the grief he would have by trying to do so would severely dent his profits.

Good idea by Blizz not something I feel the need to purchase myself, but none the less a great idea.

Strife212 · 24 Jul 2008 at 16:30

Mull3t · 24 Jul 2008 at 16:31

Strife212 said:
Yeah it probably is like that. A serious hack attempt would automate both though!

You sure your not the one who writes these programs haha, you seem to be on the ball and full of ideas haha

Kazz · 24 Jul 2008 at 19:13

Well, looks like a solid bit of tech, but then again its only as good as blizzards customer services, maybe needs some tweaking

"Think a Blizzard Authenticator will keep your account from being hacked? Think again -- we've got our first known report of someone who was protecting their account with one of Blizzard's keys, and still got their character hacked down to their undies. Falkara of Aetherial Circle on Drenden apparently logged out one night and logged on the next morning to find her account stripped of everything but PvP gear, and her Authenticator no longer connected to her account.

Supposedly, to deactivate an Authenticator from an account, you need to get in touch with Billing services, and reportedly they'll then ask for a notarized statement with a picture, like a driver's license, just to remove the Authenticator. But obviously, this one was removed even without that, and we're being told that all you might need to remove the Authenticator is the answer to the user's secret question and a CD key (or even less). In other words, the fault isn't with the technology, it seems to be with the support reps on Blizzard's side of the phone line -- if they can be convinced to remove the Authenticator, the account can then be hacked.

The little keys have been selling like hotcakes since they were released -- almost everyone has figured that $6.50 was cheap for peace of mind. But while an Authenticator still does provide an extra step in security, the sad truth is that it hardly makes an account impermeable.

[Via BRK]

Update: Married IRL has more analysis, including a comment that confirms all you really need to get past the Authenticator is the user's secret question answer, usual address information, and the original CD key. If the standard for getting an Authenticator removed really is a Photo ID, it's fairly clear that Blizzard's reps aren't doing their jobs right."

link to article

Broken Hope · 24 Jul 2008 at 21:54

Yep sadly you're only as secure as the weakest link which in that case seems to be the Blizzard CS worker.

RobH · 24 Jul 2008 at 22:04

It's a good idea considering that the Windows Malicious Spyware Removal tool reported back to Microsoft that it has removed over 2 million copies of password stealing malware for online games. It's not just weak passwords that are the problem so this is a good idea, I wish PayPal would hurry up and bring it over here (They are trialing it in US, Germany and Australia).

utajoker · 25 Jul 2008 at 12:27

had my account since lauch week and still on my original password, the best way to not get hacked is to just be carful what u click on, dont click anything from the wow forums.

wordy · 25 Jul 2008 at 14:40

Mull3t said:
Its just a VPN tool. Good idea for those who are unsure of any other passwords than

wow
worldofwacraft
rogue
shaman
warrior
paladin
druid

crap, better change my password :mad:

colinuk · 25 Jul 2008 at 14:56

If these tokens are anythign like the ones used in IT, they do go wrong you know, bad numbers, out of sync, bad pins to name a few things we have to put right with tokens in work.

Good luck though...

<ColiN>

Moley · 28 Jul 2008 at 15:17

The interesting thing about these keyfobs that people don't know, is that they are known as "authenticators" as well as "authorisers".

What this means is, if you attach one of these to your account - it becomes the only way to login and authenticate yourself to the system.

See where I'm going with this?

The kiddies out there who are messing with glider or hacking tools can no longer deny it was them logged into the account - Blizzard will have them bang to rights.

chimaera · 28 Jul 2008 at 19:00

I'm pretty sure i know the answer but is this a WoW authenticator or a Blizzard authenticator? i'd be tempted to get one if it was going to be compatable with Diablo3, however the Blizzard cash cow predictor in me says i doubt it's that helpful.

Ross1234 · 28 Jul 2008 at 19:05

Mull3t said:
It syncs every 30seconds or so, so you basically have 30 seconds to type it in (dunno how works on WoW)

for example, the code will refresh

JHD9273898J

then 30 seconds later it will change

HDGB18871G

and so on. (all random)

edit: even trying to attempt to guess it would be impossible, be like trying to guess someones credit card number, or a game card number, phone top up voucher etc.

My dad has one of them to get on his computer at work The first part he has to remember, then the second part of the password is given by the device which changes every 2 minutes