When it comes to my wow account security, I’m an early adopter. I use a unique password of nonsense numbers and letters that make no sense and I use for nothing else. I keep all my virus and mallware scanners up to date. I never visit sites that are geared at phishing passwords (unless there is a good post involved). In fact when I first heard of Blizzard’s Original Authenticator, I bought one the very morning they went on sale before they sold out. I posted my Blizzard Authenticator review as soon as it arrived. As soon as Blizzard launched the Mobile Authenticator, I downloaded it on my 2nd gen iTouch and gave my original to my wife for her account. A few months back when I got an DroidX android powered phone which I always keep with me, I swapped over to the Android version of the Blizzard Mobile Authenticator. So since they have come out, I have tried every version of the Blizzard Authentitor except for the versions for Java powered phones. It should be rather obvious that I want to test out the new Battle.net Dial-in Authenticator.
Now this is a pretty neat concept. One of the things that is bothersome about the autenticators is the simple fact that …well you have to use them. Having to track down your keyfob or launch your app to get your code can sometimes be a nusence. I’ve been using a Battle.net Authenticator in some for or another since summer of 08. Even so, its kind of annoying. What the Dial-in Authenticator does is simply protect your account with out that code. Once Blizzard sees a login from an unrecognized IP address, the authentication part kicks in and requires an extra step. You’ll have to dial a 1-800 number, input the pin you gave it at setup, and bam…they read you off a code which you use to log in with.
Setting up with pretty simple.
- Log into battle.net
- If you have an authenticator on your account you’ll need to deactivate it. This is the same process for detaching any authenticators (except maybe the new Battle.net Dial-in Authenticators). First chose to remove authenticator. This will send an automated email to your address on file to verify that this is you doing this. Once you click that verification link in the email you’ll be able to continue onto the second step. You must now enter in 2 sequential back-to-back battle.net authenticator codes. This can take about 30 seconds as you have to wait for the 2nd code to refresh. This will verify that you are indeed wanting to do this and have the right authenticator in your hand.
- Once the account has no authenticator attached, you may add a new one (in this case, the new Battle.net Dial-in Authenticator).
- Choose which phone you will be calling from (I used my Google Voice number as it will be consistent no matter what cell phone or house number I’m calling from.)
- Then you must call the 1-800 number they give you from the phone number you gave them (aka my Google Voice #).
- You will then be prompted to enter in a pin number of your choosing. Then enter it once more to confirm.
- Profit! You are now protected!
Now I can simply log in without having to type in any pesky information besides login name and password. Since I just added this to my account this morning, I don’t have extensive test data to report on what happens when I log in elsewhere or what the process is if you want to remove the Battle.net Dial-in Authenticator. This does however leave me with a feeling of “Is it really on? Can I trust this?”. I suppose that is only natural since I’ve used this almost daily for 2+ years now. Perhaps they could add some sort of notification window when you log in. A quick half second message of “login on from a authenticated location” just as they flash up “submitting non-personal system information” from time to time. Just a thought. If anything more exciting comes up with this I’ll be sure to update my review. I’ll also be sure to post if my account is hacked by this afternoon! ;-)
Rhii November 10, 2010 at 10:53 am
Interesting! I wonder does it store authenticated locations for things like your battle.net account and the armory login also? That’s the only time I really find the authenticator bothersome, is when I am trying to log into my account preferences or something.
I may give this a try, just to see if cutting out the extra step at login is convenient. I don’t know though, I like the tangible sense of security I get from typing in the numbers.
Aurdon November 10, 2010 at 10:54 am
Rhii, as always you are genius…that’s how I’ll test. I’ll log into battle.net via my remote desktop at work and see what happens. Update later today on that.
Michael October 15, 2011 at 7:27 am
It has been almost a year, are you still using this? Do you still feel secure? Update Please.
Thanks
Aurdon November 17, 2011 at 3:21 pm
Actually no…I stopped using this the moment I got hacked. Apparently its not as secure as one would hope.
It was my first hack and I had never been hacked before with an actual authenticator. Looking back in my email it looks like I was hacked in January so I didn’t use this method for security more than two months before it failed me. Blizzard quickly restored all my items and gold (in less then 48h I believe).
Here is my email correspondence with them on it:
============================
Petition: Thank you for restoring my account so quickly. It was upsetting to be compromised but I had full faith things would be fixed in the end. I just never expected it to be fixed so quickly, THANK YOU!
Also…as with most people, I never expected for this to happen. Mostly because I’ve always had an authenticator tied to my account since the very first round came out< http://www.isheepthings.com/blog/blizzard-authenticator-hands-on/>! I’ve used the original keyfob, the iPhone app, the android app, and up until yesterday’s hack, the dial-in authenticator< http://www.isheepthings.com/blog/battle-net-dial-in-authenticator-review/>. How did this happen? Once I reset my password, I logged into bnet and found my dial-in authenticator was still attached and still pointing to my phone number. I even had to give it my original pin # to be removed. Never was the authenticator off of the account yet still my password was changed and someone robbed my account?!?!?! What gives? Nobody should have had access unless they were accessing my account through my network correct? The hack had to come from within my house right? I’m pretty computer literate and I don’t think anyone has remotely taken control of my computer and I see no unusual IPs that have access my wireless network.
Its silly but it seems the only way this could have happened was if it was an INSIDE JOB!! DUN DUn Dunnnnnnnn!!!
Any ideas here? I no longer trust the dial in auth and have moved back to the android version.. Your insight is greatly appreciated.
Answer: We are very sorry that this happened to your account and we are certainly happy to have been of assistance in restoring it. Unfortunately we are unable to say how exactly the account was compromised. The authenticators add a high level of security but they are not an absolute guarantee, as there are ways to undermine them, as must have happened in this case.
We encourage you to keep the following security tips in mind when playing World of Warcraft on any computer:
- Use up-to-date firewall, antivirus, and anti-spyware software to scan your system regularly for viruses, Trojans, and key-loggers.
- Keep your operating system and other software up-to-date and be careful when downloading new software.
- Be wary of “spoof” and scam websites and e-mails that pose as Blizzard Entertainment and request account or personal information.
- Use separate, unique passwords for your email, World of Warcraft, and any other online accounts.
- Change your passwords regularly and keep World of Warcraft account information updated using the Account Management page at http://www.worldofwarcraft.com/account/.
Additionally, we recommend following the Security Checklist on our Account Security site at http://us.battle.net/security/.
Should you require further assistance, please submit another help request the next time you are online. We hope you continue to enjoy your experience in World of Warcraft!
For any game play questions, please refer to our site at http://www.blizzard.com/support/wowgm/
===========================
So as you can see…they have no idea why it failed which is why I went back to the digital authenticator I had on my Android phone (Which also had pitfalls when you forget to detach it before factory resetting your phone)