MYTH: Blizzard Authenticators can be hacked, removed, or bypassed by a third party.
This is another pretty straightforward myth. If you have an Authenticator or you've done the research on them, you know that they're small tokens about the size of a keychain. Their single button generates a six-digit security code that you must enter when you log into the game or the Account Management section of the website. There's also a serial number printed on the back of the token, which must be entered when you attach the authenticator to your account.
The encryption on the token is 128-bit, which is a ridiculously hard-to-crack level of security. But don't take my word for it.
To put this into perspective, the level of encryption on an Authenticator is the same level as on a bank website's account database. If someone can brute-force your Authenticator algorithm, they can hack a national bank.
Which would you pick?
Truth be told, the only real threat to your account security is much closer to home--not keeping the physical Authenticator safe. The Authenticator can only be removed from your account by providing an Authenticator-generated code, or by calling Blizzard Billing and giving them the serial number off of the back of the token. In the absence of those two, the caller must be able to provide a large amount of very personal information. There's no reason why anyone should have this kind of information besides you, unless you (for example) replied to a phishing email that asked for that kind of information. Blizzard will never ask for your password.
As usual, your account's security is in your hands. There's not a single case of an Authenticated account being compromised, so just get an Authenticator when you can. You don't even pay shipping if you're in the US.
Myth Status: BUSTED