Authenticator
Latest
Opt-out option incoming for recent authenticator security change
If you follow WoW account security, then you've probably heard about (or personally encountered) a recent change to the way Battle.net authenticator devices work. Basically, when you log into the game, the client attempts to determine if you're logging in from your "home" computer or at least a computer you use regularly. It uses several factors to make this determination, such as your MAC address and your IP address. If the information doesn't indicate that the login is taking place from a safe machine, it'll prompt you for your authenticator code. If it is a safe computer, then you'll only be asked for your code randomly, once a week or so. The change, aimed to make authenticators less of a hassle for those who log on from the same computer quite a bit, caused an odd uproar on the official forums from players who were worried that this change somehow made their account less secure. Addressing these concerns, Blizzard Community Manager Zarhym announced today that Blizzard is working on providing an opt-out option for this convenience feature. Details were scarce since, as Zarhym noted, Blizzard hasn't quite nailed down specifics yet, but he assured players that it's something Blizzard's been looking into since the authenticator change was first announced. The full announcement post and followups are after the break.
Battle.net Mobile Authenticator now available for Windows 7 Phones
Android and iOS device users have had the luxury of using the Battle.net Mobile Authenticator, a software version of Blizzard's downright necessary keyfob authenticator, on their phones or tablets for a while now. As of today, Windows 7 Phone users can also take advantage of the Mobile Authenticator by downloading it from the Windows Phone Marketplace. At this point, there's pretty much no reason not to have an authenticator -- they're 6 bucks and free to ship for a physical device and no cost at all for a software version available for every major mobile platform. Just get it! Battle.net Mobile Authenticator for Windows® Phone 7 Devices The Battle.net Mobile Authenticator, an application for mobile phones that provides an extra layer of account security, is now available as a free download for Windows® Phone 7 devices on the Windows Phone Marketplace. The Battle.net Mobile Authenticator provides a one-time password that you use in addition to your regular account name and password when you log in to a Battle.net account to play World of Warcraft or StarCraft II. Versions for other mobile devices are also available for download here, or you can purchase a physical Battle.net Authenticator from the online Blizzard Store. Visit the Battle.net Mobile Authenticator FAQ for more information, or head to the setup page to get started after you've downloaded the application. For additional account security advice, check out our Account Security page. source
Battle.net authenticator process updated with smarter log-in detection
A substantial updated to the Battle.net authentication system was announced today. Players will soon notice a change to their authenticator log on -- it just might not appear. Blizzard's login servers and authentication system now intelligently track where your account is logging into the game from and, if you're consistently logging in on your home computer, the authentication servers will let you pass, no code needed. Blizzard wants make the authentication process less intrusive and this is a first step towards that goal. Right now, having to input a code each and every log in is a pain, sure, but it also makes me feel secure. I'm never going to say no to more security, however, and if the system is something that can accurately figure out where I am and let me on, that's great. This doesn't take into consideration the circumstance where you use an authenticator to prevent access to WoW, even from the home PC. I know some parents who use a simple password that their kids can remember but use the authenticator as the gate to prevent unwanted play. Maybe there will be an opt-out feature of some kind to always ask for the code. You can check out the Battle.net account security page or check out the Blizzard mobile site for application information. For more information on this specific change to the authenticator system, follow me after the break.
Trion's dynamic duo talks dynamic content on the RIFT podcast
The river of RIFT news and discussion seems to be swelling to flood stage these days, especially surrounding the recent world event and the upcoming 1.2 update. If your appetite for all things RIFT wasn't satiated by our recent talk with Scott Hartsman, then you'll definitely want to tune in to the latest RIFT Podcast. During the podcast, the hosts talk with Trion World's Will Cook and Cindy Bowens about dynamic content, the world event, authenticators, the wardrobe, and -- of course -- RIFT's Update 1.2. They even touch upon the controversial continued lack of guild banks and the fact that daily quests are no longer stackable. Head on over to The RIFT to glean nuggets of pure interviewee gold out of this chat!
Remote guild chat feature bugged for authenticator ranks
The new remote guild chat feature, currently available for free on the World of Warcraft mobile armory smart phone app, has run into a little bug that demoted players from authenticator to non-authenticator rank in their guilds. Blizzard's Bashiok hit the forums to explain the issue. Basically, when people were logging in to the mobile app to chat with their guilds, it signalled the guild interface that these people had logged in without an authenticator and automatically changed their rank. The issue has been hotfixed and should not affect any more players with authenticator ranks, but players currently at a rank in guild that requires an authenticator will not be able to use the service until the big hotfix tomorrow. Also, the guild chat feature has been added for every realm in the Ruin Battlegroup, so more people get to check out this really cool feature. For the full post, hit the jump.
First Core Hound Pup adoption campaign winners announced
Blizzard's Core Hound Pup Adoption Campaign is giving players the chance to win an iPad as well as boost their own account security. In an effort to get more authenticators attached to accounts, Blizzard ponied up some iPads to get the job done. Each month, a screenshot entry is chosen to win one of 12 iPads. Just take a screenshot of you and your security pup companion doing something crazy, out of the ordinary, or just plain awesome, hit up the contest rules page, and you've got a shot at winning. The first four winners have just been announced and their screenshots released. %Gallery-122048%
Security 'RIFT' has closed for iOS
The developers at Trion Worlds have given the players an active way to close the RIFT in security for the iPhone. As reported a couple of weeks ago, RIFT is following in World of Warcraft's footsteps with a mobile authenticator. Most of the time, being called a clone of WoW is a negative mark on the game, but in this case, it's a matter of personal security. RIFT launched its authenticator on the Android platform first, giving those customers more peace of mind in the wake of reports of holes in the game's security. Today, Community Manager Erick "Zann" Adams posted that the authenticator is now available for the iPhone and other iOS products as well. Because of the growing popularity of MMOs and other online games, these extra security measures are more than welcomed by the gaming community. If you are a RIFT player, then you can rush to the iTunes store or the Android market to pick up the authenticator or jump to the RIFT game site to find out more information.
RIFT bringing out a new authentication service today - but not yet
Authenticators are one of the most popular forms of account security around, giving players an extra layer of defense against hackers and keyloggers. RIFT has been dealing steadily with account security issues since launch, so the upcoming authenticator service is no surprise to players. Using a digital authenticator service, players will very soon be able to use their Android mobile devices for authentication services -- but carefully note the "soon," as the service isn't yet ready for prime time. Currently, using the authenticator will prevent players from logging in, as the code for using said authentication isn't yet in place. A new launcher will be put into place for the game later today, allowing players with Android devices use of the authentication service. While the current release is only for the Android platform, code for the iOS is being finalized, meaning that iPhone and iPad users won't be left out in the cold. So if you're playing RIFT and want to have a little more random number to go with your login, you'll soon be able to do just that. (But not quite yet.) [Thanks to Puremallace for the tip!]
"Solid one-two punch": Trion responds to account hacks
The saga of RIFT's account security woes continues, as Trion World's Scott Hartsman responded to the hacker attempts, reassuring fans curious about what steps were being taken to secure their accounts. Citing "constant attacks" since the launch of RIFT that have impacted 1% of accounts, Hartsman said that the team is blocking hackers and botnets as quickly as they are identified, but that this will also be an ongoing process. "Both the login fix and the Coin Lock addition have been doing their part in signficantly reducing overall incidents over the last 18 hours," Hartsman wrote. "Neither one is a silver bullet, but so far it is looking to be a solid one-two punch for the weekend." According to his post, Trion will be hiring additional staff to tackle the problem, and is working on a "two-factor authentication" process for the future. Hartsman also praised the efforts of the player who brought a serious log-in vulnerability to the team's attention. ZAM tracked down the player for an interview, who himself had his account hacked in early March. The player is an "ethical hacker" who owns a security software company and realized that these hacks were not the fault of the player, but an exploit that had been discovered.
RSA security hack not affecting Blizzard authenticators
Many people were quick to wonder and worry about whether the recent hacking of the RSA (the security branch of EMC) had the potential of harming Blizzard's authenticators or authentication software. Fear not, as the blues have chimed in with a response: RSA Hack and Blizzard Authenticators Pokzin, The Blizzard Authenticators are based off modified Vasco tokens. I'm sorry to hear about RSA's troubles, but it will not affect the Blizzard Authenticator. source It doesn't look like Blizzard will be harmed by this at all. As a reminder, please keep your account safe by not clicking links in emails that don't appear to be from Blizzard, always check your email headers for incoming email addresses, and if you have any questions about whether an email is legitimate, contact Blizzard first. And do please get an authenticator for your account. Check out some of our own security articles here.
Blizzard posts new account security guide
Make no mistake: it really sucks when your WoW account gets compromised. Even with the speed with which compromises are handled by the support department nowadays, it's still a pain to have to wait to get your stuff back -- and it's even worse to know that someone was in there mucking around with your dudes, you know? Blizzard's been better about helping people with account security problems recently, like giving out free authenticators to some hacked accounts and offering a free phone-in authenticator service, but in the end, a lot of the responsibility falls on you the player to keep your account secure. To that end, Blizzard has assembled a new account security guide. It's a pretty comprehensive list of the steps you can take to secure your account, from getting an authenticator to learning how to recognize phishing emails to making sure that your computer itself is secured through the use of antivirus software. Learn it, live it, love it. In account security, as in Planeteering, the power is yours.
Breakfast Topic: What made you decide to get an authenticator?
This Breakfast Topic has been brought to you by Seed, the Aol guest writer program that brings your words to WoW Insider's pages. Once again, Blizzard is encouraging its players to use authenticators to protect their Battle.net accounts. In addition to the incentive of a lovable Core Hound Pup pet provided to all World of Warcraft characters on an account that has an authenticator attached, there is now a contest going on to win an iPad for your best Core Hound Pup screenshot, and we've even received reports that free authenticators are being offered to owners of accounts that have previously been compromised. Still, incentives alone aren't enough for some players. Sometimes it takes an incident to drive the point home. For me, it was a hacking scare involving my girlfriend's account. We had just resubbed to WoW in preparation for Cataclysm and were having a blast when she got a notification from Blizzard that her account had been locked due to an unauthorized break-in. Nothing was gone, no items destroyed, no gibberish-named level 1s created, but she did have to change her password and verify to Blizzard that she was still herself. She was playing on a Mac, used Adblock and had disabled Flash on her browser, and she only visited a handful of websites on a daily basis, all very innocuous places like Gmail and WoW Insider. We figured it was an isolated incident, but just to make sure, she wiped her hard drive and reinstalled WoW. Then, a week later, it happened again. I couldn't believe it, and I still don't know how or why she was targeted, but I ordered our authenticators the very next day. We haven't had a problem since. What convinced you to get an authenticator? Was it a contest, a promotion by Blizzard, or a hacking scare? If you don't have an authenticator yet, what's holding you back?
Win an iPad during Blizzard's Core Hound Pup Adoption Campaign
Blizzard is kicking off a year-long Core Hound Pup adoption campaign and is giving away iPads for the best user-submitted epic screenshots of the Core Hound Pup in action. Two iPads will be given away each month to two lucky screenshot submitters. Follow the link over to the contest rules page, and submit your pictures for a chance at an iPad each month in 2011. The Core Hound Pup is gained by adding an authenticator to protect your Battle.net account. Every one of your World of Warcraft characters has access to this companion pet. I think this is a great idea to spread the word about authenticators and account security. Authenticators are the best first line of defense you've got to keeping your account safe, along with safe browsing habits. So do yourself and your players a favor and spread the word about Core Hound Pups and authenticators, and maybe even win an iPad out of the deal. Contest rules are available here. If your account is protected by a Battle.net Authenticator or the Battle.net Mobile Authenticator, then you already know how safe and secure your Core Hound Pup pet can make you feel. But there are plenty of players out there who can still benefit from the companionship and peace of mind that our infernal puppy provides. We're kicking off a Core Hound Pup adoption campaign and we need your help! Simply send us funny, cute, or just plain epic screenshots featuring your fiery two-headed buddy. We'll be picking two of the most memorable images each month in 2011 and awarding the winners with a brand new iPad. If you have yet to adopt a Core Hound Pup of your very own, then don't wait a moment longer, or we just might have to give you the big puppy-dog eyes. Visit our account security site to learn how to get a Battle.net Authenticator or download the Battle.net Mobile Authenticator, available through our mobile apps page or as a free download from the Apple App Store or the Android Market. Adopt a puppy! Protect your loots! Win an iPad! Read the contest rules for details and eligibility requirements, and happy screenshotting! source World of Warcraft: Cataclysm has destroyed Azeroth as we know it; nothing is the same! In WoW Insider's Guide to Cataclysm, you can find out everything you need to know about WoW's third expansion, from leveling up a new goblin or worgen to breaking news and strategies on endgame play.
The Road to Mordor: Hacked!
"My kinship had just finished an instance run about a week-and-a-half ago and was in the process of reloading back into the world when I got the message that I was being disconnected because I had just logged into the Brandywine server. Huh? Suspecting the worst, I immediately hit up the Turbine Account page and changed my password then re-logged back into the game, which would boot the hacker offline just like I had been booted minutes earlier. "I was lucky and did that before the hacker had time to switch servers to where my active characters are. Other kinmates have not been so lucky." So goes the frightening tale of Pumping Irony's Scott, who shares this in the hopes that others may avoid a similar scare. Unfortunately, it seems as though stories such as these are becoming more and more common in Lord of the Rings Online, where the worst threat to your quest may not be the eye of Sauron but the malicious intent of hackers gutting your account while you're offline. Today we're going to step off the path for a temporary side trail into the gloomy undergrowth of account security and an MMO under siege.
Blizzard launches dial-in Battle.net authenticator
Are you troubled by strange activity in your Battle.net account? Do you experience feelings of dread in your WarCraft or StarCraft games? Have you or your family ever seen a fraud, hacker, or scam? If the answer is "yes," then don't wait another minute. Pick up the phone and call the professionals: Blizzard's Dial-In Authenticator. Their courteous and efficient automated system is on call 24 hours a day to verify your identity in case of suspicious account activity. It's ready to authenticate you.
Blizzard introduces Dial-in Authenticator
If you do not have an authenticator or mobile authenticator on your account, Blizzard has just introduced an alternative. The Dial-in Authenticator, now available for those without authenticators, is a new Battle.net feature that will hopefully help those players who don't have some sort of authenticator already on their account. Here's how it works. When you sign up, you'll be asked to make a toll-free call from a specific phone of your choosing to authorize login attempts with the battle.net account. You get to assign the phone number that is used, and if there is something unusual about the login attempt on your account, you'll be asked to call the toll-free number to verify you are you. An example of unusual activity would be playing from a different location than you normally do. In other words, if a keylogger gets hold of your account information and attempts to log in, they'll be prompted to call the number -- and they won't be able to go any further, because they don't have your phone and they don't have your PIN. You will only be asked to call if it's an unusual login -- otherwise, you can continue to log in and play with no worries. The Dial-in Authenticator is currently only open to U.S. residents, and it only covers World of Warcraft accounts -- although Blizzard may update it to cover more countries in the future, as well as StarCraft 2 accounts. In order to sign up for the Dial-in Authenticator, you must log into your account on Battle.net, then go to Security Options and choose to add the Dial-in Authenticator. If you already have an authenticator on your account, you must remove it in order to sign up for the dial-in service; you cannot use more than one security method at a time. For more information on the service, check out the official FAQ on Blizzard's website.
Patch 4.0.1 adds new guild UI features
Blizzard has graciously provided a primer on how the guild UI has changed with the advent of patch 4.0.1. We've got the TL;DR for you below, and the full blue post is after the break. You can now view the profession recipes possessed by all guild members, and they're both searchable and sortable. Guild news such as achievements earned, epics found or items crafted is now published in the guild news feed. Guild events can be scheduled through the UI now, much like normal events. The UI for guild ranks and permissions has been streamlined and improved. You can now make certain guild ranks require a Battle.net authenticator!
Battle.net authenticators limited to one account
Blizzard is changing up the security on their authenticators a bit. This isn't a major change and shouldn't affect that many people. Starting now, if you happen to have multiple Battle.net accounts (not multiple WoW accounts under one Battle.net account), then each account must have its own authenticator. This means if you have separate Battle.net logins for zergrush@somedomain.com and taurenfever@example.com and you want to use an authenticator, you'll need to buy two. If you've just got taurenfever@example.com and all of your games are under that Battle.net login, then you're perfectly fine. This is not retroactive. If you already have two accounts linked to a single authenticator, everything will still work as it does right now until you unlink that authenticator. The full blue post detailing the changes is behind the cut below.
Email confirmation added to authenticator setup to foil hackers
For a while now, account thieves have been putting authenticators on their stolen accounts to buy more time for their scumbaggery. Blizzard has recently made that more difficult by requiring email confirmation when an authenticator is added to a Battle.net account. Rather than just logging in and putting in the appropriate information, you now have to follow the steps in a confirmation email sent to the address registered in your Battle.net account. Note: Changing the email address on the account requires not only your password (which the account thieves already have at this point) but also the answer to your security question. So make sure the answer to your security question is not guessable or obtainable by any phishing information. As I have suggested before, if you use a password for your security answer rather than an actual answer, you are adding a very thick level of security. Make it a separate password you use just for security questions, like p45sw0rd (don't use that one). We don't know how long ago Blizzard added email confirmation The email confirmation has been active since July 27 and we believe it will reduce the workload of Blizzard's customer service. More importantly, this will make getting your account back less painful. Of course, the best way to prevent someone from stealing your account and then adding an authenticator to it is to put an authenticator on it yourself. There are keyfob and mobile versions available. [Thanks for the tip, Joel!]
Reminder: Save your mobile authenticator serial number before you upgrade your iPhone
If you're using a mobile authenticator on any kind of phone or mobile device, it's important to remember that it's fairly easy to ensure that you can use it again quickly after the phone gets any sort of update or patch. All you need to do is write down the serial number of the authenticator application you have on your phone. This way, if you need to deauthorize for any reason (or an update causes any issues) you can do so quickly and easily at battle.net without having to wait for a phone service call or what have you. This is particularly important for those folks getting the latest iPhone OS, iOS 4. If the upgrade goes haywire for any reason, you'll likely lose all your data off the phone; including the authenticator serial number. This means if you're going to upgrade your iPhone, iPod Touch, or iPad to iOS 4, you must write down your authenticator serial number to be safe.
