wow-authenticator
Latest
Reaching Blizzard support if you can't log in
Earlier this year, Blizzard launched a new Support Callback feature that allowed players with account issues to simply fill out a form and wait for a callback from support. This was a fantastic move in terms of getting rid of the need to spend hours on hold -- but it did have some players concerned and wondering how, exactly, one was supposed to contact support if one was locked out of their account and could not access the appropriate Battle.net page. Customer Support representative Araxom has written up a response to just that particular situation over on Reddit. If you cannot access your account, or log into Battle.net, there is a support page that will still allow you to live chat with customer service, set up a callback, or even submit a ticket, all without having to log in. Although callbacks and live chat may not be available every hour of every day, you can still submit a ticket with this method and get a response in a reasonable amount of time. And remember -- if you're worried about account security, picking up an Authenticator is always an excellent idea.
Authenticator problems? You'll need to contact support
Removing an authenticator from your account is pretty easy -- so long as you have the authenticator handy. But if you don't -- like if you've upgraded your smartphone and your mobile authenticator doesn't work anymore -- then you've got a bit more trouble ahead. Usually Blizzard has an online form to help you out of a problem like this, but the form is currently MIA which makes getting help a bit harder. Blizzard is working to get the page back online, but in the meanwhile, you'll have to resort to contacting customer support directly for help. Customer Support rep Araxom says anyone having trouble removing an authenticator will need to contact support using one of the methods at the bottom of the support page -- which means you can open a ticket, set up a phone callback, or jump into a live chat. None of these methods are instant, but they will wind up getting you the authenticator help you need without too much of a wait. Just remember to add a new authenticator once you've removed this one -- it's a security feature you won't regret having.
Heading out of town for the holidays? Don't get locked out of WoW!
Over on /r/wow/, Blizzard CS rep Araxom offers some tips to avoid getting locked out of your WoW account if you're traveling this holiday season. Logging on from a different physical location can trigger some security features on Blizzard's side -- especially for accounts that don't have an authenticator attached. Avoiding holiday account lockouts is pretty simple: Make sure you have an authenticator attached to your account, which makes it less likely your account will get locked for something like this. (And if you use the mobile authenticator app, be sure you have your restore code written down or screenshotted in case you run into issues with your phone.) Enable SMS Protect, which can let you bypass your authenticator using your cell phone if you run into any problems. Both of these are generally good ideas, but during the holidays having the right security setup can mean the difference between relaxing with some WoW and wrestling with resetting your password -- and we're pretty sure you'd all prefer the former. Not sure where to get started with account security? Check out our security guide for a walkthrough.
What to do if your WoW account has been hacked
The worst has happened: you've tried to log on to your World of Warcraft account and you can't. Or perhaps you can log on to your account, but your characters are have been stripped of gear and gold. Your account has been stolen, hacked, or compromised somehow. But don't panic, because Blizzard can help you get your account back. It's a bit of trouble on your part -- which is why you ought to take care to keep your account secure! -- but it's certainly not impossible. We'll walk you through the whole process, step by step. The process may seem lengthy -- and annoying -- but be patient, and you'll eventually get your account back just as you left it.
How to secure your World of Warcraft account
Whether you're just getting started or you've maxed out the number of characters on your World of Warcraft account, your account is valuable to hackers. And if they happen to steal your account, it can be a pain -- and a long wait -- to get it back to you. All of this makes securing your World of Warcraft account serious business. But fortunately, it's easy enough to keep your account under (virtual) lock and key by taking some precautions in advance -- and when we say "in advance," we mean these are things you should do right now. We'll walk you through the very basics of keeping your account secure with a good password and an authenticator. Read on for all you need to know about getting started with good security!
Opt-out option incoming for recent authenticator security change
If you follow WoW account security, then you've probably heard about (or personally encountered) a recent change to the way Battle.net authenticator devices work. Basically, when you log into the game, the client attempts to determine if you're logging in from your "home" computer or at least a computer you use regularly. It uses several factors to make this determination, such as your MAC address and your IP address. If the information doesn't indicate that the login is taking place from a safe machine, it'll prompt you for your authenticator code. If it is a safe computer, then you'll only be asked for your code randomly, once a week or so. The change, aimed to make authenticators less of a hassle for those who log on from the same computer quite a bit, caused an odd uproar on the official forums from players who were worried that this change somehow made their account less secure. Addressing these concerns, Blizzard Community Manager Zarhym announced today that Blizzard is working on providing an opt-out option for this convenience feature. Details were scarce since, as Zarhym noted, Blizzard hasn't quite nailed down specifics yet, but he assured players that it's something Blizzard's been looking into since the authenticator change was first announced. The full announcement post and followups are after the break.
Email confirmation added to authenticator setup to foil hackers
For a while now, account thieves have been putting authenticators on their stolen accounts to buy more time for their scumbaggery. Blizzard has recently made that more difficult by requiring email confirmation when an authenticator is added to a Battle.net account. Rather than just logging in and putting in the appropriate information, you now have to follow the steps in a confirmation email sent to the address registered in your Battle.net account. Note: Changing the email address on the account requires not only your password (which the account thieves already have at this point) but also the answer to your security question. So make sure the answer to your security question is not guessable or obtainable by any phishing information. As I have suggested before, if you use a password for your security answer rather than an actual answer, you are adding a very thick level of security. Make it a separate password you use just for security questions, like p45sw0rd (don't use that one). We don't know how long ago Blizzard added email confirmation The email confirmation has been active since July 27 and we believe it will reduce the workload of Blizzard's customer service. More importantly, this will make getting your account back less painful. Of course, the best way to prevent someone from stealing your account and then adding an authenticator to it is to put an authenticator on it yourself. There are keyfob and mobile versions available. [Thanks for the tip, Joel!]
Blizzard giving serious consideration to mandatory authenticators
WoW.com has learned through trusted sources close to the situation that Blizzard is giving serious consideration to making authenticators mandatory on all accounts. According to our sources, while this policy has not been implemented yet and the details are not finalized, it is a virtually forgone conclusion that it will happen. This response is a direct effort to stop the massive number of compromised accounts by gold sellers and keyloggers. The seriousness of the situation with compromised accounts has reached such a level that wait times for item and character restoration are entirely unacceptable, even to Blizzard executives. Blizzard has taken other internal measures to deal with long wait times of people in account restoration queues, and we'll be covering those measures tomorrow. However, with the inclusion of mandatory authenticators, this should solve a major problem for Blizzard's support and account administration teams.
The Queue: Nuts and bolts
Oh boy. Most of us are the walking dead after BlizzCon, but let's get back to something resembling normalcy with a Queue. We're going to start off today with an important matter concerning authenticators and account security, then move on to a bit of WoW.com business and Onyxia. I'd also like to direct attention to two really good comments from the last column re: technical issues, Shadow's and Logarth's.Zerounit asks... I recently got an Authenticator in the mail and I noticed something while I was inspecting it: there appears to be no way to open it short of cracking it open with large objects. Is there a battery life on these? If it stops giving me my magic codes, will I have to get a new one? I got an authenticator for my own use recently and have to admit I hadn't thought to look into the battery life, which is a very good question indeed. A dead authenticator means you have no way of getting into the game (or even into your online account) without official help from Blizzard. Turns out the little security doodads are manufactured by a company named Vasco, and after poking around their website, I'm reasonably certain that Blizzard authenticators are a variant of Vasco's DIGIPASS GO 6 model. What makes me so sure? The GO 6 model page is the only one accompanied by an article on fraud and hacking in online gaming. They don't come right out and say that Blizzard is a customer, but unless Hello Kitty Online is a bigger hive of scum and villainy than even we gave it credit for, you don't have to be a genius to figure out that World of Warcraft figures prominently in MMORPG account theft.
The truth about Authenticators [Updated]
After getting a glimpse into the operations and motivations of a scammer, a lot of questions have arisen about the Authenticator. Can it be circumvented? Briefly and with your help, yes. Is having an Authenticator worth the hassle? Absolutely. These are just quick answers, and this is a topic worthy of more in-depth questions and long answers.What is the Authenticator?The Authenticator is a small device (pictured right) or an iPhone/iPod Touch app that can be tied to your account and provide an extra layer of security. The application is free, but the physical Authenticator costs $6.50 with free shipping in the U.S. They are also available in other countries.How does it work?The Authenticator generates a code that you must enter after entering your username and password when logging into WoW or when accessing your account management screens. This code is a one use code that is valid only for a limited time. But it is valid for longer than it lasts on the Authenticator. A new code is generated every few seconds, but an unused code is valid for longer than that (I'm not sure how long). For more details about how the Authenticator works, please read our interview with Blizzard.
Blizzard Authenticator (temporarily) gone from Blizzard Store
Update: And, of course, as this is posted, we are pointed in the direction of a thread on the Customer Service forums indicating that this is, indeed, an error. It's currently out of stock and should be displaying as such, but the item is simply not displaying at all instead. It will return when it's in stock. Thank you to those that pointed this out. Original Article: We held off on reporting this for a few days, just in case it were a glitch or accident on Blizzard's end (making a mountain out of a molehill makes us all look silly), but it's been this way for long enough that it's worth mentioning: The Authenticator is no longer in the Blizzard Store. Previous bookmarks and links to the item are broken, and searching for it yields nothing but broken dreams.Oddly, this happened in lockstep with the news that the Mobile Authenticator was available. Whether it was coincidental or intentional, we don't really now, but I think it's a pretty odd choice! It seems like an indication that they don't intend to stock them again. That's disappointing, to say the least. Blizzard hasn't pulled profit on either the Mobile or Physical authenticators, so I can understand wanting to cut costs by stopping production and distribution of the physical authenticators, if that is what they're doing. It's still disappointing, because I have serious doubts that everyone who wants/needs an authenticator has an iPhone/iTouch for the mobile app.No business, even one as successful as Blizzard, wants to sell something at a loss. Blizzard has made it clear that they don't want to charge for the opt-in authenticator service. From a purely financial view, I can see why they would pull it. As a player, I really wish they didn't.
