The truth about Authenticators [Updated]

Updated Wed, Jun 10, 2009, 4:00 PM·5 min read

After getting a glimpse into the operations and motivations of a scammer, a lot of questions have arisen about the Authenticator. Can it be circumvented? Briefly and with your help, yes. Is having an Authenticator worth the hassle? Absolutely. These are just quick answers, and this is a topic worthy of more in-depth questions and long answers.

What is the Authenticator?

The Authenticator is a small device (pictured right) or an iPhone/iPod Touch app that can be tied to your account and provide an extra layer of security. The application is free, but the physical Authenticator costs $6.50 with free shipping in the U.S. They are also available in other countries.

How does it work?

The Authenticator generates a code that you must enter after entering your username and password when logging into WoW or when accessing your account management screens. This code is a one use code that is valid only for a limited time. But it is valid for longer than it lasts on the Authenticator. A new code is generated every few seconds, but an unused code is valid for longer than that (I'm not sure how long). For more details about how the Authenticator works, please read our interview with Blizzard.

The scammer said he could get around the Authenticator.

Yes, he did. He said he could get around it once by obtaining a code through his phishing site and then he would have to use it to change the password or as a one time login to get your valuables and leave. He also said that he hadn't tested this as of yet, because after hacking into 50 accounts, none of them had Authenticators. His theory is that people have stopped using them because the hacking rate has gone down.

But you don't need Captain Obvious to tell you that the scammer wasn't being completely forthcoming here. First of all, he would have to know whether or not you have an Authenticator on your account before sending you the link. When you log into Blizzard Account Management, you have to enter an authenticator code only if you have one attached to your account. So the standard phishing link doesn't ask for one. But let's say he did know and sent you the appropriate code-stealing phishing link and he got a code from you. If he spent that one code on changing your password, he wouldn't be able to use it to login to the game. Also, he would need two consecutive codes to remove the Authenticator from your account for a total of 3 codes, since he would need to spend one code on logging into Account Management. Therefore, one code would allow him one game login only and he'd have to get his "business" done quickly before you tried to log in again, kicking him off.

Update: Some commenters have said things that made me do further testing on the one use claim by Blizzard. Here are the results:

It is one use per account, so if you have the same authenticator on multiple accounts, you can use the same code on each account before it expires.
It is one use per kind of login, so if you use the same code before it expires when you try to login to WoW, it will not work the second time.
It is not one use per account per different type of login. This will allow the scammer to use the password to login to your account management and your account at the same time, if he does it quick enough. Once there, however, he will still not be able to remove the authenticator from your account for the reasons stated above.

Why would someone stop using an Authenticator?

I really, really don't want to discourage anyone from getting an Authenticator, but I must admit, they are a pain to use. You have to have it with you when you login. If you forget it at home, then your laptop is useless for playing WoW while you are traveling. If you keep it on your keychain or it's a phone app, then you have to have those nearby before you get comfy for your gaming session. I am also constantly entering in my code as my password and then having to start all over again with the login. But I still won't stop using it. It really is a minor inconvenience compared to the hassle involved with getting my account hacked. Yes, I practice safe computing, but I also make mistakes. We all do. Most of us have to use multiple keys to get into our homes and this is really similar. The added ickiness is well worth the peace of mind.

OK, I'm sold. Where can I get one?

Well, I have bad news if you are in the U.S. and don't have an iPhone or iPod Touch: they are currently sold out... again. And when they are in stock, they go quickly. But they are working on getting apps for other cellphones and they do get more Authenticators in periodically. Here are the appropriate links:

U.S. Authenticator
Canada, Australia, New Zealand and Latin America
Europe
iTunes App Store (this link launches iTunes)

Regardless of whether you have an Authenticator or not, you should always get to Account Management through trusted links only. But, again, we all make mistakes and having an Authenticator is a nice safety net.

Be careful out there!

Please remember that account safety and computer security is your responsibility! While WoW.com has provided you with resources to additional information, do your homework and make sure you know what you're doing before installing any antivirus or other software.

Engadget
Samsung's Galaxy S24 Ultra falls to a new low, plus the rest of the week's best tech deals
This week's best tech deals include a new low on the Samsung Galaxy S24 Ultra, Apple's MacBook Air M3 for $989 and Anker's Soundcore Space A40 earbuds for $49, among others.
5m ago
Engadget
Nikon’s Z8 is a phenomenal mirrorless camera for the price
Nikon's Z8 is one of the highest resolution full-frame cameras with 45 megapixels, but is also one of the fastest and has incredible video capabilities too.
12m ago
Engadget
Some of our favorite Bose headphones and earbuds are back to all-time low prices
Amazon has some of the highest-rated Bose headphones on sale for record-low prices. That includes the Bose QuietComfort Ultra headphones, which have best-in-class active noise cancellation (ANC).
15m ago
Engadget
Apple's 13-inch MacBook Air with the M3 chip has never been cheaper
The latest Apple MacBook Air with the M3 chip is down to a new low price at Amazon.
50m ago
Engadget
NHTSA concludes Tesla Autopilot investigation after linking the system to 14 deaths
The National Highway Traffic Safety Administration has concluded a lengthy investigation into Tesla’s Autopilot system. It found 13 fatal crashes due to misuse and software that doesn’t prioritize driver attentiveness.
2h ago
Engadget
Wacom's first OLED pen display is also the thinnest and lightest it has ever made
Wacom's latest pen display model is called Movink, and it's the company's first with a OLED screen. It's also Wacom's thinnest and lightest option ever, while still offering 13 inches of work space.
3h ago
Engadget
It doesn’t matter how many Vision Pro headsets Apple sells
This week, there was a lot of back and forth about Apple Vision Pro production numbers. Here's why they don't matter.
4h ago
Engadget
The Google Pixel Buds Pro are back on sale for $135
Google's Pixel Buds Pro are on sale for $135 at Wellbots, which is the lowest price we've seen this year.
5h ago
Engadget
Dell XPS 13 and XPS 14 review (2024): Gorgeous laptops with usability quirks
Dell’s XPS 13 and 14 are stylish, portable and powerful. You’ll have to get used to some of its design quirks, though, and it’s far pricier than older models.
5h ago
Engadget
OpenAI's Sam Altman and other tech leaders join the federal AI safety board
Sam Altman, OpenAI's CEO, Microsoft chief Satya Nadella, Alphabet CEO Sundar Pichai are joining the government's Artificial Intelligence Safety and Security Board, according to The Wall Street Journal.
6h ago
Engadget
The best gaming gear for graduates
New graduates have earned the time to unwind after a busy year. These pieces of gaming gear would make great gifts for the new college graduate in your life.
a year ago
Engadget
The Morning After: Apple announces an iPad event for May 7
The biggest news stories this morning: Adobe’s new upscaling tech uses AI to sharpen video, BlizzCon 2024 is canceled, The world’s biggest 3D printer can make a house in under 80 hours.
7h ago
Engadget
Engadget Podcast: Why TikTok will never be the same again
Biden passed the TikTok divestment bill -- now what?
7h ago
Engadget
The best wireless earbuds for 2024
It's safe to say the wireless earbuds space is pretty saturated. We've tested and reviewed dozens of models; these are our top picks.
4 months ago
Engadget
Apple is launching new iPads May 7: Here's what to expect from the 'Let Loose' event
Apple has scheduled an event for May 7 that'll more than likely focus on new iPads. Here's what we expect the company to show off.
21h ago
Engadget
Spotify tests Apple's resolve with new pricing update in the EU
Spotify submitted a new update for Apple's approval that would display pricing right in the app.
1d ago
Engadget
Tupac’s estate threatens to sue Drake for his AI-infused Kendrick Lamar diss
Tupac Shakur’s estate isn’t pleased with Drake cloning the late hip-hop legend’s voice in a Kendrick Lamar diss track. Attorney Howard King, representing Mr. Shakur’s estate, sent a cease-and-desist letter calling Drake’s use of Shakur’s voice “a flagrant violation of Tupac’s publicity and the estate’s legal rights.”
1d ago
Engadget
BlizzCon 2024 is canceled
Blizzard has canceled this year's edition of BlizzCon. It plans to bring back the event in the future.
1d ago
Engadget
Reddit is back online after a major outage forced everyone to touch grass
Reddit is currently down. The company is working on a fix.
1d ago
Engadget
Formula E debuts Gen3 Evo race car: All-wheel drive unlocks 0-60 mph in 1.82 seconds
For the first time, all-wheel drive will be available on a Formula E car, which will unlock 0-60 MPH times under two seconds.
1d ago

The truth about Authenticators [Updated]

Latest Stories

Samsung's Galaxy S24 Ultra falls to a new low, plus the rest of the week's best tech deals

Nikon’s Z8 is a phenomenal mirrorless camera for the price

Some of our favorite Bose headphones and earbuds are back to all-time low prices

Apple's 13-inch MacBook Air with the M3 chip has never been cheaper

NHTSA concludes Tesla Autopilot investigation after linking the system to 14 deaths

Wacom's first OLED pen display is also the thinnest and lightest it has ever made

It doesn’t matter how many Vision Pro headsets Apple sells

The Google Pixel Buds Pro are back on sale for $135

Dell XPS 13 and XPS 14 review (2024): Gorgeous laptops with usability quirks

OpenAI's Sam Altman and other tech leaders join the federal AI safety board

The best gaming gear for graduates

The Morning After: Apple announces an iPad event for May 7

Engadget Podcast: Why TikTok will never be the same again

The best wireless earbuds for 2024

Apple is launching new iPads May 7: Here's what to expect from the 'Let Loose' event

Spotify tests Apple's resolve with new pricing update in the EU

Tupac’s estate threatens to sue Drake for his AI-infused Kendrick Lamar diss

BlizzCon 2024 is canceled

Reddit is back online after a major outage forced everyone to touch grass

Formula E debuts Gen3 Evo race car: All-wheel drive unlocks 0-60 mph in 1.82 seconds

About

Sections

Contribute

Buying Guides