authenticators
Latest
Security warning issued by Blizzard, World of Warcraft mobile auctions offline
Blizzard Entertainment has issued a security warning for all World of Warcraft players. According to the warning, the studio has been tracking an uptick in unauthorized logins via both the website and the World of Warcraft mobile armory application, with individual warnings being sent to any players who do not have an authenticator and whose accounts have recently seen unusual activity. Players in this group should check their emails for information about resetting and securing their accounts. Aside from encouraging all players to take extra steps to secure their accounts, Blizzard has temporarily shut down mobile access to the World of Warcraft auction house as an added security measure. Customer service will restore any items or currency lost as a result of this action. There's no information that this represents any kind of mass hacking, but it's probably best to change your password and get an authenticator if you don't already have one.
Blizzard denies Diablo III authenticator hacking claims
We've been following the mass reports of hackers bypassing passwords and authenticators to rob Diablo III accounts blind, and now we have a new twist on the story. While Blizzard confirmed "an increase in reports of individual account compromises," the studio says it has no hard evidence that hackers have found a way to skirt around the authentication system. Community Manager Bashiok said that the company is taking the claims "extremely seriously" and is investigating the rash of account compromises. "Despite the claims and theories being made, we have yet to find any situations in which a person's account was not compromised through traditional means of someone else logging into their account through the use of their password," he said. "While the authenticator isn't a 100% guarantee of account security, we have yet to investigate a compromise report in which an authenticator was attached beforehand." Blizzard is assisting compromised customers by restoring stolen items and rolling back their accounts. The studio has a post up on its forums to help players protect their accounts and get assistance if theft occurs.
Ask Massively: Stay inside edition
In sharp contrast to last week's advice, this time around, I'm advising everyone to stay inside. There's all sorts of cool stuff wherever you are right now, and it's kind of hot out today. Besides, look at how much fun Christopher Walken is having inside. Don't you want to be like Christopher Walken? Don't you want the ability to fly when your indoor cavorting requires it? In other news, please enjoy the earbug that's infected the entirety of the Massively staff on the day this was written. In other other news, it's time for this week's installment of Ask Massively, addressing significantly less weighty issues than last week's gold selling question. No, this week we're talking about old livestream videos, the reason for the non-ubiquity of authenticators, and of course, the great outdoors. If you've got a question you'd like to see answered in a future edition of the column, leave it in the comments or send it along to ask@massively.com.
Opt-out option incoming for recent authenticator security change
If you follow WoW account security, then you've probably heard about (or personally encountered) a recent change to the way Battle.net authenticator devices work. Basically, when you log into the game, the client attempts to determine if you're logging in from your "home" computer or at least a computer you use regularly. It uses several factors to make this determination, such as your MAC address and your IP address. If the information doesn't indicate that the login is taking place from a safe machine, it'll prompt you for your authenticator code. If it is a safe computer, then you'll only be asked for your code randomly, once a week or so. The change, aimed to make authenticators less of a hassle for those who log on from the same computer quite a bit, caused an odd uproar on the official forums from players who were worried that this change somehow made their account less secure. Addressing these concerns, Blizzard Community Manager Zarhym announced today that Blizzard is working on providing an opt-out option for this convenience feature. Details were scarce since, as Zarhym noted, Blizzard hasn't quite nailed down specifics yet, but he assured players that it's something Blizzard's been looking into since the authenticator change was first announced. The full announcement post and followups are after the break.
The Queue: Irrelevant intros are new and exciting
Welcome back to The Queue, the daily Q&A column in which the WoW Insider team answers your questions about the World of Warcraft. Alex Ziebart will be your host today. Did you know a possible explanation for the origin of the "succubus" as a serious mythological creature is that men suffering from sleep paralysis turned to the supernatural to explain why they were locked in a semi-lucid dreamstate wherein they were wracked with visions of dark, unexplainable things whilst utterly unable to move, speak, or wake up? Did you know that sleep paralysis might also be the origin of alleged alien abductions that people in the modern era claim to experience? Additionally, many children who are truly, legitimately terrified of going to sleep because of seeing ghosts, spirits, or men all in black (very specific!) may be afflicted with an adolescent form of sleep paralysis. They're not just lying so they can sleep in their parents' beds. Though they are children, so you may never know for sure. We, as a race, may have been advancing both culturally and technologically for thousands of years, but many of the same psychological problems have remained throughout our entire history. The only difference between sleep paralysis now and sleep paralysis then is that the zeitgeist of humanity has turned from the fantasy of mythology to the fantasy of science fiction as their supernatural explanation for natural phenomenon they don't understand. What does this have to do with WoW? Well, beyond the succubus part, not a whole lot. I'm also not a doctor or any sort of expert or specialist in the field, so please don't diagnose yourself with sleep paralysis because of my descriptions of it. You may, in fact, have been abducted by aliens last night. Now let's pretend this conversation never happened and dig into the Q&A. Aezir asked: Dose time go by in dog years for Worgen or dose it go by normally?
Blizzard posts new account security guide
Make no mistake: it really sucks when your WoW account gets compromised. Even with the speed with which compromises are handled by the support department nowadays, it's still a pain to have to wait to get your stuff back -- and it's even worse to know that someone was in there mucking around with your dudes, you know? Blizzard's been better about helping people with account security problems recently, like giving out free authenticators to some hacked accounts and offering a free phone-in authenticator service, but in the end, a lot of the responsibility falls on you the player to keep your account secure. To that end, Blizzard has assembled a new account security guide. It's a pretty comprehensive list of the steps you can take to secure your account, from getting an authenticator to learning how to recognize phishing emails to making sure that your computer itself is secured through the use of antivirus software. Learn it, live it, love it. In account security, as in Planeteering, the power is yours.
Win an iPad during Blizzard's Core Hound Pup Adoption Campaign
Blizzard is kicking off a year-long Core Hound Pup adoption campaign and is giving away iPads for the best user-submitted epic screenshots of the Core Hound Pup in action. Two iPads will be given away each month to two lucky screenshot submitters. Follow the link over to the contest rules page, and submit your pictures for a chance at an iPad each month in 2011. The Core Hound Pup is gained by adding an authenticator to protect your Battle.net account. Every one of your World of Warcraft characters has access to this companion pet. I think this is a great idea to spread the word about authenticators and account security. Authenticators are the best first line of defense you've got to keeping your account safe, along with safe browsing habits. So do yourself and your players a favor and spread the word about Core Hound Pups and authenticators, and maybe even win an iPad out of the deal. Contest rules are available here. If your account is protected by a Battle.net Authenticator or the Battle.net Mobile Authenticator, then you already know how safe and secure your Core Hound Pup pet can make you feel. But there are plenty of players out there who can still benefit from the companionship and peace of mind that our infernal puppy provides. We're kicking off a Core Hound Pup adoption campaign and we need your help! Simply send us funny, cute, or just plain epic screenshots featuring your fiery two-headed buddy. We'll be picking two of the most memorable images each month in 2011 and awarding the winners with a brand new iPad. If you have yet to adopt a Core Hound Pup of your very own, then don't wait a moment longer, or we just might have to give you the big puppy-dog eyes. Visit our account security site to learn how to get a Battle.net Authenticator or download the Battle.net Mobile Authenticator, available through our mobile apps page or as a free download from the Apple App Store or the Android Market. Adopt a puppy! Protect your loots! Win an iPad! Read the contest rules for details and eligibility requirements, and happy screenshotting! source World of Warcraft: Cataclysm has destroyed Azeroth as we know it; nothing is the same! In WoW Insider's Guide to Cataclysm, you can find out everything you need to know about WoW's third expansion, from leveling up a new goblin or worgen to breaking news and strategies on endgame play.
Battle.net authenticators limited to one account
Blizzard is changing up the security on their authenticators a bit. This isn't a major change and shouldn't affect that many people. Starting now, if you happen to have multiple Battle.net accounts (not multiple WoW accounts under one Battle.net account), then each account must have its own authenticator. This means if you have separate Battle.net logins for zergrush@somedomain.com and taurenfever@example.com and you want to use an authenticator, you'll need to buy two. If you've just got taurenfever@example.com and all of your games are under that Battle.net login, then you're perfectly fine. This is not retroactive. If you already have two accounts linked to a single authenticator, everything will still work as it does right now until you unlink that authenticator. The full blue post detailing the changes is behind the cut below.
The Queue: Not quite mutual destruction
Welcome back to The Queue, WoW.com's daily Q&A column where the WoW.com team answers your questions about the World of Warcraft. Alex Ziebart will be your host today. I want to kick off this edition of The Queue by thanking you guys for submitting your armories to the reboot of Pimp My Profile. Our first edition will be hitting this upcoming Wednesday. In an ideal world, we'll have one for you every single Wednesday after that. On to the Q&A! RogueJedi86 asked... "Why were the Dragonflight Aspects created/assigned if they can be killed with no repercussions whatsoever? Killing Malygos didn't do so much as give Mages a nosebleed, despite being the Custodian of Magic. And I doubt killing Deathwing will do anything to the earth either."
In defense of care packages and mandatory authenticators
If you read WoW.com with any regularity, you probably saw and read our pieces on Friday discussing some rather curious policies Blizzard has recently instituted. There are two in particular that I'd like to discuss further: The care package for hacked accounts and the possibility of mandatory authenticators. First, how many of you have had your accounts stolen, or know someone that had theirs stolen? Chances are good every single person that reads this post will raise their hand to that question. The problem is not a small one. I'm in a rather large guild, and every few weeks someone has their account stolen and the little bits of our guild bank they have access to go with them. My large guild is also just one guild in a larger guild alliance which suffers the same problems. Every two weeks or so, someone I see online on a regular basis gets their account stolen.
Blizzard giving serious consideration to mandatory authenticators
WoW.com has learned through trusted sources close to the situation that Blizzard is giving serious consideration to making authenticators mandatory on all accounts. According to our sources, while this policy has not been implemented yet and the details are not finalized, it is a virtually forgone conclusion that it will happen. This response is a direct effort to stop the massive number of compromised accounts by gold sellers and keyloggers. The seriousness of the situation with compromised accounts has reached such a level that wait times for item and character restoration are entirely unacceptable, even to Blizzard executives. Blizzard has taken other internal measures to deal with long wait times of people in account restoration queues, and we'll be covering those measures tomorrow. However, with the inclusion of mandatory authenticators, this should solve a major problem for Blizzard's support and account administration teams.
WoW Insider Show Episode 120: Dungeon Findorama
The WoW Insider Show went on the air last weekend, and despite the fact that we started out down two voices, the discussion was fast and furious, as we all had plenty to say about patch 3.3 and specifically the Dungeon Finder system. Adam Holisky, Turpster, and I started off the show, and then Matthew Rossi muscled his way in (as only someone of his stature can do) to join us in discussion on finding dungeons, Authenticators and the Corehound Pups, and since Rossi made it, we had to talk some shaman and warriors as well. Bad news, all: we didn't win the podcast award we were up for (congrats to the 4Player Podcast, who won the award and are now our sworn enemies -- we're igniting the rivalry!). But as we say on this show, we'll still be doing the bedtime story for you all anyway, just because you're so great. And yes, above is the check I'm mailing to Turpster for guessing the patch 3.3 release date correctly -- don't let it ever be said that we here at WoW.com aren't men of our word. Get the podcast: [iTunes] Subscribe to the WoW Insider Show directly in iTunes. [RSS] Add the WoW Insider Show to your RSS aggregator. [MP3] Download the MP3 directly. Listen here on the page:
Time to get that Authenticator
Well, they started giving away pets for having an authenticator, so I guess it's about time I went ahead and put one on my account. I've had the app on my iPhone for a while, actually, but I never really saw the point in attaching it to my account, especially since it seemed like just more hassle, and who knows what kinds of errors could pop up. And honestly, I haven't worried much about hackers -- I use a secure browser, I don't click on unknown links. But I know, I know, it's safer, and with the cute Corehound Pup out, I might as well go ahead and attach it. And you might as well, too. Blizzard's Store was flooded with people looking for authenticators yesterday, but things have slowed down a bit, and they've even got a brand new design with the Corehound Pup right on there. The price, as usual, is $6.50 with free shipping. If you've got an iPhone or an iPod touch, you can get the app free from iTunes, and we're told that it's coming to other platforms at some point in the future (guess when: "soon"). Even if you don't want to apply the Authenticator for whatever reason, just think of it as an almost-half-price pet.
Breakfast Topic: Why Blizzard should make authenticators mandatory on Battle.net accounts
With the impending switch to necessary Battle.net accounts, Blizzard has an opportunity to create and extremely secure and hardened gaming community. They can do this by waving a magic wand, angering a certain amount of their customer base, and eliminating in one swoop nearly all, if not all, account hacks.Blizzard can make authenticators a mandatory feature on all Battle.net accounts.There are many pros and cons such a move would bring about. Let's examine the cons first since everyone likes to complain about stuff. The largest con would be that people would be required to have a physical piece of equipment specific to WoW and other Blizzard games. Some people would obviously not be okay with this and cancel their subscription, and others would not understand how to push a button and punch in numbers (I'm not kidding). There would be a large cry from people around the net, particularly people who enjoy scamming others out of gold and their accounts, but those are easily enough ignored.
Requiring authenticators for guild bank access
m0rtis has an interesting question over on WoW LJ: should guilds require authenticators on the accounts of everyone in the guild with bank access? Authenticators are relatively cheap, if not free (and still in stock most of the time nowadays), so if you're running a guild and in a position where your bank is important enough to protect, should you be able to require authenticators to keep guildies from getting hacked?There are a few caveats here that m0rtis doesn't mention, but we will: first of all, there's no way to guarantee whether someone is using an authenticator or not, so while you can make guildies promise, there's no real way to check up on them. Second, not all guild banks get emptied out due to hackers -- many guild banks get ninja'd by someone within the guild, and there's no authenticator that can protect against that. So having authenticators on bank members (or at least having them promise they've got them) isn't 100% protection. But it is something.
BlizzCon 2009: An interview with Vasco
Vasco, the digital security company that makes authenticators for Blizzard, has actually been at BlizzCon for a few years now (last year, they gave away yo-yos, and this year, they were responsible for all of those blue glowsticks floating around). But this is the first year we decided to stop by their booth and chat with them, and it's a good thing we did: Will LaSala, Director of Services, gave us a lot of good insight into how Vasco's relationship with Blizzard came about, just what the system behind the Authenticator looks like, and how the mobile authenticator app fits into all of this.He was kind enough to give us a short interview, and you can read it right after the break.
