blizzard-authenticator
Latest
Reaching Blizzard support if you can't log in
Earlier this year, Blizzard launched a new Support Callback feature that allowed players with account issues to simply fill out a form and wait for a callback from support. This was a fantastic move in terms of getting rid of the need to spend hours on hold -- but it did have some players concerned and wondering how, exactly, one was supposed to contact support if one was locked out of their account and could not access the appropriate Battle.net page. Customer Support representative Araxom has written up a response to just that particular situation over on Reddit. If you cannot access your account, or log into Battle.net, there is a support page that will still allow you to live chat with customer service, set up a callback, or even submit a ticket, all without having to log in. Although callbacks and live chat may not be available every hour of every day, you can still submit a ticket with this method and get a response in a reasonable amount of time. And remember -- if you're worried about account security, picking up an Authenticator is always an excellent idea.
Authenticator problems? You'll need to contact support
Removing an authenticator from your account is pretty easy -- so long as you have the authenticator handy. But if you don't -- like if you've upgraded your smartphone and your mobile authenticator doesn't work anymore -- then you've got a bit more trouble ahead. Usually Blizzard has an online form to help you out of a problem like this, but the form is currently MIA which makes getting help a bit harder. Blizzard is working to get the page back online, but in the meanwhile, you'll have to resort to contacting customer support directly for help. Customer Support rep Araxom says anyone having trouble removing an authenticator will need to contact support using one of the methods at the bottom of the support page -- which means you can open a ticket, set up a phone callback, or jump into a live chat. None of these methods are instant, but they will wind up getting you the authenticator help you need without too much of a wait. Just remember to add a new authenticator once you've removed this one -- it's a security feature you won't regret having.
Blizzard facing class-action lawsuit over Battle.net authenticators
World of Warcraft creator Blizzard Entertainment is on the receiving end of a class-action lawsuit filed this morning by players who allege that the company is unfairly forcing players to purchase Battle.net authenticators in order to keep their accounts secure. The two plaintiffs claim that in lieu of providing account security to Battle.net players, Blizzard puts the burden of protection in the hands of the subscriber and encourages the purchasing of authenticators. The suit alleges that the sale of authenticators has earned Blizzard $26 million and that Blizzard is profiting "unjustly" from players looking to secure their accounts. The suit mentions several examples of Battle.net accounts being compromised, specifically noting the hack of Battle.net that occurred in August and Blizzard's confirmation of a rise in compromises in May. It also notes that the free authenticators for smartphones were compromised, which the plaintiffs say makes buying a physical authenticator the only true way to protect an account from theft. Activision Blizzard hasn't offered a response as of yet. The two plaintiffs seek damages and an injunction that would prevent Blizzard from adding what the suit describes as "undisclosed fees" to ensure the security of Battle.net accounts (in other words, no more selling of authenticators). We'll keep you updated as we hear more.
Opt-out option incoming for recent authenticator security change
If you follow WoW account security, then you've probably heard about (or personally encountered) a recent change to the way Battle.net authenticator devices work. Basically, when you log into the game, the client attempts to determine if you're logging in from your "home" computer or at least a computer you use regularly. It uses several factors to make this determination, such as your MAC address and your IP address. If the information doesn't indicate that the login is taking place from a safe machine, it'll prompt you for your authenticator code. If it is a safe computer, then you'll only be asked for your code randomly, once a week or so. The change, aimed to make authenticators less of a hassle for those who log on from the same computer quite a bit, caused an odd uproar on the official forums from players who were worried that this change somehow made their account less secure. Addressing these concerns, Blizzard Community Manager Zarhym announced today that Blizzard is working on providing an opt-out option for this convenience feature. Details were scarce since, as Zarhym noted, Blizzard hasn't quite nailed down specifics yet, but he assured players that it's something Blizzard's been looking into since the authenticator change was first announced. The full announcement post and followups are after the break.
Battle.net Mobile Authenticator now available for Windows 7 Phones
Android and iOS device users have had the luxury of using the Battle.net Mobile Authenticator, a software version of Blizzard's downright necessary keyfob authenticator, on their phones or tablets for a while now. As of today, Windows 7 Phone users can also take advantage of the Mobile Authenticator by downloading it from the Windows Phone Marketplace. At this point, there's pretty much no reason not to have an authenticator -- they're 6 bucks and free to ship for a physical device and no cost at all for a software version available for every major mobile platform. Just get it! Battle.net Mobile Authenticator for Windows® Phone 7 Devices The Battle.net Mobile Authenticator, an application for mobile phones that provides an extra layer of account security, is now available as a free download for Windows® Phone 7 devices on the Windows Phone Marketplace. The Battle.net Mobile Authenticator provides a one-time password that you use in addition to your regular account name and password when you log in to a Battle.net account to play World of Warcraft or StarCraft II. Versions for other mobile devices are also available for download here, or you can purchase a physical Battle.net Authenticator from the online Blizzard Store. Visit the Battle.net Mobile Authenticator FAQ for more information, or head to the setup page to get started after you've downloaded the application. For additional account security advice, check out our Account Security page. source
Battle.net authenticator process updated with smarter log-in detection
A substantial updated to the Battle.net authentication system was announced today. Players will soon notice a change to their authenticator log on -- it just might not appear. Blizzard's login servers and authentication system now intelligently track where your account is logging into the game from and, if you're consistently logging in on your home computer, the authentication servers will let you pass, no code needed. Blizzard wants make the authentication process less intrusive and this is a first step towards that goal. Right now, having to input a code each and every log in is a pain, sure, but it also makes me feel secure. I'm never going to say no to more security, however, and if the system is something that can accurately figure out where I am and let me on, that's great. This doesn't take into consideration the circumstance where you use an authenticator to prevent access to WoW, even from the home PC. I know some parents who use a simple password that their kids can remember but use the authenticator as the gate to prevent unwanted play. Maybe there will be an opt-out feature of some kind to always ask for the code. You can check out the Battle.net account security page or check out the Blizzard mobile site for application information. For more information on this specific change to the authenticator system, follow me after the break.
The Road to Mordor: Hacked!
"My kinship had just finished an instance run about a week-and-a-half ago and was in the process of reloading back into the world when I got the message that I was being disconnected because I had just logged into the Brandywine server. Huh? Suspecting the worst, I immediately hit up the Turbine Account page and changed my password then re-logged back into the game, which would boot the hacker offline just like I had been booted minutes earlier. "I was lucky and did that before the hacker had time to switch servers to where my active characters are. Other kinmates have not been so lucky." So goes the frightening tale of Pumping Irony's Scott, who shares this in the hopes that others may avoid a similar scare. Unfortunately, it seems as though stories such as these are becoming more and more common in Lord of the Rings Online, where the worst threat to your quest may not be the eye of Sauron but the malicious intent of hackers gutting your account while you're offline. Today we're going to step off the path for a temporary side trail into the gloomy undergrowth of account security and an MMO under siege.
Blizzard giving serious consideration to mandatory authenticators
WoW.com has learned through trusted sources close to the situation that Blizzard is giving serious consideration to making authenticators mandatory on all accounts. According to our sources, while this policy has not been implemented yet and the details are not finalized, it is a virtually forgone conclusion that it will happen. This response is a direct effort to stop the massive number of compromised accounts by gold sellers and keyloggers. The seriousness of the situation with compromised accounts has reached such a level that wait times for item and character restoration are entirely unacceptable, even to Blizzard executives. Blizzard has taken other internal measures to deal with long wait times of people in account restoration queues, and we'll be covering those measures tomorrow. However, with the inclusion of mandatory authenticators, this should solve a major problem for Blizzard's support and account administration teams.
New computer shipped with malware that targeted WoW
Here's a big oops -- a company named M&A Technology accidentally shipped out a unit of their Companion Touch PC that contained some malware on it, including a password stealer that targeted World of Warcraft. It was an accident -- apparently someone at the factory decided to upgrade the computer's drivers and software before shipping it out, but they used a USB stick that had been infected with the bad apps, and thus in the process infected the brand new computer. Fortunately, the person who received the computer apparently scanned and caught the bad code before any damage was done -- I guess if you buy a computer from a brand you've never heard of, it's worth giving it an antivirus and malware scan at least once before you use it.And/or you can just use an authenticator -- even if someone nabs your password, the Blizzard Authenticator makes sure that they can't log in without a current code. So there's not too much to worry about here -- while computers do occasionally get shipped with software that could jeopardize your security, as long as you're vigilant about what's on your hard drive, and take caution before using apps and hardware that you've never used before, you generally won't have any problems.[via WoW LJ]
Authenticators are back in stock, git 'em boys!
Who doesn't love themselves some authentication goodness?I sure do!You following me camera guy? For those of you who don't have an authenticator yet, you now can get one from the Blizzard Store. They are back in stock, hurry up and get them while you still can. The other option is to download it onto your iPod Touch or iPhone and enjoy your security that way.Many users sent us this tip in over the last twenty-four hours, so be sure to order yours now if you want it!
Blizzard Authenticator (temporarily) gone from Blizzard Store
Update: And, of course, as this is posted, we are pointed in the direction of a thread on the Customer Service forums indicating that this is, indeed, an error. It's currently out of stock and should be displaying as such, but the item is simply not displaying at all instead. It will return when it's in stock. Thank you to those that pointed this out. Original Article: We held off on reporting this for a few days, just in case it were a glitch or accident on Blizzard's end (making a mountain out of a molehill makes us all look silly), but it's been this way for long enough that it's worth mentioning: The Authenticator is no longer in the Blizzard Store. Previous bookmarks and links to the item are broken, and searching for it yields nothing but broken dreams.Oddly, this happened in lockstep with the news that the Mobile Authenticator was available. Whether it was coincidental or intentional, we don't really now, but I think it's a pretty odd choice! It seems like an indication that they don't intend to stock them again. That's disappointing, to say the least. Blizzard hasn't pulled profit on either the Mobile or Physical authenticators, so I can understand wanting to cut costs by stopping production and distribution of the physical authenticators, if that is what they're doing. It's still disappointing, because I have serious doubts that everyone who wants/needs an authenticator has an iPhone/iTouch for the mobile app.No business, even one as successful as Blizzard, wants to sell something at a loss. Blizzard has made it clear that they don't want to charge for the opt-in authenticator service. From a purely financial view, I can see why they would pull it. As a player, I really wish they didn't.
Account security mythbusting
So, you might have noticed the increased number of warnings and advice from Blizzard regarding account security lately. They've even popped up in the game itself, as a server message when you first log in. Needless to say, this has caused no dearth of consternation in the WoW community (read: people be trippin'). So, why the sudden notices? Has something changed? Has Blizzard lost their footing in the war against hackers and gold farmers? Is Blizzard in cahoots with them? What's this itchy pentagram-shaped rash I've developed?Now, there's a lot I can't talk about regarding this stuff, and certainly not for any sinister reason. It's a selfish reason, though, that being that I really like not getting sued. I can, however, use my experience and knowledge to bust or confirm some common account security myths. Ready? I'm a trained professional. Don't try this at home!
Countdown to Wrath Giveaway: Day 6 - BlizzCon Aunthenticators
The Countdown to Wrath Giveaways continue. Today we are giving away not just any Authenticator, but the BlizzCon 2008 Special Edition Authenticator. And we have four to hand out to the winners.To enter, leave a comment on this post before Saturday, November 8, 2008 at 12pm ET (noon). Four winners will be chosen randomly and each will receive a BlizzCon 2008 Special Edition Authenticator (valued at $6.50). You must be at least 18 to enter and a legal resident of the United States or non-Quebec resident of Canada. You can only enter once. Click here for complete Official Rules.More giveaways are coming every day. Prizes include Upper Deck loot cards, more BlizzCon Polar Bear mounts, more Wrath Collector's edition boxes and a complete BlizzCon swag bag.EDIT: Giveaway closed to further entries. We'll be contacting the winner soon. Good luck to all who entered. Be on the lookout for more contests every day until Wrath launch!
Authenticator back in stock in September
There's always enough interest in the Blizzard Authenticator that we wanted to make sure our readership (who is clearly smarter than the average bear) is aware that it's back in stock. There's been a little rockiness, as Daniel put it, and there's sometimes a little question whether it's actually available. This time looks to be for real, and with an added benefit -- the Authenticator is now available in New Zealand, Canada, Australia, and Latin America. The Authenticator has had some history behind it already. It's an obvious preventive against the many and varied keyloggers. There's nothing worse than getting your account hacked, since it often puts both you and your Guild in danger of getting robbed blind. There was an issue reported a while back about someone getting hacked even though they were using the Authenticator, though Belfaire confirmed that the Authenticator wasn't actually removed. Also, as I mentioned, there've been some oddities in whether it's in stock and if the order process goes smoothly. Trying to place an order for the Authenticator today, one of your intrepid Insider reporters saw style-sheet errors similar to the time of Failoc, the Fail Murloc. Still, it's an added level of protection for you and your account. If you're at all worried about the security of your WoW account, you should see about picking one up.
International Space Station has a keylogger
var digg_url = 'http://digg.com/pc_games/Keyloggers_in_Spaaaaaaaace'; NASA has confirmed that the International Space Station has been infected by a keylogger. It was carried onto the station by an astronaut's laptop back in July. The keylogger in question is the W32.Gammima.AG -- which is specifically a gaming keylogger. In other words, the ISS has the exact kind of keylogger that plagues so many of us in WoW. NASA describes the keylogger as merely a "nuisance," but at least two of the laptops on board had the virus. That probably means it arrived on one laptop, and a removable device like a thumb drive carried it to another. Kelly Humphries, a NASA spokesperson, said "This is not the first time we have had a worm or a virus. It's not a frequent occurrence, but this isn't the first time." For security reasons, Humphries couldn't say whether mission-critical systems were affected by the keylogger. NASA is working with its Russian partners to figure out how the virus got space-born. Here's hoping the International Space Station has their Blizzard Authenticators installed properly.
Authenticator failure revisited, Blizzard responds
We created a lot of waves with this post about Blizzard's Authenticator key allegedly failing -- as you know if you've been listening to the podcast, lots of people have emailed us with their own input on the situation, alternately thanking us for making it known that the Authenticator wasn't 100% secure, and lambasting us for being "ignorant" about how Blizzard's security token works. At the base of the story, there are two things we know are true: that someone was using the Authenticator on their account, and then was subsequently hacked. For that reason, we've stood by the "Authenticator fails" story -- while having an Authenticator on your account is a helpful line of defense, it, like all other computer security measures, isn't a 100% guarantee against getting hacked.Most people agree on that. Where opinions differ are in how the account was hacked -- originally, we and a few other sources speculated that the Authenticator had been somehow removed from the account in question. But now Belfaire has responded (we believe to the incident in question, though a link to our story was removed from the original post), and says that as far as he can tell, the Authenticator was not removed from the account. In fact, after the password was changed back, the Authenticator's serial key was asked for and given, so the Authenticator remained attached to the account the whole time.Of course, that just leaves the most important question: how did the account get hacked? We've heard all kinds of various insights as to how the Authenticator works (it only lasts for 60 seconds, supposedly each key can only be used once, so there's no way a keylogger could nab the Authenticator code and reuse it), but the fact remains that the person we're talking about was using the key, and still got hacked. One hack out of all the Authenticators sold so far is a terrific record, and could prove that, statistically, an Authenticator is good as 100% security. But the fact remains that this person got hacked while using the key (however it was done), and if security can be broken once, it will be broken again.
Authenticator fails, removed from account without user's permission
Editor's Note: This entire situation has been debunked. The authenticator was not hacked, compromised, or forcefully removed. The account had been shared, and the authenticator along with it. Authenticators do not offer any security if you give it away. If you're worried about other account security myths, our own Michael Sacco has tackled them in a mythbusting series. Think a Blizzard Authenticator will keep your account from being hacked? Think again -- we've got our first known report of someone who was protecting their account with one of Blizzard's keys, and still got their character hacked down to their undies. Someone in this forum thread apparently logged out one night and logged on the next morning to find her account stripped of everything but PvP gear, and her Authenticator no longer connected to her account. Supposedly, to deactivate an Authenticator from an account, you need to get in touch with Billing services, and reportedly they'll then ask for a notarized statement with a picture, like a driver's license, just to remove the Authenticator. But obviously, this one was removed even without that, and we're being told that all you might need to remove the Authenticator is the answer to the user's secret question and a CD key (or even less). In other words, the fault isn't with the technology, it seems to be with the support reps on Blizzard's side of the phone line -- if they can be convinced to remove the Authenticator, the account can then be hacked. The little keys have been selling like hotcakes since they were released -- almost everyone has figured that $6.50 was cheap for peace of mind. But while an Authenticator still does provide an extra step in security, the sad truth is that it hardly makes an account impermeable. [Via BRK]
Activating the Authenticator
The Blizzard Authenticator is currently sold out on the Blizzard Store. I'm sure there will be plenty more to come, when they're ready. I bought one as soon as I heard they were available. Although my experience with the Blizzard Store was not great, it was certainly better than some others. After my order was placed, every time I checked on in, I what appeared to be a rag doll murloc who informed me that an error occurred on the page. My authenticator has arrived. Thanks to the free shipping from the Blizzard online store, I saved $0.59 in United States Postal Service postage. To be honest, I'm just glad to have my security token. The token come with a single piece of documentation, which directs the user to the security token FAQ page. I expected the authenticator to be slightly larger. It's approximately the same size as the clicker for my Mustang. I have not yet devised a tether for it, but the device will soon be leashed to my computer.
Blizzard Authenticator may or may not be for sale again
In what may or may not be good news today from the Blizzard Store, it looks like the Blizzard Authenticator was back on sale for a short time. It sold out rather early, and there was some rockiness with some orders, but it looks like Blizzard's at least trying to get back on track in delivering this extra layer of account security. Unfortunately, although it was showing as purchasable just an hour ago, it once again shows up as Sold Out currently. There's no word yet on whether they've fixed any problems with keeping the Authenticator in stock, so it may be that they simply got in one shipment and are waiting for another. Hopefully, that shipment comes soon and they can work out their stocking problems a little more permanently. Until then, I'd sit tight and wait a bit. At the least, you don't want to be like the poor folks tipster Aaron pointed out to us, who are bidding up to $93.00 for one on eBay. Thanks to everyone who sent us a heads up on this!
Authenticators are going out, via USPS
We had heard that there were problems with the Blizzard Authenticator (a few people who'd ordered them had gotten their money refunded by Blizzard), but apparently there are at least a few going out. Mania got hers -- she says that it works great, that she has already associated it with her accounts, and that she's thrilled with her purchase.Not everybody is so lucky -- reader Tweaky emailed us to say that his order was supposed to go out UPS Next Day Air, but after it didn't show up and he had a tussle with Customer Support, he then found out it was actually going through the USPS and that it would show up late. No word on whether he's seen his yet or not. A few people commented on our last post that they actually had shipping returned to them, so maybe Blizzard originally planned to send some UPS, and then had to switch to a cheaper mailing method.At this point, Blizzard has the keyfob sold out on their website, and there's no indication when we'll see any more (soon, probably). It appears that not only did they vastly underestimate demand for the Authenticator, but that people are seriously concerned about the security of their World of Warcraft account. No other game company has ever offered anything like this before, but given the response, it could soon become a standard.
