Sources: Authenticators May Become Mandatory

According to, "trusted sources close to the situation" have stated that Blizzard is giving serious consideration to making authenticators mandatory for all players. The sources say that details have not been finalized, but it's a "virtually forgone conclusion that it will happen."

This news should be considered a rumor until Blizzard makes an official announcement, but it would make sense following the addition of the Core Hound Pup pet. What do you think? Should authenticators be mandatory? Do you already have one?


Post Comment
Authenticator's on the Phone
# Jan 11 2010 at 10:46 AM Rating: Decent
For me, it's not about the money, it's about having to find your phone (or fob) every time you want to log in.

What happens if you loose (or kill) your phone? Can you get another authenticator with your new phone? Can it be done quickly? Can it be done without Blizz's intervention?

If anyone has had this happen please let me know.
It's this simple...
# Jan 10 2010 at 11:37 AM Rating: Default
When people bought the game.. it didn't say must pay for a seperate authenticator in order to get access. My guess.. If requiring an additional expense in addition to the monthly fee would be a breach of contract. The TOS says game play may change but I never saw anything about you may have to purchase additional hardware to continue playing the game.

maybe they could require it with the exapansion (for people who buy it) if they throw the terms in there. but I honestly dont think they could require it on regular users unless they supply it.

why should I be responsible to buy another item to play.. In 5 years my account has never been hacked... why?? because Im not an idiot who uses the same email address and password on forums or installs software from untrusted sources, buys gold or powerlevels.... its that simple. regardless of how "cheap" the $6.50 is...its not my responsibility to buy it.
It's this simple...
# Jan 11 2010 at 12:55 AM Rating: Good
18 posts
The thing is, Blizzard owns the game, the server and everything. They also own your character, your gold, everything. You pay a fee to be permitted to play it. This means, if Blizzard wants to change the contract to include that we have to use an authenticator, they have all the rights to do it. Your recourse, if you do not like it, is to stop using their service.
Blizzard has all the rights to change, edit and modify the Terms of Services. We, the customer, have all the rights to say "nope, not going to pay for that" and leave.

It's this simple: We own nothing. We only subscribe to the right of access to the items on the account, which is still Blizzard owned.
# Jan 09 2010 at 7:32 PM Rating: Default
well having to pay for something else just to play wow is kinda annoying, not everyone has an itouch or iphone,

all I have is my itouch, and its annoying to have to make sure I have it with me 24/7 because I usually play with friends at their house. It just feels like more of a chore to log on everytime now.
# Jan 09 2010 at 8:46 AM Rating: Decent
There are FREE versions of the authenticator for iPhone. Not sure about others but if it were to become mandatory I'm sure the list of phones would increase.

It doesn't matter how sophisticated your password is if you get keylogged. The large majority of the people getting hacked are:

1. Folks using powerleveling services
2. Folks using bot programs to cheat the game
3. Folks visiting gold farming websites and/or using their services
4. Folks that visit those spam sites advertised in trade chat and sends for "Blizzard free pets" etc.
5. Folks that share their account with other people and then are shocked they got hacked.

I have no sympathy for any of the victims that fall into these categories. The few people that get hacked that didn't do one of the listed actions are so small to be almost negligible. A authenticator will not eliminate account theft, but it will help slow it down some.
# Jan 09 2010 at 7:48 PM Rating: Good
799 posts
I distinctly remember one of the major WoW websites, a very reputable one in fact, falling victim to infected graphics files in an advertisement they innocently placed on their website. It had nothing to do with gold-buying nor power-leveling services.

Hackers who want to get at peoples' accounts WILL find the way and means to do so. It is rather pointless to lob accusations about the behaviour of those who get hacked.

I am vehemently opposed to gold-selling and power-leveling services. Yet I managed to get my account hacked. I still can't really figure out how. I had an anti-virus, I had an ad-aware program running. I certainly didn't visit gold-selling websites. So I must have gotten infected with a key-logger from a website that is in every other respect "honorable". Thottbot, Wowhead, Allakhazam, or another, one of those must have inadvertently hosted an image that contained the malicious program that infected my computer.
# Jan 12 2010 at 4:14 PM Rating: Decent
Those folks that got nailed by keyloggers attached to web advertisements would not have gotten hacked had they been using the authenticator. I stand by my previous statement that the large majority of persons being hacked are participating in risky behavior.

I see a lot of posts here from people that aren't using them and don't understand how they work.

The authenticator generates a random number that must be entered after you enter your password. It changes every couple of seconds. As soon as you enter the number your account logs in. There is no way a "real time" keylogger could capture the number, send it to a haxor and let them log into your account before your machine was logged in, and the authenticator number they did get would be no good after 15 seconds or so.

Is it possible someone could replicate an authenticator that would match yours? Sure, but then it would only be good for hacking YOUR account because each authenticator uses a different algorithm for generating its number. They aren't identical. Who would bother going to the trouble to copy a single authenticator that's only good for one account? Especially when there are plenty of fish in the sea that aren't using them?
Get it for free, too!
# Jan 09 2010 at 5:40 AM Rating: Decent
Hi all,
I found you can also get an Autenticathor for FREE, just get the Mobile version Smiley: grin
In previous posts I said I don't like additional harware with me, but with mobile Authenticator, I have no reasons to left it out, as long my mobile is already something that always goes with me :)

Got it and, last but not least, you get the nice pet even with this version! Cheers!

I got mine and I am glad I did.
# Jan 09 2010 at 12:19 AM Rating: Decent
18 posts
I think making the authenticator or the mobile one is not that bad of an idea. Maybe include an authenticator in the retail box to make sure people have one. They can always remove it and use the mobile authenticator instead if they find the normal one too cumbersome.

Myself? I have one of course, and can only recommend people from getting one. Even though, I've never been hacked in the 10 years I play MMORPGs, I've had enough friends who got hacked.
...bout time
# Jan 08 2010 at 7:20 PM Rating: Default
Fact, just sell them in retail stores and change the account recovery policy:

If you do not have an authenticator attached to your account prior to being hacked we will NOT restore said account.

Stupidity shouldn't be rewarded; it should be punished SEVERLY.
...bout time
# Jan 08 2010 at 7:26 PM Rating: Good
77 posts
what about say parents that share their account with their child? (which is allowed) it just adds a hurdle that if you are SMART (up to date protection software which is easy now with the new microsoft free protection software, strong passwords that are stored only in your head) should not be needed really
...bout time
# Jan 09 2010 at 4:58 PM Rating: Decent
Once you share an account you lost a majority of your security...
...bout time
# Jan 09 2010 at 5:37 PM Rating: Good
77 posts
not really as long as the person that shares it has an equally secure computer and isnt stupid its a matter of not sharing it with idiots rather than not sharing it as far as im concerned
# Jan 08 2010 at 4:42 PM Rating: Excellent
I'll buy one.
But they better start mass producing them and sell them in stores (they have yet to do this last time I checked).
Sand, it gets in to stuff.
Please make these mandatory!
# Jan 08 2010 at 1:57 PM Rating: Default
This really SHOULD be mandatory. Blizzard makes NO money on the Authenticators. That's why the App for your iTouch/iPhone is free. To get it on your other phones, it simply costs $1. And, the Authenticator Key-Chain costs $6.50. Why? Because they get those through another company. They obviously need to pay that company for all the materials and labor that they did. Especially now that the shipping is free. And you get persuaded with a pet. Which is nothing but a good thing.

The funny thing is... once someone gets hacked, the next thing they do is get an authenticator. And Blizzard is so swamped it takes 1-2 weeks just to get your stuff back. How about that. 1.5 weeks of WoW having naked characters.
Please make these mandatory!
# Jan 08 2010 at 3:28 PM Rating: Good
Current keyloggers can grab the WoW authenticator code in real-time while delaying YOUR login, to give the remote attacker time to log in before you do.

So these will just advance the arms race between users and account thieves another notch.

A better solution would be to record the IP address you last logged in from, and throw an alert if the current IP is from another ISP.
Unless the user has explicitly set the option otherwise, refuse more than a small number of trades or mailings of gear & gold per day in that case.

A possibility:
If logging off showed you a very unique image, would you remember that image when logging in the next time?
Mismatch would lock account until you replied to an email from them.
The first attempt to crack your account would fail due to giving wrong image as last one seen.
Successful crack would require your email account to be cracked as well.
If you try to log in and get notice to check your email, you know your PC is probably infected.
If you forget the last image, you just have to wait on the email to log in.
Get the authenticator
# Jan 08 2010 at 12:48 PM Rating: Decent
I myself got one of the authenticators and glad I did. Im a guild leader on Turalon and in my guild alone in the last 6 months have had at least 6 or more of my guildmates accounts hacked so it happens they are out there. Its a scary thing to even consider not having it I have 4 80s on my account almost 5 so it makes all sense to get one. And on another note if you get a stange email from what looks like Blizzard dont open it dont go to the web address it asks you to go it its how they get your account
# Jan 08 2010 at 12:24 PM Rating: Default
I agree, if you can't afford the $6 bucks or so that the authenticator costs then you're doing something wrong. This is a onetime charge which will keep your account safe. If you don't have it and get hacked, then do not post your "OMG I gotz hacked!!!!" threads. Nobody will care, nobody will pity you.
# Jan 08 2010 at 12:01 PM Rating: Good
Making them "mandatory" and then charging for them would put a large dent in their goodwill, given how insistent they were that the battlenet merges wouldn't ever bring additional mandatory fees. Tbh, I don't see them doing that -- if they go mandatory, they'll be issued freely.
lame idea
# Jan 08 2010 at 10:35 AM Rating: Decent
145 posts
Sorry but those people who are getting hacked...Its their fault. I have been playing MMOs for years and not once have I been hacked. WHy? Well for one I am careful and have the latest in protection software. I did use a authenticator on FFXI and hated it. To force this one people who do not get hacked is lame
Retired July 2009

# Jan 08 2010 at 10:16 AM Rating: Decent
notice a lot of the people hacked lately have been using Authenticators?! This is ********* So lets make something mandatory that you really don't need. If I'm logged in from Florida and 2 hours later I'm logged in from California you know there is a problem and my account has most likely become compromised! Have users set their account up to something IP controlled!!! That way if they choose not to be IP controlled they will have to log on from their registered IP first before changing it in-game to UNLOCK IP. That way its under user control and command!
# Jan 08 2010 at 10:24 AM Rating: Good
799 posts
darkpoetinc wrote:
notice a lot of the people hacked lately have been using Authenticators?!

No, you're not seeing people "with authenticators" being hacked.
You're seeing people WITHOUT them who are being hacked, and the HACKER is adding an authenticator to the account.

Edited, Jan 8th 2010 12:00pm by capcanuk
# Jan 09 2010 at 10:29 AM Rating: Decent
I've had two people in my guild WITH authenticators get hacked, they are not foolproof. If they can guess your secret question they can do and change anything about your account.
# Jan 08 2010 at 1:03 PM Rating: Decent
I think Authenticators are the best solution to ppl used to write their passwords on paper, attaching them on their monitors, or ppl who plays only from their home.

To me, even I recognize its utility, the item is something who gets in the way, because I have to manage a way to be sure to have it with me everytime (because I play from different locations). I just still think the best password storage is my mind. Just made the pass enough complicate, just never share your account data, this suffice imho Smiley: grin

If Authenticator goes mandatory, I don't make so much QQ, just hope Blizz will be so nice to add some day to account renewal date, in exchange Smiley: lol
# Jan 08 2010 at 1:59 PM Rating: Decent
799 posts
No matter how clever your password is, or how random it may seem, is completely irrelevant.

Hackers get your password by getting harmful spyware/malware installed on your computer, or the computer from which you are playing. THAT software is what copies your password, without your knowledge. It doesn't care if your password is "I Love Mom" or "*7H&1çè6@65".

If you regularly play from two or more locations, it becomes very difficult to ensure that all of those locations are protected from malevolent software that is just sitting there, waiting for you to type in your WoW password.

I didn't have very strong protection on my computer, but then, I only ever visited what I assumed were "safe websites": Allkhazam, Petopia, and Blizzard's own website. But every once in a blue moon, I would look for information, I'd google a particular quest that Thotbott or Alla didn't quite cover to my satisfaction. And therein lay my eventual downfall. It seems that even images on webpages can contain malicious spyware that gets installed on your computer. And I got hacked.

But had I had an authenticator, my account would have been safe (although, had I not gotten hacked I'd never have known I HAD that spyware on my computer).
# Jan 08 2010 at 2:57 PM Rating: Decent
Please don't take it personally, this thread is just for share our thoughts about if Authenticator goes mandatory.

A reply like "Even if your password is strong, keyloggers can retrieve it anyway" is more than sufficent and clear to summarize your reply, no need to flaming :)

I agree with your post, and I agree Autenticathor will add a next level of security to accounts, I just expressed my point of view, that is I don't like very much carry with me additional pieces of hardware, thats all. And I know my security will be surely lower than the security of who got the hardware.
# Jan 08 2010 at 3:32 PM Rating: Decent
799 posts
Ansagon the Pest wrote:

A reply like "Even if your password is strong, keyloggers can retrieve it anyway" is more than sufficent and clear to summarize your reply, no need to flaming :)


I'm sorry, at what point was there "flaming"?

I think you may be interpreting what I wrote and adding your own bias to it.

There's nothing in what I wrote that is in any way shape or form "flaming".

I most assuredly will take it personally when someone accuses me of being insulting or hostile.

Please take a moment and read what I actually wrote, without adding your own intent to it. I'm not angry at this point, but incredibly perplexed and a bit hurt that you would think that what I wrote was "hostile".

I don't write insulting or hostile posts.
When the urge strikes me to do so, I just log on to WoW and go kill dwarves.
manditory my ass...
# Jan 08 2010 at 9:39 AM Rating: Decent
yo blizz, you gonna pay for mine? cause I can't afford one with everything else I am paying for is my response... That and if I wanted one that badly I would have found a way to pay fori t, just would have meant starving myself a bit more than usual.
manditory my ass...
# Jan 08 2010 at 9:50 AM Rating: Decent
1,069 posts
Galenthor wrote:
yo blizz, you gonna pay for mine? cause I can't afford one with everything else I am paying for is my response... That and if I wanted one that badly I would have found a way to pay fori t, just would have meant starving myself a bit more than usual.

You can't afford $6.50? Yet you can afford to play WoW? No offense but I was making $6.50 an hour and only getting 15 hours a week when I bought mine. And I'm living in an apartment, with a car, paying utilities. Seriously it's called Budgeting. You might want to look it up.
Post Comment

Free account required to post

You must log in or create an account to post messages.