The infrastructure was added for this a while ago, but it's very nice to see rolled out.Even less excuse for people to not use an Authenticator.
"Operator, I need an exit."
What I'd like to have is an iPhone app (or keyfob or whatever) that has a button on it. If I push that button, it sends whatever code it generates to the login servers. Then, for the next 60 seconds I'm able to log into my account without having to type a code in, just my username and password.
Sounds cool, good going Blizzard, F U hackers.
I wish they had let this act as an emergency authenticator too, if yours is damaged or lost, you'll be able to at least access B.N and turn it off.
So basically authenticators are going to be free? That's cool and all, but I've bought two, and I kind of want my fifteen bucks back.
More fuel for the those who want to pay to have WoW and unsafe browsing. Let's be blunt, most account compromises are the fault of the user, just like computer security in general. An authenticator is not going to prevent people clicking hostile links, following instructions in emails completely alien to Blizzard's stated policies, or trying already shady things like buying Spectral Tigers. Most of the tales of "super hackers" are covers for embarrassed people who don't want to admit doing the above. Besides, anyone capable of the breaches described in such stories is not going to waste time on WoW when there's much more important targets in the world. Use your brains, save your money.
Thank you Blizz, been hoping for a free authentication service for those of us without smart phones for a while now. Glad to see you provide.Got this up and running already.
There's a lot of money in WoW dude, and I'm not just talking about gold. To those guys, WoW players are easy targets. And don't tell me you haven't made a single mistake in your time on the internet, 'cause that's where they get to you, that one solitary mistake that you make at 03:00 in the morning after power leveling your hunter when an expansion releases :P
I'm slightly worried about the ramifications of basing a security measure like this off of something like a phone number.Phone numbers are not exactly hard to spoof... and beyond that, it's just a matter of the attacker gaining knowledge of said phone number and the PIN, which as we've already seen is just a matter of a sophisticated (read: written by an illiterate, but happened into the inbox of an idiot) phishing attack.So I'm worried that users opting into this service won't be truly gaining any extra security... just an extra insecure step. My fingers are crossed that Blizz has considered all of this and designed a system to detect such spoofing. Apart from a "call and our system automatically calls you back in a few seconds" method, I'm not sure how that could work... but anyway, time will tell.
Not quite as secure as a standalone authenticator fob, but still a darn sight better than nothing at all.@Feanoro: Authenticators are like condoms. Sure, you can play without one, but you do have a higher chance of getting into trouble without one.And don't go around spreading that "safe browsing" fallacy. There are documented cases of systems being compromised from simply viewing images. Just like the dozen or so at the top of this page. These images aren't only on shady sites, either; they can be anywhere.The only thing that claiming to be too smart to get hacked indicates is that you aren't smart enough to realize the extent of the problem.
@fewyn: Spoofing a telephone number is very easy to do. As I was reading the Dial-In Authenticator FAQ (the DIAF?), a possible way to hack it came to mind. But you are right in that as long as there are easier fish to catch, any added security would likely dissuade a hacker from a particular account.Let's just hope that anyone who does use the DIA programs the phone number into their speed dial and uses it every time.
I don't really see the point of this. It's basically a less flexible authenticator. Authenticators go for what...five bucks? I can't imagine anyone can't afford one; what prevents people from getting them is complacency or indifference, or perhaps that they see them as nerdy or inconvenient. I can't see anyone who is reluctant to get an authenticator for these reasons being more interested in this substantially more awkward and involved product. And of course people will forget their PINs and really be in a bad way.This is yet another shill, another cheap way of Blizzard avoiding solving the problem the only way it can be solved, which is through in-game policing and real-life legal and tactical action. They do not want to do that because it would be difficult and expensive so they keep taking half measures...and the problem continues to get worse...and eventually, these hackers will get so organized and powerful they will begin to leverage their expertise and resources in other illegal schemes, and ambush future MMOs before they even hit the market. It happened with Aion: they were ready on Day 1 to innundate the game. From Blizzard's point of view, this means that their next MMO will in effect inherit the problems they refused to resolve in the days of WoW.This authenticator business is also bad because it does much to promote the popular view of WoW as a nerdy, bizarre, and antisocial pursuit. "Yeah, those WoW players, they're freaks, they use these authenticator things to protect their accounts because apparently people are crazy and pay big money for accounts." "But aren't they non-transferrable?" "Yeah, but...WoW is a very seedy game, you log in and there's security warnings everywhere, people are always stealing stuff from each other, it's freaky." "Jeez, effing nerds." "Yep." And that costs Blizzard potential business. So, yeah, this won't solve the problem, it will only cause it to fester and become worse in the long run.
This seems to me very similar to what some banks do with credit cards. My bank knows what area I live in, so if I charge something 5 states away, they're going to call me and ask whats up.