Skip to Content
6-28-2008 @ 2:48PM
well, i kind of agree, and kind of don't.forcing key-fob two factor authentication would, in the short term at least, cause way more support problems for blizzard than it would solve, and long term, with keyfobs going out of synch with authentication servers, and batteries dying you get an ongoing support burden. so i'm kind of for an opt-in solution, but i agree that asking the end-user to pay for the opt-in is a bit cheeky, considering how much we're paying already to play this game.but two factor authentication is definitely needed in some form or another. Currently i think there are two issues that are causing accounts to be hacked.1) keyloggers - fix this with secondary logon authentication, by asking for a click response. e.g. a random set of pictures, placed in a random order which have to be clicked on via mouse for authentication. or fix this with a phone line that the user has to call, or an sms message that the user has to send in to open up the account for logging in to (apparently in use for taiwan WoW users). do something clever with the authentication process. ask microsoft, or ibm, or google, they all have clever off the shelf solutions already.2) brute force password hacks - my account was hacked this way, or rather, i'm 100% sure my pc is 100% clean, and there's no other explanation, especially considering that over a space of hours i was forced off line again and again, for no other reason than by hackers tripping some mediocre brute force prevention mechanism at blizzard, that obviously didn't work. They guessed my password because a) it was too simple (fix this by adding a password complexity rules (currently there is none), or password expiry / renewals), and b) the authentication process in place doesn't stop people brute force hacking accounts; there's no lock out, there's no slowing of authentication attempts, there's nothing... and there really really needs to be.hackers have monetised wow. on a daily basis it's tarnishing the reputation of blizzard ability to provide a secure environment. I got some of my characters back, but i lost a heap load of gold, items, and other characters that blizzard could be bothered, or simply couldn't restore. for me the price of the authentication fob is small, so i will probably end up buying in to it, simply because i don't want to go through the hassle of spending days getting my toons back.
First time? A confirmation email will be sent to you after submitting.
Members enter your username and password.
Enter your AOL or AIM screenname and password.
Please keep your comments relevant to this blog entry. Email addresses are never displayed, but they are required to confirm your comments.
When you enter your name and email address, you'll be sent a link to confirm your comment, and a password. To leave another comment, just use that password.
To create a live link, simply type the URL (including http://) or email address and we will make it a live link for you. You can put up to 3 URLs in your comments. Line breaks and paragraphs are automatically converted — no need to use <p> or <br /> tags.