Patch 5.3 interview with Ghostcrawler
Mystery of the Unborn Val'kyr
The latest patch 5.3 news
All of the latest Mists of Pandaria newsBattle.net Mobile Authenticator hands-on
by Mike Schramm 
Apr 3rd 2009 at 9:00AM
Last week, Blizzard released their very first piece of iPhone software, and it wasn't a mobile mailbox or an ingame chat client as some of us had hoped. Nope -- out of the blue (get it?), they introduced a replacement for the hardware version of the Authenticator, and they released it for free.I've installed the software on my first-generation iPhone and have been using it for a little while now. And while it's not much more than barebones -- if you're expecting anything other than an application that periodically gives you numbers, you'll be disappointed -- it's definitely a worthwhile substitute to buying a dedicated Authenticator.
There's short walkthrough of the program after the break, and you can check out a few screens of the app below. It's available right now on the App Store for your iPhone or iPod touch.
When you first log into the program (after a quick "Blizzard Entertainment" loading screen), you're given a number which you can then use on your Warcraft account management page to associate your phone's authenticator with your World of Warcraft account. We were originally told that you needed a wifi connection from the phone while you did this, but I did it just fine over Edge -- you just need some sort of connection to the 'net. This process takes just a few minutes to do, and once the two are linked, they are permanently linked, and you will need your phone with you whenever you want to log in to your WoW (or any other Battle.net) account. If you ever lose your phone, you'll have to go through Blizzard customer support to get your account back.
If your iPhone ever crashes out and needs to be completely reset (as in, the applications memory must be erased), then it's likely you will have to call support and get your account unlocked as well. This is the majority of the complaints on the app's reviews page in iTunes, and unfortunately, there's no real fix -- Blizzard needs to guarantee that your account stays locked unless you call, so a phone crash will be that much more annoying.
Once you've linked the account and your authenticator app, then the program gets even simpler: all it features is a screen with a number on it that changes every 30 seconds. And when you log into your account, you'll be prompted for one of these numbers. That's it. There is a "resync" button on the screen that will allow you to re-synchronize your number generator with the generator on Blizzard's servers (so that the two match up when you login), but for most cases, that won't be necessary.
You can back off of the "View Code" screen to view a short menu of options, but they are all basically screens of text: Setup will return you to your original code if you haven't yet associated your authenticator with the accont. Help is a short piece of text that basically points you to Blizzard's website for more information,and of course the About screen contains Blizzard's copyright and proprietary information.
So the app itself doesn't do much more than give you numbers -- which is, of course, what it's designed to do. If you already use an authenticator, you might not even need it at all, unless you have an iPhone and think that it would be easier to use that rather than Blizzard's hardware. If you do have an iPhone or iPod touch and haven't been able to get an authenticator, it's probably perfect for you -- not only will you save $6.50, but the small annoyance of having to reset your account in case your phone is lost or broken far outweighs the extra security for your account.
And if you don't have an iPhone or IPod touch, you can either wait for the app to be ported to other mobile devices or hope that you can buy one of Blizzard's official authenticators when they come up for sale again.
The app is barebones as they come (and unfortunately, there's no indication here that Blizzard is doing anything other than the most basic of iPhone programming), but it does what it's meant to, and it will definitely help to lessen the demand of Blizzard's authenticator hardware.
Filed under: Analysis / Opinion, Odds and ends, Blizzard
Reader Comments (Page 2 of 3)
richard.ashton Apr 3rd 2009 10:43AM
i think it is down to the fact that more people who play wow have an iphone, rather the a phone with the abysmal OS (in most cases) that is WM (i have to work with WM for 8 hours everyday, and I want to cry).
and also it won't be on android anytime soon, due to the very small interest from consumers (atm, though hopefully it will take off).
Annai Apr 3rd 2009 9:48AM
"Nice way to save 13 bucks (6+shipping)!"
There are no shipping costs associated with the keyfob authenticator.
Aggrajag Apr 7th 2009 8:29AM
There are in the UK and it is extortionate; around £12 if I recall correctly when I first applied.
AlexW573 Apr 3rd 2009 10:48AM
I wish this could be used as well as the physics authenticator (being able to use a key from either to log in) :( I'd love to use this, but I'd hate to have my iPod Touch crash and not be able to log in easily. Also, the physical authenticator is much easier to carry around, since it's small, light and I don't have to worry as much about dropping it.
Keyra Apr 3rd 2009 11:07AM
What's interesting to note is that the authenticator dongle has fewer digits than the authenticator software app. I don't know whether this means greater security or that it's different because it's through Battle.net or whatever, but I think I'll just keep my dongle. I have it, it's convenient, and it's sort of a collector's item now that it's been out of stock for...how long again? :-)
Zaphon Apr 3rd 2009 11:07AM
My fear is this.
How long until someone writes another iPhone app that does something useful with WoW, but behind the scenes picks up your authenticator serial number (it's got to be stored on your iPhone). Now all they have to do is find your account info, and they can replicate your serial number into their phone (since it's not hard coded or based on your phones serial number or anything like that, rather it's stored as data). It's only a matter of time.
This thing isn't very secure in my opinion.
Tenshigure Apr 3rd 2009 5:50PM
Then here's an idea: Don't jailbreak your phone. Apple tests all the software that goes into their App Store, and if it doesn't meet their quality requirements (including their sections on gathering data), not only will it be rejected but most of the time will be advertised as such.
Faar Apr 3rd 2009 5:03PM
Other iphone apps can't read the authenticator's data; all apps are "sandboxed", ie they only get to play within their private walled-in space of memory and the file system.
Besides, even if the sandbox could be breached somehow that wouldn't matter. How would the app possibly get hold of your account information? You never need to enter THAT into the iphone, so no chance of stealing it! It's not a matter of "only" getting hold of the account info... If I find your keyring lying in the street would I automatically know where your house is so that I can unlock your door and steal your stuff? No, of course not. Merely having the authenticator's encryption key is absolutely USELESS on its own.
This system is QUITE secure. Not absolutely, totally infallible, but then again - what system is? No system is ever going to be 100% perfect as long as it is designed by human beings, or have to interact with them (since we are, as a general rule, rather imperfect.)
Zaphon Apr 3rd 2009 6:57PM
I haven't jailbroken my iPhone. I have the blizzard authenticator KeyFob and have no intentions of switching from it. I am just questioning the amount of thought put into this. Okay, so everyone has made it clear that the apps are SandBoxed and tested to make sure their not "malicious" before ever going to the App store. Fine, great. Now what about my other idea I thought about. Everytime I plug my iPhone in, iTunes fires up and backs up my phone. I have read several others say that you can indeed restore from backup and the app will work again. This means that the data is stored on your computer. So again, given enough desire, a malicious app (keylogger) could mine this backup data and pull out your serial number and duplicate it onto another copy of the application. I know this is out there, but again, I'm simply saying, where there is a will (and there's going to continue to be a BIG will as long as people continue to buy gold) there is going to be a way.
Jason Apr 3rd 2009 11:19AM
I'll stick with my authenticator that I managed to get from the Blizzard store. While I like my iPhone and it would be more convenient to use my phone I already went to the trouble of getting the key fob, so I might as well use it.
dv0rak Apr 3rd 2009 12:27PM
Apps on the iPhone are sandboxed; the development kit doesn't offer a way for apps to read file data outside of their own little section of the storage system.
If you jailbreak your phone, that's another matter, but if you jailbreak, you're accepting the risks that come with it.
Zaphon Apr 3rd 2009 5:13PM
So apps are sandboxed, but couldn't a keylogger or malicious application simply parse the data out of the backup iTunes makes when syncing?
Way Apr 3rd 2009 11:34AM
Also looking for it on Android.
Xiol Aug 12th 2009 8:24PM
/agree
Get working on it, Blizz!
Aelei Apr 3rd 2009 11:58AM
Waiting on the Instinct version.
emptyrepublic Apr 3rd 2009 12:17PM
As my iPhone never leaves my side and I always feared the weak ring on the fob authenticator would break this is perfect for me.
schm0 Apr 3rd 2009 12:23PM
I am so happy that Blizzard took the move to make sure to bring something like this to the masses. After experiencing the frustration of checking to see if the authenticators are in stock, this is a welcome change!
I mean, just think of ALL the PEOPLE Blizzard is serving by releasing this phone application to the .00012% of people that actually own a $300 iPhone!
Now I can be twice as frustrated that I STILL don't have protection from hackers.
Seriously, why would you develop an application for one of the most hi-tech devices on the market today *before* releasing a generic application for the rest of the major brands simultaneously?
Sorry for all the QQ, but my account was recently hacked and it just seems like Blizzard is going about this backwards.
dv0rak Apr 3rd 2009 12:33PM
There is no such thing as a "generic application for the rest of the major brands"; you need to get the app to run on a bunch of different devices which may have different processors/OSes, and then have each cell provider - not manufacturer - approve the device for use on their cell network.
iPhone: standard platform, one organization to approve the app, 30 million customers. (Counting iPod touches, which can also run this.)
A big reason why the iPhone has been successful is because it manages to create a software distribution process that doesn't cause your sanity to run out your ears.
DavidL Apr 3rd 2009 1:04PM
My key fob never leaves my desk. My home PC is the only machine I play WoW on, and much more "secure", than any iPhone or iPod Touch. I have an iPod Touch that I bring on my every commutes to work and I have much higher chance of losing it or breaking it than the key fob that never leaves my desk.
Evi Apr 3rd 2009 2:32PM
Same here. I have an iPhone, but I will continue to use the physical authenticator for the reason you stated.