An Authenticator in your Visa
by Mike Schramm 
May 27th 2009 at 6:00PM
This is only slightly WoW-related, but it's worth a mention, I think, considering that when it happens, you'll be able to tell all your friends just what these things are. Our good friend Relmstein reports that Visa is planning to put an authenticator, of all things, in their credit cards. We of course all know how the Blizzard Authenticator works: you punch a button on the Authenticator, it gives you a code, and then that code can be used to synch up with the server. The Emue Card that Visa is testing right now works the same way: you punch in a PIN, it'll give you another code to enter on an online shopping site, and thus no one who just gets your card information can actually use your card (much like right now with a Blizzard Authenticator, no one who just gets your password can actually sign in). But it's all built in to the normal credit card.Very interesting. What Visa's doing with their credit cards might not be completely relevant to WoW, but it is relevant to note that of all of the accounts and passwords in your life that you might like to keep secure, a Blizzard account with an Authenticator attached is probably the most locked-down. Companies have started using Authenticator-like technology to have their employees log in to local networks, and obviously credit card and banking companies are testing things like this. But when it comes down to actual widespread usage, Blizzard is way ahead of the curve. Odds are that your WoW account right now is even more protected than your checking account. We'll likely be using the same authenticator system for other secure connections in the future.
Filed under: Analysis / Opinion, Odds and ends, Blizzard, Account Security
Reader Comments (Page 1 of 1)
danielchou May 27th 2009 6:07PM
China has already been using this system with their banking account. You are provided with an authenticator for your checking account for logging in online.
Retropally May 27th 2009 6:40PM
Not just China, the internet banking for my business uses an authenticator
Hansbo May 27th 2009 7:21PM
Same thing in Sweden. I always thought Blizzard got the idea from banks, but quite frankly, I've no idea how internet banking security works in the US.
Chulando May 28th 2009 10:13PM
My bank has been using authenticators on their online banking site for about six months now...
I enter my login info, hit a button, and a code is text-messaged to my phone. Enter that number online, then I get to a final login screen where I verify a picture and phrase then enter my password.
Fairly beefy security compared to others, in my opinion.
JLocke May 27th 2009 6:11PM
take THAT identity theft :)
theRaptor May 27th 2009 6:17PM
Ah this article is bass ackwards.
Companies have been using the RSA technology that the Blizzard authenticator is based on for years (http://en.wikipedia.org/wiki/RSA_SecurID). That is why Blizzard could get them cheap enough to enact their scheme. Anyone who has ever been near a real corporate network has one.
And the Blizzard set-up isn't anywhere near the most locked down. All it takes is knowledge of semi-private information and a phone call to Blizz to claim "your" authenticator "broke". Plenty of people have "chip and pin" bank cards these days and they are significantly harder to get around than the authenticator (which is solely useful to stop keyloggers, not a dedicated attacker).
johnthediver May 27th 2009 6:54PM
The article is not claiming that blizzard came up with the technology. They also are not saying that it is any ground breaking new tech.
All they are saying is that hey look at this cool new feature that visa is adding, just like blizz did, maybe it will make online shopping safer.
Ben May 27th 2009 7:06PM
@johnthedriver
"of all of the accounts and passwords in your life that you might like to keep secure, a Blizzard account with an Authenticator attached is probably the most locked-down."
"Companies have started using Authenticator-like technology"
"obviously credit card and banking companies are testing things like this."
"Blizzard is way ahead of the curve."
Jay May 27th 2009 11:50PM
Just so you know, they use this authenticator with a custom graphic: http://www.vasco.com/products/product.html?product=70
If I cared about my account enough I'd buy one, just a shame that each time I've attempted to they've been out of stock :(
Zerubabble May 27th 2009 6:40PM
"Odds are that your WoW account right now is even more protected than your checking account."
But there's probably more people trying to hack my WoW account... : (
klink-o May 27th 2009 7:26PM
My WoW account is probably worth more than my bank account. :P
Douglas, R May 27th 2009 6:43PM
AOL remote employee's have been using key fobs since 1997 era.. stop posting junk like this.. p.s. i just unsubscribed in google reader.
Magma May 27th 2009 6:57PM
p.s. No one cares
Ringo May 27th 2009 7:02PM
The statement that "your WoW account right now is even more protected than your checking account" is quite accurate, at least in the US. They were even laughingly commenting about this exact fact over at sans.org a few months ago: http://isc.sans.org/diary.html?storyid=5803
jurandr May 27th 2009 9:39PM
I would pay extra to have such a device in my credit card. I feel Blizz is the first to introduce key fobs commercially to its consumers. Note that I am uneducated, but from what I gather in the comments, they have been given to commercial bank accounts(not consumer accounts), company employees, ect ect. The average consumer doesn't have this sort of security on their financial information, but with ID thefts on the rise (according to major news sources) it may be time to roll out the big guns.
theRaptor May 28th 2009 1:51AM
Except the Blizz authenticator does nothing against ID theft, even for your WoW account. It is an access control mechanism like a password, except it is a one time password so if your communications link is compromised an attacker can't get permanent control over the account (not that an attacker couldn't write a keylogger that grabbed your auth code and prevent you from logging in and then send the code to the attacker, it is just a much more difficult attack).
Most ID theft involves attackers opening fraudulent credit card and banking accounts. Theft of credit card details is not ID theft. If an attacker uses ID theft against you it is trivial for them to reset your WoW email address, password, and even authenticator status.
And America is a technological backwater when it comes to consumer deployment of this technology. Don't assume that because American banks don't worry about losing other peoples money that other countries don't have these systems in place.
gtwoman May 28th 2009 3:28PM
"I feel Blizz is the first to introduce key fobs commercially to its consumers. "
Except they just aren't, no matter how you "feel". I'm not talking about banks, or financial stuff either since they certainly weren't first there. I'm talking about them not even being the first GAME to do this. Entropia Universe was using authenticators a year or more before WoW went that route.
Chirri May 29th 2009 11:58AM
I agree with you, jurandr. The point here is that this is an authenticator on a personal, private level, rather than a corporate level.
"And America is a technological backwater when it comes to consumer deployment of this technology. Don't assume that because American banks don't worry about losing other peoples money that other countries don't have these systems in place."
As an American, I'm actually pretty well aware of that fact. I know there's several times more red tape for individuals and groups to get through before something "new" can be introduced on a widespread scale to the American public. Pharmaceuticals, medical practices, food standards, safety standards, technological changes, etc all get picked up elsewhere in the world long before they become acceptable on American soil.
What would you have preferred the author have done? Start the article with, "This is for Americans only, everyone else can go stroke their spiffy gadgets somewhere else." It's a nifty bit of information worth sharing with the idiots living in the barbaric conditions of the US. /eyeroll
Jay May 27th 2009 11:48PM
My Barclay's account has had this for 3 years now, I guess its an extra layer of security, not that amazing since you can't really do much with my online account anyway.