Oh boy. Most of us are the walking dead after BlizzCon, but let's get back to something resembling normalcy with a Queue. We're going to start off today with an important matter concerning authenticators and account security, then move on to a bit of WoW.com business and Onyxia. I'd also like to direct attention to two really good comments from the last column re: technical issues, Shadow's and Logarth's.

Zerounit asks...

I recently got an Authenticator in the mail and I noticed something while I was inspecting it: there appears to be no way to open it short of cracking it open with large objects. Is there a battery life on these? If it stops giving me my magic codes, will I have to get a new one?

I got an authenticator for my own use recently and have to admit I hadn't thought to look into the battery life, which is a very good question indeed. A dead authenticator means you have no way of getting into the game (or even into your online account) without official help from Blizzard.

Turns out the little security doodads are manufactured by a company named Vasco, and after poking around their website, I'm reasonably certain that Blizzard authenticators are a variant of Vasco's DIGIPASS GO 6 model. What makes me so sure? The GO 6 model page is the only one accompanied by an article on fraud and hacking in online gaming. They don't come right out and say that Blizzard is a customer, but unless Hello Kitty Online is a bigger hive of scum and villainy than even we gave it credit for, you don't have to be a genius to figure out that World of Warcraft figures prominently in MMORPG account theft.

Vasco says that the GO 6 model, like most of their mobile authentication devices, is supposed to have a minimum battery life of 7 years. Manufacturers' assurances aside, you can find reports from players who have observed malfunctions or unusually early battery deaths, but honestly, this doesn't appear to be a common problem. As you might expect, authenticators are designed to be user-friendly for the purpose of getting your codes quickly and safely, but they're not designed to be so friendly to someone trying to tamper with them. One player who did manage to crack one open reported that it's doable with a jeweler's screwdriver, but the battery case (at least on a 2008 model) was very resistant to player meddling, even if all you wanted to do is replace the battery.

This may sound like a needless annoyance (and frankly it kind of is, if the only thing the authenticator needs is a new battery), but having to get in touch with Blizzard to replace an authenticator is good design. As a player in another authenticator-related thread observed, authenticators aren't there to help Blizzard security, because Blizzard's never been hacked. They're there to deal with the gaping security hole that so frequently exists between the computer and one's desk chair. If removing an authenticator from your account were easy, then it'd be just as easy for a hacker to remove it as well, which rather defeats the purpose of having one in the first place.

If your authenticator goes on the fritz or the battery dies, call Blizzard's Billing and Account Services department, and they'll remove it from your account after verifying that you are the true owner. This involves providing account details and the serial number of the dead authenticator or, as Sacco writes, a "large amount of very personal information." I'd provide numbers here, but they're different for each region; visit your regional World of Warcraft website and go to the options located under the Support bar. If you clicked through the last forum thread linked in the paragraph above, you'll have seen a player who had to replace an authenticator noting that the process took only 2 hours from start to finish (and that was on a patch day).

Authenticators are still in stock at the Blizzard Store (go to the More Products tab up at the top right), and unless you are 100% sure of your account's security and your ability never to get keylogged or hacked, you're probably best off getting one.

Tyranas scolds...

Get off the (New Jersey) Turnpike sometime, and stay away from Camden and the whole Newark area, and you'll see we do actually deserve the name "Garden State."

There are parts of New Jersey that aren't the Turnpike? State your sources!

Tatsumasa asks...

Why is the Queue posted so infrequently?

Adam and Alex are the two usual authors, but they have the bad luck to be two of our editors (ha ha! Sucks to be them!). If something else has come up on the site (and not infrequently it's business that never actually appears on the site), the Queue is the inevitable casualty of their having to be elsewhere. Now, if a column author (someone who has a weekly commitment to write a particular feature) can't be here in a given week, it's easy for them to reschedule it or ask someone else to cover it. By contrast, as the Queue is a daily feature, if something comes up it's a lot harder to give it to another writer because there's never much notice.

We've had particular trouble lately due to the release of patch 3.2 and the run-up to BlizzCon, all of which took a lot of time behind the scenes here. Eagle-eyed readers have already noticed that Cataclysm, Goblin, and Worgen categories went up on the site suspiciously fast....which I guess, in a roundabout way, is an oblique answer to Valaro's question.

Nevertheless, the Queue and its predecessor, Ask A Beta Tester (which you'll see reappear on the site when Cataclysm hits beta) are easily among our favorite things to write. Things should settle down in the near future, and it'll resume a normal schedule. We do apologize for the disruption along the way.

RothKeahi asks...

Inquiring Mages want to know! Is the new and improved Ony still resistant to fire?

The reports I've seen from players on the PTR all say that she no longer has any immunity to Fire spells or effects. Wowwiki is reporting the same thing.

---

Tags: account-security, account-theft, authenticator, blizzcon, blizzcon-2009, guide, hacker, hackers, keylogger, keyloggers, keylogging, onyxia, patch-3.2, patch-3.2-wow, qa, question-and-answer, queue, security, the-queue, vasco, wow-answers, wow-authenticator, wow-daily-answers, wow-daily-questions, wow-guide, wow-player-questions, wow-q-and-a, wow-questions, wow-security

Filed under: Analysis / Opinion, Features, Account Security, The Queue