BlizzCon 2009: An interview with Vasco
by Mike Schramm 
Aug 26th 2009 at 9:00AM
He was kind enough to give us a short interview, and you can read it right after the break.
How did the agreement with Blizzard come about? Did they come to you saying we need more account security, or how did it all being with Vasco and Blizzard?
Vasco and Blizzard kind of mutually. We've been moving our security products into a lot of online spaces, because you're basically having all kinds of hacking and things like that. There were a lot of problems, and we saw a lot in the community as a World of Warcraft player myself. But mainly from Vasco's standpoint, we do it for our banks, we do it for a lot of online customers -- World of Warcraft, and Square Enix, and a couple of the other online games are a natural progression.
We've said on the site that my characters are more secure than my bank account. Obviously, it's advanced a lot since it first came out. When it first came out, they were selling them for six bucks, and now they've given them out at these conventions, there's a lot more of them today. Is it more of a licensing deal for Blizzard, or do you manufacture the units, or how does the deal work between you?
We manufacture the units, we sell them directly to Blizzard, Blizzard takes care of the pricing and everything like that, they take care of support of the devices, they take care of the installation, the service, everything of that nature. It's all Blizzard. We support Blizzard on that, but Blizzard does all the end-user support.
Do they code the Authentication in that?
They put it in the game, they do everything.
Ok, so when the authentication servers are down, that's Blizzard, not Vasco? Is that right?
That's exactly right. Absolutely. So the product on the backend is Vacman Controller, it's one of our key products, you'll see it right on our server pages and stuff like that, but once it becomes part of our customers' installation, it is theirs completely, so everything is Blizzard's, there is nothing from Vasco. Vasco didn't touch it, there was nothing to do with Vasco.
The other big advantage, obviously, is the mobile authenticator. Did Vasco have a part in that?
No, Vasco offers mobile authentication, but that is all Blizzard.
Ok, so that's another implementation thing where you said here's how you do it, and then they implemented the code, and sold the app, and did that kind of stuff.
Blizzard has been looking at mobile authentication with other mobile applications for a long time. Vasco's always had mobile authentication, it's one of our key products, but Blizzard chose to do it on their own, and they really investigated and built their own everything.
So there's no Vasco?
Not for the mobile authenticator stuff.
So if I use an authenticator, what technology of Vasco's is in there?
The hardware authenticators, that's all Vasco. We manufacture the devices, we provide the library for the backend.
The actual code that lets you in, that creates a code every second.
All it does is validate a password.
Validates a password, but it creates a code every second or something like that?
That's right, so our devices create a code every 30 seconds or so.
And it's an algorithm that matches up to an algorithm on the server. And then they check the authenticator that way and say yes, these are both from the same algorithm and then you're in to the thing.
All banks, everything use that, but basically yeah, it's real technical, you can see it on our website, everything of that nature. Basically, it's a matching algorithm, client generates a one-time password, server generates a one-time password, both match, you get in, that's right.
But Blizzard wrote the mobile authenticator program without any input from you, but it hooks up to your... it's a separate program that hooks up to your software?
I don't know anything about how they did the mobile stuff, I wasn't included in any of the discussion, so.
I thought it was all your code on both sides, and they had implemented the mobile program, but that's completely on their end, too. Cool. The last thing I had was just if there is anything in Battle.net that works with the Vasco authenticators? It seems like if Blizzard is doing mobile authenticators, they might be moving to take over the process itself.
I don't really have too many comments on the mobile authenticator, that is Blizzard's product, they built it themselves, it's completely theirs. But I mean, we still have a very large window of the devices with Blizzard, and we find that people still like them. I think right now there's something like six logos out there on six different Blizzard authenticators.
Yeah, there's all different kinds out there.
The original one, the BlizzCon one from the original year, the one in early spring, the BlizzCon one this year, the new Starcraft one.
There have been quite a few outages on the Blizzard Store as well -- can you give us any insight into why that is, are they just selling so quickly?
They sell very quickly. I don't know how much Blizzard can talk about that or what they talk about. From a Vasco standpoint, we manufacture a very large number of them for all kinds of places around the world. Again, retail banking is core for Vasco overseas, so everybody uses a Vasco device when you go overseas. Here in the US, it's core for banking, that's what we focus on here in the US. Online spaces, such as some of other other customers, those are just starting to bring it into retail, so hopefully we'll see some other stuff on there too.
So we'll see more of this same technology used on the characters elsewhere in the rest of the world.
Hopefully, that's our hope.
Great, thanks very much.
Reader Comments (Page 1 of 2)
auftrag Aug 26th 2009 9:10AM
were is that guy from ? his English sounds weird to me... but im not American so...
yazah Aug 26th 2009 9:18AM
If it is like most interviews done at a convention, they are both probably yelling so that they can be heard over the loud roar of the crowd. That makes it difficult to focus on proper grammer and enunciation since most of the focus is on understanding what the other guy just said.
Knyle2 Aug 26th 2009 9:47AM
Best Way to Quit WOW!!!
1) buy authenticator
2) Authenticate
3) Unsub
4) Smash authenticator
5) victory!
Jen Aug 26th 2009 9:17AM
XD Poor guy that was interviewed. I think that once he said that he had nothing to do with the mobile authenticator you would have stopped asking about it!
Still, the first part of the interview was interesting. I wish he could have gone more into the technical side but floor guys don't usually have all the details. I would have liked to know if they were planning on these for other games or other applications.
Itanius Aug 26th 2009 9:26AM
No kidding. This interviewer hammered the Vasco guy consistently on something he repeatedly stated he knew absolutely nothing about.
You guys can do better than that.
astronautcowboy3 Aug 26th 2009 9:32AM
My thoughts on this exactly. I guess he was a really boring guy, so they had to ask them same thing over and over.
bscarlavai Aug 26th 2009 9:41AM
Agreed - I almost was too embarrassed to read the rest of the interview - how many times do you have to ask about the mobile authenticator to realize they had nothing to do with it?? Geesh.
swampsquatch Aug 26th 2009 9:59AM
All that is exactly what I was going to say... It was almost painful to read the awkward answers from Vasco, "We HAD NOTHING TO DO with the mobile authentication," 5 times in a row. I was both laughing and asking myself why the hell it had to be asked so many times.
Kia Aug 26th 2009 10:59AM
I know it's been mentioned enough already, but I still have to comment because I thought the -exact same thing-. Jesus, give the poor guy a break!
d503 Aug 26th 2009 11:28AM
My sentiments exactly...the 14th time the mobile auth came up, I got the douche chills and immediately stopped reading...
shawn Aug 26th 2009 12:02PM
Hey, good idea. Maybe they should have stopped asking about the mobile authenticator.
Anyone else think they asked too many questions about the mobile authenticator?
Here's another comment about the mobile authenticator.
We have ~nine comments in a row about how much the mobile auth was brought up, it's starting to parallel the article.
wdm+hall Aug 26th 2009 1:15PM
LMAO, this gives me flashbacks to the Felicia Day interview just a few days ago where they asked her about money several times in a row.
It got to the point where she was asking the questions.
Felicia Day: What's wrong with that?
Interviewer: Nothing...
Talk about awkward!
Antonia Aug 26th 2009 4:38PM
I'm jumping on the band wagon, I'm just happy other people caught (how could you not?) what I did from the Interview.
It was a completely amatuerish thing to sit there and ask him the same question over and over, just hoping to get a different answer or one you can exploit into exposing some sort of fiendish crime (which is what some of it felt like). It really showed that whoever interviewed the guy had absolutely no questions other then the ones he asked. If he did the guys answers weren't leading to the next questions and basically the interviewer freaked out and made it into an interrogation rather then an interview.
I read it thinking, "what the hell is he trying to beat out of this guy?" Then it switched gears and I was thinking, "is he trying to get the guy to imply that Blizzard store they're tech/coding?"
Then the interviewer just starts talking to himself with, " I thought it was all your code on both sides, and they had implemented the mobile program, but that's completely on their end, too. Cool." And then, "Yeah, there's all different kinds out there," to a answer that statement really didn't warrant. Which turns into a question that really translates into "Why do you guys fail at making your product fast enough?"
This was a painful read and gave me no information what so ever on the process of these things or how they really work, mostly because you guys have already given us that information. It was redundant and made the Vasco guy, and yourselves, look bad. I hope no one else lets you interview them, they'd be better off.
Hëx Aug 26th 2009 9:17AM
I love my "Authenticicator", and my wife and daughter love theirs also. After seeing friends get hacked (one poor guy three times in a row!) I feel much more secure with one and recommend them to everyone!
Endless Aug 26th 2009 3:02PM
I'd feel much more secure if I didn't have to count on a cheap piece of circuit board that can die any time. Having to call Blizzard and have the authenticator removed from my account is kinda annoying. One should be able to replace a defective authenticator immediately, simply by imputing their original authenticator serial number into a new authenticator. But that of course require an imput key, making authenticators slightly pricier...
Hëx Aug 26th 2009 3:25PM
With a stated life of 7 years, including battery, I am happy with the hoops necessary to jump through in order to remove it from my account if something goes wrong before then. Adding functionality to update a new device with the old number would bump the price up, and the whole point is to make it a cheap way to get ironclad security. For myself, I am considering buying replacements every two years, or possibly sooner if I want to collect different skinned versions.
David Aug 26th 2009 9:20AM
Sorry but that's one of the most poorly edited interviews I've seen on WoW.com. Detracts from the actual information contained therein IMO.
BillDoor Aug 26th 2009 10:06AM
Vasco makes the hardware tokens, the basic authentication software, and a server side piece. Blizzard integrated the server side piece into their login servers, resells the hardware tokens, and wrote a pretty front-end iPhone application around the basic authentication software.
It's pretty standard stuff.
Baruti Aug 26th 2009 9:20AM
His answers sound rather weird indeed.. but I think he just has to be cautious with the answers as to not endanger the 'image' of the company.. If customers doubt their products because of this (or any other) interview, his employer will not like it much!
I would like to add that this article does not make me doubt their products in any way.. I don't have a Blizzard Authenticator (yet) but do have one (from Vasco) for my work (Remote-Access to my works network and stuff) and it works like a dream! (Can't wait for my Blizzard Authenticator! ^_^)
kia Aug 26th 2009 10:14AM
If you can imagine the interview taking place in a packed out, noisy convention hall with very little pre-planning (sounds like it was kind of a spur of the moment idea to do the interview) it makes a lot more sense.