Breakfast Topic: Why Blizzard should make authenticators mandatory on Battle.net accounts
by Adam Holisky 
Sep 12th 2009 at 8:00AM
Blizzard can make authenticators a mandatory feature on all Battle.net accounts.
There are many pros and cons such a move would bring about. Let's examine the cons first since everyone likes to complain about stuff. The largest con would be that people would be required to have a physical piece of equipment specific to WoW and other Blizzard games. Some people would obviously not be okay with this and cancel their subscription, and others would not understand how to push a button and punch in numbers (I'm not kidding). There would be a large cry from people around the net, particularly people who enjoy scamming others out of gold and their accounts, but those are easily enough ignored.
Blizzard could get around these negatives by simply giving away authenticators to everyone who doesn't have one -- make it part of the $15/month subscription. You have a subscription, you get an authenticator to keep no matter how long or short your subscription lasts. For those that don't have a subscription of some sorts or are playing on a trial account – you play on a separate server that is jailed from the rest of the servers. It would be a large one time buy on the part of Blizzard for all its customers, but it would be worth it in the returns of lessened customer service (all those GMs don't have to deal with "OMG my accounts been haxors!" emails).
And really, seeing a little authenticator in every WoW box on store shelves would send a clear and unmistakably loud signal to the rest of the gaming industry -- your products need to be secure. You need to keep your customer's accounts safe, and this needs to be a top priority.
Some might say that another con is the hardware and software required to service millions upon millions of players -- however such hardware is already in place in banks and government agencies. Your authenticator is little different than what they use, and the backend serves are even similar.
Now for the pros -- we've already outlined two major ones; leading the gaming industry and decreasing GM work load. In particular these days the amount of work GMs are doing has clearly become more than Blizzard can currently handle. Tickets are in queues for days right now, and you're one in a million if you actually get to talk to a GM in any reasonable amount of time.
Another added pro to this idea is that the amount of gold selling and account selling would drop dramatically. I don't have much fear of giving virtual items away when it comes down to it, even my whole account if I were so inclined (note: read carefully, I am in no way supporting account selling). But I do have a big problem with sending someone an authenticator I don't know -- and I sure as hell would never give my address to some random guy that owns a WoW account I want to buy.
Creepy guy living in his mom's basement can give me all the gold and accounts he wants. But touch something he's touched? Yuck, no thanks.
Of course this is only a 50,000 ft. overview of the situation, and there are a lot of details that would have to be worked out. But it's something that I hope Blizzard seriously considers. Use this opportunity to make WoW and all the Blizzard properties the safest and most secure form of virtual interactive entertainment out there.
What do you think? Would you be okay with Blizzard making authenticators mandatory?
Filed under: Analysis / Opinion, Breakfast Topics, Account Security
Reader Comments (Page 1 of 15)
RetadinMan Sep 12th 2009 8:03AM
I am getting an Authenticator today for my iPod Touch. I will never be hacked! NEVER! YOU HEAR ME!!
Cthulu Sep 12th 2009 8:21AM
BEST IDEA EVER.... The initial fee would be very easy to incorporate and justify as a feature of the game to set it apart. And authenticators are very affordable so if you lose it.. simple enough.. buy another one. The loyalty to the game I think far outweighs the little post here and there you read on the forums saying: I AM QUITTING WOW FOREVER.. (Please note these posts seem to peak on tuesday maintenance as downtime never happens on tuesdays till just recently (/sarcasm off)). I hear many more horror stories in game of stolen accounts (albeit preventable) and this would squelch a stream of gold creation for gold sellers. I think the solution to trial accounts is to put a flag on everyone's account that says : Ignore Trial accounts. This would effectively require you to turn it off to interact with these accounts. Or just bar them from any chat and they can only observe /play the game.. maybe only allow party chat.
Just my opinion ..but love the article.. /bump
Wolftech Sep 12th 2009 8:46AM
You mean the one they borked and now everyone using the new mobile authenticator can't log in?
You do that.
Knob Sep 12th 2009 8:59AM
I would be happy if Blizzard at least made the passwords case-sensitive.
Yes, they aren't case-sensitive at the moment. Go ahead and try. :)
Bonc Sep 12th 2009 9:46AM
So what happens when the hundreds of forgetful people lose/misplace their authenticators? Its a waste of time and extra hassel for people who arent stupid enough to give away their passwords. Having the authenticator be mandatory would A: Lose blizzard profit from selling authenticators, and they would lose extra money on top of that because now they would just be giving them away, so you would either see a raise in the monthly fee, or blizzard would do an economically stupid move, and B: you would have just as many issues of people losing their authenticators/ breaking them, as you would with account hackers, but this is a harder problem to fix because now you need to verify if the person is really who they say they are, plus all they hackers would find away around it eventually like they always do.
ratbuddy Sep 12th 2009 10:10AM
Sigh. You're right Knob. All this time I've been typing out the various caps in my password. It's a pain. My password is 12 (random) characters long and has a healthy mix of caps in it. I'm just going to pretend what you said isn't true.
Torlaz Sep 12th 2009 10:43AM
Mix in some symbols instead of caps for now @#$^%@$^@#!|{}
Dastalis Sep 12th 2009 12:35PM
I read this and immediately went to the Itunes app store to get one...only to not be able to find it! So I went to the battle.net site to follow the link they had there only to get an error notice from Itunes that the requested item was not available in the US store. I"m in the US so I think I'm looking in the right place. Any ideas on what happened to it?
brraaiinnss Sep 12th 2009 11:23AM
the problem with this is that my mobile authenticator apparently became desynced last night and i am out of my game until at least monday. it also seems that they've pulled them from the app store.
vexis58 Sep 12th 2009 1:26PM
"A: Lose blizzard profit from selling authenticators"
You think they're turning a profit by selling these things for $6 with free shipping? I don't think so. They're practically giving them away already, and earning their money back in GM man-hours due to the lower number of stolen accounts.
I think the reason they haven't made them mandatory yet is because they can't make enough of them fast enough. Ever since the Authenticators came out, they've been up and down on the Blizzard store because they keep running out of stock. I know a lot of people (who don't own compatible mobile phones) who want to buy them, but can't because they're always sold out. If they could make enough of them for the entire WoW population, they probably would make it mandatory.
dcwdvl Sep 12th 2009 2:20PM
I like the idea. I have an authenticator on my iphone, as well as a physical one for my etrade and pokerstars account. Paying $7.50 or whatever for one is almost nothing compared to paying for a yearly wow subscription, or even buying expansions. Hell, I had to pay $20 for my etrade one, and it's well worth it. There really is no negative side to making it mandatory.
cragger Sep 12th 2009 6:02PM
Hate to rain on a great idea, but this idea effectively excludes every US person who has to receive his or her email in a PO box, which includes every military person overseas. The authenticator is not delivered to PO boxes. That also includes all civilians working for the US military overseas, also, btw. So, the irony is that I love the idea, but it would knock me right off Wow until I get back to the states.
Greg Sep 13th 2009 9:11AM
US uniformed service personnel have several options for obtaining authenticators.
Have them mailed first to family support/service groups, then remailed out to troops.
Additionally, actual family members can order them and send them on to their loved ones overseas.
Uniformed service is tough. In the recreation time we do get, we should not have to worry about asshats stealing our fun. Getting authenticators to the 'front lines' is only very slightly more difficult, but calling it impossible would be a gross overstatement.
Milestone Sep 14th 2009 5:01AM
Putting an authenticator inside the Cataclysm Pack (that will contain also the CD/DVD's ) is probabbly the best solution that Blizzard may come with ( Adam, you should ask credit for this idea actually :) ).
I, for example, i'm not willing to change my mobile phone and also not to activate the internet service for my mobile phone (forcing me to pay 3 Euro monthly for the next 2 years, since my phone company doesn't give any other possibility, at this moment) just to download the Mobile Authenticator Software.
The other option is to buy an Authenticator from the Blizzard Online Store.However, paying about 30 Euro for shipping (when the authenticator price is 6 Euro) is'nt such a pleasant option.
In terms of costs, at least for me, having an authenticator in this moment is too expensive.
So, if Blizzard will deliver with the Cataclysm CD/DVD's Pack also an Authenticator, this would be great.
c0mt3k Sep 12th 2009 8:09AM
Yes! i very much would be ok with this.
mrdonut125 Sep 12th 2009 12:06PM
This is not a good idea. It's an added layer of inconvenience for those people intelligent enough to keep their accounts safe. One thing Blizzard could consider is requiring attaching an authenticator to continue playing on accounts that have been compromised, but requiring it for everyone is going way to far. I don't scam people, I can make enough money on my own, but I am still very much against this idea.
Sure GMs have a load to deal with now, but giving every kid dumb enough to give out his account info a small little tool to keep track of is not the smartest idea ever. Blizzard would have almost the same amount of problems dealing with kids who lost their authenticator and now aren't only missing their gold, but can't access their entire account.
foofer4ever Sep 12th 2009 1:15PM
Step 1. Include authenticator in cataclysm
Step 2. If your account gets hacked the only way to get reimbursed items/gear/guild bank is if you have authenticator attached to your account. NO EXCEPTIONS
Step 3. Watch people sign up for authenticator in flocks.
Greg Sep 13th 2009 9:35AM
@ mrdonut125,
I don't really think intelligence correlates as directly as you suspect with whether or not your account will be hacked. I've seen it happen too many times to people who use all the standard recommended protections (don't visit naughty or questionable sites, regularly run adware and spyware detectors, browse with mozilla, use adblockers, run no script, etc).
As for the resolution of the account problems, this is still better from Blizzard's point of view. Since the authenticator prevents anyone (even an account thief) from taking any actions with an account if the authenticator is lost. The reverification process is largely placed on the user and is quite comprehensive. It even requires getting a notary public to acknowledge the persons identity- then mailing the raised seal document.
All that is required for Blizzard to do is mail an 'account recovery' form letter to the account holder and sit back and collect the information. Once the identity is sufficiently established, the authenticator can be removed from the account and a new one can be put in place.
On the other hand, restoring a character once actions have been taken (stripping gear, cleaning out guild banks, trading currency, violating the ToS) is rather difficult. It requires an investigation to prove that it was not the player that committed these acts. Then it requires going over data to find an appropriate restoration point. Finally there is a great deal of follow up required to ensure that the account is restored to it's proper state. And that is for only one character. What if the account thief changes more than one characters details? The amount of work quickly gets out of hand.
The authenticators will ABSOLUTELY save Blizzard many work hours dealing with account theft related issues. More fundamentally, they will protect authenticator holders from having asshats ruin their recreation time.
I'm not sure how you can justify calling this 'not a good idea'.
daan.leijen Sep 12th 2009 8:09AM
Definitely would support it. Another idea might be not to make them mandatory with the current software, but bundle authenticators with all copies of Cataclysm and make them mandatory for people who want to play on a cataclysm-enabled account, AKA end-game players who are currently the people most at risk for hackers as that's where they can get the gold.
Shardrell Sep 12th 2009 9:06AM
This would certainly be an easier way to get the authenticators out to existing subscribers, and is an excellent idea.