Patch 5.3 interview with Ghostcrawler
Mystery of the Unborn Val'kyr
The latest patch 5.3 news
All of the latest Mists of Pandaria newsBreakfast Topic: Why Blizzard should make authenticators mandatory on Battle.net accounts
by Adam Holisky 
Sep 12th 2009 at 8:00AM
Blizzard can make authenticators a mandatory feature on all Battle.net accounts.
There are many pros and cons such a move would bring about. Let's examine the cons first since everyone likes to complain about stuff. The largest con would be that people would be required to have a physical piece of equipment specific to WoW and other Blizzard games. Some people would obviously not be okay with this and cancel their subscription, and others would not understand how to push a button and punch in numbers (I'm not kidding). There would be a large cry from people around the net, particularly people who enjoy scamming others out of gold and their accounts, but those are easily enough ignored.
Blizzard could get around these negatives by simply giving away authenticators to everyone who doesn't have one -- make it part of the $15/month subscription. You have a subscription, you get an authenticator to keep no matter how long or short your subscription lasts. For those that don't have a subscription of some sorts or are playing on a trial account – you play on a separate server that is jailed from the rest of the servers. It would be a large one time buy on the part of Blizzard for all its customers, but it would be worth it in the returns of lessened customer service (all those GMs don't have to deal with "OMG my accounts been haxors!" emails).
And really, seeing a little authenticator in every WoW box on store shelves would send a clear and unmistakably loud signal to the rest of the gaming industry -- your products need to be secure. You need to keep your customer's accounts safe, and this needs to be a top priority.
Some might say that another con is the hardware and software required to service millions upon millions of players -- however such hardware is already in place in banks and government agencies. Your authenticator is little different than what they use, and the backend serves are even similar.
Now for the pros -- we've already outlined two major ones; leading the gaming industry and decreasing GM work load. In particular these days the amount of work GMs are doing has clearly become more than Blizzard can currently handle. Tickets are in queues for days right now, and you're one in a million if you actually get to talk to a GM in any reasonable amount of time.
Another added pro to this idea is that the amount of gold selling and account selling would drop dramatically. I don't have much fear of giving virtual items away when it comes down to it, even my whole account if I were so inclined (note: read carefully, I am in no way supporting account selling). But I do have a big problem with sending someone an authenticator I don't know -- and I sure as hell would never give my address to some random guy that owns a WoW account I want to buy.
Creepy guy living in his mom's basement can give me all the gold and accounts he wants. But touch something he's touched? Yuck, no thanks.
Of course this is only a 50,000 ft. overview of the situation, and there are a lot of details that would have to be worked out. But it's something that I hope Blizzard seriously considers. Use this opportunity to make WoW and all the Blizzard properties the safest and most secure form of virtual interactive entertainment out there.
What do you think? Would you be okay with Blizzard making authenticators mandatory?
Filed under: Analysis / Opinion, Breakfast Topics, Account Security
Reader Comments (Page 4 of 15)
Tae Sep 12th 2009 8:18AM
So yeah you must take in account that a lot of people are outside the U.S. sometimes with a lot of difficulties to even buy the game.
Seraph Sep 12th 2009 8:16AM
I like the idea of selling them with Cataclysm as the only reason I don't have one is because I can't order online. And also no iPhone. or cell phone in general
Stuart Sep 12th 2009 8:20AM
I disagree with having these be made mandatory. Instead, have people pass an IQ test upon creating an account that deals with advanced personal security.
I've only ever lost one password, and that was when my Diablo II account was brute forced. I have no idea how long it took the guy to come up with "bl7z0192," but they did. I have never allowed myself to get a keylogger and I have never given away my password.
A tough password and common sense when browsing the internet and interacting with people online will go a long way.
The Prince of Cats Sep 12th 2009 9:01AM
AN IQ test? I can think of one MMO that does anything like that; Kingdom of Loathing. It is done in a semi-ironic way, where you have to pass an English language test before you can use the chat channel, but it does make you think.
Davi Sep 12th 2009 8:21AM
And for those who live on a country with no access to authenticators or where iPhones are just too expensive , like Brazil? We couldn't play at all. Sorry to inform you but Blizzard would never do that. It's corporate values are about getting most people to play (even with modest hardware configurations). It's customers simply love that way. Only the hardcores don't and well, you probably have your authenticators already....
Craig R Sep 12th 2009 8:23AM
authenticators are possibly the most unnecessary security measure blizzard has implemented. It's been said by many before me but i'll reiterate it here.
WoW's only security vulnerability is between the keyboard and the chair.
Wolftech Sep 12th 2009 8:30AM
yep... the PICNIC issue.
Problem In Chair Not In Computer.
Gessilea Sep 12th 2009 9:15AM
True or not, it's still a huge issue. If the only people it affected were the owners of the account in question it wouldn't be as big a deal, but it affects everyone because of all those reasons listed in the article, namely having to deal with gold sellers in game and having to wait longer to talk to a GM.
Literaltruth Sep 12th 2009 8:31AM
This would be acceptable if, and only if, Blizz was able to provide Authenticators for all and support them for all.
Right now, Blizz will only ship them to select countries - and anyone living in most Asian (and I would imagine, African) countries can't have them shipped directly. I live in Thailand and play on Oceanic servers and would have to go through a two-stage shipping process (with me getting it shipped to a friend in Australia with them then sending it on to me) to get an authenicator and that's a lot of time and shipping expenses incurred. Even if that were solved, they'd have to sort out the logistics of support in other countries - anything goes wrong with it and I have to pay to ship it back to the USA? And wait until it's shipped back again (potentially through that same two-stage shipping process again)? No thanks.
Of course, the Mobile Phone authenticator might be a solution - but Blizz would have to make that more compatible. I just bought a Samsung Omnia and, as a Windows Mobile phone, it can't run the authenticator. I'm not changing my mobile phone any time soon just to play a game that I've already paid for, then paid more for every month since then (gladly, BTW - I love WoW and have very few complaints).
I'm writing as someone who has been hacked - and who had the unfortunate experience of watching their armory obsessively while 3 level 80 characters were systematically stripped of all their hard-won epics as they were vendored for quick gold. I'd love more account security - but I kind of feel that Blizzard as a company isn't as global as their game's playerbase (just look at the state of Oceanic servers* for proof of that) and they'd need to have a strong, global support option in order to make it acceptable to require their 11million+ WoW subscribers plus all their Diablo and Starcraft fans to use a piece of falliable hardware to play the games they've played for.
*One of those "very few complaints" I mentioned earlier.
PsyWulf Sep 12th 2009 1:22PM
Not to burst your bubble,but if the phone can run java apps and allows net access to them ( symbian,win mobile etc) you can download the java app and set it up. Did it today and no it isn't virus-riddled. Google is your friend :)
Wolftech Sep 12th 2009 8:27AM
Actually, an on screen keyboard (with random letter positions) that does not use the same data inputs as a real keyboard (i.e. the login sees it not as a typed letter, but as something else) would kill 99% of the external hacking issues (i.e. keyloggers) and be a much better solution not requiring an external measure. Now, it would be possible that something could infect the Wow executable, but with proper virus protection, that shouldn't really be a major issue.
It would do anything about the ID-10T factor because there still would be people who give account information for leveling services and the like...
Omega2 Sep 12th 2009 8:40AM
Ayup. Even banks use that system for their on-line services. Use a random keyboard layout every time the program is started just to make sure they don't try to come up with mouseloggers (or whatever :P), and suddenly a hacker's job is a lot harder. That is, assuming the user chose a non-obvious password. I've done maintenance on a few systems and I swear, the amount of people using "12345" even when their accounts are at risk is unbelievable.
Aigarius Sep 12th 2009 11:25AM
Actually that is quite easy - the hacker just has to take screenshots of your screen a few times a seconds, like Fraps. If you have a keyloger - there is nothing that Blizzard can do to secure your account, except of an external security measure, like the authenticator.
Nuts Sep 12th 2009 8:29AM
Ive got the authenticator app on my Touch. Its the best free insurrance you can have and its available for cellphones too in case u dont have a Touch or iPhone
traptinacivicsi Sep 12th 2009 4:19PM
Unless you're on "The nations largest and most reliable network"... Verizon.
(Of course Alltel couldn't get it either so I'd of been screwed had I stayed there too.)
Warren Sep 12th 2009 8:32AM
I have one. I dont worry about my account getting hacked.
kw Sep 12th 2009 8:33AM
If they want to make them free, fine. I am sure there are a lot of people out there who don't know how to manage computer and password security so it might cut down on the overall number of account hacks.
But I will not use one - I've had similar things for two separate corporate email accounts, and I found them to be a big pain in the ass. I've been using computers since the mid-90s and I have never lost a password to a hacker and don't plan on doing so in the future. All it takes is common sense. Being forced to use an authenticator for my battle.net account would be an insult, and most of my friends (we are all IT professionals) would see it the same way.
Tricia Sep 12th 2009 8:39AM
I have an authenticator, as does my husband. The initial cost for them was so minimal that given the peace of mind it created basically meant I was completely cool with spending an extra 12 dollars. I have NO idea why more people have not simply bought them to avoid any potential account hacks.
Including it in every Blizzard game and requiring them to play seems like a great idea to me. The biggest complainers are likely to be the people who're already doing shady things to accounts, and as if I care if Blizzard slights them. I mean, most sane and intelligent people would be glad to find their information secured so completely, right? And if not, if they like being open to fraud, hacks, and the like, well maybe I don't want to be playing with them anyways lol
Been using it for a year, and it's not a burden or a pain to use, and I really like feeling a bit more safe in my online play. But this is all just my opinion and I'm sure it's not shared by everyone.
Wolftech Sep 12th 2009 8:44AM
So what happens if you lose it? Or what happens if someone steps on it? You are stuck not being able to play while you are going through the long and arduous process of swapping the authenticator attached to that account.
I am not doing 'shady things' with my account and I have no desire to tie my account to a little piece of plastic that is easy to lose.
Azradesh Sep 12th 2009 9:02AM
Funny, I don't care if we lose players stupid enough to get hacked in the first place.