Skip to Content
10-13-2009 @ 8:07AM
I totally agree with your assessment of the common excuses. I transferred my account to a battlenet account the first day it was available. I have not had any problems yet.Bottom line is that people fear change.
10-13-2009 @ 9:05AM
I used my email@example.com for my Battle.net account so now I have to firstname.lastname@example.org of my old and short username:asdfghjklzxwhich is very annoying in some situations. I hope we will get an optional "Battle.net Username" so we can have something easier to type in. Battle.net also forces me to use a complicated password which is really unnecessary since I have an authenticator. Battle.net made logging in a big mess for me...
10-13-2009 @ 9:17AM
Remember account name check box.
10-13-2009 @ 9:19AM
@AlicanCContrary to popular belief, an authenticator alone isn't foolproof. A STRONG password, combined with an authenticator are much better. Plus, its a good habit to use a password that has uppercase, lowercase, numeric, and symbol characters in it. An authenticator is only designed to prevent keylogging, thats it.
10-13-2009 @ 9:34AM
@Thomas PrescottUhh I don't believe you know what your talking about. An RSA type security key is very very very secure. It's the same technology we used at the bank I worked at to secure 100% of our mission critical servers. I would challenge you to find a more secure easy to use method.
10-13-2009 @ 9:35AM
@Thomas PrescottNot to burst your bubble, but the WoW-account-password is not case-sensitive. it doesn't matter whether you use upper-case or lower-case characters. Also a authenticator is pretty much fool-proof even if you have a weak password like "secret".
10-13-2009 @ 9:42AM
It's not necessarily fear, people also don't like what they perceive to be unnecessary change. If you have only one account and don't play any other Blizzard games then having to go through this is just plain annoying, for no benefit at all.Having said that, quitting over it is a bit extreme.
10-13-2009 @ 9:52AM
@AlicanC, why don't you tell it to save your email address?Works for me.
10-13-2009 @ 9:54AM
Oops, that's what I get for opening tabs of all the new articles and then not refreshing this one before replying :) Someone else said it first.
10-13-2009 @ 10:18AM
Holy cow, authenticator zealots, ease off a bit. Thomas is obviously right: security 'A' plus security 'B' is clearly better than security 'B' alone. Strong passwords help protect against brute force hacking, while authenticators help protect against keylogger hacking.A strong password is still critical to security. The strength of your password refers to how long it would take a program that randomly generates possible passwords to hack into accounts. The authenticator gives a 6-digit number, meaning on average a hacker has a 1 in 999,999 chance of guessing the right code every time they try. And they can try a lot if they are at all skilled in automation, anonymizing, or distributed computing. By contrast, if you have an 8-digit password that is a combination of letters and numbers, and which is not based on dictionary words, then there's less than a one in a trilion (1/2,821,109,907,456) chance of randomly guessing that password in a brute force hacking attempt.
10-13-2009 @ 10:58AM
For people that complain about their long E-Mail and have an added excuse of 'not playing at home'...here's yet another solution for you.Copy/Paste.Most people check their E-Mail before they log into the game. Well, copy your E-Mail as you write it, and bam...easily done.
10-13-2009 @ 11:28AM
Skonged,512-bit RSA was hacked recently. Moore's law in action.
10-13-2009 @ 11:48AM
@LilBanshee@Thomas PrescotThis isn't about authenticator zealotry. Thomas is simply wrong. Security tokens can be related to foiling keyloggers, but they are not just about that. The concept being implemented is called Two Factor Authentication. With this scheme, authentication requires 1 of 3 things: something you are, something you have, or something you know. In this case, we know (a password) and something we have (the authenticator - proven by the one-time hash produced by that token (which is slightly different than RSA's tokens but that's beyond this conversation)).Yes - strong passwords are critical to simple authentication mechanisms based solely on a password. But two-factor shifts the emphasis away from password strength. In fact, in most implementations, the "something you know" portion is as simple as a 4 digit PIN which makes for a very poor password. This is acceptable because various ways the token hash is handled makes brute-forcing the PIN / password difficult. The point of the "something you know" portion is to negate simply having possession of the token being the deciding factor (unlike, say, your house key). And likewise, physical possession of the token is required for the PIN / password to be any good.So authenticators / tokens defeat keyloggers. They also eliminate simple passwords, sticky notes, re-used passwords, bad memory, and numerous other weaknesses due to the weakest point in most security; the user.
10-13-2009 @ 12:06PM
@Zhiva RSA security tokens don't use RSA Public Key crypto. They're called RSA security tokens because they're made by RSA company (founded by the same people that invented the RSA Public Key crypto system). They just basically have a cryptographically-secure psuedo-random number generator that runs inside the key and the server that generates a new random number every minute (the server just needs to know the initial seed to be able to match this).As to your comment about 512-bit RSA being broken, people should be using 1024 or 2048-bit RSA keys anyway, by now.
10-13-2009 @ 12:27PM
@ Eric and artifexUnfortunately, for the "remember account name" option, this doesn't work when two people with two different accounts use the same computer. It only remembers the name until the second person logs in :(
10-13-2009 @ 12:29PM
An authenticator is physical, if someone IRL gets ahold of it they can compromise your account with it. A strong password + an authenticator is much better then just an authenticator.Also, its good habit to use strong passwords anyway, and frankly typing 5 extra characters goes a long way.
10-14-2009 @ 4:55AM
The truth is I fear Fan Boys - there is absolutely no good reason to have a battle.net account if you do not use any other Blizzard products.
10-14-2009 @ 11:46AM
-----Thomas PrescottThomas Prescott Oct 13th 2009 12:29PMAn authenticator is physical, if someone IRL gets ahold of it they can compromise your account with it. A strong password + an authenticator is much better then just an authenticator.Also, its good habit to use strong passwords anyway, and frankly typing 5 extra characters goes a long way.-----Yes - an authenticator covers the "something you have" aspect of 2-factor authentication. There needs to be another piece and, in this case, it's your password. However, a strong password may be a liability if the user can't remember it and has to resort to writing it down. Then you have "something you have" and "something else you have" (the piece of paper - although that's a heck of a lot less secure than a token). The password doesn't have to be complex for 2-factor authentication to be effective. And if a simple password remains "something you know", then it does the job much better than the complex password jotted down on a sticky note attached to your monitor.Having said that - yes, using strong / complex passwords is a good habit to have. If you can manage to do this effectively, then there's no reason not to. But few can.
10-14-2009 @ 6:16PM
Wow, the amount of QQ and also ignorance is staggering.For those of you debating strong passwords VS authenticator...use both. Use a strong password no matter what the circumstance. And the authenticator is another level of security.For anyone who said anything about someone getting your authenticator IRL, I have news for you: the vast, vast majority of account hacks aren't done locally, they're done remotely. The odds of someone happening to find your authenticator, know who's it is, know your account name, and know your password (or have access to your machine to keylog it), AND be someone of malicious intent who will steal your account is ridiculously small. And an authenticator without a password is just as useless as a password without an authenticator.For those of you QQing about typing a longer account name in...seriously? You're sitting down to a keyboard and mouse game, about to use a keyboard for a long period of time, and you're begrudging an extra 10 keystrokes? Get real. It's such a weak excuse.For the rest of you: it's not a bad thing. I did it a while back, and no, I don't play any of Blizz's other games. But in the end, even if there was some real downside to it, you've only got two options: suck it up and make the change, or quit. This is going to happen. And I don't really see any of you actually quitting over something this trivial. So less QQ plz.
First time? A confirmation email will be sent to you after submitting.
Members enter your username and password.
Enter your AOL or AIM screenname and password.
Please keep your comments relevant to this blog entry. Email addresses are never displayed, but they are required to confirm your comments.
When you enter your name and email address, you'll be sent a link to confirm your comment, and a password. To leave another comment, just use that password.
To create a live link, simply type the URL (including http://) or email address and we will make it a live link for you. You can put up to 3 URLs in your comments. Line breaks and paragraphs are automatically converted — no need to use <p> or <br /> tags.