Using the Corehound Pup to secure Guildbanks
by Robin Torres 
Dec 19th 2009 at 4:00PM
Authenticator owners received a nice surprise in their mailboxes when Patch 3.3 dropped: the corehound pup pet. It's absolutely adorable and a completely unexpected bonus to having a secure account. But it has also caused much kvetching among those who feel they are too careful to ever need the authenticator. Pet envy caused some to sign up for the free application for their phone or buy the physical gadget in order to obtain the two-headed cutie. But they soon discovered that removing the authenticator from their accounts also removed the pet.
Their loss can be your gain, however. One problem that many guilds have is that some of their high ranking members, with full bank access, have account security issues. When a guildbank gets raided by a hacker, it affects the entire guild -- not just the compromised account. One thing guild leaders can do to protect all members is require authenticators for bank access. Previous to patch 3.3, this was hard to prove. Now GLs can just ask to see your corehound pup.
Of course, players can get the authenticator, show the pup and then deactivate the added security right after. So spot checks (perhaps at the beginning of every raid?) would have to be performed periodically. But this is a very easy way to ensure the security of a resource that affects an entire guild. At the very least, GLs can require that members previously hacked show their pets.
I know I'm not the first to think of this and I'm sure that some guilds have already put this into place. I think the biggest obstacle guild leaders will face is the group of players who feel their account is completely safe without the authenticator. It is a slight inconvenience in that you must have the gadget/app near you whenever want to play. However, just like an extra lock on your front door, an extra layer of security isn't going to hurt anyone but wannabe hackers.
Here is a handy FAQ about Authenticators, should you or someone in your guild still be on the fence about getting one. And don't be surprised if your guild bank becomes restricted to corehound pet owners after the next time a guildie gets hacked.
Please remember that account safety and computer security is your responsibility! While WoW.com has provided you with resources to additional information, do your homework and make sure you know what you're doing before installing any antivirus or other software.Filed under: Analysis / Opinion, Guilds, Account Security
Reader Comments (Page 1 of 8)
Pj_halligan Dec 19th 2009 4:07PM
I had a guild master hacked once - cleaned out all the gold, flasks and mats we had from Uld/ToTc bith 10 and 25. It was a painfull lesson but having an authenticator is great - I had my own account hacked once and after a full restore decided getting an authenticator was the best thing i could do.
From my own perspective as a raider having a GM/Officer core with authenticators is great and shows that they take their account security seriously and also that they take their posistion of responsibility seriously as well. For a few bucks its a very handy tool.
Kira Dec 20th 2009 1:05AM
I dont have an authenticator, just like how I don't lock my front door. If I have something that locks something, I inevitably lose it.
Jason Dec 19th 2009 4:07PM
Two members of my guild were consecutively hacked last night. I'm thinking about getting the Authenticator. It'll make a good stocking stuffer.
Question, though: Will the authenticator work without wireless access? The Mobile App for iPod and iPhone needs wireless internet, but does this one?
Pj_halligan Dec 19th 2009 4:11PM
It does not need internet access as it is a battery powered device that you can keep on your keyring or next to your PC/Desktop. I am at work now pressing the code button and it is generating 6 digit login codes that I can't use :P
epsilon343 Dec 19th 2009 4:13PM
From what I remember I only needed wireless access once for my iPod and then each time you connected to the internet it got new numbers, I think.
Engerz Dec 19th 2009 4:31PM
I have the iPod version and no you don't need to have wireless on. I actually spent an hour waiting to talk to a Customer Service rep just to have that answered...and a few other questions regarding it as well.
Matt Dec 19th 2009 5:31PM
Neither one NEEDS wireless access.
Both work by generating random numbers based on a seed that is different for each authenticator (physical or app).
The standalone device NEVER needs any syncing at all.
The iPhone/iPod one only needs syncing due to the fact that the "clock" in the app is not running at all times. The "resync" button just makes sure that the app changes to the next number in the sequence at the same time as the server.
I sync mine about once a month *maybe*, and it is never more than 1 ms off (you can see the "time left" bar change to match the server when you hit sync).
If you have an iPhone/iPod, get the app. It is FREE, and the extra account security is awesome.
Greg Dec 19th 2009 5:30PM
The iPod/iPhone app is awesome.
Totally free- and only requires wifi access one time to sync the device. Once it's synchronized, you can use it without wifi anywhere.
It does mention in the app that there is a very slight chance it can fall out of sync- in which case it would need wifi to resync. But that seems rare.
I had a keychain authenticator before, but now I'm 100% iPod authenticated. And the best part is, I can give my old keychain authenticator to a friend for Christmas!
Jeff Dec 19th 2009 5:35PM
You need to be connected to the internet when you first set it up. After that, the algorithm is completely self-contained, and it doesn't need to communicate with Blizzard's servers at all.
If it ever falls "out of sync" with Blizz, you can connect to the internet to Resync it. I've never had that happen though, and I haven't resynched in months.
Alanid Dec 19th 2009 6:06PM
Well if you have the 3G/s then surely you can use the internet anywhere where you get a decent signal. I know I can.
Faulken S Wulf Dec 19th 2009 6:16PM
I find it ridiculous that they have the Authenticator for some Blackberry devices and not others. Its the same platform across all units. Its all Java. What is even more irritating to me is that the 8100, 8110, and 8120 Pearls are all supported. But the 8130 (my phone) is not.
Seriously? Good job Blizzard, good job.
Tokkar Dec 19th 2009 6:56PM
@ Faulken -
This doesn't have anything to do with Blizzard and EVERYTHING to do with the manufacturer. What you mentioned was a revision and subsequent advancement. The platforms themselves may be similar, but not identical. Obviously, some improvements have been made or it wouldn't have a higher version number.
The app isn't forward-compatible (no software that I know of is). That is to say, it's like trying to run a Windows 7 application from a Windows XP platform - the code may be similar, but it simply won't work that way.
Faulken S Wulf Dec 19th 2009 7:35PM
That would make sense except that I thought the 8130 was just the CDMA version of the 8120 (GSM). I thought everything was similar except for the cellular network.
*shrug* I'll still buy the Authenticator, I was just miffed to see the scattered support. But then again, I don't work for Blizzard and certainly couldn't do better. Heh heh.
hinu Dec 19th 2009 10:11PM
Actually, for most mobile devices, the manufacturer uses the same base firmware/OS version across all models but in the end each model has different secondary versions marked. So same codebase, but internals are slightly different.
Mostly the difference is in how they attach to the network but for smartphones it may also mean some features are locked and trimmed during the install process to save flash memory space.
In the case of CDMA and GSM it may be that the encryption features available are different and hence the algorithm used for the authenticator is not available in one version.
epsilon343 Dec 19th 2009 4:17PM
This is a pretty good idea. When I was doing Ulduar my guild was on the cutting edge and I realized that walking around with T8.5 gear would make bump me up a few spots on a hacker's target list so I downloaded the app for iPod. Probably one of the best things because it took only a few seconds extra. Just drag it to my first screen on the iPod and the numbers cam eup.
The only concern would be for those that have a tendency to misplace things but my iPod was always with my phone and wallet and if I had the authenticator I would've had it on my keychain. But honestly, the few extra seconds it takes each time more than makes up for the headaches you'll go through when you try and get your account back.
Tethra Dec 19th 2009 6:34PM
That's why I have mine on my keychain with the keys to my apartment. I would lose it for sure otherwise because a) it's small, and b) my cats like to play with small, shiny things.
Snuzzle Dec 19th 2009 4:20PM
As a guild leader, even though my guild bank isn't heavily stocked with the most expensive flasks, gems, and mats, I feel it's my responsibility to make sure my account, at the very least, is secure. That's why I purchased an authenticator as soon as they were available, and I've never regretted it.
I keep it on my cellphone in the wrist strap loop. When I come home, the phone gets plugged into my PC to recharge so I never have to worry that I'll forget where I put my authenticator or leave it somewhere inconvenient. It's always right there.
I know people who keep them attached to their monitors somehow but that doesn't feel safe to me. It's safe from someone who doesn't play WoW, but if a friend or relative of yours plays and has access to your PC, they also have access to your account. I like to think mine plays incognito as a cell phone dangly. :P
I know the Corehound Pups just came out, but I don't see as many of them as I'd thought. I've seen countless Lil' KTs, Chilly Blizzard Penguins and of course Onyxia Whelplings. But everywhere I go, I get asked where I got my adorable Corehound Pup. When I tell them it's for authenticator users, they seem less enthusiastic about the pet.
Are authenticators really seen as that annoying? I guess I'm just used to it, but I really like the added security step. It's like being asked for your ID when you withdraw funds from your bank account or showing your hand stamp to get back into a club/theme park. Just something you do.
paul Dec 19th 2009 4:31PM
It was annoying for me at first, especialy with a bad internet connection, and getting DC'd a lot. Having to put it in every time can be a pain.
Although, after a while you get used to it, just like many other things that are annoying at first. The added account security for you/your guild is worth it by a long shot.
Sargenus Dec 19th 2009 4:31PM
I admit, I ordered an authenticator JUST for the pet. My friend downloaded it on her iPhone. When I got mine, she said "I know you love pets, but it's really annoying needing to enter an extra 6-digit code EVERY log in.".
I shrugged it off, and installed my authenticator, it sits right in my drawer on my desk.(The reason why it's in a drawer, is because that drawer has all my personal items in it, and theres a lock out in, that requires a key that I have with me at all times. I'm a security nub)and I use it when ever i log in now. I don't see why it's a problem, I got it a few days ago and I'm not annoyed the least bit. I admit, I've been meaning ot get one anyway, as I was hacked once upon a time, and lost my precious 6/8 T3 geared Lock from way back in Pre-BC(Who I never played anyway)so making sure my NEW Lock isn't deleted and I get a nice pet? Yes please.
Artificial Dec 19th 2009 4:59PM
It's funny you mention your bank in your examples there at the end. Do you use online banking? I do. I'm not required to use any kind of authenticator fob to access it. It's more than a simple annoyance. It's falling out of my chair hilarious that people seem to think they need better security for a video game than they do for their bank account. XD