Blizzard giving serious consideration to mandatory authenticators
by Adam Holisky 
Jan 8th 2010 at 12:50AM
This response is a direct effort to stop the massive number of compromised accounts by gold sellers and keyloggers. The seriousness of the situation with compromised accounts has reached such a level that wait times for item and character restoration are entirely unacceptable, even to Blizzard executives. Blizzard has taken other internal measures to deal with long wait times of people in account restoration queues, and we'll be covering those measures tomorrow.
However, with the inclusion of mandatory authenticators, this should solve a major problem for Blizzard's support and account administration teams.
The number of compromised accounts under the mandatory authenticator plan should plummet, if not be virtually eliminated, and players should be able to enjoy a much more secure gaming experience. While some might have a hard time with the transition, Blizzard can provide excellent support in getting all of their 11.5 million players up to speed. Indeed, we have already seen some incentive programs appear; the price of authenticators has dropped recently thanks to free shipping, and we are now rewarded with an in-game pet for having an authenticator attached to our accounts.
A few months ago we postulated such an idea as one of our Breakfast Topics. In Why Blizzard should make authenticators mandatory, player reaction was mixed. Some saw it as a great opportunity to eliminate compromised accounts, others thought it would be an unnecessary money grabbing scheme by Blizzard.
Perhaps the best option put forth by commenters on WoW.com was to make the authenticators mandatory with Cataclysm. Many people agreed with this, and it will be interesting to see how Blizzard rolls out their mandatory authenticator system.
On the down side to this plan is a serious logistics problem, in that Blizzard can barely keep authenticators in stock now. They have yet to prove that they have the capacity to distribute them to millions of additional players. We are currently investigating this issue and will report back once we have more information to share.
We do not know if authenticators will be mandatory on just WoW accounts or on any Battle.net account.
Filed under: Blizzard, News items, Account Security
Reader Comments (Page 1 of 20)
Retro Jan 8th 2010 12:52AM
Been saying for months that Cataclysm will come with an Authenticator packed inside. The money and time Blizzard employees spend fixing hacked accounts is probably much more than the cost of giving the authenticators away (because they practically already do).
It wouldn't surprise me in the slightest to see it happen.
Aftermathmatical Jan 8th 2010 1:02AM
I agree, have 2 versions of Cataclysm. One with them and one without. But make it required to have authenticator to have Cataclysm. If you already have one get the one without authenticator. Just make sure that they both cost the same.
JoeHelfrich Jan 8th 2010 1:13AM
They don't even have to do that; they've already proven they can make these as stand alone software applications (for iPod/iPhone and other mobile phones); so just come up with an authenticator that runs on the local desktop.
It's not as secure, but as long as the seed number for the authenticator is something random combined with the date stamp at activation, it should be practically impossible to hack--no significant percentage of account hacks involves actually having physical access to the machine, they just get people to give away information without realizing it. Then you can keep selling the stand alone physical authenticators as a "more secure" option--less likely to ever be hackable, no need to go through authenticator problems if your hard disk crashes, able to be used with multiple computers, etc.
Lasher Jan 8th 2010 1:14AM
If they both cost the same, is there really any point in having 2 versions ? Even if you already have one, if it's the same price, it would be silly to get the one without an authenticator.
Viper007Bond Jan 8th 2010 1:17AM
Having the authenticator on your computer COMPLETELY defeats it. The hacker, while stealing your password, can just make a copy of your authenticator while they're at it.
The authenticator works because the hackers can never gain access to it.
And +1 to including it in all Cataclysm boxes (they're cheap).
Utakata Jan 8th 2010 1:52AM
That would be a really good thing, Retro...since I (and I suspect others) who have no access to a credit card or who are uncomfortable using the credit cards online, has been the greatest road block for us in securing one.
Eric Roberts Jan 8th 2010 1:57AM
Rather than making a desktop version, expand the list of compatible phones...especially smartphones. I was amazed to find that for the most part, Palm wasn't supported...one of the major smartphone makers. I also do not see any Android devices on the list. That would reduce the need for authenticators if there was better coverage for phones.
Wild Colors Jan 8th 2010 3:49AM
Yeah, I don't understand why it's not out for more mobile platforms yet. Android and palm would add a decent chunk to the market. Or at least via a text message service (you text blizzard a password from a number attached to your account and they text back an authenticator code good for 3 minutes).
I actually have a stand alone authenticator, but I've never added it to the account b/c I'm worried it will break or I'll lose it. Much easier if it's just woven into my phone.
Llanwyllan Jan 8th 2010 4:56AM
@ Wild Colors
just make sure you write down the 10 digit code on the back, then you can get it taken off. i lost my keys which had my old authenticator and the one i got from blizzcon that year when i was flying back to ny and regret not having written the bloody number down.
Kooshi Jan 8th 2010 5:08AM
Great idea to include it with Cata. As far as having a program on your computer providing you with the code is pretty stupid. Accounts are hacked from keyloggers most of the time, so the same type of technology could be used to view/hack the authenticator software.
As far as hardware (keychain) authenticators vs phone software, I much prefer the hardware one. I have both types. On my iPhone, it takes too long to open up the app, compared to just pressing a button and instantly receiving the code on the hardware version.
Also, it's happened to me at least twice, that either my phone locked up and I had to restore it, or accidentally upgrading the iPhone app, and doing that without deactivating the authenticator from the account first will lock your account. And it's a major pain to call up support.
I much prefer the hardware authenticator over the phone software authenticators.
Xirifus Jan 8th 2010 7:17AM
The fact why I have not yeat got myself an authenticator, is because Im afraid I'll lose it or the batteries go dead (at some point.. may it be two weeks or two years)
[even more] off topic here, but I heard I have to call blizzard to get my authenticator off if something happens to it? well, I don't speak very good english (I type better than speak, I think) so I think I won't do that.. so do you have to make the call, or can you, like email them..?
Bananacup Jan 8th 2010 7:29AM
Three. words
Free SMS support.
Mr.X Jan 8th 2010 7:36AM
I am sure all CATA boxes will have one, and tbh the money they are spending atm on staff etc for these issues probbly outway the cost of putting Authticators free in each CATA box.
BTW also to fix this authtication issue, maybe allow all countries to purchase from blizzard shop??
Srly every country has mail, why are blizzard not allowing them to purchase from them, when any normal person can send a letter or shipment to there.
V Magius Jan 8th 2010 9:04AM
@ MR. X
The trouble with sending an authenticator through the mail to certain countries has to do with defining the item. I believe Authenticators fall under encryption devices, so are limited in import/export.
Seems silly, but if they can't find a work around, they can't send it.
jishdefish Jan 8th 2010 9:43AM
Yeppers, PSP or DSi support may stretch the numbers even further.
"Son, where's your DS? I need my Authenticator Code."
"Uhh..."
Umehte Jan 8th 2010 9:44AM
If you are able to get one and you don't have it yet, then you are risking too much. I never thought to get one untill 2 guildies got hacked in the same week. Yeah, most likely you can get your stuff back, after some time, but since we live in a shitty world where people will even hack into your free time hobbies for money you better protect yourself. It sucks that we have to pay for a device for this , but honestly, its better than watching your own toon ninja your guild vault...
joel Jan 8th 2010 10:18AM
By all means if they put it in Cataclysm boxes I'd use it. :D
I'm just gonna have to get used to having something else on my underused Keyring. >.>
Hyacinthe Jan 8th 2010 10:34AM
Personally, I think it's time to:
PANIC!!!!!!!!
Assume that Blizzard wants to keep subscriptions and therefore will have a plan in place.... screw that...
PANIC!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
YOU ARE ALL GOING TO LOSE ACCESS FOREVER!!!!
Continue the nerdrage, please.
Kragragh Jan 8th 2010 10:46AM
Nah - they'll put one in ALL the boxes. I could be wrong, but I can't imagine they're expensive to produce in the numbers they'd be producing, and the infrastructure is already there, so it's not like more authenticators is really a huge added expense. You'll just throw yours away if you already have one.
That said, I would like to replace my first-gen authenticator, with the ugly Blizzard logo, with the new cooler one.
I'd also like to see them backlit, I always play in a dark room and I sort of have to tilt it towards the screen and hit the button right after I enter my password, because it darkens too much when it shows the screen where you have to enter your code...
DavidC Jan 8th 2010 11:49AM
Not too worried about Blizzard keeping up with demand for authenticators. If they decide to make them mandatory, they know *exactly* how many they need and will be able to contract to have them made and ready before the announcement.
ie: Decision is made, math is done, purchase orders are cut, when product is ready, announcement is made.
Easy Peasy.