Patch 5.3 interview with Ghostcrawler
Mystery of the Unborn Val'kyr
The latest patch 5.3 news
All of the latest Mists of Pandaria newsBlizzard giving serious consideration to mandatory authenticators
by Adam Holisky 
Jan 8th 2010 at 12:50AM
This response is a direct effort to stop the massive number of compromised accounts by gold sellers and keyloggers. The seriousness of the situation with compromised accounts has reached such a level that wait times for item and character restoration are entirely unacceptable, even to Blizzard executives. Blizzard has taken other internal measures to deal with long wait times of people in account restoration queues, and we'll be covering those measures tomorrow.
However, with the inclusion of mandatory authenticators, this should solve a major problem for Blizzard's support and account administration teams.
The number of compromised accounts under the mandatory authenticator plan should plummet, if not be virtually eliminated, and players should be able to enjoy a much more secure gaming experience. While some might have a hard time with the transition, Blizzard can provide excellent support in getting all of their 11.5 million players up to speed. Indeed, we have already seen some incentive programs appear; the price of authenticators has dropped recently thanks to free shipping, and we are now rewarded with an in-game pet for having an authenticator attached to our accounts.
A few months ago we postulated such an idea as one of our Breakfast Topics. In Why Blizzard should make authenticators mandatory, player reaction was mixed. Some saw it as a great opportunity to eliminate compromised accounts, others thought it would be an unnecessary money grabbing scheme by Blizzard.
Perhaps the best option put forth by commenters on WoW.com was to make the authenticators mandatory with Cataclysm. Many people agreed with this, and it will be interesting to see how Blizzard rolls out their mandatory authenticator system.
On the down side to this plan is a serious logistics problem, in that Blizzard can barely keep authenticators in stock now. They have yet to prove that they have the capacity to distribute them to millions of additional players. We are currently investigating this issue and will report back once we have more information to share.
We do not know if authenticators will be mandatory on just WoW accounts or on any Battle.net account.
Filed under: Blizzard, News items, Account Security
Reader Comments (Page 2 of 20)
JoeHelfrich Jan 8th 2010 11:59AM
@Viper007Bond: Oi. Do you understand how accounts get hacked?
Most hacks don't involve family members or friends sharing a single computer stealing from each other, and so NEVER COMPROMISE THE PHYSICAL SECURITY OF THE PLAYER'S COMPUTER. The player follows a link that installs a keylogger, or just goes to a website where they are asked to enter their account credentials. The credentials are then forwarded to the bad guys, who can then use them to log in to your account from their computer.
Even if the keyloggers/website ask you for the authenticator value, that number's good for what, 10 seconds? Assuming that a player logs in once an hour, it would take years to gather enough information to predict the sequence, if Blizzard has used decent values for the RNG.
Launch the application, enter your credentials, get the authenticator prompt, and tab out to see what the numbers are on your desktop widget. Tab back, plug them in, and play.
Is it perfect? No. Is it as secure as a separate authenticator? No. Is it good enough to stop a large percentage of the hacks that happen today? Yeah, probably.
New, more complex viruses might be able to compromise the software based authenticator, but you'd have new ways of dealing with that as well. The reason so many accounts are hacked right now is that it is very easy to do so, with only a two factor authentication, and static values at that. Every increase in complexity will reduce the number of successful attacks.
Impulsivity Jan 8th 2010 3:34PM
It already is totally free, just download the app for the iphone/ipod touch. It was amazing how easy and seamless it was to connect the app with my account. Now I just start wow, it asks for my authenticator, I open the app and it immediately gives me a refreshing code. I enter the code before it refreshes and poof I'm in. The whole process takes maybe 10-15 seconds.
You even get the pet in the in game mail just as if you had purchased the full physical authenticator.
When I first saw this idea of authenticators I thought it might be a money grab, but given the free iphone app with the same functionality its clearly not.
It's free, it's easy, just download it. I guess some people might not have touches/iphones because they use a blackberry or something (or heaven forbid a zune) for those people all I can really say is next time make a better consumer electronics choice, and after you do, download this authenticator for free.
Retro Jan 8th 2010 1:30PM
@ Kragragh: Perhaps the Collector's Edition Authenticator will be back-lit, while the regular Cataclysm box is simply the standard authenticator.
Something else no one has mentioned; If Blizzard chooses to ship an Authenticator with every copy of Cataclysm, they'd very likely save a lot of money by producing in bulk. It's pretty much a win-win for Blizzard at this point, so... as I said in my original post, it's no surprise.
Voen Jan 8th 2010 1:48PM
Yes I think authenticator+Cataclysm expansion is good idea and I would happily pay more for it than just the expansion. This way almost everyone could get it. BUT THE ONLY WAY I'm seeing authenticators being mandatory is that you can buy them from the same shops/retailers you can buy your game cards and WoW + expansions. IF you make it mandatory getting authenticator have to be EASY and POSSIBLE for almost ALL wow players around the world. Only way to make it easy - you can walk into shop and byu it or you can buy it from online-shop where you have NO difficulties paying and it will be shipped to you NO MATTER where the hell you might live. Yes so Blizz games are not sold in your country for some weird reason, no problem still you would have many other routes to get it; for example ship it from your neighbor country's online-store. Blizz can't handle shipping all over the world by itself, here is an easy solution.
If Blizz don't make this possible they will lose many players, you think they want that?
It is bad customer service that the only source to get authenticator is to buy it from Blizzard store! When they don't even ship everywhere although it's in their list of "we are shipping here" and when the paying methods are very limited.
I WANT TO buy authenticator even if it would cost triple as much as now. Here are some reasons I haven't. Mine and many others difficulties don't seems to interest Blizz since they haven't done any changes and seem to think that if people can't do it their way it's not Blizz fault but the people/countries.
1. I don't have credit card. I could possibly get one but that wouldn't help.
2. My country (in EU) supports mainly if not ONLY Verified by Visa service. It means that there is no way you can pay anything just by writing and sending your credit card information (although it would be https-site). I have not used this service but my knowledge is that it's similar as online-banks. In my country we mainly pay our online-shoppings this way, logging to our bank account and verifying the purchase like paying bills. Ofc having this service costs so many small shops have other ways; they send you a bill with your purchase or you prepay and they send your purchase when they see the payment on their bank account. And since everyone is not using it there is no reason for Blizz to use it.
3. I somehow manage to find bank and credit card that allows me to buy with this unsecure way by sending my credit info - only to find out that Blizz won't ship here. I trust they do ship here but getting that credit card would be a real pain (and I'm not 100% sure I'd get one).
4. I don't have phone they support for those authenticator apps. I think they support only new 3G-mobiles? How long they support older phones and how fast they start supporting new phones and manufacturers? And those phones cost and there is no 100% guarantee the it will work with the apps. So I wouldn't go and buy new expensive phone just for authenticator. You know, everything that can go wrong will - particularly with different apps and devises. 3G-phones need security-apps to protect from increasing viruses to mobiles. Will Blizz guarantee that their apps work with these security-apps and when some virus anyway hits you and goes grazy is it your fault?
There might be some inaccurate things in my writings so excuse me but this topic really heats me up.
Yes, go ahead and make it mandatory but make sure ALL players can get one. You know it's ok if you get one with Cata-expansion but when you lose it and need another... there has to be a way to get one without going thru hell. Good customer service is not make it simple andd easy so you can keep your customers.
Voen Jan 8th 2010 2:10PM
Oh bad typo. :)
"Good customer service is not make it simple andd easy so you can keep your customers."
*is to make it simple and easy
Tribunal Jan 8th 2010 3:15PM
For all of you going "Oh no, the battery will die", the expectancy per Digipass' website is 7 years.
Somehow I seriously doubt it will crap out in two weeks. And when it does die in 5 years (conservatively), just buy another one. They are the cheapest thing you can buy that has anything to do with WoW :P
For the "I'll loose it" argument. Do what I do: Set it on the base of my monitor (granted, I never play from a laptop because I just have a shitty laptop that's good for word processing and using the internet, but I bet a lot of you are Desktop exclusive too).. unless the hacker is breaking into my house it's fine right there. And just put it back when you're done, since you're still sitting right there. It's almost impossible to lose.
And just in case you are really afraid you'll lose it, buy two and keep the second one somewhere you couldn't possibly lose it, and write down the serial number to the first one. Then, on the day you lose it, call Blizzard up, have them remove the first one (really easy if you have the serial number of the authenticator), and activate the second one all in one fell swoop. Quick and easy. Oh, and order your third at the same time :P
Clbull Jan 8th 2010 3:54PM
so just come up with an authenticator that runs on the local desktop.
__________________
Because that is gonna be 100% secure and unhackable by malicious programs, isn;t it?
Felix_NZ Jan 8th 2010 5:59PM
Would have probably got one already if it didn't cost 30 freaking dollars in End of the world tax (shipping) Would love it if all the Cataclysm boxes came with one!
BearGriz72 Jan 8th 2010 8:33PM
@Impulsivity
next time make a better consumer electronics choice doint buy a rediculus over blown DRM heavr POS Like the iphone/ipod touch
dokhidamo Jan 10th 2010 5:20PM
@Aftermathmatical
I agree totally, and since Authenticators cost about $6, have the Authenticator version cost that much more, perhaps a little less due to no need for packaging.
If it's something where the Authenticator version is 10-20 dollars more, I'll not buy it, and uninstall the game. And when Blizz asks why, I'll say "I realized I was being held captive on a pirate ship, and I want off."
Zapmenads Mar 4th 2010 8:35AM
IDD Better support for mobile authenticators.
At the moment it seems Blizzard is content to let 3rd parties develop the software but I think this has resulted in a significant gap between the application and the mobile platforms available and in common use.
Symbian, Android.. where is the updated authenticator for phones released in the last 6 months. I cant be that difficult to repackage the java application for a new phone.
Mythryl Jan 8th 2010 12:53AM
Simple answer...provide authenticators in each Cata box. I would love an authenticator, but $$ be pretty low at the moment.
Wulf Jan 8th 2010 10:00AM
I always found this argument to be rather perplexing... You have enough disposable cash to afford Net access, a computer and maintain a WoW account (all luxuries, and not required for day to day life) and you can't scrape up a Subway sub's worth of change to protect your leisure activities?
They waived the shipping fees, it's just little more than the cost of the materials now. Knowing how much VASCO keys sell for in the corporate sector, I can only imagine that Blizz is actually losing money on every one sold, but gaining back value in fewer petitions.
Nick Jan 8th 2010 12:55AM
Good. This has been needed for quite some time.
To keep people from complaining on being forced to buy one, put one in every Cataclysm box, and tack on a few extra dollars to the total.
Namssob Jan 8th 2010 2:42AM
But what about those who have already PAID for an authenticator? Tacking on a "few extra bucks" is not fair to those who have already paid for one (including shipping). I don't care if they give them away FREE now, but don't charge me AGAIN for an authenticator I already bought. In fact, I believe this would be illegal under anti-racketeering laws.
They either need to have two versions (one with, and one without - which would require you already have an authenticator), or they somehow sell them outside of the box, or they just give them away.
ecwfrk Jan 8th 2010 6:42AM
Just make it a special Cataclysm branded authenticator. No one has one of those.
They could also do all kinds of things to placate people who already have an authenticator like giving them a pet and/or a A Feat of Strength. That shouldn't prevent them from making sure everyone has one in the future.
Ozzard Jan 8th 2010 6:45AM
@Namssob: It's no different to paying for any other item. If (say) I pay for a PC game, then later I buy a new graphics card and find a CD of the same game bundled inside, I shrug and accept that I got early access to the game.
Why are auth tokens somehow different?
rawrawrawr Jan 8th 2010 6:52AM
If they go with the Authenticator with Cataclysm approach (which I think is extremely likely), i doubt they would even charge you. I can only imagine the amount of work hours the GMs spend fixing hacked accounts and resending gear.
They're almost giving them out for free already, so the manufacturing costs must be chickenfeed.
dawnseven Jan 8th 2010 8:43AM
@ Mecha
Like Kia, the last time I ordered authenticators it got it 3 days later (free shipping). I had actually ordered 2. One for my son, and one for a friend of mine in Canada. I packed the extra one up for my friend, went to the post office, and paid for the 2 day shipping to Canada ... which took 2 weeks. The mail is crazy.
Deadly. Off. Topic. Jan 8th 2010 9:43AM
While I agree they shouldn't sell it to you twice, I wouldn't mind having an extra one lying around in case the other one dies or gets lost... beats having to go through the hassle of buying and having it reshipped again.