Skip to Content
9-20-2010 @ 2:44PM
-----Kira Sep 20th 2010 12:49PMPersonally, I think the authenticators should be free anyway. I don't see any good guild not turning this on though, so it's pretty much a no win situation for me. Not to mention that at the rate I lose thumb drives, and the authenticator being about the same size, I'd probably end up losing it, and the fact that I have seen my friends with authenticators get hacked, where as I have not, mostly by using my wow computer for nothing but wow, not even web surfing, and still putting it in fort knox mode. (I know, you'd think I would take the easier route of getting an authenticator) but the fact of the matter is that I could afford the time spent on securing my system where I could not afford the money to buy an authenticator or an iphone.-----The best price for generic, non-customized versions of these devices (they're Vasco Go 6 devices) is $9.20 a piece. That's not counting the annual per-user licensing and support contracts that would go with Vasco authentication servers (with comes out to about $32 per device), assuming Blizzard went with that option. Even if Blizzard has made some sweetheart deals on the devices and have implemented their own authentication infrastructure that doesn't involve additional licensing per user... they're not really making much on these things.Having said that - I'd like them to come in the box. That'd be great. The trouble is, that might open them to encryption device import laws. Which could make each boxed copy a legal risk depending on the current state of the law in any given market. Having said that - WoW (at least Warden if not the WoW client itself) uses encryption. So this might be either a moot point or a really interesting example of how inconsistent these laws are.I'd be really interested in the details of how your friends with authenticators had their accounts compromised. A lot of times we hear of these urban-lore-like rumors of security events but the details are either never produced or the situation turns out to be really different than initially described. Having said that - Two Factor Authentication isn't fool proof. It's possible to do a man-in-the-middle attack but it tends to be easier to detect. So I'm skeptical, but it is possible.So let's say you do have a nice, locked down system (a bastion host for WoW if you will). You could put a 3rd party software token on it. Blizzard's software token is an OATH HOTP implementation. Someone has looked at the Android authenticator and implemented it on Windows. If you're really capable of locking down a desktop to the extent that putting a software token on the same desktop is an acceptable risk, then you should have no problem in figuring out how to set that up yourself. Having said that - I think you're fooling yourself and this is simply a way to weaken the effectiveness of an authenticator.
First time? A confirmation email will be sent to you after submitting.
Members enter your username and password.
Enter your AOL or AIM screenname and password.
Please keep your comments relevant to this blog entry. Email addresses are never displayed, but they are required to confirm your comments.
When you enter your name and email address, you'll be sent a link to confirm your comment, and a password. To leave another comment, just use that password.
To create a live link, simply type the URL (including http://) or email address and we will make it a live link for you. You can put up to 3 URLs in your comments. Line breaks and paragraphs are automatically converted — no need to use <p> or <br /> tags.