Breakfast Topic: What made you decide to get an authenticator?
by Aiden James Kosciesza 
Feb 8th 2011 at 8:00AM
Once again, Blizzard is encouraging its players to use authenticators to protect their Battle.net accounts. In addition to the incentive of a lovable Core Hound Pup pet provided to all World of Warcraft characters on an account that has an authenticator attached, there is now a contest going on to win an iPad for your best Core Hound Pup screenshot, and we've even received reports that free authenticators are being offered to owners of accounts that have previously been compromised. Still, incentives alone aren't enough for some players. Sometimes it takes an incident to drive the point home.
For me, it was a hacking scare involving my girlfriend's account. We had just resubbed to WoW in preparation for Cataclysm and were having a blast when she got a notification from Blizzard that her account had been locked due to an unauthorized break-in. Nothing was gone, no items destroyed, no gibberish-named level 1s created, but she did have to change her password and verify to Blizzard that she was still herself. She was playing on a Mac, used Adblock and had disabled Flash on her browser, and she only visited a handful of websites on a daily basis, all very innocuous places like Gmail and WoW Insider. We figured it was an isolated incident, but just to make sure, she wiped her hard drive and reinstalled WoW. Then, a week later, it happened again. I couldn't believe it, and I still don't know how or why she was targeted, but I ordered our authenticators the very next day. We haven't had a problem since.
What convinced you to get an authenticator? Was it a contest, a promotion by Blizzard, or a hacking scare? If you don't have an authenticator yet, what's holding you back?
Reader Comments (Page 1 of 9)
Jamie Feb 8th 2011 8:04AM
I got an iPhone 4 about a month ago and that was enough incentive for me.
Although, I had my WoW account hacked when I had stopped playing WoW. That sucked because I didn't get all my t10 on my paladin back :( still I got all those Eternal Shadows back, thanks for the quick response Blizzard!
Slight off-my-own-topic: I think it's important to emphasise that while it's not happened to me, if you do go with the iPhone/iPad/iPod Touch authenticator route make sure you remove the authenticator from your account if anything happens to the attached device.
I've heard horror stories of people taking their phone into the shop and then not being able to get into their account any more. Don't be a statistic!
Canth Feb 8th 2011 9:38AM
When I got my Android phone.
It was a free app, and Hey! free core hound pet.
killercactiii Feb 8th 2011 9:42AM
I've done this a time or 2 reformatting my iPhone, and all it takes is a simple call to Blizz, answer some security questions, and you're back in business. A pain, to be sure, but I wouldn't worry about horror stories.
Boots Feb 8th 2011 10:41AM
I have the mobile authenticator. I like it because I always have it, and I probably won't lose it. I got hacked, and for about an hour we both kept fighting for control of the account. I don't know how he did it, but whenever I changed the password, he would change it back. I then remembered the free app for my android so I added it and I haven't had a problem since. The dude changed my security questions, so my email address is stuck on my old one.
Marcosius Feb 8th 2011 1:06PM
Just wanted to say that what Aiden writes sounds dubiously like a phishing email. In fact I'm 99,89% certain it was such. Even people without a WoW account get such emails occasionally...
Anyhow, indeed hearing from few close-ish friends how their account had been hacked through no apparent fault of their own - using "über secure" Linux or Macs and generally seeming rather web-alert and knowledgeable what is a phishing attempt and what is not - so I finally got an authenticator, first as the token (which was cheap - shipping costs waived) and then when I got my HTC Desire Z I changed it to an android app which didn't cost a dime.
Haven't been hacked not once to date (even without the auth.), and with the authenticator I hope to keep it that way.
Aruhgulah Feb 8th 2011 3:41PM
@Marcosius: Speaking *as* a Mac User, our platforms are not uber secure. It's just that hackers don't find it profitable to bother targeting us yet, since Windows is the more popular platform and it's used in almost all corporate workplaces, to boot. But since Mac & Linux popularity is growing, we're gonna start getting targeted more.
Aiden, if your girlfriend logged in from another location (say, a hotel or your house, instead of hers), the change in IP address may have triggered the Blizz lockdown. If she was using one of the tunneling services meant to work around the lag issue with certain ISPs, that could also have triggered it.
For all Mac users, I HIGHLY recommend using Firefox as your browser with the NoScript add-on; NoScript blocks ALL scripts on a website until you okay them (and you do so individually -- believe me, you get to know all the popup and ad sites pretty quick).
Marcosius Feb 8th 2011 5:12PM
@Aruhgulah; Yes indeed the "uber secure" was sarcasm, because usually the weakest link in security is between keyboard and chair.
Anyhow, I haven't noticed any "IP-lockdowns" on Blizzard's side, and I use a connection that almost always gives a different IP-address for me depending on what's available, so I really doubt there's any "safety features" like that. And indeed what with the IPv4 addresses almost being used up and IPv6 readiness still lagging in places, not to mention that simply locking a game to a single IP in general is just stupid, I don't see any point with such a lockdown feature that panics when a username signs in from a different IP-address.
It really really sounds like a phishing email to me, I could be wrong of course, but I just haven't heard not once Blizzard notifying people about their account being compromised, when on the contrary I've heard dozens if not hundreds of times scam sites telling people that their Battle.net account is compromised, or that illegal activity has been monitored, which people then shoot off to investigate in worst case scenario through a forged link in said "warning e-mail." Gmail's spam filter is actually pretty efficient, in fact I don't think I've had even one wow-related scam/spam come through the spam folder, but even so, for example when I got my invitations to Starcraft II and WoW: Cataclysm betas, I didn't click any links on the mail, instead I opened the verified Battle.net bookmark I have, logged in and checked if I had any new clients available from there. Both times I did, even though by the time I got into the betas I already had an authenticator anyway...
I know this must seem rather paranoid to someone, but you just simply never can be too careful with your security on the interwebs.
P.S. I higly endorse FFox+NoScript+AdBlock -combo as well. You can laughably easily configure them for sites you trust. Even so, even this isn't 100% secure, nothing ever is, but it's way better than simply pretending there isn't a problem.
Vogie Feb 8th 2011 6:24PM
I actually added my authenticator the first time I stopped playing WoW. I normally changed passwords every month anyway, and activating the mobile authenticator saved me from doing that when I wasn't even playing.
Godmstr Feb 8th 2011 8:06AM
i added an authenticator to my account when the app first came to iOS, after having it on my account and realizing the starting up the app all the time was a little hassle, i ordered a dongle from Blizz
MattKrotzer Feb 8th 2011 8:07AM
After watching numerous friends' accounts get absolutely destroyed by lax security, I made sure to get one as soon as I was able.
wutsconflag Feb 8th 2011 12:49PM
This.
Schadenfreude Feb 8th 2011 4:48PM
This. It was mainly friends who were going onto cheat sites, bot sites, pirated software sites, etc., but enough of my friends' accounts were hacked that I learned my lesson indirectly. I want to say I got mine with free shipping but I can't remember. Honestly, I think Blizzard should just start putting them in the box.
D-Rider Feb 8th 2011 8:08AM
For me, it was being made an officer in a guild whose guild vault had already been raided twice by people having their accounts hacked. I got the mobile authenticator the same day, and have since switched to the normal authenticator (because I don't trust the phone to keep working!). It's somewhat later now, and I'm GM of my own guild, and we use the authenticator-required feature for officer ranks because of that experience, buggy as that feature is. So, I've never actually been hacked, and want to keep it that way!
Sean Feb 8th 2011 10:52AM
Similar situation for me. My guild had a streak of bad luck, with half a dozen members being hacked within a week. The guild bank was raided a few times when they got hold of officers' accounts. I figured the $7 or so was worth it, because if I got hacked and wiped, I would probably just quit the game.
adamncsu Feb 8th 2011 8:09AM
Guild bank access
Mace2k Feb 8th 2011 8:10AM
After multiple officers in our guild had their accounts hacked (and our guild vault was summarily pilfered), we now require them to have one in order to be an officer. They have to show us their core hound before any promotion.
Sad, but required...
molsen5 Feb 8th 2011 8:11AM
I got one the minute they were back in stock after they came out. I knew too many guildies whose machines were "unbreakable" that got hacked. It just seemed that way too many people were getting hacked in Wrath.
burntpizza Feb 8th 2011 8:11AM
After my account was hacked by gold sellers. They used my account to advertise, didn't steal anything of mine. Guess my greens and 250g weren't good enough :(
Easy to use Android app :D
shepherd57 Feb 8th 2011 8:12AM
The only reason I have one is because they offer a mobile authenticator. The Corehound pup is nice too.
Wildstaff Feb 8th 2011 8:12AM
I got one because i heard you could get one for fre on your iPod/smartphone. i figured that since i've had my account compromised before, i might as well get some extra security.