Battle.net authenticator process updated with smarter log-in detection
by Mathew McCurley 
Jun 16th 2011 at 7:00PM
Blizzard wants make the authentication process less intrusive and this is a first step towards that goal. Right now, having to input a code each and every log in is a pain, sure, but it also makes me feel secure. I'm never going to say no to more security, however, and if the system is something that can accurately figure out where I am and let me on, that's great.
This doesn't take into consideration the circumstance where you use an authenticator to prevent access to WoW, even from the home PC. I know some parents who use a simple password that their kids can remember but use the authenticator as the gate to prevent unwanted play. Maybe there will be an opt-out feature of some kind to always ask for the code.
You can check out the Battle.net account security page or check out the Blizzard mobile site for application information. For more information on this specific change to the authenticator system, follow me after the break.
If you use an authenticator – and we hope you do – you may soon notice that an authenticator prompt may not appear with every login. We've recently updated our authentication system to intelligently track your login locations, and if you're logging in consistently from the same place, you may not be asked for an authenticator code. This change is being made to make the authenticator process less intrusive when we're sure the person logging in to your account is you.
We hope to continue improving the authenticator system to ensure the same or greater security, while improving and adding features to make having one a more user friendly experience. If you don't already have a Battle.net Authenticator attached to your account, don't wait until it's too late - http://us.battle.net/en/security/checklist
If you have comments, concerns, or feedback regarding this change, please visit this thread to voice them so we can consolidate your thoughts. Thanks!
Original Thread: http://us.battle.net/wow/en/forum/topic/2674529777
We hope to continue improving the authenticator system to ensure the same or greater security, while improving and adding features to make having one a more user friendly experience. If you don't already have a Battle.net Authenticator attached to your account, don't wait until it's too late - http://us.battle.net/en/security/checklist
If you have comments, concerns, or feedback regarding this change, please visit this thread to voice them so we can consolidate your thoughts. Thanks!
Original Thread: http://us.battle.net/wow/en/forum/topic/2674529777
Filed under: Blizzard, Account Security
Reader Comments (Page 1 of 7)
Balgus Jun 16th 2011 7:06PM
So... I just bought an authenticator...and now I don't need it anymore? o.O
If you're going to have something like this in the works warn people sooner so they dont waste their money blizzard!
Skyrei Jun 16th 2011 7:08PM
You still need the authenticator(to be secure). But if you routinely log in from the same place it will not ask every single time.
Lissanna Jun 16th 2011 7:10PM
No, you still need the authenticator, so that when a hacker tries to get on your computer, it will flag them for a code and stop them from stealing your stuff.
Faralia Jun 16th 2011 7:12PM
This isn't "wasting your money" at all. You're still getting the full protection that the authenticator previously offered, the only dIfference is that now, if you keep logging on from the same computer, it will no longer ask you from the code as long as you log on from that specific computer. As soon as you try to log in from a different computer, it will ask for the code again.
Skyrei Jun 16th 2011 7:11PM
They should make it optional through a check-box *nod*
Dotson Jun 16th 2011 7:12PM
Missing the point entirely...
They have this in place so you don't have to enter it EVER. SINGLE. TIME> when you're at home.
If your account is logged on from let's say, your friend's house when you go over? It'll ask for it.
Or let's say for some weird reason you account is logged into from a chainese IP (why would that ever happen? /sarcasm), then the code is asked for.
It's still very secure and needed.
JattTheRogue Jun 16th 2011 7:13PM
It still provides the same level of security to your account it used to, it just takes out the step of you actually having to enter the code every time. If you log on from a different computer or, more to the point, if a hacker gets your account information and tries to log in, you and the hacker will have to enter the code key, and it will stop anyone who doesn't have it.
This change isn't messing with the functionality of the authenticator, just making it a little more convenient.
Balgus Jun 16th 2011 7:17PM
I should've known better than to reply first to a post. Now there are gonna be a million emails in my folder telling me someone's replied saying the exact same thing as someone else. *sigh*
You don't need to keep saying the same thing someone above you already said. please stop.
JattTheRogue Jun 16th 2011 7:19PM
If you notice, all of these comments came within a couple minutes of each other. As happens on virtually every post on this website, the replies to your comments did not show up when I first came to this page and then wrote my comment. People aren't just trying to bug you by writing the same thing, they didn't see the other comments and they're trying to actually help you and give you information you obviously didn't get from the article. Get over it.
Farnoth Jun 16th 2011 7:33PM
Replying to give him another email
Jonisjalopy Jun 16th 2011 7:36PM
There is a pretty check box at the bottom labeled "E-Mail me when someone replies to this comment".
But, given your question, reading comprehension is not your strongest quality.
Ian Jun 16th 2011 9:21PM
But unless you check your email every 10 seconds would you even notice a post somone made 10 seconds prior to yours ?
While this will not have any impact on the risk of your account being accessed remotely, it does in fact weaken the local aspect which while less common is still something to note.
An account being accessed by someone else in your residence, be it a family member/room-mate etc is still a risk, and if you have someone else who has a habit of looking over your shoulder then the authenticator offered you a potential way to secure your account from that.
It should be a toggle on your account management, whether to ask every time or not.
Noyou Jun 16th 2011 9:24PM
Wow. Grats on the epic reading failure. Just skimming the article you can clearly tell you NEED an authenticator. This recent news will now get me off the fence about buying one. Good job Blizzo!
Noyou Jun 16th 2011 9:29PM
Great so not only are you bad at reading you don't know how to uncheck a box/stop email from being sent to you after replies. /giggle. If I have learned one thing from wowinsider.com is that it mirrors life. For every action there is a reaction. Good luck in your future endeavors!
Jinx Jun 17th 2011 3:28AM
Yes, you should have.
Totemer Jun 17th 2011 11:26AM
I'm going to go out on a limb here and say you are of the group of misunderstanding people that thought when blizzard announced the bonus loot for heals and tanks that thought they could fill that spot with no....spec,gear,or knowledge of the task at hand. Thinking they/you could simple pound the way to the end grab the bag and there a successful run. (pst. Read into I a bit more before you thing you got what is about). While blizzard try's to make things easier for most people, please take a few moments to be sure how if even it affects you and me.
Bynde Jun 17th 2011 12:36PM
You Got Mail, Balgus!
:)
Joseph Smith Jun 18th 2011 12:36PM
@dotson
"Missing the point entirely...
They have this in place so you don't have to enter it EVER. SINGLE. TIME> when you're at home.
If your account is logged on from let's say, your friend's house when you go over? It'll ask for it. "
The point missing entirely is that they ALREADY HAD this service available to people that wanted it, for FREE. The Dial-In Authenticator http://us.blizzard.com/support/article.xml?locale=en_US&articleId=35806 which did exactly that.
I prefer the higher level of security of having to put my unique code in EVERY time, and not just when Blizzard is 'sure it isn't me' which is why I picked the Mobile Authenticator and not the Dial-In.
If they made it an option so that those that find the extra 3 seconds to put their code in don't have to, and those of us that want the higher security the Authenticator is supposed to provide can have it, then fine. But don't drop our security to a service we didn't sign on for without our permission
Luftwaffles Jun 20th 2011 7:03AM
My knowledge of what hackers can and can't do is not so good. But I'm sure many of you *do* know the possibilities.. so answer me this:
Even if Blizz is checking things other than IP (like location, hardware etc) what are the chances that a hacker can steal that information along with your password? Is it possible to generate a program that will simulate being your computer at your location? I mean how often do people move the location of their tower or change their motherboard.. all they have to do is trick Blizz into thinking they are in Wyoming instead of China and we are back to square one.
Is there a high possibility of this? Or is duping your location/specs impossible?
Jenks Jun 20th 2011 9:40AM
http://www.youtube.com/watch?v=O8dAz6hTXuU#t=50s