Skip to Content
6-16-2011 @ 7:06PM
Sounds good at first. My only concern would be if someone hacks someone's computer, they can get and spoof the IP address as well. Then they have the username and password and will be able to log on without an authenticator.Someone tell me I am wrong here.
6-16-2011 @ 7:10PM
Nope, not wrong, my thoughts exactly.
6-16-2011 @ 7:23PM
this only matters if maybe they use YOUR computer to login.trust me when i say blizz is using more then just a mere ip address to cache your logins, they have specs, they have hardware IDs, geographical locations. Someone with same IP isnt just gonna login without code and get away with it unless they literally use YOUR computer to do it, but at that point, the authenticator is least of your problems, but rathor, why someone is on YOUR computer over a remote connection and you need to get your PC in order.as for concern about household things, Wives, kids etc. Well, that's not really waht blizz designed authenicator for, that's what they made parental controls and regular passwords for.
6-16-2011 @ 8:26PM
@MysticalOS none of which can't be spoofed by someone with enough knowledge.
6-16-2011 @ 7:29PM
They didn't say they were doing it by ip address. It could be MAc address, router traces, stack signatures, geolocation or any combination of. Im sure Blizz has already thought about college campuses and the like so they may use system info and a combination of all of the above to generate unique keys for systems. Hackable? Everything is. Something to worry about? I trust the Blizzard folks to be better developers and know their systems better than I do.
6-16-2011 @ 7:54PM
"but rathor, why someone is on YOUR computer over a remote connection and you need to get your PC in order."Even if this is the case...The original authentication method prevented you from this very scenario.I'd actually say that that was half of it's point.If everyone was perfect in every way and kept their PCs in perfect order - we wouldn't need these little gadgets in the first place.
6-16-2011 @ 7:57PM
Technically, this can be more secure, since it alleviates some of the risk of keyloggers
6-16-2011 @ 11:26PM
ah thanks. I was thinking the have to have some other way to tell what machine we are using.
6-19-2011 @ 11:53AM
"so they may use system info and a combination of all of the above to generate unique keys for systems"And once the hackers determine what the algorithm is to determine this information, all they need to do is insert code into their keyloggers to capture this from your computer along with your username/pwd. Since this hash is UNCHANGING, it will always be valid. Unlike the authenticator, which IS a continuously changing code. Alternatively, they can just continue using man in the middle attacks, which instead of stealing your authenticator code, will steal the 'location id' that blizz has put in.I don't pretend to know what's happening on Blizzard's side for the authentication, but then I'm not the party that's interested in finding ways around it. Trust me when I say that the gold farmers are already hard at work trying to determine how to get around Blizzard's code without needing the authenticator information, now that the possibility exists.
First time? A confirmation email will be sent to you after submitting.
Members enter your username and password.
Enter your AOL or AIM screenname and password.
Please keep your comments relevant to this blog entry. Email addresses are never displayed, but they are required to confirm your comments.
When you enter your name and email address, you'll be sent a link to confirm your comment, and a password. To leave another comment, just use that password.
To create a live link, simply type the URL (including http://) or email address and we will make it a live link for you. You can put up to 3 URLs in your comments. Line breaks and paragraphs are automatically converted — no need to use <p> or <br /> tags.