WOW:Authenticator: Difference between revisions
No edit summary |
No edit summary |
||
Line 1: | Line 1: | ||
[[Category:FAQs]] | [[Category:FAQs]] | ||
Line 8: | Line 6: | ||
The numbers generated are predictable in nature so that the server can come up with the same number as your authenticator at the same time. How that happens is the secret sauce and a well guarded secret. However, even if that secret got out, it still wouldn't make your authenticator vulnerable. The seed that starts the sequence when the Authenticator begins its life is based on a range of variables, many of them random, for each individual authenticators. So for someone to figure out exactly the sequence of numbers generated by your authenticator, that person needs to know precisely the algorhythm used and the parameters that built the start of life of your particular Authenticator. Quite a lot a work just to get into one account. | The numbers generated are predictable in nature so that the server can come up with the same number as your authenticator at the same time. How that happens is the secret sauce and a well guarded secret. However, even if that secret got out, it still wouldn't make your authenticator vulnerable. The seed that starts the sequence when the Authenticator begins its life is based on a range of variables, many of them random, for each individual authenticators. So for someone to figure out exactly the sequence of numbers generated by your authenticator, that person needs to know precisely the algorhythm used and the parameters that built the start of life of your particular Authenticator. Quite a lot a work just to get into one account. | ||
= | |||
<span style="color: #f7d75e;">'''''But you should still be careful'''''</span> | |||
Be warned, though, the numbers generated have a 60 seconds life span. If you get lured to a phishing site that asks your username, password and authenticator code (and assuming you typed all that), you are still very vulnerable for the lifespan of the number. If the hacker gets your info and acts on it fast enough, you could still get hacked so it's very important to always be aware of the sites you visit. However, the chances of that are slim since it all has to happen within a 60 seconds window or less. | Be warned, though, the numbers generated have a 60 seconds life span. If you get lured to a phishing site that asks your username, password and authenticator code (and assuming you typed all that), you are still very vulnerable for the lifespan of the number. If the hacker gets your info and acts on it fast enough, you could still get hacked so it's very important to always be aware of the sites you visit. However, the chances of that are slim since it all has to happen within a 60 seconds window or less. | ||
= | <span style="color: #f7d75e;">'''''If you already own an authenticator'''''</span> | ||
Physical authenticators (the ones sold by Blizzard) all have a serial number in the back. Is it highly recommended to write down that serial number somewhere like a Google Docs document, for instance. That way, if you lose your authenticator or left it at home while on a trip, you can easily use the serial number to call Blizzard and have it removed from your account temporarly so you can still play. | Physical authenticators (the ones sold by Blizzard) all have a serial number in the back. Is it highly recommended to write down that serial number somewhere like a Google Docs document, for instance. That way, if you lose your authenticator or left it at home while on a trip, you can easily use the serial number to call Blizzard and have it removed from your account temporarly so you can still play. | ||
Revision as of 20:40, 16 December 2009
Blizzard Authenticator
The authenticator consists of a 6 or 8 digits number generator that the server will use to make sure that you are the actual owner of the account logging in. Knowing the username and password isn't enough. The generator can be a stand-alone device (as sold by Blizzard and called Key Fob), an iPhone/iPod Touch application or application for other supported cell phones.
The numbers generated are predictable in nature so that the server can come up with the same number as your authenticator at the same time. How that happens is the secret sauce and a well guarded secret. However, even if that secret got out, it still wouldn't make your authenticator vulnerable. The seed that starts the sequence when the Authenticator begins its life is based on a range of variables, many of them random, for each individual authenticators. So for someone to figure out exactly the sequence of numbers generated by your authenticator, that person needs to know precisely the algorhythm used and the parameters that built the start of life of your particular Authenticator. Quite a lot a work just to get into one account.
But you should still be careful
Be warned, though, the numbers generated have a 60 seconds life span. If you get lured to a phishing site that asks your username, password and authenticator code (and assuming you typed all that), you are still very vulnerable for the lifespan of the number. If the hacker gets your info and acts on it fast enough, you could still get hacked so it's very important to always be aware of the sites you visit. However, the chances of that are slim since it all has to happen within a 60 seconds window or less.
If you already own an authenticator Physical authenticators (the ones sold by Blizzard) all have a serial number in the back. Is it highly recommended to write down that serial number somewhere like a Google Docs document, for instance. That way, if you lose your authenticator or left it at home while on a trip, you can easily use the serial number to call Blizzard and have it removed from your account temporarly so you can still play.
Questions frequently asked on the forums
What Is It?
- The Blizzard Authenticator is a physical key fob while the Battle.net Mobile Authenticator is a mobile phone application that generates an 8 digit code that is entered after entering your World of Warcraft Password. This second factor of authentication helps to secure your account from being hacked.
I change my password frequently, I don't need one do I?
- Are you sure? Brute force attacks are more common then you might think. In the time between password changes, a hacker could get in your account. With the ever changing authentication code, you won't have to worry about that.
What's in it for me?
- Besides security of your account, you also get a cute little Core Hound Pup. [Core Hound Pup Image]
How bad is getting hacked, really? Its just a game, and Blizzard can replace everything right?
- If you are hacked, the process for restoring your character to its default state can take weeks. You'll first need to contact Blizzard to verify your account (as most hacks result in the account being locked out), change your password, and unlock your account. Once this is done, you'll need to login to each character you have and take inventory of what's missing. You'll then need to submit a GM Ticket with a list of the missing items from each character for them to restore... and then you wait. The ticket will be escalated from a GM to a specialized team. That team will investigate your situation, and once verified, will mail you your items and gold back.
- This process can take 2 or more weeks depending on many factors including holidays, how many hacks are occurring, etc.
- You may not get all items back. Some items or gold amounts may not be restored.
- During this time, its likely you've been cleaned out... no armor, no money, no mana-replenishing drinks, nothing.
Where do I get one?
- You can get the Blizzard Authenticator Key Fob from the Blizzard Store here. [1] The key fob costs US$6.50.
- You can get the Battle.net Mobile Authenticator for the iPhone or iPod Touch here. [2] The application is Free.
- You can get the Battle.net Mobile Authenticator for Android . . . Oh wait, you can't. [3]
- You can get the Battle.net Mobile Authenticator for other phones on US/EU Carriers here. [4] The application costs 99¢US.
Is there a guild policy?
- There isn't one. Alea Iacta Est does not require any of its guild members of any rank to have an authenticator.
- (Wyndgem Writer's Note) However, I strongly encourage everyone to get one for security of a guild member's own account.
Shouldn't Guild Officers be required to have an authenticator?
- The argument of Guild Officers being required to have an authenticator has been made to primarily protect the guild bank. The counter argument is: Have you seen our guild? Alea Iacta Est is one of the largest guilds in the game. With the number of people, especially the number of generous people, if a Guild Officer's account is hacked and the guild bank is emptied, the bank would be refilled in no time.
What about the Guild Master?
- Maui has an authenticator.
What does Ingvar the Plunderer think?
- Ingvar the Plunderer says (in a posh British accent), "Really, get an authenticator.... or I WILL PAINT MY FACE WITH YOUR BLOOD!!!!"