WOW:Authenticator: Difference between revisions

From AIE Wiki
Jump to navigation Jump to search
m (Stigg moved page Authenticator to WoW:Authenticator)
 
(10 intermediate revisions by 3 users not shown)
Line 1: Line 1:
[[Category:FAQs]]
[[Category:FAQs]]
[[Category:World of Warcraft]]
[[Category:Diablo]]
[[Category:Starcraft]]
[[Category:Blizzard]]
[[Category:Security]]


==Blizzard Authenticator==
==Battle.net Authenticator==
[[File:Authenticator.jpg|120px|thumb|Keychain Authenticator]]
[[File:Authenticator.jpg|120px|thumb|Keychain Authenticator]]
[[File:iPhone_Auth.jpg|120px|thumb|iPhone Authenticator]]
[[File:iPhone_Auth.jpg|120px|thumb|iPhone Authenticator]]
:The authenticator consists of a 6 or 8 digits number generator that the server will use to make sure that you are the actual owner of the account logging in.  Knowing the username and password isn't enough.  The generator can be a stand-alone device (as sold by Blizzard and called Key Fob), an iPhone/iPod Touch application or application for other supported cell phones.
:The authenticator generates a 6 or 8 digit number which is used as a one-time password (OTP).  Knowing the username and account password isn't enough.  The Battle.net authenticator is available as a stand-alone device (sold by Blizzard and called Key Fob), or a smartphone app available on iOS or Android.


:The numbers generated are predictable in nature so that the server can come up with the same number as your authenticator at the same time.  How that happens is the secret sauce and a well guarded secret.  However, even if that secret got out, it still wouldn't make your authenticator vulnerable.  The seed that starts the sequence when the Authenticator begins its life is based on a range of variables, many of them random, for each individual authenticators.  So for someone to figure out exactly the sequence of numbers generated by your authenticator, that person needs to know precisely the algorithm used and the parameters that built the start of life of your particular Authenticator.  Quite a lot a work just to get into one account.
:The numbers generated are predictable in nature so that the server can come up with the same number as your authenticator at the same time.  How that happens is the secret sauce and a well guarded secret.  However, even if that secret got out, it still wouldn't make your authenticator vulnerable.  The seed that starts the sequence when the Authenticator begins its life is based on a range of variables, many of them random, for each individual authenticators.  So for someone to figure out exactly the sequence of numbers generated by your authenticator, that person needs to know precisely the algorithm used and the parameters that built the start of life of your particular Authenticator.  Quite a lot a work just to get into one account.


<span style="color: #f7d75e;">'''''But you should still be careful'''''</span>
===But you should still be careful===
:Be warned, though, the numbers generated have a 60 seconds life span.  If you get lured to a phishing site that asks your username, password and authenticator code (and assuming you typed all that), you are still very vulnerable for the lifespan of the number.  If the hacker gets your info and acts on it fast enough, you could still get hacked so it's very important to always be aware of the sites you visit.  However, the chances of that are slim since it all has to happen within a 60 seconds window or less.   
:Be warned, though, the numbers generated have a 60 seconds life span.  If you get lured to a phishing site that asks your username, password and authenticator code (and assuming you typed all that), you are still very vulnerable for the lifespan of the number.  If the hacker gets your info and acts on it fast enough, you could still get hacked so it's very important to always be aware of the sites you visit.  However, the chances of that are slim since it all has to happen within a 60 seconds window or less.   


==Questions frequently asked on the forums==
==Questions frequently asked on the forums==
===What Is It?===
:The Battle.net Authenticator is a physical key fob while the Battle.net Mobile Authenticator is a mobile phone application that generates an 8 digit code that is entered after entering your World of Warcraft Password.  This second factor of authentication helps to secure your account from being hacked.


<span style="color: #f7d75e;">'''''What Is It?'''''</span>
===I change my password frequently, I don't need one do I?===
:The Blizzard Authenticator is a physical key fob while the Battle.net Mobile Authenticator is a mobile phone application that generates an 8 digit code that is entered after entering your World of Warcraft Password.  This second factor of authentication helps to secure your account from being hacked.


<span style="color: #f7d75e;">'''''I change my password frequently, I don't need one do I?'''''</span>
:Are you sure?  Frequent changes are not defense against key-loggers.  Even if you believe you are safe against those, brute force attacks are more common than you might think.  In the time between password changes, a hacker could get in your account.  With the ever changing authentication code, you won't have to worry about that.


:Are you sure?  Brute force attacks are more common then you might think.  In the time between password changes, a hacker could get in your account.  With the ever changing authentication code, you won't have to worry about that.
===What's in it for me?===
 
<span style="color: #f7d75e;">'''''What's in it for me?'''''</span>


:Besides security of your account, you also get a cute little Core Hound Pup. [Core Hound Pup Image]
:Besides security of your account, you also get a cute little Core Hound Pup. [Core Hound Pup Image]


<span style="color: #f7d75e;">'''''How bad is getting hacked, really? Its just a game, and Blizzard can replace everything right?'''''</span>
===How bad is getting hacked, really? Its just a game, and Blizzard can replace everything right?===


:If you are hacked, the process for restoring your character to its default state can take weeks. You'll first need to contact Blizzard to verify your account (as most hacks result in the account being locked out), change your password, and unlock your account. Once this is done, you'll need to login to each character you have and take inventory of what's missing. You'll then need to submit a GM Ticket with a list of the missing items from each character for them to restore... and then you wait. The ticket will be escalated from a GM to a specialized team. That team will investigate your situation, and once verified, will mail you your items and gold back.
:If you are hacked, the process for restoring your character to its default state can take weeks. You'll first need to contact Blizzard to verify your account (as most hacks result in the account being locked out), change your password, and unlock your account. Once this is done, you'll need to login to each character you have and take inventory of what's missing. You'll then need to submit a GM Ticket with a list of the missing items from each character for them to restore... and then you wait. The ticket will be escalated from a GM to a specialized team. That team will investigate your situation, and once verified, will mail you your items and gold back.
Line 32: Line 36:
:# During this time, its likely you've been cleaned out... no armor, no money, no mana-replenishing drinks, nothing.
:# During this time, its likely you've been cleaned out... no armor, no money, no mana-replenishing drinks, nothing.


<span style="color: #f7d75e;">'''''Where do I get one?'''''</span>
===Where do I get one?===


:You can get the Blizzard Authenticator Key Fob from the Blizzard Store here. [http://us.blizzard.com/store/search.xml?q=Authenticator] The key fob costs US$6.50.
:You can get the Battle.net Authenticator Key Fob from the Blizzard Store here. [http://us.blizzard.com/store/search.xml?q=Authenticator] The key fob costs US$6.50.


:You can get the Battle.net Mobile Authenticator for the iPhone or iPod Touch here. [http://phobos.apple.com/WebObjects/MZStore.woa/wa/viewSoftware?id=306862897]  The application is Free.
:You can get the Battle.net Mobile Authenticator for the iPhone or iPod Touch here. [http://phobos.apple.com/WebObjects/MZStore.woa/wa/viewSoftware?id=306862897]  The application is Free.
Line 42: Line 46:
:You can get the Battle.net Mobile Authenticator for other phones on US/EU Carriers here. [http://mobile.blizzard.com/] The application costs 99¢US.
:You can get the Battle.net Mobile Authenticator for other phones on US/EU Carriers here. [http://mobile.blizzard.com/] The application costs 99¢US.


<span style="color: #f7d75e;">'''''Is there a guild policy?'''''</span>
===Is there a guild policy?===


: Alea Iacta Est has no restriction or policy governing the use of an authenticator.  However, the officers strongly recommend use of authenticator.
: Alea Iacta Est has no restriction or policy governing the use of an authenticator.  However, the officers strongly recommend use of authenticator.


<span style="color: #f7d75e;">'''''Shouldn't Guild Officers be required to have an authenticator?'''''</span>
===Shouldn't Guild Officers be required to have an authenticator?===


:While previously they were not required to, [http://forum.myextralife.com/showthread.php?t=29219 the policy has changed].
:While previously they were not required to, [http://forum.myextralife.com/showthread.php?t=29219 the policy has changed].


<span style="color: #f7d75e;">'''''What about the Guild Master?'''''</span>
===What about the Guild Master?===


:Maui has an authenticator.
:Lanctharus has an authenticator.


<span style="color: #f7d75e;">'''''What does Ingvar the Plunderer think?'''''</span>
===What does Ingvar the Plunderer think?===


:[http://www.wowwiki.com/Ingvar_the_Plunderer Ingvar the Plunderer] says (in a posh British accent), ''"Really, get an authenticator.... or I WILL PAINT MY FACE WITH YOUR BLOOD!!!!"''
:[http://www.wowwiki.com/Ingvar_the_Plunderer Ingvar the Plunderer] says (''in a posh British accent''), ''"Really, get an authenticator.... or I WILL PAINT MY FACE WITH YOUR BLOOD!!!!"''


==Pros==
==Pros==
:# Added layer of protection for your accounts
# Added layer of protection for your accounts
:# Easy to use and adds little time to login
# Easy to use and adds little time to login


==Cons==
==Cons==
:# If you lose, break or otherwise destroy the authenticator you will be locked out of your WoW account until you can get it removed.
# If you lose, break or otherwise destroy the authenticator you will be locked out of your WoW account until you can get it removed.
:# Adds extra step to login process
# Adds extra step to login process


==Help!==
==Help!==


<span style="color: #f7d75e;">'''''What do I do if I break/lost my Authenticator?'''''</span>
===What do I do if I break/lost my Authenticator?===
:Blizzard will have several support options available to assist you and ensure that the impact on your play experience is minimized in the event of a problem with your Authenticator.  Please contact [http://us.blizzard.com/support/article.xml?articleId=20606 Billing and Account Services] for assistance if you have questions.
:Blizzard will have several support options available to assist you and ensure that the impact on your play experience is minimized in the event of a problem with your Authenticator.  Please contact [http://us.blizzard.com/support/article.xml?articleId=20606 Billing and Account Services] for assistance if you have questions.


<span style="color: #f7d75e;">'''''What can I do beforehand to make the process easier if I do lose/break it?'''''</span>
===What can I do beforehand to make the process easier if I do lose/break it?===
:Physical authenticators (the ones sold by Blizzard) all have a serial number in the back.  The Mobile Phone Applications have a serial number in the setup screen of the application.  Is it highly recommended to write down that serial number somewhere like a Google Docs document, for instance.  That way, if you lose your authenticator or left it at home while on a trip, you can easily use the serial number to call Blizzard and have it removed from your account temporarily so you can still play.
:Physical authenticators (the ones sold by Blizzard) all have a serial number in the back.  The Mobile Phone Applications have a serial number in the setup screen of the application.  It is highly recommended to write down that serial number somewhere like a Google Docs document, for instance.  That way, if you lose your authenticator or left it at home while on a trip, you can easily use the serial number to call Blizzard and have it removed from your account temporarily so you can still play.

Latest revision as of 19:05, 30 August 2013


Battle.net Authenticator

Keychain Authenticator
iPhone Authenticator
The authenticator generates a 6 or 8 digit number which is used as a one-time password (OTP). Knowing the username and account password isn't enough. The Battle.net authenticator is available as a stand-alone device (sold by Blizzard and called Key Fob), or a smartphone app available on iOS or Android.
The numbers generated are predictable in nature so that the server can come up with the same number as your authenticator at the same time. How that happens is the secret sauce and a well guarded secret. However, even if that secret got out, it still wouldn't make your authenticator vulnerable. The seed that starts the sequence when the Authenticator begins its life is based on a range of variables, many of them random, for each individual authenticators. So for someone to figure out exactly the sequence of numbers generated by your authenticator, that person needs to know precisely the algorithm used and the parameters that built the start of life of your particular Authenticator. Quite a lot a work just to get into one account.

But you should still be careful

Be warned, though, the numbers generated have a 60 seconds life span. If you get lured to a phishing site that asks your username, password and authenticator code (and assuming you typed all that), you are still very vulnerable for the lifespan of the number. If the hacker gets your info and acts on it fast enough, you could still get hacked so it's very important to always be aware of the sites you visit. However, the chances of that are slim since it all has to happen within a 60 seconds window or less.

Questions frequently asked on the forums

What Is It?

The Battle.net Authenticator is a physical key fob while the Battle.net Mobile Authenticator is a mobile phone application that generates an 8 digit code that is entered after entering your World of Warcraft Password. This second factor of authentication helps to secure your account from being hacked.

I change my password frequently, I don't need one do I?

Are you sure? Frequent changes are not defense against key-loggers. Even if you believe you are safe against those, brute force attacks are more common than you might think. In the time between password changes, a hacker could get in your account. With the ever changing authentication code, you won't have to worry about that.

What's in it for me?

Besides security of your account, you also get a cute little Core Hound Pup. [Core Hound Pup Image]

How bad is getting hacked, really? Its just a game, and Blizzard can replace everything right?

If you are hacked, the process for restoring your character to its default state can take weeks. You'll first need to contact Blizzard to verify your account (as most hacks result in the account being locked out), change your password, and unlock your account. Once this is done, you'll need to login to each character you have and take inventory of what's missing. You'll then need to submit a GM Ticket with a list of the missing items from each character for them to restore... and then you wait. The ticket will be escalated from a GM to a specialized team. That team will investigate your situation, and once verified, will mail you your items and gold back.
  1. This process can take 2 or more weeks depending on many factors including holidays, how many hacks are occurring, etc.
  2. You may not get all items back. Some items or gold amounts may not be restored.
  3. During this time, its likely you've been cleaned out... no armor, no money, no mana-replenishing drinks, nothing.

Where do I get one?

You can get the Battle.net Authenticator Key Fob from the Blizzard Store here. [1] The key fob costs US$6.50.
You can get the Battle.net Mobile Authenticator for the iPhone or iPod Touch here. [2] The application is Free.
You can get the Battle.net Mobile Authenticator for Android by searching the Android Market for "Battle.net Authenticator" [3]
You can get the Battle.net Mobile Authenticator for other phones on US/EU Carriers here. [4] The application costs 99¢US.

Is there a guild policy?

Alea Iacta Est has no restriction or policy governing the use of an authenticator. However, the officers strongly recommend use of authenticator.

Shouldn't Guild Officers be required to have an authenticator?

While previously they were not required to, the policy has changed.

What about the Guild Master?

Lanctharus has an authenticator.

What does Ingvar the Plunderer think?

Ingvar the Plunderer says (in a posh British accent), "Really, get an authenticator.... or I WILL PAINT MY FACE WITH YOUR BLOOD!!!!"

Pros

  1. Added layer of protection for your accounts
  2. Easy to use and adds little time to login

Cons

  1. If you lose, break or otherwise destroy the authenticator you will be locked out of your WoW account until you can get it removed.
  2. Adds extra step to login process

Help!

What do I do if I break/lost my Authenticator?

Blizzard will have several support options available to assist you and ensure that the impact on your play experience is minimized in the event of a problem with your Authenticator. Please contact Billing and Account Services for assistance if you have questions.

What can I do beforehand to make the process easier if I do lose/break it?

Physical authenticators (the ones sold by Blizzard) all have a serial number in the back. The Mobile Phone Applications have a serial number in the setup screen of the application. It is highly recommended to write down that serial number somewhere like a Google Docs document, for instance. That way, if you lose your authenticator or left it at home while on a trip, you can easily use the serial number to call Blizzard and have it removed from your account temporarily so you can still play.