PDA

View Full Version : Battle.NET account + Blizzard Authenticator + today = fail



Mystic
10-13-2009, 07:34 PM
So, anyone else seeing this behavior starting this evening?

Login servers were "busy" for a short bit this evening. After they became available again, I was unable to log in my normal way.

I use keyclone, and have it set up (with workaround) to enter my battle.net account info, and the specific individual accounts are saved from the last usage, so all I have to do is enter my password, and then enter my blizzard authenticator key at the next prompt. After that I'm logged in on all five simultaneously. This has worked flawlessly for a long time now.

Tonight, after the login servers became "unbusy", now only one specific account is logged in, the other four fail with a message something like "account credentials failed". After some experimentation it is revealed that EACH individual login instance now requires its OWN DIFFERENT authenticator number (not the physical key, but the numbers it generates). This means you can no longer log in all five (or 10) at the same time, but now must log in one, wait for about 8 seconds for the authenticator key to generate a new number, then log in the next, etc. until you get all of your accounts logged in.

Anyone else experiencing this with their battle.net account + blizzard authenticator this evening?

SFbase
10-13-2009, 07:37 PM
Ya I noticed that this morning! I thought that it was a fluke on my part. But man, this is gonna suck.

zanthor
10-13-2009, 07:59 PM
Authenticator has been turned into a 1 time pad. 1 key = 1 attempt, if you botch the password the keys gone, if you try to log in 5x with broadcast, 4 get denied.

Fuck.

falsfire3401
10-13-2009, 08:01 PM
I was under the impression it always worked like this. I think I once (months and months ago) tried logging in all three accounts with the same key code from the authenticator and it failed, so the whole time I've had it I've been patiently waiting the 20 seconds or whatever for a fresh code for each account...

Jubber
10-13-2009, 08:04 PM
lol false. yeah its bungled right now. I have not been able to transmit the same code since the servers came back up. It is very annoying.

Moorea
10-13-2009, 08:10 PM
my subs are now expired but for many months until late september I always sent the same code to all 5 windows and logged all at once - they better fix this bug if it's not possible anymore - someone with a valid sub should file a bug report with them ?

burningforce
10-13-2009, 09:01 PM
hmm thought it was me that was having the problems.

not fun, log in one character, wait 20 seconds then do the other character and repeat as neccisary hehe

moosejaw
10-13-2009, 09:25 PM
Very fubar. This blows.

Lazyassguy1776
10-13-2009, 10:49 PM
Yup.. this is BS... I thought I had capps lock on or something.

zanthor
10-14-2009, 12:39 AM
http://forums.worldofwarcraft.com/thread.html?topicId=20444817225&postId=203048827954&sid=1#0

Different forum, same approach.

Korruptor
10-14-2009, 01:17 AM
I hope this is just a bug.

Slats
10-14-2009, 03:39 AM
This is extremely annoying. I love my battle.net / authenticator setup. However this would make me remove my authenticator if the bug stays in place.

:(

alcattle
10-14-2009, 04:39 AM
The reason the servers are busy is the note on the log in page that came up after maintenance. I have not logged into Battle.net yet, and I still have not tried the dongle, might after open the box soon :(

shaeman
10-14-2009, 06:25 AM
It sucks, and I hope they fix it, but I'll take the security of the authentication over convenience any day.
Let's face it, if a keylogger gets your battlenet password they've got access to all your accounts with no extra work.
Is 1-2 minutes really worth risking all your chars.

lordmythic
10-14-2009, 08:29 AM
I thought this was normal, ever since I received my Authenticator a month ago this is how it worked for me. It would NOT accept the code at the same time on all accounts. I always have to wait for the next code to appear.

Svpernova09
10-14-2009, 09:27 AM
Someone in #isboxer petitioned a GM, and the GM instructed him to post in Technical Support, Here's the link: http://forums.worldofwarcraft.com/thread.html?topicId=20433766552&sid=1

I'll try to keep it and Fur's thread up on the first pages. This is incredibly frustrating. And until they fix this. I would NOT merge to a battle.net account.


It sucks, and I hope they fix it, but I'll take the security of the authentication over convenience any day.
Let's face it, if a keylogger gets your battlenet password they've got access to all your accounts with no extra work.
Is 1-2 minutes really worth risking all your chars.


I don't think this is what anyone here is upset about, what we're upset about is the fact that it's worked 1 way forever (I've been on battle.net accounts using 1 authenticator code since I merged in March) , and now all of a sudden it doesn't work this way anymore, and there was no notice at all.

jettzypher
10-14-2009, 09:31 AM
**********

Otlecs
10-14-2009, 09:51 AM
The move to a proper one-time key is a Good Thing, but to make it more bearable for us, they really do need to improve the authenticator to generate a new code every time it's cycled!

Svpernova09
10-14-2009, 10:15 AM
I sent the paste below via the Contact Support function on blizzard.com We'll see if they get back to me. I haven't had good luck with them before, they proved to be pretty terrible last time I had to contact them about an account I couldn't get in game with.


After maintenance yesterday, 10/13/09 I am no longer able to login 5 accounts with 1 authenticator code. Before maintenance I was using 1 authenticator code to login all 5 of my accounts at the same time. Now 1 logs in, 4 fail. I have to wait till I can generate 5 unique authenticator codes. There are threads posted about others having the same issue: http://forums.worldofwarcraft.com/thread.html?topicId=20433766552&sid=1 and also http://forums.worldofwarcraft.com/thread.html?topicId=20462448559&sid=1 Is this an intended change? Is there any way to revert the back to how it was working before?

Svpernova09
10-14-2009, 10:57 AM
Question - Are you guys using the key-fob authenticator (i am) or the iphone application? (or other smart phone).

The application is bnet specific, where the key-fob was before bnet conversions. I'm thinking about switching mine to my iphone and trying that.


Using key-fob here, I don't have a supported phone to test /grumble

moosejaw
10-14-2009, 12:42 PM
I am using a key-fob also. Any iPhone users around to tell us if it works for them?

Edit: Not sure if I want to blow all that $$ on an iPhone, but if that is the solution, I would consider it.

Korruptor
10-14-2009, 12:50 PM
I am using a key-fob also. Any iPhone users around to tell us if it works for them?

Edit: Not sure if I want to blow all that $$ on an iPhone, but if that is the solution, I would consider it.

I have an iPhone but I'm at work so I can't test it yet.

EDIT:
In case you don't want/need an Iphone, the BNet authenticator works with the Ipod Touch as well.

moosejaw
10-14-2009, 01:28 PM
I have an iPhone but I'm at work so I can't test it yet.

EDIT:
In case you don't want/need an Iphone, the BNet authenticator works with the Ipod Touch as well.

Hmmm. Nice to know. I have an ATT phone now and I would suffer a huge purchase/upgrade penalty if I get an iPhone right now. The Touch would be a good compromise.

Bigfish
10-14-2009, 01:30 PM
I'm not having this issue with my non-Bnet accounts.

Drommon
10-14-2009, 01:44 PM
I'm not having this issue with my non-Bnet accounts.

Likewise. I will switch to Bnet at the last minute. There are just too many nuances to multi-boxing to have to suffer through another one of blizzards gimmicks. As for now, I am sticking to non-bnet single authenticator code for all accounts.

Drommon

Slats
10-14-2009, 01:45 PM
I have an iPhone its how I use my authenticator. I still have the 4 accounts fail, 1 logs in successfully issue, but I can simple try again on another character and it loads fine. More annoying than a game breaker.

It seems to be one password + one key attempt. You can use the same key multiple times tho. Just not AT the same time. Its annoying. :/

Korruptor
10-14-2009, 02:50 PM
A co-worked (and part-time dual-boxer) wondered if you could use one keyfob with multiple bnet accounts. I'm curious about that as well. Maybe it wouldn't cause this issue since you would be logging into 5 seperate Bnets at the same time.

Food for thought.

So have any of you 10boxers (with 2+ Bnet accts) able to use the same Keyfob?

aboron
10-14-2009, 03:02 PM
The move to a proper one-time key is a Good Thing, but to make it more bearable for us, they really do need to improve the authenticator to generate a new code every time it's cycled!

The way (i'm fairly sure) the authentication works is that the keychain unit and the auth server create a new valid agreed upon key every 30 seconds. This key is valid for a try made in that 30 second block and is based on the authenticator serial number and the time/day plus some other constant numbers no one else is likely to know.

Since the server has no way of knowing if you pressed the button, there is no way it can be made to accept a different number until the 30 seconds go by and it moves on to the next one. They could make both sides change numbers more frequently, but then you would have less time to type in the correct number before it expires. (there is probably also some tracking server side for the previous and next valid numbers to account for the timebase drift that likely happens on the keychain unit, since it is bound to be significant and would vary with temperature and such)

I have a similar unit to this for my etrade account and it does't bother with the button, it just always shows the current valid number, and a little countdown bar showing how much longer until it changes.

grap
10-14-2009, 03:21 PM
this eveneing, at 20h30 all is good for the connexion
i use an iphone

Targ
10-14-2009, 03:36 PM
Pushing the button just causes the Display to turn on, the code that is displayed is an encription of the Time of Day (likely rounded to 30 sec) and the Fob serial number.


(there is probably also some tracking server side for the previous and next valid numbers to account for the timebase drift that likely happens on the keychain unit, since it is bound to be significant and would vary with temperature and such)


I suspect it is the Time of Day tracking on the Server side that is issue. When the servers decript the code they get the Time of Day on your Fob. On the Servers they are keeping up with the drift from real time for each Fob on each account in their system, other wise your FOB would stop working when the internal clock drifted too far off real time.

I am thinking that when you log into one Battle.NET account 5 times, it does not like five different FOB time of Day updates in a row with the same TOD, and rejects them. The drift calculation may not like Zero time difference from the last log on. Where as when the accounts were seperate they got a single FOB time of Day Update on each account accross your Five acounts, and then they where keeping up a seperate Drift calculation on each account.

Svpernova09
10-14-2009, 03:40 PM
Pushing the button just causes the Display to turn on, the code that is displayed is an encription of the Time of Day (likely rounded to 30 sec) and the Fob serial number.



I suspect it is the Time of Day tracking on the Server side that is issue. When the servers decript the code they get the Time of Day on your Fob. On the Servers they are keeping up with the drift from real time for each Fob on each account in their system, other wise your FOB would stop working when the internal clock drifted too far off real time.

I am thinking that when you log into one Battle.NET account 5 times, it does not like five different FOB time of Day updates in a row with the same TOD, and rejects them. The drift calculation may not like Zero time difference from the last log on. Where as when the accounts were seperate they got a single FOB time of Day Update on each account accross your Five acounts, and then they where keeping up a seperate Drift calculation on each account.


You could be right, but the issue here is this WAS working. Something broke, or someone changed something to no longer allow this.

Vecter
10-14-2009, 04:02 PM
A co-worked (and part-time dual-boxer) wondered if you could use one keyfob with multiple bnet accounts. I'm curious about that as well. Maybe it wouldn't cause this issue since you would be logging into 5 seperate Bnets at the same time.

Food for thought.

So have any of you 10boxers (with 2+ Bnet accts) able to use the same Keyfob?

Prior to yesterday yes I was able to use 1 keyfob for 2 different Bnet accounts, even logging in at the same time.

Ess
10-14-2009, 04:54 PM
double post never mind me.

Phanes
10-14-2009, 06:43 PM
Prior to yesterday yes I was able to use 1 keyfob for 2 different Bnet accounts, even logging in at the same time.

Vecter are you saying it no longer works? Or are you just saying that last time you were on which was a few days ago it was working.

Cause if that works I will just merge each of my accounts to one b.net account each and just log them in like that.

Khatovar
10-15-2009, 12:00 AM
A co-worked (and part-time dual-boxer) wondered if you could use one keyfob with multiple bnet accounts. I'm curious about that as well. Maybe it wouldn't cause this issue since you would be logging into 5 seperate Bnets at the same time.

Food for thought.

So have any of you 10boxers (with 2+ Bnet accts) able to use the same Keyfob?

I have 5 accounts under my own Bnet setup. My husband has his 5 accounts under his own Bnet setup. We didn't move them the Bnet accounts until this past Monday. When we created the individual accounts, we put them all under the same authenticator. They still use the same authenticator now, so yes, separate bnet accounts can use the same authenticator.

As to whether or not the separate Bnet accounts will jiggle around this new annoyance, I couldn't tell you, though.

Dor
10-15-2009, 01:12 AM
had 2 guildies that use auth get "hacked" over the last 2 weeks... thought it was a fluke, but maybe the loggers/hackers have found a way to quick log into someones accts now and blizz stopped that from happening? just a guess

moosejaw
10-15-2009, 09:01 AM
had 2 guildies that use auth get "hacked" over the last 2 weeks... thought it was a fluke, but maybe the loggers/hackers have found a way to quick log into someones accts now and blizz stopped that from happening? just a guess

O.o

Details are needed. This is very interesting.

Dor
10-15-2009, 09:44 AM
http://forums.worldofwarcraft.com/thread.html?topicId=20431795598&postId=203039317391&sid=1#8
http://forums.worldofwarcraft.com/thread.html?topicId=12890946439&sid=1&pageNo=1



just did a quick search on forums found these 2 posts also

in that second link this was posted (not by a blue) ...might be the reason it was changed:

I'm an IT professional and the VASCO system used by Blizzard is slightly more vulnerable than the RSA SecurID system used by most corporations and financial entities... or the problem lies in how they have it configured.

When using my authenticator I can login twice using the same OTP (one time passcode) from the token. This is bad because in that 60 second window that token is valid for someone could login to your account IF and only IF they intercept the token code AND use it within the 60 second time frame it's valid for.

Most businesses have this feature disabled to prevent the security breach- IE as soon as the OTP is used you can't login again until it changes to the next code in however many seconds you have remaining.

It'd be really great if someone from Blizz could comment on if this was intended with your deployment .

Tonuss
10-15-2009, 10:49 AM
"I'm an IT professional and the VASCO system used by Blizzard is slightly more vulnerable than the RSA SecurID system used by most corporations and financial entities... or the problem lies in how they have it configured."
This attitude drives me crazy. I understand that Blizzard's login security isn't as good as that of my bank, or my job. I can live with that. Having my WOW account(s) hacked would suck, but my concern would be with my WOW account(s) and nothing more. I wouldn't even be in a hurry to recover them, to be honest. Having my bank info hacked could be disastrous and could affect a lot more than just the bank account. It could affect my finances, which are a hell of a lot more important than a video game. Having the servers at work hacked could be disastrous. It could cost my company millions of dollars in damages over the long term, and could cost me my job.

I do not need for Blizzard's login security to be as good as that of "most corporations and financial entities." They are two completely different levels of importance for people. It's like complaining that your XBOX isn't built to the same safety standards as your car. If having your WOW account hacked is as bad for you as having your bank info stolen, then you are either too young to have any money or you seriously need to get your priorities in order.

I can live with the annoyance of having to log in five separate times for that same reason-- it's a video game. And an extra two minutes, while a pain in the ass, won't kill me. And if it turns out that Blizzard did this because thefts of authenticator-enabled accounts had risen to an alarming level, I'm cool with it. But if it was changed because some idiot wants world-class security for his fucking MMO fix because his self esteem is tied to the fact that he's top 5 in DPS on his PuG raids... that's just really retarded. It's stupid.

moosejaw
10-15-2009, 01:04 PM
If its an American car, the XBOX is probably built better....

Zing!

10 characters....

Ualaa
10-15-2009, 01:51 PM
It should be... one time code.. per account.
Not one code per battlenet account.

moosejaw
10-15-2009, 02:29 PM
I don't mind the one code per account thing, just give us a countdown timer on the device so I know when the new number will be refreshed.

Push.......wait ....... push......... wait........push New Number!!!! repeat.....

ghonosyph
10-15-2009, 02:30 PM
Seems you all are upset ONLY because something changed and no one at bliz said shit about it. My take on it is this, my computer really hates me when I log all 5 at once anyway, but I can do it. I don't, I just log them all one at a time. Sure it takes a while to do, but once you log in with a key code, it instantly refreshes it. You may be lucky enough to have the option of the battlenet passwoord but quit crying over something that not only increases security, but is completely trivial lol :)

Ps. I'm pooping at work right now! Lol

moosejaw
10-15-2009, 02:50 PM
I'm going to switch to an iphone authenticator for the sole reason that I can tell when the damn key is going to expire.

Hitting the button on the key-fob 15 fucking times trying to get a new code is enough to make me not want to log in at all.

^^ This. I am going to open a new line on my ATT account and get an iPhone. Mobile armory and all my iTunes videos, Woot!

Edit: I have to remember to write down the authenticator serial in case the phone crashes though. :)

Korruptor
10-15-2009, 03:02 PM
^^ This. I am going to open a new line on my ATT account and get an iPhone. Mobile armory and all my iTunes videos, Woot!

Edit: I have to remember to write down the authenticator serial in case the phone crashes though. :)

I love the mobile armory!

moosejaw
10-15-2009, 03:16 PM
Iphone order complete. LoL

Edit: Can anyone recommend a good carry case/sleeve for the iPhone? I know, a little off topic.

Oswyn
10-15-2009, 03:26 PM
Here's something I noticed today. I log in using my battlenet account name and password for all accounts. I then put it the authenticator code one at a time using a new code for each account.

The first account logs in fine. I let the authenticator refresh and enter the code, it fails to log in. The only way for me to do it is to do the entire login process separately with each account using new authenticator codes. Does that make sense?

Any way, I'm wondering if the issue is not with the authenticators at all, but with the battlenet login. Can anyone without an authenticator, but with battlenet confirm that you can login simultaneously?

Targ
10-15-2009, 03:40 PM
Sort of a related question: after I convert all my accounts to one Bnet acccount will I be bill once per month for all my subs or will I still get billed 5 seperate times per month?

Can I create seperate Bnet accounts for each of my persent Accounts, if I do are there any ramifications to this approach, Will I not be able to transfer charaters between them or multibox if they are seperate Bnet accounts?

Thanks

Anastasiya
10-15-2009, 03:41 PM
Hey Osywn

are you logging in to all your accounts at the same time.. then entering each Auth number one at a time?

or are you logging on to each accout one at a time and then putting in a Auth number for that account before moving on to the next account?

Each Auth number only has a 60 sec life span, before a new one is generated. So if you log all your accounts at the same time you need to use the same Auth number for all of the accounts. This should be easily done by what ever keybrodacasting program you are using.

Tonuss
10-15-2009, 03:42 PM
Sort of a related question: after I convert all my accounts to one Bnet acccount will I be bill once per month for all my subs or will I still get billed 5 seperate times per month?
Each WOW account is still billed separately.

EaTCarbS
10-15-2009, 04:07 PM
hopefully.

logging in is a pain now >.<

Korruptor
10-15-2009, 04:42 PM
Iphone order complete. LoL

Edit: Can anyone recommend a good carry case/sleeve for the iPhone? I know, a little off topic.

While not really a sleeve or case I suggest InvisiShield, it was the best $24 I spent protecting the face of my iPhone and it lasts forever. An additional benefit was that it seem to make the touch-screen more sensitive.

Korruptor
10-15-2009, 08:32 PM
I'm going to switch to an iphone authenticator for the sole reason that I can tell when the damn key is going to expire.

I just switched to the iPhone authenticator and like you said Fur, it's great knowing just how long you have before it expires!

Just for grins I setup my browser to log in to Bnet along with logging into the actual game. I logged into WoW on one account (only tried 1) and then quickly tried to log into Bnet with the same mobile authenticator key and the login attempt was unsuccessful.

The extra piece of mind is nice.

Moorea
10-15-2009, 08:41 PM
if they leave it as is they need to at least make it so you can switch wow account without having to log out (and somehow changing realm stopped working for me too after first login when I switched)

heffner
10-15-2009, 09:09 PM
I noticed that I had to use every other authenticator code in order for it to work for me.

Oswyn
10-15-2009, 10:44 PM
Hey Osywn

are you logging in to all your accounts at the same time.. then entering each Auth number one at a time?

or are you logging on to each accout one at a time and then putting in a Auth number for that account before moving on to the next account?

Each Auth number only has a 60 sec life span, before a new one is generated. So if you log all your accounts at the same time you need to use the same Auth number for all of the accounts. This should be easily done by what ever keybrodacasting program you are using.

Yeah I wasn't very clear at all in my post, head was somewhere else. Yes, I was logging into all accounts at once using password and then entering a newly generated auth number for each account. The first login worked. But the rest did not. The only way I could get it to work is to login with password and auth one account at a time.

Damageinc333
10-16-2009, 12:18 AM
There is a way they could make all this work well for us and not compromise security. They could use the same system as the bank of america eink creditcard fob. There is no internal clock or 30second windows. You press the button, it spits out a key. You press it again it spits out the next key. The server does a "calibration" the first time you set it up asking you to enter 2 keys back to back, this lets it know where it is on the 'chain'. I suppose if you press the key a bunch of times incrementing the number without actually entering it to the server, this could cause it to lose its place and it would have to recalibrate. I have never had that happen yet. Is this system the way the iphone app works?

http://www.securityinfowatch.com/files/imagecache/article_main/images/article/1213194918599_RSA_Card.jpg

Bloodcloud
10-16-2009, 09:26 AM
All very nice, but what are now the facts. (besides the iphone geek stuff :)

What I understood is
- merging 5 accounts to 1 Bnet account means 5 different numbers (on single Authenticator) are needed to log in, which means login time for 5 accounts = 2.5 min+

- One authenticator for more than one Bnet account works.

How is the behaviour then ?

Can I log into 2 different Bnet accounts simultaneously with one authenticator generated number ?

Korruptor
10-16-2009, 10:41 AM
Here is your answer Bloodcloud (quoted from page 4 of this thread)


Prior to yesterday yes I was able to use 1 keyfob for 2 different Bnet accounts, even logging in at the same time.

Bloodcloud
10-16-2009, 11:17 AM
so the solution is to create 5 Battle.net accounts.

any restrictions on this or blizzard saying you HAVE to HAVE only one B.net account ?

http://us.battle.net/faq/index.html


Q: I play World of Warcraft using multiple accounts -- why should I merge all of them into the same Battle.net account?
A: One of our long-term goals for Battle.net is to introduce community and communication features that will make it beneficial for players to have all of the accounts and games they play associated with their own, single online identity. Merging all of your World of Warcraft accounts into one Battle.net account will enable you to take full advantage of these features in the future.


does not imply that I have to.Hirelooms are bind to account and not to battle.net account anyway. so no immediate advantage.

Bloodcloud
10-16-2009, 11:19 AM
Prior to yesterday yes I was able to use 1 keyfob for 2 different Bnet accounts, even logging in at the same time.

how does it work now ?

Did the "FIX" this now as well ?

can you confirm that simultanious login is still working on multiple B.net accounts with the same Authenticator token and code ?

Vecter
10-16-2009, 12:01 PM
how does it work now ?

Did the "FIX" this now as well ?

can you confirm that simultanious login is still working on multiple B.net accounts with the same Authenticator token and code ?

I just tried using 2 B.net accounts and it in fact DOES WORK. The same authenticator code used for both and they both successfully logged in.

Targ
10-16-2009, 12:13 PM
So is there any reason not to setup 5 different B.net accounts?

Will I not be able to transfer toons between B.net accounts or will I be banned for boxing using different B.net accounts?

Lyonheart
10-16-2009, 12:34 PM
So is there any reason not to setup 5 different B.net accounts?

Will I not be able to transfer toons between B.net accounts or will I be banned for boxing using different B.net accounts?

There is no "good" reason to set up more than one.. you will still have to enter the authenticator ID individually. Putting them all on one account is best. If you have more than eight, make another one for that reason only. It is much easier for You to manage the accounts when they are all on the same bnet account.

For example, once they are linked, when you go to account management at the Bliz site, there is now a drop down list with all your accounts. So doing things like transfers and such are way less hassle than before.

Lyonheart
10-16-2009, 12:39 PM
I wanted to add, one benefit i have already had for having all my accounts on one bnet account. When i got my Grunty pet at blizcon, I entered my "bnet account name" and got the pet on ALL my accounts. I'm not sure if in the future they will do similar things, but maybe betas will work that way? Anyway, I think having separate Bnet accounts will complicate things for you more than the inconvenience of entering each accounts info separately while logging in the game. IMO


NOTE: If you plan to do any TRANSFERS, do it BEFORE you merge. IF you have more than one Bnet account you have to wait 30 days before you can transfer between them.

Vecter
10-16-2009, 12:46 PM
There is no "good" reason to set up more than one.. you will still have to enter the authenticator ID individually. Putting them all on one account is best. If you have more than eight, make another one for that reason only. It is much easier for You to manage the accounts when they are all on the same bnet account.

For example, once they are linked, when you go to account management at the Bliz site, there is now a drop down list with all your accounts. So doing things like transfers and such are way less hassle than before.


You missed the post about this. It in fact does not require multiple tokens from the authenticator to log into different b.net accounts. I have 2 b.net accounts and tried this morning and had to only use 1 token to log into both accounts at the same time. Why this is is anyones guess and could either mean Blizzard didnt think about this scenario or the change to logging into multiple accounts under a single b.net was unintentionally changed to its current 1 token - 1 account method.

Bloodcloud
10-16-2009, 12:53 PM
You missed the post about this. It in fact does not require multiple tokens from the authenticator to log into different b.net accounts. I have 2 b.net accounts and tried this morning and had to only use 1 token to log into both accounts at the same time. Why this is is anyones guess and could either mean Blizzard didnt think about this scenario or the change to logging into multiple accounts under a single b.net was unintentionally changed to its current 1 token - 1 account method.

so this means that It could be a BUG/Fluke - THAT it currently works and blizz might fix it ?

actually setting up different B.Net accounts is no different from the current setup. You have your individual "account names" and use the token only once per account per login.

in a joined scenario you use the token for 5 logins on the same account.

pets: In other words if you want to have pets on all accounts by a single code and features alike, the less B.Net accounts you have the better

moosejaw
10-16-2009, 01:14 PM
The only difference with one account vs multiple B.net accounts is the 60 day wait for transfers after the initial account merge. Keep that in mind.

Tonuss
10-16-2009, 04:52 PM
so this means that It could be a BUG/Fluke - THAT it currently works and blizz might fix it ?
That's what I was thinking. Or hoping, anyway.

Ualaa
10-16-2009, 05:20 PM
I suppose if you were to have multiple B.Net accounts, you can have an authenticator on each account.
If it was the same authenticator, like I have for my current 5 accounts, you'd likely have the same log in issues.
If it was a different authenticator per account, you'd have to enter a number on each authenticator (ie not broadcast/keyboard repeat), but there wouldn't likely be a 2.5 minute log in process either.

ImaHealer
10-16-2009, 11:46 PM
I just tried using 2 B.net accounts and it in fact DOES WORK. The same authenticator code used for both and they both successfully logged in.

something I read MAY be the issue, "Due to a security feature, a generated key is good once per account."
when you merge 5 accounts "Into one Bnet account" your login NOW becomes just 1 account


your account, One, two, three, four, five... they used to be separate... now with one Bnet account

your login for EVERY account is now Screwed@myaccounts.ouch (Screwed@myaccounts.ouch) and since you can aperrantly only use
1 code per login.... you have to Login 5 times with Screwed@myaccounts.ouch (Screwed@myaccounts.ouch)...

if someone with 2 B.net accounts can use the same authenticator on each "Login" and it works...
this sounds like a true statement..

Man I hope not!

jag989
10-17-2009, 03:28 AM
Seems you all are upset ONLY because something changed and no one at bliz said shit about it. My take on it is this, my computer really hates me when I log all 5 at once anyway, but I can do it. I don't, I just log them all one at a time. Sure it takes a while to do, but once you log in with a key code, it instantly refreshes it. You may be lucky enough to have the option of the battlenet passwoord but quit crying over something that not only increases security, but is completely trivial lol :)l

I think the reactions here would be the same even if they announced it.

For those of us that have decent enough hardware to log in multiple characters at once, it isn't trivial when it takes 3 minutes of spamming your authenticator to log in, it's aggravating.

Aesthier
10-17-2009, 06:35 AM
I just started my 4th and 5th account back in Sep and still using my RAF. (Trying to milk it for all its worth.)

I have many issues already with the whole mandatory B.Net (read x-box live meets myspace) thing but now I have to hold off even longer to make the choice between multiple B.Nets or one individual one. The whole time my RAF time is clicking away.


As a side note I was talking with one of my network security friends today and he was explaining how the Authenticators work.

Had I read this thread I would have gotten more in depth but one thing I did pick up was the fact that the Authenticator in itself is fairly secure. However:

Each Authenticator has an individual algorithm that is mirrored to an exact copy on the server which has been tied to each individual account (or B.net dependent on what you purchased) What most people don't know is that the Key prior, the current key and the next key will all work in that 60 second period (only one of any of those three would be accepted I believe though). (This is most likely due to Blizz planning ahead for latency or natural lazy "slow" human response time)

That being said what most of you are having issues with, the one code for one login, likely results from the code was used and now the sever side authenticator is looking for the next code.


As a side note to all you I-phone junkies:)

When I asked him about the cell phones authenticator apps he began laughing, the authenticator itself is secure but what people don't realize is by putting it on thier cell phone it has now just become less secure as I-phones etc...(constantly connected when turned on) are fairly easy to hack.

I will talk with him this weekend and try to find out more.

Let me know if there is anything you want me to ask him.
Remember he is a network security guy not a Blizz employee but he does know his stuff.

~Aes

jag989
10-17-2009, 09:34 AM
That being said what most of you are having issues with, the one code for one login, likely results from the code was used and now the sever side authenticator is looking for the next code.


I think that has been thoroughly determined as the point of the thread ;)

That didn't use to be the case though.

Ualaa
10-17-2009, 01:56 PM
The safest bet, as far as logging in in the shortest period of time will be one B.Net account per wow account, with one authenticator per pairing.

From a blizzard point of view, each is essentially saying, "I live in a dorm, and several of us play wow. We each have our own account and own authenticator even if our IP address is always the same".

Sure Blizzard will easily figure out the accounts are linked, in that they have the synchronized key inputs and the same billing/owner information.

Essentially, going this route means nothing has changed.

This would cost 5 authenticators instead of 1, but even if they changed it to "a code is valid only once, even across multiple B.Net accounts", which seems likely if this was an intended change, with 5 authenticators you could enter the game in under a minute instead of 2.5 mins.

One authenticator and 5 B.Net accounts might work too. From an above poster is currently does. If the increased security is an intended feature, I'd suspect this will stop working at some point in the future.

I guess you could velcro/attach each authenticator to a piece of plastic/cardboard or whatever, and then just use the first one for account one etc.

Going with separate B.Net accounts per account essentially keeps the same hassles as the current system and specifically chooses to miss out on the features implemented with the B.Net account changes, such as easier account management. Not sure if that is worth more then the log into game hassles or not.

aboron
10-17-2009, 02:09 PM
1234567890

Lash
10-17-2009, 02:38 PM
I actually have 3 wow accounts on battle.net1 and 1 wow account on battle.net2. I was intending to transfer from the 2nd battle.net account to the first battle.net account...but if I do so then my login process gets worse. Now it is better to have a ratio of one battle.net to one wow account. There are no known benefits to having multiple wow accounts on the same battle.net account.

Due to how I slowly ramped up the number of accounts I have. My current team is 3 characters spread out over 2 battle.net accounts. I use a blizz authenticator and IS. Prior to the change, I could login to battle.net1-toon1, battle.net1-toon2, and battle.net2-toon1 with the same code. I did have to wait at times for the box to popup on all of them, but once it did...it always worked.

Now, I will get battle.net2-toon1 always logged in. Battle.net1-toon1 or battle.net1-toon2 will log on...and it does change which one "wins". I have to wait for a new code to get the one that was left out into game. The same blizz/iphone authenicator can be assigned to multiple battle.net accounts.

I can consistently reproduce this. It is annoying.

Aesthier
10-17-2009, 03:07 PM
Well what I am wondering is if the whole authenticator the only real reason not to combine all the accounts on one B.Net.

I know the next major concern is someone hacking your B.Net account and having access to "all" ones accounts.For me though that's not such a big deal as it initially appears.

Another major concern is Accidental banning of one account will ban your B.net but if I remember correctly the blues confirmed that banning one WoW account does not ban all the accounts on the B.Net.

Other than those is there anything really nasty about it?

For Example how does it affect RAF if its all on One B.net?

Ualaa
10-17-2009, 03:16 PM
I wouldn't think RAF would be affected at all.
There is still a referring account which would be one of your accounts, not all of them.

mmcookies
10-18-2009, 02:58 AM
ugh, just when i was thinking about farming the headless horseman's mount...

as a point of interest

the keyfob authentication server is most likely separate from WoW's login servers

basically, when you login, the generated number is passed off to the keyfob auth server along with your keyfob serial number for verification

the main login server confirms your password and waits for the authentication response from the keyfob server, if both pass, then it lets you in

the way they had it set up before, the keyfob server would return a "pass" at any time during the 30 seconds when the generated number is valid

what they have now is the keyfob server would forcibly invalidate the key once it is used

the keyfob server technology is likely external proprietary and blizzard would have no direct control over the code

the best we can hope for is probably a "per keyfob serial number" option to turn the forced invalidation on/off

aboron
10-18-2009, 03:20 AM
ugh, just when i was thinking about farming the headless horseman's mount...

as a point of interest

the keyfob authentication server is most likely separate from WoW's login servers

basically, when you login, the generated number is passed off to the keyfob auth server along with your keyfob serial number for verification

the main login server confirms your password and waits for the authentication response from the keyfob server, if both pass, then it lets you in

the way they had it set up before, the keyfob server would return a "pass" at any time during the 30 seconds when the generated number is valid

what they have now is the keyfob server would forcibly invalidate the key once it is used

the keyfob server technology is likely external proprietary and blizzard would have no direct control over the code

the best we can hope for is probably a "per keyfob serial number" option to turn the forced invalidation on/off

Bliz could also just cache a valid pass on a number from a given keyfob for 50-150 ms to allow the other 1-39 requests that hit right around the same time to clear on it's coat tails.

mmcookies
10-18-2009, 03:28 AM
Bliz could also just cache a valid pass on a number from a given keyfob for 50-150 ms to allow the other 1-39 requests that hit right around the same time to clear on it's coat tails.

The reason I mention the per keyfob serial override option is because I know it exists on some keyfob security architectures, therefore possibly requiring almost no extra work and testing on Blizzard's part.

I'm really not sure if the scant multiboxer population would warrant any additional development resources unless you guys can pull some higher-up strings.

Ghallo
10-18-2009, 07:06 AM
Wow, I must really be out of it. I've been flirting with the idea of coming back to WoW, but after reading this thread I think I must have missed something. I have no B.Net accounts - do you have to have one now to play WoW? And I don't care about "security" this is a video game, not my stock portfolio. I don't install keyloggers on my computer - I've played since November of 2004 and never had my account hacked - so is it even possible to avoid security garbage like this?

Finally, why doesn't Blizzard just do smart cards with USB smart card readers? You need to insert the smartcard, type a PIN and as long as that card is connected to that PC your account can authenticate. No additional numbers to type etc. MS (and several other large companies) use that method - very secure and much more user friendly.

Ualaa
10-18-2009, 03:45 PM
On Nov 11th, you will need to have each wow account associated/merged with a B.Net account in order to log into the game. Prior to the 11th, there is no restriction.

It is free to merge accounts, you just need one valid email per B.Net account you create. Each B.Net account can have up to 8 wow accounts merged into it.

If you don't use the Authenticator, then one or multiple B.Net accounts is the same thing. Enter the B.Net email address (in the place of the wow account name) and then the password.

With an authenticator for increased account security, there are log in issues to be aware of for multiple wow accounts on the same B.Net account.

Ghallo
10-18-2009, 06:46 PM
What about moving toons? Why would they put restrictions on moving toons once they are associated with a bnet account?

Ualaa
10-18-2009, 07:45 PM
My understanding is that you cannot move toons on to (or off of) a B.Net account for 60 days after merging an account onto it.

Once all the accounts are on a single B.Net account, you can move toons from one account to another very easily and quickly. Moving toons between B.Net accounts will work fine (as it currently does), once you get beyond the 60 day window.

Slats
10-18-2009, 08:26 PM
My understanding is that you cannot move toons on to (or off of) a B.Net account for 60 days after merging an account onto it.

Once all the accounts are on a single B.Net account, you can move toons from one account to another very easily and quickly. Moving toons between B.Net accounts will work fine (as it currently does), once you get beyond the 60 day window.

I can confirm all of this is correct and I have done all of it several times. I can also confirm there is an 8 Account Limit for WoW Products per Battle.NEt Account for all you 10 boxers out there.

Ghallo
10-18-2009, 09:14 PM
So if I were to move all of my accounts to a BNet, but not get the dongle, I would not be impacted except for changing the account name on the login? How does WoW know which account I am trying to log into?

Slats
10-19-2009, 02:32 AM
So if I were to move all of my accounts to a BNet, but not get the dongle, I would not be impacted except for changing the account name on the login? How does WoW know which account I am trying to log into?

This is correct. Once you have multiple accounts the first time you login to the battle.net account and have SAVE ACCOUNT INFORMATION ticked - it will display a popup box and let you pick the old account name you used to use from the list.

Once you login once, next time it will show your e-mail address in the account name box and a small drop down box with the one you used last saved.

Prepared
10-19-2009, 03:05 AM
Here's something I noticed today. I log in using my battlenet account name and password for all accounts. I then put it the authenticator code one at a time using a new code for each account.

The first account logs in fine. I let the authenticator refresh and enter the code, it fails to log in. The only way for me to do it is to do the entire login process separately with each account using new authenticator codes. Does that make sense?

Any way, I'm wondering if the issue is not with the authenticators at all, but with the battlenet login. Can anyone without an authenticator, but with battlenet confirm that you can login simultaneously?

I think the problem you're experiencing here is that if the Authenticator Code box remains up too long. Maybe 60 seconds or two minutes, not sure of the exact time, but the password that was previously entered becomes invalid. You have to cancel the authenticator box and re-enter the password and then new authenticator code.

According to the last page of this post made by a WoW player, the change makes sense to stop the keyloggers from getting access to your account with your authenticator code within 60 seconds:
http://forums.worldofwarcraft.com/thread.html?topicId=20433766552&sid=1&pageNo=2

Maybe it is for some other security reason that Blizzard has in place but with a ton of accounts like I have, this battle.net authenticator change really causes me a long time to login now. Apparently the change made with battle.net accounts and the authenticator was made on purpose to stop the keyloggers from gaining access to accounts within 60 seconds. That is, a different code for second login was necessary from the same authenticator to login to the battle.net account. It makes sense to me as this could cut down on support calls to Blizzard when someone loses their account with authenticator access to a keylogger. Multiboxers are in a far less number than the normal 1 account login with battle.net. So it would make sense from Blizzards perspective to reduce unauthorized access at the expense of a small number of players inconvenience.

Prepared
10-19-2009, 03:12 AM
There is one way around all of this. Create multiple battle.net accounts. I've confirmed the same authenticator attached to multiple battle.net accounts allows the same code to be used at the same time. So if you have 5 WoW accounts for example, instead of creating just one battle.net account and merging all of those to the one battle.net, create 5 battle.net accounts. Merge each WoW account to each battle.net account and the authenticator that was attached to each WoW account will automatically be attached to each battle.net account. When Keyclone, Octopus or whatever you use to start WoW up with, you enter the account name with the separate battle.net account logins. The issue of having the same authenticator code used at the same time goes away because you have separate battle.net accounts. I've confirmed this. However, Blizzard could possibly change this is in the future but for now it works by logging in at the same time without any issues.

Dramoth
10-20-2009, 12:04 PM
had 2 guildies that use auth get "hacked" over the last 2 weeks... thought it was a fluke, but maybe the loggers/hackers have found a way to quick log into someones accts now and blizz stopped that from happening? just a guess

A friend of mine had his account seized by a hacker using an exploit.

They managed to get a keylogger onto his machine and got his username and password.

From there they made a b.net account and merged his wow account with it. They then proceeded to sell off all his good sellable items and because he was a miner was flying him all over the place grinding mining.

He called me on the day he lost access to his account and was asking me about it. He told me that he had received an email from Blizzard saying that they had merged his wow account with his b.net account and told him that the new login id was some email address from yahoo in Croatia.

Unfortunately for them, I was on the phone to my mate talking about his lost access to his account, when I logged my solo main into the game and while I was chatting to him I pulled up my friends list and there he was online...

I opened a ticket then and there to report it. Also talked to someone who knew a GM IRL (because I did a /y looking for a GM... got a couple of arseholes /w'ing me laughing about it).

His account got locked that night or the following day and he got an email from Blizzard about it all. They unlinked his account from the b.net account and reset his password.

He had all his gear they sold restored to him, minus gems and chants. He wasn't complaining about it all... he managed to come out of it with a profit... about 100 stacks of saronite and 30 stacks of titanium.

Straight after he told me about it, I did some checking and found a few people had been done over like that and decided then and there to create my own b.net account there and then and merged all my accounts with it. I also downloaded an authenticator for my iPhone and for a while, I was able to log in all of my accounts with the one code from the authenticator.

While it is inconvienant for me to enter 1 number per login, the security side of things is a lot better (apart from the fact that this gives the hackers 2 sequential authenticator numbers for removing the authenticator)

Ualaa
10-20-2009, 12:47 PM
I'm going with 5 battle net accounts, one per wow account.
Each will use an email to log in, and will have the same password.

Essentially this is no change from my current set up, which is a username per account and a shared password.

I already have two authenticators, because I wanted an extra for when the battery in the first (linked to all 5) dies way down the road. In anticipation of Blizzard eventually changing it so an authenticator in only valid for one code, even if associated with different B.Net accounts, I've ordered three more authenticators. Basically PiP swap from one account to another and pressing a button once per account, but not having any delay (needing to wait for the next number) won't be too bad. I'll of course wait until the last day to merge the accounts, so one password (broadcast) along with one authenticator code (also broadcast) gets me into the game.

The extra authenticators are a gamble, but really 6 bucks per authenticator isn't all that much. If this is an intended change for security purposes, I'm betting its a bug in that you can still use one authenticator across multiple B.Net accounts, when you cannot use one authenticator across multiple accounts within one B.Net account. Worst case scenario, I'm wrong and am out 20 bucks plus shipping, but then have 5 authenticators and can give two away to real life friends who also play wow but don't have authenticators.

Phanes
10-20-2009, 01:11 PM
I also bought 4 more authenticators with the same idea. One B.net account then just use pip. I will probably put them all on a keychain in a certain order or attach them to a peice of cardboard or something.

Souca
10-20-2009, 01:18 PM
Simple post: I don't care. I pay to play, if I can't play without unreasonable actions, I stop playing. Will not be renewing canceled accounts for Halloween and likely Icecrown. The remaining account is going to get canceled as well.

Long post: They fucked up, plain and simple. Just like the AV "oops" the rushed a change in and either ignored the people that brought up the possible problem or never even considered it. Either way, I don't care. They make things a pain in my ass, I move my ass, I don't try and find a pillow and sit back down on the broken beer bottle.

To those of you who still enjoy the game, I truly am sorry they do this kind of stuff. It sucks to just want to play a game for enjoyment and have to jump through hoops because suddenly things change without notice or explanation.

The justification for forcing OTP instead of time window tokens is BS. If they can get the token on the first try they can already block your login and get into your account. The security that is being used is not safe against man in the middle attacks, and the changes they made do nothing to change that. A simpler and more effective solution would be to disallow the same token to be used from different IPs, but even that isn't perfect.

Yea, I'm bitching, I figure after all the money I've paid and all the BNet crap I've had to do with minimal benefit to me, I'm entitled.

- Souca -

Klesh
10-20-2009, 01:34 PM
Simple post: I don't care. I pay to play, if I can't play without unreasonable actions, I stop playing. Will not be renewing canceled accounts for Halloween and likely Icecrown. The remaining account is going to get canceled as well.

Long post: They fucked up, plain and simple. Just like the AV "oops" the rushed a change in and either ignored the people that brought up the possible problem or never even considered it. Either way, I don't care. They make things a pain in my ass, I move my ass, I don't try and find a pillow and sit back down on the broken beer bottle.

To those of you who still enjoy the game, I truly am sorry they do this kind of stuff. It sucks to just want to play a game for enjoyment and have to jump through hoops because suddenly things change without notice or explanation.

The justification for forcing OTP instead of time window tokens is BS. If they can get the token on the first try they can already block your login and get into your account. The security that is being used is not safe against man in the middle attacks, and the changes they made do nothing to change that. A simpler and more effective solution would be to disallow the same token to be used from different IPs, but even that isn't perfect.

Yea, I'm bitching, I figure after all the money I've paid and all the BNet crap I've had to do with minimal benefit to me, I'm entitled.

- Souca -
Simple Post: Can I have your stuff?

Longer Post: Last time I checked, no one is forcing you to use an authenticator. If the additional account security isn't worth the trouble to you, remove the authenticator. But it looks like you are looking for a reason to quit, so well...

Chumbucket
10-20-2009, 01:47 PM
I had a strange issue come up. I called Blizzard for a support issue and the guy asked for my authenticator serial number right after he asked my name and the answer to my secret question. I felt weird about it but gave it to him because he was a blizz employee. Does this mean he or someone he passes the info on to can hack the accounts?

Schwarz
10-20-2009, 02:06 PM
As of last night I can still use my authenicator with all my accounts at the same time. I HAVE NOT CONVERTED MY ACCOUNTS TO BATTLENET. Reading this thread I am not going to transfer over until they fix this problem. I think it is a minor bug that they will eventually fix.

I really like using the authenticator. I don't know how many times I have accidently /said my password on slaves. I don't really care since having a password isn't any good without the authenticator.

Korruptor
10-20-2009, 02:11 PM
On a different note, my iPhone got hosed when I tried to update to 3.12.

I had to recover with a full wipe :(

To my surprise, after reinstalling the Mobile Authenticator it automatically had my serial id for generating the correct access codes and I was able to log right in.

kadaan
10-20-2009, 03:29 PM
Supposedly this was how it was supposed to have been working all along, and they FIXED what they considered a bug and not introduced one.

As Souca stated, this doesn't completely negate the possibility of a man-in-the-middle attack, but it reduces the window of opportunity from 30 seconds down to how ever long it takes for you to press enter after typing the last digit of the code. More security for 99% of authenticators vs 2 minutes of hassle for 5-boxers... it's not too hard to see why Blizzard made the choice they did in fixing the bug.

Jaws5
10-20-2009, 05:22 PM
Guys,
I have been out of it for some time. With the battle.net account, can you long into each Wow account on 5 differernt hardware. I mutlibox the old way (5 pcs) swtich box. So can I link all my WOW accounts to on battle.net account and have it work from 5 different PCS (or more have 7)

Thanks

Svpernova09
10-20-2009, 05:27 PM
Guys,
I have been out of it for some time. With the battle.net account, can you long into each Wow account on 5 differernt hardware. I mutlibox the old way (5 pcs) swtich box. So can I link all my WOW accounts to on battle.net account and have it work from 5 different PCS (or more have 7)

Thanks


Yes you can. the issue here is that each login will require a unique authenticator code if the accounts are attached to the same battle.net account.

Souca
10-20-2009, 10:36 PM
Simple Post: Can I have your stuff?

Longer Post: Last time I checked, no one is forcing you to use an authenticator. If the additional account security isn't worth the trouble to you, remove the authenticator. But it looks like you are looking for a reason to quit, so well...

No one is forcing me to do anything. I have an authenticator I'd been happily using for over a year before this change. Nice to see trolls are even on the DB forums now too.

- Souca -

Souca
10-20-2009, 10:40 PM
Supposedly this was how it was supposed to have been working all along, and they FIXED what they considered a bug and not introduced one.

As Souca stated, this doesn't completely negate the possibility of a man-in-the-middle attack, but it reduces the window of opportunity from 30 seconds down to how ever long it takes for you to press enter after typing the last digit of the code. More security for 99% of authenticators vs 2 minutes of hassle for 5-boxers... it's not too hard to see why Blizzard made the choice they did in fixing the bug.

If they are in the middle, they will just prevent you from even logging in. If it's been a bug for over a year, it's now called a feature. Ask MS how many bugs they have to keep in their versions of Windows because software counts on it working the same way. It adds no security for those 99% of the people in this scenario.

- Souca -

Oswyn
10-20-2009, 11:25 PM
Yeah it's a pain, but in the scale of things it's a minor inconvenience. Heck, my ritual now is to login while I'm catching up on emails or doing other productive things. If anything, the game is waiting on me to put in the code. Not a big deal.

Khatovar
10-20-2009, 11:39 PM
IMO, if they wanted to ensure security, they wouldn't have decided that tying every single Blizzard product a person owns to one single e-mail address and password instead of multiple userids was a great way to do things.

Ualaa
10-21-2009, 02:24 AM
I see your point, Khat.

However, to guess my (up to) 14 letter/digit/symbol username and then my (up to) 14 letter/digit/symbol password is pretty strong security. Passwords should be case sensitive, but unfortunately they're not.

Unless I'm keylogged, its not at all likely they'll randomly guess a username and a password.

If I am keylogged, then one account or five accounts, they'll have the information as it is entered, or whenever it transmits the logged info.

Simulacra
10-21-2009, 02:33 AM
True the authenticator login is a pita, but having been hacked on numerous occasions I don't mind the extra hassle, I'm just wondering hopw long the batteries last given I'm now pressing the button 5+ times >.<

Khatovar
10-21-2009, 03:09 AM
It's not exactly guessing if, as the majority of users do, you use the same email address for everything. It's all well and good when dealing with smart people who use good userids and passwords...like mine USED to be, but we're talking about people who repeatedly fail at their own security.

People who look at a post like "lol, so funy! look for self sexleg hot! omg.kennylogginsyourkeys.here/ufackinnewb.exe " and post back "i went like 4 time???? i din't see nuthin? lawlz?"

People who make an account name like HoserMcLuvin and troll all over Curse, WoW, MMOChampion, anywhere WoW related with the avatar name...HoserMcLuvin...with links to their armory and facebook and Twitter and anything else that has their e-mail address {HoserMcLuvin-at-gmail, of course, same password as they use for everything} and random WoW info.

People who will get their butt keylogged over and over again because they don't run anti-virus and don't scan all the random crap they download and don't even know what anti-spyware is or how to format, and share their account with thier friends who are just as stupid.

Blizzard didn't do anyone any favors by moving to e-mail address form. Especially considering how much some of these sites just LOVE to sell e-mail addresses.

Ualaa
10-21-2009, 03:18 AM
Definitely see your point there too.

I get 10 email addresses through my service provider.
I'm planning to use 5 of them for B.Net accounts.
They won't be used for any other purpose ever.

I'm not sure how many characters you can have in a B.Net email address, but I'll want close to the maximum.
The usual mix of numbers, letters and symbols, without more then 2-3 of one type in a row.
Chances are I won't be able to remember the email long term.
But will have them entered into IS as my user names, and saved somewhere for copy/paste if needed.

Most likely, they'll be a tad harder to get (without a keylogger) then someone who clicks a link like the one you posted above. I really like the logger name you picked, it unfortunately shows the mentality of a lot of the player base...

Klesh
10-21-2009, 07:08 AM
Nice to see trolls are even on the DB forums now too.

- Souca -
Nice to see WoW general forum whiners are even on DB forums now too. Your post I've quoted one page ago is full of QQ.

On topic:
Yes, the change kinda sucks for multi-boxers who got used to login with all accounts at the same time. Am kinda sure they didn't change it to annoy multi-boxers or cause of some man in the middle attack, such attacks are just not worth it for WoW accounts. Maybe it's been possible to automate the hacking of authenticator secured accounts, I don't know or really care. They've changed it for whatever reason and you got to adapt.

What most seem to forget is blizz is running WoW to make profit. Lots of profit. If players wouldn't be stupid and get hacked all the time (keeping your OS, browser+plugins up to date and NOT visiting stupid sites is hard), they wouldn't have to waste lots of manpower (aka profit) to block, investigate and restore hacked accounts.
They could have said, well, it's your fault for getting hacked so we are charging 100$ to restore an account. That would have been even more QQ, so they keep paying the bill for hacked accounts while trying to go with the best possible security for their "normal" (1 account) users.
Love (or at least accept) it or leave it.

BobGnarly
10-21-2009, 11:25 PM
Regardless of whether or not you are "kinda sure they didn't change it because of some man in the middle attack", it is vulnerable to that, so that's as good a reason as any to believe that they chaged it. Your assertion that wow isn't serious enough to warrant a change like this is silly considering that the discussion we are having is regarding a rotating token security system already implemented for wow, which isn't just thrown around for the fun of it. Somebody (both at Blizzard, and their customer base) clearly thinks security is important here, so yeah, they should fix vulnerabilities.

My biggest gripe is the email thing. I don't want my wow subscription email associated with anything else in my life. Call me paranoid, but I know where it can lead and I want no part of it. So, I'm going to have to create one or more new ones just for this, and it irks me - primarily because there's no good reason they couldn't let your bnet account be whatever you want, just like your current wow account. If they are so serious about security, they should hire a good security consultant who would tell them so.

BTW, one thing to keep in mind everybody...creating multiple accounts may get you around the this issue *for now*, but they've been talking about things like allowing heritage items to be passed around all your bnet accounts, so you would lose out on future features like that. Just thought I'd mention it.

alcattle
10-22-2009, 04:06 AM
I missed your point. Your E-mail is already tied to an account. Making your Email into your account name, what changes? WoW players still only know toon names not account names. No one can get your account name except Blizzard, nothing changed. In my case, it will help as I set up account on different Emails so they could be problems. Bnet will fix them.

mebben
10-22-2009, 04:22 AM
Is it just me or did they change something with the authenticator? I used to be able to log on with all five accounts at once, now it seems the code is only accepted by two windows at most, then I have to enter a new code for two others and so on. Very annoying.

Khatovar
10-22-2009, 05:38 AM
I missed your point. Your E-mail is already tied to an account. Making your Email into your account name, what changes?

The point is e-mail addresses are shown on tons of websites, easily found and bought and sold to lists every day. If someone got the e-mail address associated with one of my wow accounts before, all I had to deal with was spam. Now someone gets ahold of it, they've got my userid for all 5 of my accounts. Basically, half of your account information is now for sale, not just for WoW, but any past or future Blizzard product that will be force-tied to Battle.net.

Just because some people are smart enough to realize that you should go out and register an entirely new e-mail account that will never, ever be used for anything but logging into WoW doesn't make this secure. Most people are stupid and would think nothing of registering for random new fansite promising beta invites when they only want your e-mail address. Just ask any of those people that were waiting around for thier "free new beta mount testing Blizzard is would having!" the BIizzdevjtiwyr told them to go register for when they got booted off and couldn't get back on. Most people will probably use the same address they've been using since they started playing WoW because that's where all their notifications for WoW crap goes.

alcattle
10-22-2009, 06:33 AM
Thank you. I see the point now. I have so many accounts and use different Emails and name, I will know where they got that set of information. But you are right, we are talking about smarter then your average (feral) bear on DB.com, and I have to remember the 50% of WoW users that have trouble spelling their names.

Khatovar
10-22-2009, 08:31 AM
On the plus side, you can change the battle.net e-mail address, which is a luxury you don't have with the old userid, so if you signed up with an address that you've used elsewhere, find spam in a new one or have another reason to believe it may be compromised, you can just get a new address and change over.

But still, it's an e-mail address and I dread the weeks following the full changeover. It's going to be back to 10 spam whispers a minute from compromised accounts.

Coltimar
10-22-2009, 09:16 AM
Is it just me or did they change something with the authenticator? I used to be able to log on with all five accounts at once, now it seems the code is only accepted by two windows at most, then I have to enter a new code for two others and so on. Very annoying.

That is the whole point of this post. You should read it. It has drama, suspense, even a little comedy.

mebben
10-22-2009, 09:32 AM
That is the whole point of this post. You should read it. It has drama, suspense, even a little comedy.

I'll get some popcorn and see if someone posted a summary somewhere.

vikemosabe
10-22-2009, 09:27 PM
I have been using an authenticator for about 6 months now and it NEVER let me login with more than one character at a time.

moosejaw
10-24-2009, 11:07 PM
I got my iPhone this week and today I picked up the mobile authenticator from the apps store. Much more useful than the key fob unit and it has 8 digits instead of 6. There is a timer bar and the number changes automatically without prompting. Three thumbs up!

Ualaa
10-25-2009, 03:11 AM
Where can we get the Cole Notes?

Lash
10-25-2009, 04:02 PM
deleted post...