To help keep Battle.net accounts as secure as possible, we’ve recently changed how Battle.net authenticators can be used. Going forward, Battle.net authenticators can now only be associated with one Battle.net account at a time. No changes are being made to how many game licenses a single Battle.net account can support. You can still have multiple World of Warcraft accounts under a single Battle.net account, for instance, and all game licenses linked with a Battle.net account will still be protected if an authenticator is in use.

Those of you who currently have more than one Battle.net account associated with a single authenticator will be able to maintain your existing setup without needing to do anything. This change will only affect new authenticator attachments. But, if at some point you decide to detach the authenticator from any of your Battle.net accounts for any reason, you won't be able to reattach it if it's already associated with another Battle.net account.

For more information on the Battle.net authenticator and mobile authenticator application (available for free with many mobile carriers), please visit http://us.blizzard.com/support/article/blizzardauth

Q u o t e:
Sounds like a decision you came to based on fiscal demands rather than for the sake of security.We didn't make this decision to sell more authenticators, if that's what you're implying. The price on them is conveniently low for a reason (if not free on mobile devices).

Damn, just saw this, and I just added the same authenticator to my bnet accounts :(

A decent amount of boxers use 5 separate battle.net accounts and 1 authenticator.

This is going to be fun hold times for some people ot get everything on the one account. I have everything on the one account - gonna suck for people who are 10 boxing tho. :/

I guess Icould use my ipad for one account and my HTC Desire for the other if I do 10box?

They said you won't have to change your existing setup if you already have the same authenticator on multiple battle.net accounts.

But for any future setups, you'll need either multiple authenticators or keeping the wow accounts on one battle.net account *assuming you use 8 or less).

Well, have four authenticators currently, five if you count the phone.

At the moment, all five accounts are each on their own B.Net accounts, with a single authenticator getting all of them into game at once.

Once that is no longer an option...

Either have a separate B.Net / Authenticator per account, and have some kind of a system to switch from one to the next... Which gets you a six digit input per account, without delay between them.

Or move towards all of your Warcraft accounts on a single B.Net account, for ease of account management.

I believe there are some easy to use emulators out there for authenticators which would allow you to have multiple ones set up on your PC just for WoW

One Bnet account here, one authenticator currently.

I just wish I could set the key refresh frequency... It takes too damn long to log in a 5-man team.

guessing the gold farmers are attaching all thier stolen accts to 1 auth?

I think they are just trying to cut back on support calls related to this issue. From a tech support perspective I don't blame them.

One Bnet account here, one authenticator currently.

I just wish I could set the key refresh frequency... It takes too damn long to log in a 5-man team.
Same here...takes ages to login, but rather I have to wait a while logging in then having to wait the get my chars back :)

I don't know how long an authenticator battery is supposed to last, but in the end, everyone's is going to have to acquire an authenticator for each battle.net account. Well I guess that gives a 2 years respite at most.

Or move towards all of your Warcraft accounts on a single B.Net account, for ease of account management.

Is it possible to move wow accounts from a specific Bnet account to another Bnet account?
I'd love to know if and how as well, please.

Cheers Ualaa,
A.

Is it possible to move wow accounts from a specific Bnet account to another Bnet account?
I'd love to know if and how as well, please.

Cheers Ualaa,
A.


Yes it is possible, you just need to call Blizzard. To state the obvious, you'll need to be the owner of the account. The names must match, and you must know the secret question & answer for all accounts.

It's an easy thing to do, just tedious if the Blizz rep is a bit slow.

guessing the gold farmers are attaching all thier stolen accts to 1 auth?

Yep.

Keylogger then add an authenticator and they have plenty of time to clean out the account before the user can regain access.

I recently removed my authenticator from one of my accounts to troubleshoot an issue with that specific account not logging in correctly. What I want to know is why the hell the authenticator was later removed from the other 10 accounts. I didn't authorize the removal of the authenticator from the other accounts. Talk about almost having a heart attack when I logged in the first time a couple days later and it didn't prompt me for an authenticator.

guessing the gold farmers are attaching all thier stolen accts to 1 auth?

This is the most likely answer.

This is the most likely answer.

Seconded. Since Blizzard controls the only source of the auths, I'm guessing this is designed to allow them to have more control over who buys auths. Not sure that they would ever follow up on this, but it's a possibility.

Another thing they will be able to do after this is to burn auth serials if they are associated with a hacking, forcing the hacker to have to not only get a new b.net account, but also to have to get a new auth.

Without seeing the internal data they are using to make this decision, it's really hard to gauge if it's a good or a bad idea. Considering that the majority of players only have one b.net account, it was likely seen as a low impact on the playerbase.

- Souca -

Long-term, having one authenticator per battle.net account is not really that big of a deal. $32.50 (assuming the price has not changed) plus a little shipping, every "x" years is not much of an additional cost for a boxer.

Then you glue your authenticator to a piece of wood/rigid cardboard and label or color code them. And can log in, essentially as quickly as you can push your five authenticator buttons and swap your windows.

Or just put up with an artificial 2.5 minute extra delay, to log them all in from the same battle.net account, one after the other.

Then you glue your authenticator to a piece of wood/rigid cardboard and label or color code them. And can log in, essentially as quickly as you can push your five authenticator buttons and swap your windows.


Yea, I'd thought the same thing. Reminds me of the popsicle stick rig someone had for Eve. Wonder how long till there is a guide to boxing the auth?

- Souca -

I can login pretty fast, I found that if i just hit my authenticator and write the number down while isboxer's loading up all my screens i'll have about 2 numbers by the time everythings ready. Then just enter those in order and continue on with authenticator, you end up taking about 1.5 mins to login and it works pretty well.

I can login pretty fast, I found that if i just hit my authenticator and write the number down while isboxer's loading up all my screens i'll have about 2 numbers by the time everythings ready. Then just enter those in order and continue on with authenticator, you end up taking about 1.5 mins to login and it works pretty well.
Haha I used to do the same thing before I separated my accounts, pre-loading auth codes FTW.

I can login pretty fast, I found that if i just hit my authenticator and write the number down while isboxer's loading up all my screens i'll have about 2 numbers by the time everythings ready. Then just enter those in order and continue on with authenticator, you end up taking about 1.5 mins to login and it works pretty well.

Wait... this shouldn't work. At least not from a security standpoint. They must be allowing passcodes to be stale for more than 60 seconds. Do you know how old the code can get before it stops working?

- Souca -

Wait... this shouldn't work. At least not from a security standpoint. They must be allowing passcodes to be stale for more than 60 seconds. Do you know how old the code can get before it stops working?

- Souca -
After extensive stress testing of my authenticator with collaborative effort from online-stopwatch (http://www.online-stopwatch.com/), it would seem that key chain authenticator codes die out somewhere around the 11 minute mark. Given the right instruments and care factor I could obtain more accurate results, but in my findings an authenticator code was still able to be used at about 11 minutes and was no longer valid at approximately 12 minutes [separate codes used each pass obviously].

I can understand why they would allow a code to be used during up to 1 mn after it has been generated (to avoid the disappointment caused by the use of the authenticator right before it generates a new one). But 11 mn oO

It does make sense. Since it's pretty hard to keep the clock inside the authenticator running correctly between now and the next time you use it.
There is probably some logic where the server knows how far the clock in the authenticator has drifted based on the code entered and the ten possible codes before and after that one.

If it wasn't about the money then they'd give out authenticators for free. Just think about it...

While I am a strong believer in authenticators- this solution does nothing to stop keyloggers and hackers. Most people who are hacked don't OWN an authenticator. They get hacked then the hacker puts one on their account. How is this exactly helping the situation at all?

Looks like Blizz wants in on some of that hacker gold selling cash. The solution- make the hackers buy lots of authenticators- and they will... Because once again the people being hacked don't own authenticators.

Like I said in the beginning authenticators should be free. They probably cost less than a dollar to make and a dollar to mail. That should be covered in our subscription fees. If they were upfront they'd sent out an authenticator to every active WOW account, include an authenticator in every box and expansion.

I think you also have to enter the codes in order that they appear, even if they are a few minutes old. But I didn't do nearly the stress testing and in depth analysis as Fenril

If it wasn't about the money then they'd give out authenticators for free. Just think about it...
I'm sure they're raking in the cash from these authenticator sales...


While I am a strong believer in authenticators- this solution does nothing to stop keyloggers and hackers. Most people who are hacked don't OWN an authenticator. They get hacked then the hacker puts one on their account. How is this exactly helping the situation at all?
...what? How many more accounts would be compromised if they didn't have authenticators attached to them? We have no way of figuring out that number, but I'm sure the that number would be pretty high. How many people don't run an A/V program but use an authenticator, I am guessing a lot of people fall into that category. In fact, there was a long time where I didn't run an A/V program but used an authenticator. Did I have a keylogger on my system? I may have, I have no idea. Did the authenticator still help? Whether it did or it didn't, I sure did sleep a lot better at night knowing my shit would still be there the next day, and it always was.


Looks like Blizz wants in on some of that hacker gold selling cash. The solution- make the hackers buy lots of authenticators- and they will... Because once again the people being hacked don't own authenticators.

Like I said in the beginning authenticators should be free. They probably cost less than a dollar to make and a dollar to mail. That should be covered in our subscription fees. If they were upfront they'd sent out an authenticator to every active WOW account, include an authenticator in every box and expansion.
Yes, I can see it now... almost as if I was at that particular meeting with the Blizzard staff, dressed in their suits of one hundred dollar bills, when they realized their original design flaw and thought, "We could make sooooooo much money off of the hackers who are using a single authenticator by making this change and forcing them to purchase multiple ones."

When in reality...

The hackers themselves, will just detach the authenticator when they're done with the account giving them the ability to re-attach it to the next account. And if they don't detach it themselves, when Blizzard unattaches the authenticator and restores the account for the owner that authenticator is now able to be used once again. Will the hackers have to purchase a few more authenticators? Sure. Will it make Blizzard rich beyond their wildest dreams? No. The only way Blizzard would make a little bit more money from this change, is if they decided to actually black list the authenticator serial numbers truly forcing the hackers to purchase authenticators in mass quantities.

I dont believe this is a money making move by blizz, and god knows how I hate the vanity shit they pedal like a crack dealer on a corner. However, they will still make money off of the change.

Hackers will always adapt and prevail no matter the security measures of blizzard. Time is money, even in a virtual world. Furthermore, hacking accounts is a no risk venture, its no wonder its a booming business.

Blizzard alone sets the price of gold and accounts. I am sure anyone who has bought and sold accounts or gold knows of what I speak.

Blizzard could stop the hacking so easily by not placing artificial prices on gold/items or accounts(achievements). Again time is money, even in a virtual world.

I love being able to use one code to sign into multiple accounts at once. I am just hoping that either they allow one code to work across all WOWs on a B.Net account or that my phone never breaks. I don't really want to type in a code, wait, type in a code, wait....

Even though we couldn't, it might be fun if we could take a picture of 5 authenticators, crop them around each, use OCR (optical character recognition) to get the pictures to convert to numbers (text), then use a program (key broadcaster) to be able to read in the text and then send to each WOW. That would be overpowered, but nice. Especially if they laste 11 mins, it wouldn't matter if the process took 1-2 mins, for me, automation is better than not.

Even though we couldn't, it might be fun if we could take a picture of 5 authenticators, crop them around each, use OCR (optical character recognition) to get the pictures to convert to numbers (text), then use a program (key broadcaster) to be able to read in the text and then send to each WOW. That would be overpowered, but nice. Especially if they laste 11 mins, it wouldn't matter if the process took 1-2 mins, for me, automation is better than not.

I lol'd. :)

I'm sure they're raking in the cash from these authenticator sales...



I think jinkobi was saying that they are cheap enough that they should be included with the game purchase, not that Blizzard is trying to profit from them. FF14 gave you one in the Collector's Edition, would be nice if Blizz did the same. The tricky part is that Blizzard has very little control over the cost of them, since a third party makes them. Even if they only cost $1, Vassco can still charge Blizzard $6 for them.

- Souca -

I'm pretty sure Blizzard can find more then one source for an authenticator like device. They would likely have a contract which specifies how much their cost is per unit.

Even if Vassco were to charge $20 for each, Blizzard could easily include an authenticator in each boxed Warcraft product, and simply pass the cost along to the consumer as either an increased cost of the game or a portion of subscription fee revenue.

I'm pretty sure Blizzard can find more then one source for an authenticator like device. They would likely have a contract which specifies how much their cost is per unit.

Even if Vassco were to charge $20 for each, Blizzard could easily include an authenticator in each boxed Warcraft product, and simply pass the cost along to the consumer as either an increased cost of the game or a portion of subscription fee revenue.

The auths are protected by patent, so it's possible that there can't legally be another vendor. The auths that FF14 uses are the same as the ones Blizzard uses, just with a different serial prefix (likely making them useless with the other game). There might also be terms in the contract prohibiting Blizzard from using another brand.

In the end, someone has to pay for them, it's just a matter of how.

- Souca -