I love the dial-in authenticator. It is SO much more convenient than my iphone version. I can login all 5 toons at once.
I tested the security of it by trying to login at work and sure enough, it forced me to call in from my agreed upon phone (my cell) and give them both the PIN showing on the screen and the PIN I had picked, all within 60 seconds.
Brilliant option, IMHO.

So you have to call every time you want to log in or only when from a different IP as in your example from work?

different ip

If it's different IP then it's wonderful.
I have static IP at the office and turns out I play most from my office than from home. Also could use a vpn from home to office and problem solved.

It's good to be the boss :)

It is quite lovely, indeed.

hope this comes to the EU soon can not wait if it would

This does not combat against someone hacking your account... blizzard has said that this is simply a backup for the actual authenticator. I asked about using this method for five accounts and they said that it did not protect against keyloggers, spyware etc etc like the hardware authenticator. If someone accesses anything from your computer then you are SOL.

Example: you get a trojan/virus... they open your computer into an SSH based proxy and proxy into WoW and empty your account... it's already happened to a few people and was discussed on the official forums.

As a multi-boxer you can ask for authenticators in order to seperate your accounts to new e-mails and they will send them to you. Yes it makes your keychain huge but it does have it's benifits especially if you only play from a single location. They sent me a few and explained that it was up to me what i did with them and if i wanted to make 5 seperate battle.net accounts to just call back. I disabled my mobile one and just added two of them to the accounts i already have and it takes me less than a minuet to log in... so theres no reason for me to do that.

Shodokan, that's good analysis, thanks; the convenience derived from limiting the use of authenticators to changes of IP's creates a vulnerability.

This does not combat against someone hacking your account... blizzard has said that this is simply a backup for the actual authenticator. I asked about using this method for five accounts and they said that it did not protect against keyloggers, spyware etc etc like the hardware authenticator. If someone accesses anything from your computer then you are SOL.

Example: you get a trojan/virus... they open your computer into an SSH based proxy and proxy into WoW and empty your account... it's already happened to a few people and was discussed on the official forums.

As a multi-boxer you can ask for authenticators in order to seperate your accounts to new e-mails and they will send them to you. Yes it makes your keychain huge but it does have it's benifits especially if you only play from a single location. They sent me a few and explained that it was up to me what i did with them and if i wanted to make 5 seperate battle.net accounts to just call back. I disabled my mobile one and just added two of them to the accounts i already have and it takes me less than a minuet to log in... so theres no reason for me to do that.

If Blizzard is telling you that the dial-in authenticator is simply a backup of the actual authenticator then they are misleading their customers as their official FAQ (http://us.blizzard.com/support/article.xml?locale=en_US&tag=dialinauth&rhtml=true)states it is another option of authentication control and protects your account from malicious attempts. If someone has the smarts to bypass the dial-in authenticator you probably aren't safe regardless of the method you use. All methods that provide extra security have been "reported" as being hacked so to say one is safer than the other is not really accurate.

The bottom line is don't be a dumbass when it comes to using your computer. If you visit questionable sites you need to realize that you can get hacked. If you download unknown material you can get hacked. If you regularly scan your system using up-to-date virus software, check for keyloggers or trojans, use different passwords and don't do stupid shit you will be a long way into protecting yourself. In addition add any type of authenticator and you will more than likely be safe.

If you are going to throw out fear mongering statements about Blizzard stating the effectiveness of the dial-in authenticator please provide links to said statements, and not the green posters either and no your "conversations" with phone support are not official Blizzard statements.

If Blizzard is telling you that the dial-in authenticator is simply a backup of the actual authenticator then they are misleading their customers as their official FAQ (http://us.blizzard.com/support/article.xml?locale=en_US&tag=dialinauth&rhtml=true)states it is another option of authentication control and protects your account from malicious attempts. If someone has the smarts to bypass the dial-in authenticator you probably aren't safe regardless of the method you use. All methods that provide extra security have been "reported" as being hacked so to say one is safer than the other is not really accurate.

The bottom line is don't be a dumbass when it comes to using your computer. If you visit questionable sites you need to realize that you can get hacked. If you download unknown material you can get hacked. If you regularly scan your system using up-to-date virus software, check for keyloggers or trojans, use different passwords and don't do stupid shit you will be a long way into protecting yourself. In addition add any type of authenticator and you will more than likely be safe.

If you are going to throw out fear mongering statements about Blizzard stating the effectiveness of the dial-in authenticator please provide links to said statements, and not the green posters either and no your "conversations" with phone support are not official Blizzard statements.
This. Times eleventy.

This does not combat against someone hacking your account... blizzard has said that this is simply a backup for the actual authenticator. I asked about using this method for five accounts and they said that it did not protect against keyloggers, spyware etc etc like the hardware authenticator. If someone accesses anything from your computer then you are SOL.

Neither does the normal authenticator. Man in the middle attack, perchance?


Example: you get a trojan/virus... they open your computer into an SSH based proxy and proxy into WoW and empty your account... it's already happened to a few people and was discussed on the official forums.

Then it's your own damn fault for getting the trojan/virus!

And tell me how exactly they'll proxy into wow, I'd really like to hear it out of curiosity.

According to the FAQ, it is not a backup for a normal authenticator, they stated that you can only have ONE authentication method (hardware auth, phone app auth, or dial in auth)

I think this method will be a great balance between security and convenience for boxers, not having to wait 4 minutes to log in my toons is worth the slightly lessened security.

IP addresses can be spoofed. If someone can get your password & bnet id, they can certainly know your IP address, and will get you.

The only security this would offer, I would think, is that if someone tries to add an authenticator to or change the password of your account you'd need to call. Or do you need to call?

And tell me how exactly they'll proxy into wow, I'd really like to hear it out of curiosity.
I'm curious about this myself. I asked in the previous thread I saw about the new authenticator, and did not get a response. How does someone spoof your IP address from another computer in order to access WOW, and does this seem like something that a gold seller or account thief would be able to do easily enough to make it worth his time?

I'd like some kind of technical explanation, not just "it can be done" or "it happened to so-and-so." How easy and/or simple is it to fake a specific IP address, especially for someone who is just sitting at another PC somewhere else in the world and just wants to hack a WOW account?

I'm curious about this myself. I asked in the previous thread I saw about the new authenticator, and did not get a response. How does someone spoof your IP address from another computer in order to access WOW, and does this seem like something that a gold seller or account thief would be able to do easily enough to make it worth his time?

I'd like some kind of technical explanation, not just "it can be done" or "it happened to so-and-so." How easy and/or simple is it to fake a specific IP address, especially for someone who is just sitting at another PC somewhere else in the world and just wants to hack a WOW account?
Agreed on the "worth their time" angle.

I'd also like to see a link to the official forums thread where it was acknowledged that this was how someone got hacked with the Dial-In Authenticator set up. I mean, if it's happened and been discussed, should be trivial to find the thread again, right? Not trying to sound snarky but this sort of claim is always going around among kids trying to look important on forums.