Haha I used to do the same thing before I separated my accounts, pre-loading auth codes FTW.Quote:
Originally Posted by outdrsyguy1
Printable View
Haha I used to do the same thing before I separated my accounts, pre-loading auth codes FTW.Quote:
Originally Posted by outdrsyguy1
Wait... this shouldn't work. At least not from a security standpoint. They must be allowing passcodes to be stale for more than 60 seconds. Do you know how old the code can get before it stops working?Quote:
Originally Posted by outdrsyguy1
- Souca -
After extensive stress testing of my authenticator with collaborative effort from online-stopwatch, it would seem that key chain authenticator codes die out somewhere around the 11 minute mark. Given the right instruments and care factor I could obtain more accurate results, but in my findings an authenticator code was still able to be used at about 11 minutes and was no longer valid at approximately 12 minutes [separate codes used each pass obviously].Quote:
Originally Posted by Souca
I can understand why they would allow a code to be used during up to 1 mn after it has been generated (to avoid the disappointment caused by the use of the authenticator right before it generates a new one). But 11 mn oO
It does make sense. Since it's pretty hard to keep the clock inside the authenticator running correctly between now and the next time you use it.
There is probably some logic where the server knows how far the clock in the authenticator has drifted based on the code entered and the ten possible codes before and after that one.
If it wasn't about the money then they'd give out authenticators for free. Just think about it...
While I am a strong believer in authenticators- this solution does nothing to stop keyloggers and hackers. Most people who are hacked don't OWN an authenticator. They get hacked then the hacker puts one on their account. How is this exactly helping the situation at all?
Looks like Blizz wants in on some of that hacker gold selling cash. The solution- make the hackers buy lots of authenticators- and they will... Because once again the people being hacked don't own authenticators.
Like I said in the beginning authenticators should be free. They probably cost less than a dollar to make and a dollar to mail. That should be covered in our subscription fees. If they were upfront they'd sent out an authenticator to every active WOW account, include an authenticator in every box and expansion.
I think you also have to enter the codes in order that they appear, even if they are a few minutes old. But I didn't do nearly the stress testing and in depth analysis as Fenril
I'm sure they're raking in the cash from these authenticator sales...Quote:
Originally Posted by jinkobi
...what? How many more accounts would be compromised if they didn't have authenticators attached to them? We have no way of figuring out that number, but I'm sure the that number would be pretty high. How many people don't run an A/V program but use an authenticator, I am guessing a lot of people fall into that category. In fact, there was a long time where I didn't run an A/V program but used an authenticator. Did I have a keylogger on my system? I may have, I have no idea. Did the authenticator still help? Whether it did or it didn't, I sure did sleep a lot better at night knowing my shit would still be there the next day, and it always was.Quote:
Originally Posted by jinkobi
Yes, I can see it now... almost as if I was at that particular meeting with the Blizzard staff, dressed in their suits of one hundred dollar bills, when they realized their original design flaw and thought, "We could make sooooooo much money off of the hackers who are using a single authenticator by making this change and forcing them to purchase multiple ones."Quote:
Originally Posted by jinkobi
When in reality...
The hackers themselves, will just detach the authenticator when they're done with the account giving them the ability to re-attach it to the next account. And if they don't detach it themselves, when Blizzard unattaches the authenticator and restores the account for the owner that authenticator is now able to be used once again. Will the hackers have to purchase a few more authenticators? Sure. Will it make Blizzard rich beyond their wildest dreams? No. The only way Blizzard would make a little bit more money from this change, is if they decided to actually black list the authenticator serial numbers truly forcing the hackers to purchase authenticators in mass quantities.
I dont believe this is a money making move by blizz, and god knows how I hate the vanity shit they pedal like a crack dealer on a corner. However, they will still make money off of the change.
Hackers will always adapt and prevail no matter the security measures of blizzard. Time is money, even in a virtual world. Furthermore, hacking accounts is a no risk venture, its no wonder its a booming business.
Blizzard alone sets the price of gold and accounts. I am sure anyone who has bought and sold accounts or gold knows of what I speak.
Blizzard could stop the hacking so easily by not placing artificial prices on gold/items or accounts(achievements). Again time is money, even in a virtual world.
I love being able to use one code to sign into multiple accounts at once. I am just hoping that either they allow one code to work across all WOWs on a B.Net account or that my phone never breaks. I don't really want to type in a code, wait, type in a code, wait....
Even though we couldn't, it might be fun if we could take a picture of 5 authenticators, crop them around each, use OCR (optical character recognition) to get the pictures to convert to numbers (text), then use a program (key broadcaster) to be able to read in the text and then send to each WOW. That would be overpowered, but nice. Especially if they laste 11 mins, it wouldn't matter if the process took 1-2 mins, for me, automation is better than not.