http://www.blizzard.com/store/details.xml?id=1100000182
Got tired of people saying their accounts got hacked. I don't want to be "that guy". Sucks we have to spend money out of fear. Ohh well just an extra level of security for me then. :wacko:
Printable View
http://www.blizzard.com/store/details.xml?id=1100000182
Got tired of people saying their accounts got hacked. I don't want to be "that guy". Sucks we have to spend money out of fear. Ohh well just an extra level of security for me then. :wacko:
Got three of them, never activated them. Not sure that I will since I'm on the fence about playing post expansion.Quote:
Originally Posted by 'bigp3rm',index.php?page=Thread&postID=153071#post 153071
Yup, I have one, and it brings a huge relief, and peace of mind. With boxing bring more attention to my accounts, I want this little extra bit of security. And its price is laughably low.
IMO it should come in the box.
I have one. Its a pain but the peace of mind is well worth it. Note of caution, If you ever need to remove it from your account or change the authenticator on the account in any way, you HAVE to call billing department.
<-- early adopter of the authenticator.
I've never been hacked on my WoW account -- but my Guild Wars account was hacked back in the day. I used to be a major fan -- I averaged 16/hours played per day (yes, this was college) and was ranked 116th in the world. After I was hacked, I haven't been able to play -- it was just too painful to log in and see my characters trashed. GW isn't even a gear-based game, but I had put time into getting my characters the "perfect" looking gear and overnight it was pretty much ruined.
If a $7 device will help prevent that sort of thing from happening again, it's worth its weight in gold to me.
I wouldn't even consider myself a high risk candidate for keyloggers -- I'm smart about what I download and what links I click, I run antivirus and a firewall, I don't fall for phishing emails. However, it's not about my risk in comparison to others -- it's about my personal risk versus gain. I thought about what I personally would feel like if my accounts got hacked and whether or not that's worth $7 and the inconvenience of typing in a number every time I log in. And, to me at least, it's well worth it. Remember that, while Blizzard is generally benevolent about retrieving lost gear/items/gold due to hackers, they don't have to -- it's the user's responsibility to maintain their account security. Restoration can take upwards of a week and sometimes things can't be restored just the way they were.
Anyway, to me it's well worth the "inconvenience" of typing the same number into the login screen (using my multiplexer mwahahaha). Remember -- 1 authenticator can work for multiple accounts. You can share it (the authenticator) with your family, but remember that you need the number from the authenticator every time you log into the game or the armory (the wow forums do not require the authenticator number). Suvega has one for his accounts and I have one for mine since we're not ALWAYS attached at the hip ;)
Just curious why you picked up three? I thought I read in the FAQ that one will work for multiple accounts.Quote:
Originally Posted by 'Sarduci',index.php?page=Thread&postID=153104#post 153104
everyone should get one.
i just make my password my zip code and then never let anyone know my address. that way i know both me and my account are always safe.
I've got one associated with my 7 accounts. It's no more trouble than typing a password, I leave it sit on my keyboard 24/7 because if someone I don't trust is in my house, I already have a different problem.
Two to use so if one breaks I'm not at the mercy of the billing department. One extra because my cat will find and hide one or two of them at some later date.Quote:
Originally Posted by 'bigp3rm',index.php?page=Thread&postID=153115#post 153115
Standard part of a normal brute force list is postal codes in normal and zip+4 formats. You'd never believe how common it is.Quote:
Originally Posted by 'Fursphere',index.php?page=Thread&postID=153124#po st153124
not to mention the fact that it's pretty easy to get someone's ip address, and from there narrow down the location. i'd change my password if i were you kromtorQuote:
Originally Posted by 'Sarduci',index.php?page=Thread&postID=153134#post 153134
I wanted one and they were sold out. I checked every day for a few months. I was thinking of buying 10 of them when they became available. Then keep one and sell the rest when they ran out of stock again. I’d figure history would repeat, and we would go a few months until they got them back in stock. That’s when I’d sell them. I was thinking eBay with a price of $50-100. Why? Because that’s what I would have paid for one back when I was checking that page every single day.
I didn’t do that though. I bought 3 and only use one. The other 2 are for back up. I figure the battery would go, and I’d be prepared. Using it is easy. It’s just habit now. So there’s no hassle. I do think about it all the time. I feel my accounts are so much safer now because of it.
I know some people will say it’s not worth it. I remember people taking one side or the other. All I can say is two things;
#1 its $6.50.
#2 I’ll tell you my password if you tell me yours.
YOU ARE NOT PREPARED!Quote:
Originally Posted by 'ELBA',index.php?page=Thread&postID=153142#post153 142
imo
well, add one more to the list. I LOVE mine, as it has been said, for $7 there is no excuse to not get one. $7 to protect 5 accounts, even if you only have one account, and a level 1 noob on it. that $7 insurance plan could save you $19.99 for the price of a battle chest.
So lets see.
Vanilla wow $25 x5 = $100
Burning Crusade, 1 colelctors, 4 normal, $170
Wrath, 1 collectors, 4 normal, $230
rough guess of about 3 years worth of monthly payments = $576
that's a $7 insurance policy that is almost 99% protection over $1076
no brainer
I got some questions about this. Largely because people are using fear as a reason to buy one, and saying things like "it's a no brainer". Both of which raise red flags to me - even on a $7 purchase.
First off, assuming your machine is not infected with keyloggers, how can anyone hack your account if they don't even know your account name? Without some amazing social engineering, or breaking into your machine, how is anyone going to even know where to start hacking your account?
Assuming someone HAS your account name... You failed and now your password can be hacked. Perhaps it's time to get one of these devices.
The problem seems to be people having your account name to begin with. So don't go to any non-trusted WoW or MMO sites and play on a Mac if you have problems with keyloggers :)
I think a authenticator is cheaper than a mac ;)Quote:
Originally Posted by 'Soundeyes',index.php?page=Thread&postID=153148#po st153148
... I could be wrong, though. ;) I don't own a mac.
Macs aren't hack-proof. Nothing is hack-proof. Not even *gasp* authenticators, which TECHNICALLY could be reverse engineered. Macs just are a smaller target population than Windows. If it were the other way around, the few windows users would be supposedly "hack free" and all viruses would be developed for Macs.
As for the safety of the authenticator, it's just another line of defense that should be utilized along with proper virus protections like antivirus, firewalls, smart users who don't throw their accountname/password into phishing sites, users who use strongly typed passwords/SQA's/account names (capitals other than the first letter, numericals, symbols, non-dictionary words)...
The more hoops to jump through, the less "worth it" it is for those hackers to make a profit off of your account -- cost (time) vs gain. Make it more costly for hackers to get into your account, the less likely they are going to make a buck, which means they're less likely to want to bother.
Authenticator is a nice idea, if I didn't already use a Logitech G15 and a login macro I would invest in one myself.
Ok, this is amusing as shit.Quote:
Originally Posted by 'Sarduci',index.php?page=Thread&postID=153132#post 153132
First, you can only associate one authenticator with an account.
Second, each authenticator will give a unique number every 60 seconds or so...
Third, having one authenticator associated with the accounts means that when you lose one or it dies, you are still at the mercy of teh billing department.
Fourth, see above... cats, loss, etc...
All said and done, you have three and the only thing it's going to save you is a window of time without having an authenticator on the account if you lose one because once you manage to get Blizz to remove the old one, you can instantly add a new one instead of reordering...
Only stupid people who do stupid things, or allow stupid people to do stupid things on their computer should ever really need one, but it does add a level of comfort.
If someone got hacked they did one of the following:
1. Gave out thier info to a "Friend".
2. Browsed some stupid porn or warez site, or downloaded stuff that any idiot should know not to do.
3. Picked a simple password/accountname setup.
Having said that, I have one for my 5 accounts, & love it. I have my occasional moments of stupidity & this adds a little extra security.
What I really don't like about Blizzard is that passwords are not case sensitive.
Password, password, PASSWORD, PaSSwoRD etc.. all work fine, if your account password was password.
Pretty stupid system for passwords in that regard.
I'm a Mac user, have been since the Mac II. (I also use Windows, so no PC vs. Mac nonsense, please, been there done that 10 years ago).Quote:
Originally Posted by 'Vyndree',index.php?page=Thread&postID=153154#post 153154
Macs right now are for the most part safe from the majority of keyloggers, as they simply will not work, or they would require you to enter your admin password, and you'd have to be pretty dumb to allow software to be installed requiring that level of security, without checking what is being installed.
However:
Despite our invulnerability, the Flash exploit earlier this year could have opened up the door to ALL platforms being compromised, and it points out the gold sellers and exploiters are getting creative. Stealing accounts is now a billion dollar industry, and you know they're all trying to figure out how to get all those Mac accounts they can't touch right now.
There's also an issue right now with a fake copy of QuestHelper leading to a massive wave of account thefts, read up on it in the CSF. Windows only, as it's believed the installer throws an EXE onto the hard drive, which won't run on a Mac, but they could make a break-through with the Mac, eventually. Lots of legit apps need an admin password, and it's only a matter of time before they figure out how to sneak one in with a legit program.
The most worrisome issue I have is, the Mac virus/trojan software industry is asleep at the wheel - if the exploiters do manage to crack the Mac OS, we will have to wait for them to play catch up, before our systems are safe again.
So, it makes 1000% sense to practice account security and computer security, even though we are for the most part safe right now from keyloggers and such. Change your passwords often, make sure you keep all your e-mail accounts current, make sure you know your secret answer, and keep an eye on Mac security software and sites. An Authenticator is simply a no-brainer for *anyone*, Mac or Windows. I'm ordering one for my accounts (it figures, now that they're available, I'm short on cash, lol). It's better to have one, in case that day comes when the Mac OS is exploited - it's your best bet to protect your accounts, period.
I don't see it as an "if" situation, I see it as a "when". The more Macs are sold (and they are gaining market share), the more the hacker/exploiter crowd will apply effort to break in.
Another issue I've been looking at is the WEP issue - now that it's seen as basically unsecure, I would urge anyone using it with a machine that plays wow to replace their router with a secure one. I know in my apartment complex, my router gets pinged constantly from attempted log-ins.
I love my authenticator, and I can't believe I survived without it! Lucky for me tho Blizzcon gave them away and now both my boyfriend and I are happily using them :)
Even tho I got mine for free, I would have spent the $7 as soon as I had the extra cash because the peace of mind is worth so much more.
How does the authenticator show up anyways? After you login does an extra window come up with the 30/60 second "code" or it is a seperate field in the main login screen? I wouldn't mind using one, except I would want to be able to log in to all 5 of my accounts once instead of typing 5 different numbers in 5 windows.
With all the costs Blizzard must have with hacked accounts (it must be at least $20 per account in time spent on customer service, phones, GMs, etc) I am really suprised it wasn't included free in WOTLK. would have been a smart move.
As I read the info you just put the number it generates at the end of your password.Quote:
Originally Posted by 'puppychow',index.php?page=Thread&postID=153309#po st153309
You log in just like normal, once it knows your account name the client prompts you for a PIN which you type in. In my case I broadcast keystrokes to all 5 to password it up, then I do the same with the PIN... rarely do I hit a conflict where one won't log in, it does happen but very rare. I just relog that client.Quote:
Originally Posted by 'puppychow',index.php?page=Thread&postID=153309#po st153309
The only thing it's caused issues with for me is rarely I have a desire to check account data at work, and since I'm a big fan of a small keychain I don't have my FOB on the keys... it sits at home on my desk... so I can't squander working hours worrying about a game... hrm, thats probably a plus ;).
After 4 years of playing my main account was hacked last night. Well I guess you can call it that. It must have been brute force or at least I suppose it was. I do not browse the web with my gaming computer. Either way I logged on last night and low and behold I had a level 60 something Death Knight on my account. Strangely they created the DK on the server I play on. If they would have created it on another server I might not have noticed it.
I log into said DK, at the same time I am logging into my accounts from another computer and changing passwords.
The DK had about 40G on it and some blue items. No money is missing from my Guild Bank and no items from any of my toons so I must have caught them just in time. In time for what I am not sure because after I reported it to Blizzard they left the DK on my account with the 40G and the blues.
[quote='Gadzooks',index.php?page=Thread&postID=1532 97#post153297]Macs right now are for the most part safe from the majority of keyloggers, as they simply will not work, or they would require you to enter your admin password, and you'd have to be pretty dumb to allow software to be installed requiring that level of security, without checking what is being installed.[/quote]
[url='http://en.wikipedia.org/wiki/User_Account_Control']So does Vista[/url]. However, the "majority of users" either just get impatient and click "yes, whatever" or specifically turn the feature off because "it's annoying".
;)
http://en.wikipedia.org/wiki/Compari...ation_features
The thing is, by assuming that the administrator prompt (for both mac and windows) PREVENTS these sort of hacks from taking place is assuming that the USER themselves knows NOT to click "OK, yes, install this". And that's a VERY, VERY big assumption. If Mac were the primary OS for the average user, you're assuming the AVERAGE USER knows what's good and what's not good to install on their computer -- and if people are still falling for phishing email scams I think you can see the logical fallacy.
You can only protect a person from themselves for so long. These sort of people probably don't use macs for the same laziness. However, if they DID use macs, rest assured they'd complain about, just click through, or find some way to turn off the admin elevation features of the Mac just like they do Windows.
What I'm saying is -- yes, there are less viruses developed for Mac because there's less users USING Mac. The security is in the hands of a user, and additional devices/measures to protect a user from themselves is exactly what an authenticator is (and so is strong passwords, smart users, antivirus software and firewalls).
What I'm NOT saying is that Mac is INsecure. I'm also not saying Windows is INsecure. I'm just saying NOTHING is 100% foolproof -- not Windows, not Mac, not Firewalls, not Antivirus, not strong passwords, not smart users, not authenticators. Given enough incentive, there's always a way to get in. What you want to do as a user who holds the keys to something that is SUPPOSED to not have real-money value but, in reality, does -- make it hard enough to get into your accounts that it's not WORTH the potential monetary gain to do so.
You can remove the authenticator on the website BTW, as long as you haven't lost it. It's only if you no longer have access to your authenticator do you need to call billing.
I have one, and I consider it well worth the investment.
I would have one except Blizzard wont ship to a PO Box, and where I live I have no other option. The post office does not deliver to my address, and things addressed to my street get RtS. Free post office box FtL. ;(
If some one finds out his pasword, send it to me so i know where he lives and can pay him and his family a "visit" :)Quote:
Originally Posted by 'Kromtor',index.php?page=Thread&postID=153122#post 153122
SWEET more junk for the landfilll. Put your ipods and iphones in that pile as well.
Get off your high horse. Not everyone contributes to landfills.Quote:
Originally Posted by entoptic',index.php?page=Thread&postID=153550#post 153550]SWEET more junk for the landfilll. Put your ipods and iphones in that pile as well.[/quote]
[url]http://www.pcrecycle.net/[/url]
At least, that's what I use here in Seattle. They even stop by my work every so often to pick up consumer electronics to recycle.
[quote='pcrecycle.net
IMO, if you don't use green transit and recycle yourself, you have no business criticizing others. In fact, let's just cut the crud and shorten it to "you have no business criticizing others". Lead by example -- say "Hey, guys... When you're done with your authenticators, remember to recycle them!". Much more appropriate than "You all suck because I used psychic powers to determine that all of your authenticators are going to be landfill trash in some 3rd world country so I have the right to judge you all for something that I have no proof that you did or will do".
The latter is forum troll behavior.
Wow what happened in here?
I don't trust the authenticator, because by using it the weakest element becomes the Blizzard helpdesk:
http://www.wowinsider.com/2008/07/24...users-permiss/
http://www.wowinsider.com/2008/08/05...ard-responds/4
.. and from experience, I never trust helpdesks :)
Ken:
You don't trust the authenticater, because the weakest element "becomes" the Blizzard helpdesk ?
I believe that logic is flawed, the Blizzard helpdesk doesn't become weaker, it is as it has always been. Authenticator or no authenticator.
And if you read Belfaire's comments directly in the associated threads, you will find that: The authenticator was never removed from the account in question, the password was changed on the account by a person calling helpdesk and providing personal information AND the serialnumber from the Authenticator, and that the account most likely was accessed by someone other than the account-holder. Only the last bit is a little vague, but that is understandable.
You don't weaken a chain by adding a stronger link. The chain is the same as before. However, now you can be fairly certain the chain won't break where you added the stronger link.
/Naylix
Now there is another bit of information that someone could get his hands on, to make the helpdesk believe you're the owner of an account.Quote:
Originally Posted by 'Naylix',index.php?page=Thread&postID=153681#post1 53681
This is the only thing that matters to me related to this issue: someone found another means of breaking through *a* security level and these means were assisted by the authenticator.Quote:
And if you read Belfaire's comments directly in the associated threads, you will find that: The authenticator was never removed from the account in question, the password was changed on the account by a person calling helpdesk and providing personal information AND the serialnumber from the Authenticator, and that the account most likely was accessed by someone other than the account-holder. Only the last bit is a little vague, but that is understandable.
You don't weaken a chain by adding a stronger link. The chain is the same as before. However, now you can be fairly certain the chain won't break where you added the stronger link.
/Naylix
"the password was changed on the account by a person calling helpdesk and providing personal information AND the serialnumber from the Authenticator"
If a system is compromised (e.g. by a keylogger), it 's easy to get the Authenticator information. You enter the serial number of the authenticator to register it, so this information could be logged by an external program. The only benefit is that you only have to do this once and don't enter it every time you log in.
In fact, if a system is compromised, it wouldn't be difficult to just inject webpages into the browser(that look like the blizzard account pages) to ask the user to re-enter his serial number, just like they do with bank account hi-jacking.
If you have an idea of how social engineering works(or just know how to look for info on the internet), you will understand how it is not that difficult to find personal information.
[edit] In the end, the validator adds 'some kind' of indirect protection, since you don't have to re-enter your password constantly, but it also adds another piece of information (its serial) that someone could get just as easily as a password.
Just to supply some further information, while training is one of, if not the most important factories when it comes to security of any type, Mac's do have some advantage over windows specifically in training the users.Quote:
Originally Posted by Vyndree',index.php?page=Thread&postID=153362#post1 53362]
[quote='Gadzooks',index.php?page=Thread&postID=1532 97#post153297]Macs right now are for the most part safe from the majority of keyloggers, as they simply will not work, or they would require you to enter your admin password, and you'd have to be pretty dumb to allow software to be installed requiring that level of security, without checking what is being installed.[/quote]The thing is, by assuming that the administrator prompt (for both mac and windows) PREVENTS these sort of hacks from taking place is assuming that the USER themselves knows NOT to click "OK, yes, install this". And that's a VERY, VERY big assumption. If Mac were the primary OS for the average user, you're assuming the AVERAGE USER knows what's good and what's not good to install on their computer -- and [url='http://futuremark.yougamers.com/forum/showthread.php?t=23914
Windows has always been about ease of use over security, in doing so they have allowed the third party programmers to get away with a lot of sloppy coding. The habit had been to just access anything they wanted at any time, hence the reason so many people just ran as local administrator. So their applications would work.
With this happening users were never given notice when stuff was installed, this is bad. With Vista came a couple changes, first the default user is no longer the local admin. Second, any time an application requests access to something that requires admin rights, the UAC will alert the user and give them a two button press to choose. The problem here lies with so many applications living in the days of being able to do anything they want that everything asks for permission. This desensatizes the user who no longer cars, they just want their system to work.
OSX works a little differently, here the first thing has always been to create a non-admin account to be used on the system. Applications have never had free reign to do what they want, so they work within their allowed access. So their applications would work. OSX has always had a UAC style functionality, but again it only activates when something requiring admin privlages requests access. This is a LOT less frequently because applications are simply not allowed free reign to the system. In addition to this when access is requested, it does ask for the full admin password, this keeps others from installing malicious software on your system, and makes you at least give a second thought to what you are doing.
With all this in mind, I am not saying OSX is better because the software has no holes, I am saying that it has been integral in conditioning both the programers and users int a better focus on security. Windows has always forgone security for ease of use.
@ Tynk:
Another benefit for OS X users is that there are a lot less virusses/trojans/keyloggers made for that OS.