Quote Originally Posted by Aenar View Post
If someone wishes to remove an Authenticator from the account, don't they need to enter the Serial Number of the device before its cleared? I haven't tried, so I may be wrong.
To manually remove the authenticator from an account from the Battle.net site, you do not need to have the serial number to the authenticator.

However, you do need to input 2 consecutive authenticator keys. That protection makes this type of attack nearly impossible to carry out. Not impossible, just nearly so.

In order to remove the authenticator from a Battle.net account when you no longer have access to the authenticator is a bit more problematic. I have had 2 iPhones crap out taking the authenticator program with it, and since the authenticator program uses the serial number of the phone itself as a portion of the key generation algorithm, this means that a restore to a new iPhone does not result in the correct key being produced. I have had to fax in a form to Blizzard with specific account information and also a photocopy of my government issued ID card (for me a driver's license) and they then removed the authenticator from the account.

Just FYI.