Quote Originally Posted by 'Hachoo',index.php?page=Thread&postID=162556#post1 62556
To brute force the authenticator you'd first have to brute force the user's password (or find it some other way). Only if you get the password right does it even allow you to type in the authenticator code.
This is incorrect. You present username/password - it will always ask for the code next unless it's patch day and you aren't patched.
Quote Originally Posted by 'Hachoo',index.php?page=Thread&postID=162556#post1 62556
I have not tested what happens if you fail typing in the authenticator code however, but the smart thing to do would be lock the account out until the authenticator switches to a new code.
You go back to logon/password prompt.

The chink in this armor is the wow forums. They don't use the authenticator, only the u/p of the account. So you can brute force the password there assuming they could handle the number of attempts and not get flagged (which I doubt). All said and done, it will take an act of god or raw stupidity to lose access to your account in WoW now.

In fact, I'm so confident in this that I'll post this:

Username: zan6715b
Password: el571ai#7
Current Authenticator Code: 723123

Good for about 45 more seconds, enjoy .

[spoiler]Oh c'mon, like I'd REALLY post that as real info.[/spoiler]