Battle.NET account + Blizzard Authenticator + today = fail

[ImaHealer]

I just tried using 2 B.net accounts and it in fact DOES WORK. The same authenticator code used for both and they both successfully logged in.

something I read MAY be the issue, "Due to a security feature, a generated key is good once per account."
when you merge 5 accounts "Into one Bnet account" your login NOW becomes just 1 account


your account, One, two, three, four, five... they used to be separate... now with one Bnet account

your login for EVERY account is now Screwed@myaccounts.ouch and since you can aperrantly only use
1 code per login.... you have to Login 5 times with Screwed@myaccounts.ouch...

if someone with 2 B.net accounts can use the same authenticator on each "Login" and it works...
this sounds like a true statement..

Man I hope not!

[jag989]

Seems you all are upset ONLY because something changed and no one at bliz said shit about it. My take on it is this, my computer really hates me when I log all 5 at once anyway, but I can do it. I don't, I just log them all one at a time. Sure it takes a while to do, but once you log in with a key code, it instantly refreshes it. You may be lucky enough to have the option of the battlenet passwoord but quit crying over something that not only increases security, but is completely trivial lol l

I think the reactions here would be the same even if they announced it.

For those of us that have decent enough hardware to log in multiple characters at once, it isn't trivial when it takes 3 minutes of spamming your authenticator to log in, it's aggravating.

[Aesthier]

I just started my 4th and 5th account back in Sep and still using my RAF. (Trying to milk it for all its worth.)

I have many issues already with the whole mandatory B.Net (read x-box live meets myspace) thing but now I have to hold off even longer to make the choice between multiple B.Nets or one individual one. The whole time my RAF time is clicking away.


As a side note I was talking with one of my network security friends today and he was explaining how the Authenticators work.

Had I read this thread I would have gotten more in depth but one thing I did pick up was the fact that the Authenticator in itself is fairly secure. However:

Each Authenticator has an individual algorithm that is mirrored to an exact copy on the server which has been tied to each individual account (or B.net dependent on what you purchased) What most people don't know is that the Key prior, the current key and the next key will all work in that 60 second period (only one of any of those three would be accepted I believe though). (This is most likely due to Blizz planning ahead for latency or natural lazy "slow" human response time)

That being said what most of you are having issues with, the one code for one login, likely results from the code was used and now the sever side authenticator is looking for the next code.


As a side note to all you I-phone junkies

When I asked him about the cell phones authenticator apps he began laughing, the authenticator itself is secure but what people don't realize is by putting it on thier cell phone it has now just become less secure as I-phones etc...(constantly connected when turned on) are fairly easy to hack.

I will talk with him this weekend and try to find out more.

Let me know if there is anything you want me to ask him.
Remember he is a network security guy not a Blizz employee but he does know his stuff.

~Aes

[jag989]

That being said what most of you are having issues with, the one code for one login, likely results from the code was used and now the sever side authenticator is looking for the next code.

I think that has been thoroughly determined as the point of the thread

That didn't use to be the case though.

[Ualaa]

The safest bet, as far as logging in in the shortest period of time will be one B.Net account per wow account, with one authenticator per pairing.

From a blizzard point of view, each is essentially saying, "I live in a dorm, and several of us play wow. We each have our own account and own authenticator even if our IP address is always the same".

Sure Blizzard will easily figure out the accounts are linked, in that they have the synchronized key inputs and the same billing/owner information.

Essentially, going this route means nothing has changed.

This would cost 5 authenticators instead of 1, but even if they changed it to "a code is valid only once, even across multiple B.Net accounts", which seems likely if this was an intended change, with 5 authenticators you could enter the game in under a minute instead of 2.5 mins.

One authenticator and 5 B.Net accounts might work too. From an above poster is currently does. If the increased security is an intended feature, I'd suspect this will stop working at some point in the future.

I guess you could velcro/attach each authenticator to a piece of plastic/cardboard or whatever, and then just use the first one for account one etc.

Going with separate B.Net accounts per account essentially keeps the same hassles as the current system and specifically chooses to miss out on the features implemented with the B.Net account changes, such as easier account management. Not sure if that is worth more then the log into game hassles or not.

[aboron]

1234567890

[Lash]

I actually have 3 wow accounts on battle.net1 and 1 wow account on battle.net2. I was intending to transfer from the 2nd battle.net account to the first battle.net account...but if I do so then my login process gets worse. Now it is better to have a ratio of one battle.net to one wow account. There are no known benefits to having multiple wow accounts on the same battle.net account.

Due to how I slowly ramped up the number of accounts I have. My current team is 3 characters spread out over 2 battle.net accounts. I use a blizz authenticator and IS. Prior to the change, I could login to battle.net1-toon1, battle.net1-toon2, and battle.net2-toon1 with the same code. I did have to wait at times for the box to popup on all of them, but once it did...it always worked.

Now, I will get battle.net2-toon1 always logged in. Battle.net1-toon1 or battle.net1-toon2 will log on...and it does change which one "wins". I have to wait for a new code to get the one that was left out into game. The same blizz/iphone authenicator can be assigned to multiple battle.net accounts.

I can consistently reproduce this. It is annoying.

[Aesthier]

Well what I am wondering is if the whole authenticator the only real reason not to combine all the accounts on one B.Net.

I know the next major concern is someone hacking your B.Net account and having access to "all" ones accounts.For me though that's not such a big deal as it initially appears.

Another major concern is Accidental banning of one account will ban your B.net but if I remember correctly the blues confirmed that banning one WoW account does not ban all the accounts on the B.Net.

Other than those is there anything really nasty about it?

For Example how does it affect RAF if its all on One B.net?

[Ualaa]

I wouldn't think RAF would be affected at all.
There is still a referring account which would be one of your accounts, not all of them.

[mmcookies]

ugh, just when i was thinking about farming the headless horseman's mount...

as a point of interest

the keyfob authentication server is most likely separate from WoW's login servers

basically, when you login, the generated number is passed off to the keyfob auth server along with your keyfob serial number for verification

the main login server confirms your password and waits for the authentication response from the keyfob server, if both pass, then it lets you in

the way they had it set up before, the keyfob server would return a "pass" at any time during the 30 seconds when the generated number is valid

what they have now is the keyfob server would forcibly invalidate the key once it is used

the keyfob server technology is likely external proprietary and blizzard would have no direct control over the code

the best we can hope for is probably a "per keyfob serial number" option to turn the forced invalidation on/off