Quote Originally Posted by Fenril View Post
This timer is non-existent with multiple BNet accounts and 1 authenticator as we stated earlier in the thread. That's why there's the hype around having separate BNet accounts. It was a change by Blizzard, for unknown reasons, that they never publicly announced.
They did announce it in the patch that changed it. What had happened was that the original authenticator code on the servers wasn't treating them as OTP (one time passwords) so you used to be able to login, logout real fast, and then log back in with the same auth number. This wasn't really noticed till Battle.net came on the scene and once they forced people to upgrade to it the bug was spotted and then fixed. As much as I like the previous behavior, it wasn't the original intention. So the OTP is currently set at the Bnet level. They could piss more people off by setting it at the auth level (which is really what they should do if they truly care about security, the idea being that each auth code should only ever be used once across all accounts, bnets, etc.), or they could set it at the account/license level which would allow people with the same Bnet some relief.

As for the use in fighting key-loggers, it's a myth. If you have a key logger on your machine, having an auth isn't going to prevent a login from hackers. Once your machine is compromised, there isn't much that can be done to protect you. A good key logging program would just steal the auth code, prevent the wow client from logging on, and then connect to the blizz web site and change your account to use their auth. Granted, they might require some other things to change your the authenticator on your account, but the point is that the hackers have now gotten past your authenticator and logged on as you.

Sorry for the ramble, lack of sleep and all that.

- Souca -