Slashdot Mirror
Blizzard Authenticators May Become Mandatory
An anonymous reader writes "WoW.com is reporting that a trusted source has informed them that Blizzard is giving serious consideration to making authenticators mandatory on all World of Warcraft accounts. The authenticators function the same as ones provided by most banks — in order to log in, you must generate a number on the external device. Blizzard already provides a free iPhone app that functions as an authenticator. The source stated, 'it is a virtually forgone conclusion that it will happen.' This comes after large spates of compromised accounts left Bizzard game masters severely backlogged by restoration requests."
but what about if this starts a trend and all online games start to require such?
Maybe secure login will then become a common practice and devices will be standardized and we will live in a bright shiny future where login is no longer done by the most primitive system imaginable.
I mean seriously, passwords are among the weakest chain when it comes to security today and not something that can be fixed by 'educating the user' (last time I counted I had around 100 password), it wouldn't hurt to replace them with something that is more secure and more comfortable to use, even if it might be a bit painful at first.
The authenticator is hardly $25. In the US, it's $6.50 with free shipping, and in the EU it's EUR6.99 also with free shipping. The price covers the cost of the physical unit and (obviously) the shipping. Blizzard's hardly making a killing on these.
For mobile authenticators, the Blizzard Website has more detail. The short version is that the Mobile Authenticator is available on a wide range of phones, depending on provider. Support isn't universal, though.
That said, the only time Blizzard could make Authenticators mandatory would be at a game-changing event, like the release of the next expansion. If they go ahead and do that, they'd probably throw Authenticators in the box, to automatically have near-total distribution. Their biggest concern is probably whether they can source a few million of them.
The long and short of it is that account theft is a big problem, both for Blizzard and for people who play WoW. Not everyone has a locked-down system, and phishers are using tactics formerly reserved for actual banks to try to get account info. Players have to deal with having their account possibly stolen, Blizzard has to deal with perpetual requests (some possibly fraudulent!) to restore characters/items, and the game as a whole suffers from the RMT that goes on.
I, for one, welcome our Keyfob and Mobile-Authenticating Overlords.
"Evil company X is threatening to restrict our rights! Let's all get together to stop--OOOH! SHINEY!!!" -- AC
what about if this starts a trend and all online games start to require such?
This business of every application requiring its own password is a problem in itself. (I've got 400 passwords in my Roboform archive!) That's why so many sites are adopting OpenId.
You seem to have totally misunderstood how the authenticators work. They are decidedly NOT USB dongles.
An authenticator is a changing key generator, which shows you a one time key when you hit a display button. You then type this key in after entering your username and password to log onto the game. This is very similar to the RSA SecurID token my work requires I use to log onto a our VPN.
Basically the keyfob contains a psuedo random number generator which generates a new key every few seconds. The authenticating server knows the original seed, and can figure out the currently "valid" number shown on the key. Since each code is only valid for about 30 seconds, this makes is significantly harder to hack the account.
In fact this system is more secure than any system my bank uses, as very few banks in the US even give you the option of using a system like this.
Lest anyone think you're insightful or interesting or informative (because your post indicates you are none of these things):
Blizzard is eating the cost of shipping on these inside the US and Europe. They are charging less than $7 for them, which, in addition to the shipping, has got to be pretty near break even. I sourced tokens a couple of years back and we were quoted $10-25 each depending on the supplier.
They are also offering a free version over the iPhone/iPod and for a variety of other devices like Blackberries.
The end result is about 4-5 seconds added to your time to log in, you don't get your account (that you've spent hundreds/thousands of hours on) stolen, and when you do have a legitimate issue in game that requires support there's a better chance someone will be able to help you sooner rather than 3 days from now.
Of course, I suspect based on your post that you don't actually play this game, and probably came in here just to be smug. Is "I won't pay MORE money to play a game I ALREADY paid for" the new "I don't own/watch tv"?
Since I can't tell them apart, I treat all ACs as the same person.
The word is lose.
Dongles were use to curb piracy. Blizzard doesn't have that concern because of the subscription model.
However a large portion of Blizzard's customers access their WoW account from internet cafés and gaming bars. Since some of these public machines have key logging software installed, Blizzard is experiencing a large number of customer service requests complaining about "hacked" accounts. One way to counter the key logger is by requiring an Authenticator.
Currently use of the Authenticator is optional. Blizzard has learned a lesson that if it's optional it won't work because people don't see the need to spend the extra money or download a free app.
These comments are my own and do not necessarily reflect the views or opinions of my employer or colleagues...
So what, a keychain fob is going to suddenly stop working if it gets near a Linux device? Open source is a powerful thing, but if it now has an aura that destroys all non-GPL devices in a ten foot radius, I'm really impressed.
Also, "thousands of you" means there are as many of you as there are level 80 female dwarf subtlety rogues wielding Quel'dalar. You'd be insignificant even if you *did* all quit the game rather than play on another platform... which you won't.
Let's not forget the real reason authenticators are becoming mandatory. It's because accounts are getting hacked, sure, but why are accounts getting hacked?
Because there are idiots paying real life $$ for in-game money, which they get by hacking accounts and selling off their stuff. The customers of these websites are paying these hackers to take over people's accounts, effectively.
Do away with the monetary incentive, and accounts wouldn't be getting hacked.