heres what it says: Diii.net has received a hot rumor about the major changes coming to Battle.net as Blizzard upgrades their game hosting service to support the upcoming Starcraft 2 and Diablo 3 titles. An excerpt:
"When D3 comes out, Blizzard will be making major changes to battle.net. All players will have a universal battle.net account for all games. They will start selling a $6 key chain with a digital face that updates every 10 minutes or so with a new 11-digit number. That 11-digit number will be your password. This will make it nearly impossible to keylog or bruteforce accounts."
wtf o.O how does the key chain know your password unless its like hooked up to the internet via like satellite or something with a unlimited power supply and which case blizzard is awesome for having such a cheap tool but imo i dont think so...
odd.... a article i saw earlier on diii.net about battle.net 2.0 has been removed? not this article but another that was more in depth a bit... hrmmmm
I don't know.. But if I understand correctly we have to put in a new password every time we log in?
That's retarded.
Rollback Post to RevisionRollBack
As the shadow once again crawls across our world...
...the stench of terror drifts on a bitter wind,
The people pray for strength and guidance ..
they should pray for the mercy of a swift death
for I have seen what the darkness hides.
I seriously doubt the whole key chain thing, the whole "changes every 10 minutes" thing gave it away. first of all how will the keychain know what ur account username is? second of all, lets say 5 million people buy this game, that's what, 5 million different codes every ten minutes, that would mean 30 million unique codes every one hour, which would be 720 million unique codes a day. can you imagine how hard it would be to keep track of all these things and how much harder it would be to generate the codes so no 2 people get the same code.
This method of security is not new. Many websites already have this security implemented for their users whereby they are required to hold onto a keychain that produces a numerical code that is used alongside their ID to login the site.
How can you guys think this is so outrageous? If you did a little research, you would find out that Blizzard has already done this for World of Warcraft (it's called the Blizzard Authenticator).
Rollback Post to RevisionRollBack
"Everywhere the human soul stands between a hemisphere of light and another of darkness; on the confines of the two everlasting empires, necessity and free will." -Thomas Carlyle
How can you guys think this is so outrageous? If you did a little research, you would find out that Blizzard has already done this for World of Warcraft (it's called the Blizzard Authenticator).
yea but the number doesnt change... from what that article said it changes every 10 minutes and some how this key chain know's it? besides you cant brute force battle.net because after so many failed attempts your cd key is banned from trying to log in for awhile and unless you have over 1000+ cd keys that swap out after each one is banned and some how manage to brute force the server and get the password to the account if the user wasnt to retarded he would of set it to his email... and bam gain back his account....
Yeah my Father had a Key-Chain code authenticator for his work (super secret) way back when I lived at home like 5-6 years ago... And NZ is normally years behind the rest of the world as far as technology goes... so this definitely isn't NEW...
I also recall hearing about this article elsewhere so the info isn't new either. I'm not too worried, any thing that prevents hackers/botters and makes the game safer and more fun.
Rollback Post to RevisionRollBack
"If we're actually making the game worse with no other reason than to be different from WoW, then it's a bad choice." - Jay Wilson (D3 lead designer)
Storing the information on the keychain isn't necessarily the problem. RFID chips are really small(about the size of the the end of a sharpened pencil) and they can hold your entire medical history, dental history, and personal information(SSN, CC#s, felonies, etc). There is actually an 8GB jump drive available for around $50-$60(USD) and its not larger than a fingertip.
Anywho, size isn't a problem. The problem is this. There is one of two possiblities for what the keychain does to update passwords.
1. The keychain somehow links up to a network and receives a code from Battle.net to tell it what the password is. This method means whoever wants to hack the code will get a chance to view its transmission every 10 minutes. During the 10 minute waits, hackers will probably decipher what information they can.
End result: Hackers may be able to easily crack this type of password method.
Cons: people who can't see the satellies Blizzard uses can't play Battle.net games.
2. An algorithm is stored on the keychain. When the keychain is synced up with the online blizzard account, this algorithm is set in motion. At the same time, Blizzard's servers run the same algorithm for the same account. Regardless of connectivity, the keychain will always have the same password Blizzard has set up for the account. Couple bad things here. One, is the keychain needs to run indefinitely to work right, even a minute offline ruins the system. Meaning a battery warning needs to be given well in advance(I wouldn't be surprised if this could be usb-rechargeable). Another problem though. Running the algorithm securely would require a hefty encryption process. Running this process for millions of users? That would require Blizzard to have server farms just for password maintenance.
End Result: Hackers have access to an algorithm that will always run. Even if the encryption is 1 GB or larger, it CAN and most likely WOULD be cracked eventually.
Cons: Battery life, and server requirements
Naturally those are just two options that come to mind for me.
This idea isn't new, but Blizzard would definately be pushing the envelope in terms of scaleability. And whereas the other areas this technology is used may not necessarily have hackers working to crack the system, Blizzard will be constantly fighting not only hackers, but the farms of servers some hackers have in order to keep the code safe from being understood.
As far as Diablo III goes it's a little too fantastical to believe this system will be used to log people in.
Storing the information on the keychain isn't necessarily the problem. RFID chips are really small(about the size of the the end of a sharpened pencil) and they can hold your entire medical history, dental history, and personal information(SSN, CC#s, felonies, etc). There is actually an 8GB jump drive available for around $50-$60(USD) and its not larger than a fingertip.
Anywho, size isn't a problem. The problem is this. There is one of two possiblities for what the keychain does to update passwords.
1. The keychain somehow links up to a network and receives a code from Battle.net to tell it what the password is. This method means whoever wants to hack the code will get a chance to view its transmission every 10 minutes. During the 10 minute waits, hackers will probably decipher what information they can.
End result: Hackers may be able to easily crack this type of password method.
Cons: people who can't see the satellies Blizzard uses can't play Battle.net games.
2. An algorithm is stored on the keychain. When the keychain is synced up with the online blizzard account, this algorithm is set in motion. At the same time, Blizzard's servers run the same algorithm for the same account. Regardless of connectivity, the keychain will always have the same password Blizzard has set up for the account. Couple bad things here. One, is the keychain needs to run indefinitely to work right, even a minute offline ruins the system. Meaning a battery warning needs to be given well in advance(I wouldn't be surprised if this could be usb-rechargeable). Another problem though. Running the algorithm securely would require a hefty encryption process. Running this process for millions of users? That would require Blizzard to have server farms just for password maintenance.
End Result: Hackers have access to an algorithm that will always run. Even if the encryption is 1 GB or larger, it CAN and most likely WOULD be cracked eventually.
Cons: Battery life, and server requirements
Naturally those are just two options that come to mind for me.
This idea isn't new, but Blizzard would definately be pushing the envelope in terms of scaleability. And whereas the other areas this technology is used may not necessarily have hackers working to crack the system, Blizzard will be constantly fighting not only hackers, but the farms of servers some hackers have in order to keep the code safe from being understood.
As far as Diablo III goes it's a little too fantastical to believe this system will be used to log people in.
i have to agree with you now... blizzard's battle.net is hosted by At&T so... they could use there sat's
Every 10 mins still kills it which means if its 11 coded number and it changes about 720million times a day? it means that you have a 90% chance of using the same code once and getting it right on another persons account which weakens its security.
Example. My code is 12130401231 right? And my friends account is ( HIimNEW ), Then next week I try it theres a certain chance i can get his code. Or if i REALLY wanted some ones account i can sit there for a whole year using the same pass word and i pretty much havea 100% of a chance to finally get it.
Every 10 mins still kills it which means if its 11 coded number and it changes about 720million times a day? it means that you have a 90% chance of using the same code once and getting it right on another persons account which weakens its security.
Example. My code is 12130401231 right? And my friends account is ( HIimNEW ), Then next week I try it theres a certain chance i can get his code. Or if i REALLY wanted some ones account i can sit there for a whole year using the same pass word and i pretty much havea 100% of a chance to finally get it.
yes but that would make you a crazed retard in the process lol cus A) you would have to try that same code every 10 minutes... and just WTF is enough... and who ever would try that would really have no life at all... unless they set it up brute force wise AND AGAIN after a certaina mount of fail attempts Bnet blocks your cd key from access for a certain period of time in which you might miss the actual code blah blah blah your idea is a insane and 100% unlikely to work.
yea but the number doesnt change... from what that article said it changes every 10 minutes and some how this key chain know's it? besides you cant brute force battle.net because after so many failed attempts your cd key is banned from trying to log in for awhile and unless you have over 1000+ cd keys that swap out after each one is banned and some how manage to brute force the server and get the password to the account if the user wasnt to retarded he would of set it to his email... and bam gain back his account....
The number on the WoW authenticator does change, and you need to enter a new code with the password every time you login.
How does the Blizzard Authenticator work?
You must first associate the Blizzard Authenticator to the World of Warcraft account you play. Once the account has been linked, the Authenticator token will be required to log in to Account Management or to the game; when logging in, you will be prompted to supply a digital code generated by the Authenticator.
How it does this without connecting to the server is debatable however. I think when it authenticator is produced, it's equipped with a large number of randomly ordered codes, and when you associate an account with a particular authenticator the server will know which codes will appear next so it can check that what you enter is valid. Or perhaps the authenticator has a randomly selected algorithm for producing codes, which the server knows when you attach the authenticator to an account.
The number on the WoW authenticator does change, and you need to enter a new code with the password every time you login.
to accoutn settings to change anything not the game if they somehow get your password and steal ur shet... well your sol.. and in Daiblo 2 if some 1 jacks your stuff there not like the gms of WoW there like oh well... tough shit dude now move along.
to accoutn settings to change anything not the game if they somehow get your password and steal ur shet... well your sol.. and in Daiblo 2 if some 1 jacks your stuff there not like the gms of WoW there like oh well... tough shit dude now move along.
If they change your password, they still won't be able to log into the game since they don't have the authenticator code. And you can get your password recovered via email. And they won't be able to change the email on the account unless they physically phone Blizzard with the answer to your secret question.
firefox with noscript, malware, virus, spyware detectors, firewall
no passwords like:doggy
rather: K#2v3ruNdeT/kt52LM or such prevents account stealers just as easy
my passwords aren't even close to that complicated and never have my account been stolen yet
or then I'm just lucky.
One thing to prevent the brute forcing/guessing is not showing the actual account name in battle.net. This way they just can't do it when they don't know what account to try.
Just don't use the same name on your character that your account has
Whats is this stuff with codes and authenticators? I play WOW but I don't remember all that crap.
regular old CD key that is placed on the Cd case, and the regular password I have used since I started playing, haven't changed it once.
Only code for me that changes is my time card codes because they expire.
Rollback Post to RevisionRollBack
-Humankind cannot gain anything without first giving something in return. To obtain, something of equal value must be lost. That is alchemy's First Law of Equivalent Exchange. In those days, we really believed that to be the world's one, and only, truth.
To post a comment, please login or register a new account.
heres what it says: Diii.net has received a hot rumor about the major changes coming to Battle.net as Blizzard upgrades their game hosting service to support the upcoming Starcraft 2 and Diablo 3 titles. An excerpt:
"When D3 comes out, Blizzard will be making major changes to battle.net. All players will have a universal battle.net account for all games. They will start selling a $6 key chain with a digital face that updates every 10 minutes or so with a new 11-digit number. That 11-digit number will be your password. This will make it nearly impossible to keylog or bruteforce accounts."
wtf o.O how does the key chain know your password unless its like hooked up to the internet via like satellite or something with a unlimited power supply and which case blizzard is awesome for having such a cheap tool but imo i dont think so...
odd.... a article i saw earlier on diii.net about battle.net 2.0 has been removed? not this article but another that was more in depth a bit... hrmmmm
That's retarded.
...the stench of terror drifts on a bitter wind,
The people pray for strength and guidance ..
they should pray for the mercy of a swift death
for I have seen what the darkness hides.
still it would be cool if they did somehow.
"Everywhere the human soul stands between a hemisphere of light and another of darkness; on the confines of the two everlasting empires, necessity and free will."
-Thomas Carlyle
yea but the number doesnt change... from what that article said it changes every 10 minutes and some how this key chain know's it? besides you cant brute force battle.net because after so many failed attempts your cd key is banned from trying to log in for awhile and unless you have over 1000+ cd keys that swap out after each one is banned and some how manage to brute force the server and get the password to the account if the user wasnt to retarded he would of set it to his email... and bam gain back his account....
I also recall hearing about this article elsewhere so the info isn't new either. I'm not too worried, any thing that prevents hackers/botters and makes the game safer and more fun.
Anywho, size isn't a problem. The problem is this. There is one of two possiblities for what the keychain does to update passwords.
1. The keychain somehow links up to a network and receives a code from Battle.net to tell it what the password is. This method means whoever wants to hack the code will get a chance to view its transmission every 10 minutes. During the 10 minute waits, hackers will probably decipher what information they can.
End result: Hackers may be able to easily crack this type of password method.
Cons: people who can't see the satellies Blizzard uses can't play Battle.net games.
2. An algorithm is stored on the keychain. When the keychain is synced up with the online blizzard account, this algorithm is set in motion. At the same time, Blizzard's servers run the same algorithm for the same account. Regardless of connectivity, the keychain will always have the same password Blizzard has set up for the account. Couple bad things here. One, is the keychain needs to run indefinitely to work right, even a minute offline ruins the system. Meaning a battery warning needs to be given well in advance(I wouldn't be surprised if this could be usb-rechargeable). Another problem though. Running the algorithm securely would require a hefty encryption process. Running this process for millions of users? That would require Blizzard to have server farms just for password maintenance.
End Result: Hackers have access to an algorithm that will always run. Even if the encryption is 1 GB or larger, it CAN and most likely WOULD be cracked eventually.
Cons: Battery life, and server requirements
Naturally those are just two options that come to mind for me.
This idea isn't new, but Blizzard would definately be pushing the envelope in terms of scaleability. And whereas the other areas this technology is used may not necessarily have hackers working to crack the system, Blizzard will be constantly fighting not only hackers, but the farms of servers some hackers have in order to keep the code safe from being understood.
As far as Diablo III goes it's a little too fantastical to believe this system will be used to log people in.
i have to agree with you now... blizzard's battle.net is hosted by At&T so... they could use there sat's
Example. My code is 12130401231 right? And my friends account is ( HIimNEW ), Then next week I try it theres a certain chance i can get his code. Or if i REALLY wanted some ones account i can sit there for a whole year using the same pass word and i pretty much havea 100% of a chance to finally get it.
yes but that would make you a crazed retard in the process lol cus A) you would have to try that same code every 10 minutes... and just WTF is enough... and who ever would try that would really have no life at all... unless they set it up brute force wise AND AGAIN after a certaina mount of fail attempts Bnet blocks your cd key from access for a certain period of time in which you might miss the actual code blah blah blah your idea is a insane and 100% unlikely to work.
I doubt it will be required, like in WoW its an additional protective measure for those who want to buy it.
http://us.blizzard.com/support/article.xml?articleId=24660
How does the Blizzard Authenticator work?
You must first associate the Blizzard Authenticator to the World of Warcraft account you play. Once the account has been linked, the Authenticator token will be required to log in to Account Management or to the game; when logging in, you will be prompted to supply a digital code generated by the Authenticator.
How it does this without connecting to the server is debatable however. I think when it authenticator is produced, it's equipped with a large number of randomly ordered codes, and when you associate an account with a particular authenticator the server will know which codes will appear next so it can check that what you enter is valid. Or perhaps the authenticator has a randomly selected algorithm for producing codes, which the server knows when you attach the authenticator to an account.
to accoutn settings to change anything not the game if they somehow get your password and steal ur shet... well your sol.. and in Daiblo 2 if some 1 jacks your stuff there not like the gms of WoW there like oh well... tough shit dude now move along.
no passwords like:doggy
rather: K#2v3ruNdeT/kt52LM or such prevents account stealers just as easy
my passwords aren't even close to that complicated and never have my account been stolen yet
or then I'm just lucky.
One thing to prevent the brute forcing/guessing is not showing the actual account name in battle.net. This way they just can't do it when they don't know what account to try.
Just don't use the same name on your character that your account has
RIP: Demon Hunter: lvl 50 | Barb: lvl 60 (plvl 5) | Monk: lvl12 & lvl70 (plvl 200)
regular old CD key that is placed on the Cd case, and the regular password I have used since I started playing, haven't changed it once.
Only code for me that changes is my time card codes because they expire.