I dont get why people don't just use an authenticator. a good antivirus, strong password, and solid web browser are all good ideas, but the authenticator gives 100x more protection then anything else ever will. Multi-factor authentication is the way to go.
Because it's much easier to blame Blizzard when something happens.
I just read the bnet forums and it just amazes me how many people have no clue how the authenticator works. I keep reading "HE HAS AN AUTH BRO ITS BLIZZ FAULT."
First off, when you log in, Blizzard stores your IP address so that when you have the "authenticate every time" option unchecked, it won't bother you every time. I think once a week is the frequency it will require you to authenticate.
When you log in from another computer or someone tries to hack you from China, the authenticator kicks in immediately, regardless of the option you have checked. It senses a different IP and stops you from logging in unless you authenticate. I sometimes play at my PC, and then go to my laptop later at night. When I try to play on my laptop, I have to authenticate every single time, then authenticate again on my PC. That's the design of it for your protection.
Last year I tried to play WoW in Mexico while on a work trip, and Blizzard sensed a different IP and immediately locked my account and required me to go to bnet to authenticate and change my password for proof.
Blizzard just won't let these people waltz into your accounts without any protection, so I have no doubt that the people claiming they were hacked with an authenticator really did not have one.
it actually goes further than just IP address. It checks your ip address, MAC address and probably some SID's or hardware ID's. If you so much as reformat your computer, it will think its a new login location and ask for the authenticator again even if your IP and MAC addresses and hardware ID's are the same. So when people claim they get hacked with an authenticator because of the "don't ask every time" option, I just dont believe it, because theres so much more involved than some people realize.
it actually goes further than just IP address. It checks your ip address, MAC address and probably some SID's or hardware ID's. If you so much as reformat your computer, it will think its a new login location and ask for the authenticator again even if your IP and MAC addresses and hardware ID's are the same. So when people claim they get hacked with an authenticator because of the "don't ask every time" option, I just dont believe it, because theres so much more involved than some people realize.
Good point, I agree they would store that information too.
Bottom line, if you don't have an authenticator, you're making a mistake. Get the app for Android/iOS, or if you don't have a smartphone, get one of the physical ones from Blizz, they are dirt cheap, and it's a VERY small price to pay for peace of mind.
Rollback Post to RevisionRollBack
i would choose my own religion and worship my own spirit, but if he ever preached to me i wouldn't want to hear it. i'd drop him, a forgotten god, languishing in shame; and then if i hit stormy seas, i'd have myself to blame.
Bottom line, if you don't have an authenticator, you're making a mistake. Get the app for Android/iOS, or if you don't have a smartphone, get one of the physical ones from Blizz, they are dirt cheap, and it's a VERY small price to pay for peace of mind.
there's even the FREE phone based dial-in authenticator that uses a pin #. There's no excuse for not having one besides laziness / stubbornness.
As far as getting around an authenticator, it *still* requires the client to be compromised, so that the login credentials can be redirected to the hackers, and the authenticator data is used in real time.
That actually happened in WoW for a while. I think it was a DLL hooked to the exe or something.
That said, I'd suggest turning off the option so that it actually asks you to authenticate every time. I'm sure it's secure, but why risk it when it's such a minor inconvenience?
As far as getting around an authenticator, it *still* requires the client to be compromised, so that the login credentials can be redirected to the hackers, and the authenticator data is used in real time.
That actually happened in WoW for a while. I think it was a DLL hooked to the exe or something.
That said, I'd suggest turning off the option so that it actually asks you to authenticate every time. I'm sure it's secure, but why risk it when it's such a minor inconvenience?
I remember when that happened, and there was a simple fix implemented. Each code is now only good once. So even if a hacker gets your code, your password and account name and uses it within the 30-45 seconds that the code is good, if you logged in with that code, they won't be able to.
As far as getting around an authenticator, it *still* requires the client to be compromised, so that the login credentials can be redirected to the hackers, and the authenticator data is used in real time.
That actually happened in WoW for a while. I think it was a DLL hooked to the exe or something.
That said, I'd suggest turning off the option so that it actually asks you to authenticate every time. I'm sure it's secure, but why risk it when it's such a minor inconvenience?
I remember when that happened, and there was a simple fix implemented. Each code is now only good once. So even if a hacker gets your code, your password and account name and uses it within the 30-45 seconds that the code is good, if you logged in with that code, they won't be able to.
Well, if your machine is compromised, Blizzard never gets *your* data. The hackers get it by redirection, then they use it to log in. But again, that's a lot of trouble to go to when there's all those no-authenticator accounts out there ripe for the picking. Still a client-side issue, though, not server-side. The connection is only as secure as the weakest part.
Perhaps I'm just lucky, but in 5 years of D2 online and 7 years of Guild Wars, I've never been hacked or compromised in any way. Are people just careless? Unfortunate?
Im not sure if this is still the same, but with the authenticator and having the option to not ask you every time you login, it actually stores a file on your computer as well. Somebody was able to test it and was able to move this file to another computer to login and not be asked for an authenticator (May have been changed, read it a while back)
Another thing people are saying, is that their accounts are being compromised through blizzards end which they are not being required to have your info at all to be able to swipe things (unlikley something that large is overlooked)
My account is still safe (mind you i haven't logged in yet)
But if it does happen, i will be very surprised as i play on linux using a seperate xsession to play d3 in (means nothing besides d3 runs on that, no outside programs can influence it.... (Means i play on linux))
Well, if your machine is compromised, Blizzard never gets *your* data. The hackers get it by redirection, then they use it to log in. But again, that's a lot of trouble to go to when there's all those no-authenticator accounts out there ripe for the picking. Still a client-side issue, though, not server-side. The connection is only as secure as the weakest part.
I agree completely that it is a client side problem, but it has happened. I think it was an addon that had the maninthemiddle attack in it.
There's no addons for D3, so if you managed to get something like that, you would have to be trying to do something that would get you banned anyways.
As far as getting around an authenticator, it *still* requires the client to be compromised, so that the login credentials can be redirected to the hackers, and the authenticator data is used in real time.
That actually happened in WoW for a while. I think it was a DLL hooked to the exe or something.
That said, I'd suggest turning off the option so that it actually asks you to authenticate every time. I'm sure it's secure, but why risk it when it's such a minor inconvenience?
I remember when that happened, and there was a simple fix implemented. Each code is now only good once. So even if a hacker gets your code, your password and account name and uses it within the 30-45 seconds that the code is good, if you logged in with that code, they won't be able to.
Well, if your machine is compromised, Blizzard never gets *your* data. The hackers get it by redirection, then they use it to log in. But again, that's a lot of trouble to go to when there's all those no-authenticator accounts out there ripe for the picking. Still a client-side issue, though, not server-side. The connection is only as secure as the weakest part.
I saw a thread on the Battle.net forums "I lost 2 trillion gold".
Gee.....I wonder how he got 2 trillion gold? Maybe if people weren't buying gold from the Chinese and screwing around on websites that they have no business visiting, we wouldn't see so many issues with account compromises? Yet all these dolts can think to do is blame Bliz.
Someone just tried to hack my account just a few minutes ago. I immediately changed my password. Thank God I did it quick enough and signed back on, none of my things are missing. Someone random was added to my friend's list. I reported them and removed them.
Watch out people! I haven't bought any gold or anything else from anywhere, and the only website I've been to D3 related is this one and the official one. So Blizzard needs to check their servers!!!!
I can't believe how many people this is client side. Like, cmon, really? A massive spike in account hacks (complete with not discriminating against people with authenticators) happen in a 48 hour period, and you people think they are all completely unrelated user errors? Holy fuck you are people are delusional blizzard fanboys.
So here's whats actually happening- The hack is happening in game, it's related to friend lists and how friended accounts communicate with each other, and is bypassing blizzard authentication servers. There are a ton of posts, and screen shots, many of them people having authenticators of this happening. Many gaming websites have had employees get hacked this way and are upping articles about it. There is almost 0 chance this is client side, and that there is nothing client side you can do to prevent it from happening.
But despite all this evidence, you only need to know one thing: if there is a MASSIVE influx of hacked accounts in an incredibly short period, you can be 100% positive knowing they arent all unrelated user error. You would be a literal retard if you thought that.
Someone just tried to hack my account just a few minutes ago. I immediately changed my password. Thank God I did it quick enough and signed back on, none of my things are missing. Someone random was added to my friend's list. I reported them and removed them.
Watch out people! I haven't bought any gold or anything else from anywhere, and the only website I've been to D3 related is this one and the official one. So Blizzard needs to check their servers!!!!
How does someone random get added to your friends list, and what makes you believe you were almost hacked?
Someone just tried to hack my account just a few minutes ago. I immediately changed my password. Thank God I did it quick enough and signed back on, none of my things are missing. Someone random was added to my friend's list. I reported them and removed them.
Watch out people! I haven't bought any gold or anything else from anywhere, and the only website I've been to D3 related is this one and the official one. So Blizzard needs to check their servers!!!!
I'd recommend removing your B-Net Username from this forum. A hidden door stays locked longer.
I can't believe how many people this is client side. Like, cmon, really? A massive spike in account hacks (complete with not discriminating against people with authenticators) happen in a 48 hour period, and you people think they are all completely unrelated user errors? Holy fuck you are people are delusional blizzard fanboys.
So here's whats actually happening- The hack is happening in game, it's related to friend lists and how friended accounts communicate with each other, and is bypassing blizzard authentication servers. There are a ton of posts, and screen shots, many of them people having authenticators of this happening. Many gaming websites have had employees get hacked this way and are upping articles about it. There is almost 0 chance this is client side, and that there is nothing client side you can do to prevent it from happening.
But despite all this evidence, you only need to know one thing: if there is a MASSIVE influx of hacked accounts in an incredibly short period, you can be 100% positive knowing they arent all unrelated user error. You would be a literal retard if you thought that.
Terms like "delusional blizzard fanboys" and "retards" sure makes you seem like you know what you're talking about. Try being a little more mature and maybe people will listen to your pleas.
Blizz is releasing a statement on this issues within the next few hours via battle.net forums.
Edit- Looks like someone all ready posted this info but I will keep it on
Just read this on official forums. A blue replied but didn't confirm nor deny it. Seems like the issue is on Blizzards end after all.
"an exploit was discovered by duplicating a session ID basically, if you join a public game with people, they can view your session ID and spoof it to login as you without need for a password or email or anyting if you play with people, try not to play in public games bro, only with people you know"
If this is the case we should expect to see servers going down shortly I would think.
This is the thread its in, http://us.battle.net...opic/5149539239 not much else to read though. I just logged in to delete randoms off my friends list, not sure if it would help or not but I just want to be safe as possible lol. I kept getting errors trying to remove people from friends and getting disconnected...
It doesn't explain every hacking incident, like one of the users in here that had their password changed which requires their email be hacked too.
Rollback Post to RevisionRollBack
To post a comment, please login or register a new account.
Because it's much easier to blame Blizzard when something happens.
it actually goes further than just IP address. It checks your ip address, MAC address and probably some SID's or hardware ID's. If you so much as reformat your computer, it will think its a new login location and ask for the authenticator again even if your IP and MAC addresses and hardware ID's are the same. So when people claim they get hacked with an authenticator because of the "don't ask every time" option, I just dont believe it, because theres so much more involved than some people realize.
Good point, I agree they would store that information too.
Battle.net Profile / Diablo Progress Profile
there's even the FREE phone based dial-in authenticator that uses a pin #. There's no excuse for not having one besides laziness / stubbornness.
That said, I'd suggest turning off the option so that it actually asks you to authenticate every time. I'm sure it's secure, but why risk it when it's such a minor inconvenience?
I remember when that happened, and there was a simple fix implemented. Each code is now only good once. So even if a hacker gets your code, your password and account name and uses it within the 30-45 seconds that the code is good, if you logged in with that code, they won't be able to.
Well, if your machine is compromised, Blizzard never gets *your* data. The hackers get it by redirection, then they use it to log in. But again, that's a lot of trouble to go to when there's all those no-authenticator accounts out there ripe for the picking. Still a client-side issue, though, not server-side. The connection is only as secure as the weakest part.
BurningRope#1322 (US~HC) Request an invite to the official (NA) <dfans> Clan
Another thing people are saying, is that their accounts are being compromised through blizzards end which they are not being required to have your info at all to be able to swipe things (unlikley something that large is overlooked)
My account is still safe (mind you i haven't logged in yet)
But if it does happen, i will be very surprised as i play on linux using a seperate xsession to play d3 in (means nothing besides d3 runs on that, no outside programs can influence it.... (Means i play on linux))
There's no addons for D3, so if you managed to get something like that, you would have to be trying to do something that would get you banned anyways.
PEBKAC
Gee.....I wonder how he got 2 trillion gold? Maybe if people weren't buying gold from the Chinese and screwing around on websites that they have no business visiting, we wouldn't see so many issues with account compromises? Yet all these dolts can think to do is blame Bliz.
BurningRope#1322 (US~HC) Request an invite to the official (NA) <dfans> Clan
Watch out people! I haven't bought any gold or anything else from anywhere, and the only website I've been to D3 related is this one and the official one. So Blizzard needs to check their servers!!!!
So here's whats actually happening- The hack is happening in game, it's related to friend lists and how friended accounts communicate with each other, and is bypassing blizzard authentication servers. There are a ton of posts, and screen shots, many of them people having authenticators of this happening. Many gaming websites have had employees get hacked this way and are upping articles about it. There is almost 0 chance this is client side, and that there is nothing client side you can do to prevent it from happening.
But despite all this evidence, you only need to know one thing: if there is a MASSIVE influx of hacked accounts in an incredibly short period, you can be 100% positive knowing they arent all unrelated user error. You would be a literal retard if you thought that.
How does someone random get added to your friends list, and what makes you believe you were almost hacked?
Just curious...
BurningRope#1322 (US~HC) Request an invite to the official (NA) <dfans> Clan
I'd recommend removing your B-Net Username from this forum. A hidden door stays locked longer.
Terms like "delusional blizzard fanboys" and "retards" sure makes you seem like you know what you're talking about. Try being a little more mature and maybe people will listen to your pleas.
Blizz is releasing a statement on this issues within the next few hours via battle.net forums.
BurningRope#1322 (US~HC) Request an invite to the official (NA) <dfans> Clan
Yes blame the game...
Just read this on official forums. A blue replied but didn't confirm nor deny it. Seems like the issue is on Blizzards end after all.
"an exploit was discovered by duplicating a session ID basically, if you join a public game with people, they can view your session ID and spoof it to login as you without need for a password or email or anyting if you play with people, try not to play in public games bro, only with people you know"
If this is the case we should expect to see servers going down shortly I would think.
This is the thread its in, http://us.battle.net...opic/5149539239 not much else to read though. I just logged in to delete randoms off my friends list, not sure if it would help or not but I just want to be safe as possible lol. I kept getting errors trying to remove people from friends and getting disconnected...
It doesn't explain every hacking incident, like one of the users in here that had their password changed which requires their email be hacked too.