DiabloFans

Quote from mavfin

Quote from falcompsx

Quote from MandyMemory

Quote from mavfin

As far as getting around an authenticator, it *still* requires the client to be compromised, so that the login credentials can be redirected to the hackers, and the authenticator data is used in real time.

That actually happened in WoW for a while. I think it was a DLL hooked to the exe or something.


That said, I'd suggest turning off the option so that it actually asks you to authenticate every time. I'm sure it's secure, but why risk it when it's such a minor inconvenience?

I remember when that happened, and there was a simple fix implemented. Each code is now only good once. So even if a hacker gets your code, your password and account name and uses it within the 30-45 seconds that the code is good, if you logged in with that code, they won't be able to.

Well, if your machine is compromised, Blizzard never gets *your* data. The hackers get it by redirection, then they use it to log in. But again, that's a lot of trouble to go to when there's all those no-authenticator accounts out there ripe for the picking. Still a client-side issue, though, not server-side. The connection is only as secure as the weakest part.

Quote from MandyMemory

Quote from mavfin

As far as getting around an authenticator, it *still* requires the client to be compromised, so that the login credentials can be redirected to the hackers, and the authenticator data is used in real time.

That actually happened in WoW for a while. I think it was a DLL hooked to the exe or something.


That said, I'd suggest turning off the option so that it actually asks you to authenticate every time. I'm sure it's secure, but why risk it when it's such a minor inconvenience?

Quote from Zhaph

Bottom line, if you don't have an authenticator, you're making a mistake. Get the app for Android/iOS, or if you don't have a smartphone, get one of the physical ones from Blizz, they are dirt cheap, and it's a VERY small price to pay for peace of mind.

Quote from Doez

I just read the bnet forums and it just amazes me how many people have no clue how the authenticator works. I keep reading "HE HAS AN AUTH BRO ITS BLIZZ FAULT."

First off, when you log in, Blizzard stores your IP address so that when you have the "authenticate every time" option unchecked, it won't bother you every time. I think once a week is the frequency it will require you to authenticate.

When you log in from another computer or someone tries to hack you from China, the authenticator kicks in immediately, regardless of the option you have checked. It senses a different IP and stops you from logging in unless you authenticate. I sometimes play at my PC, and then go to my laptop later at night. When I try to play on my laptop, I have to authenticate every single time, then authenticate again on my PC. That's the design of it for your protection.

Last year I tried to play WoW in Mexico while on a work trip, and Blizzard sensed a different IP and immediately locked my account and required me to go to bnet to authenticate and change my password for proof.

Blizzard just won't let these people waltz into your accounts without any protection, so I have no doubt that the people claiming they were hacked with an authenticator really did not have one.