Do YOU Authenticate?
By maryvarn on February 25th, 2010Posted In: NPC Blog,Polls,Video Games,World of Warcraft
A recent NPC comic, The Protector, brought up the subject of account authentication, and several people left comments about their own authenticator experience. I want to hear more, so I figured, poll time!
Warcraftpets.com
I didn’t get an authenticator until this winter. Up until December I played WoW exclusively on a Mac, so I was living in my “lalalala, I don’t have to worry about security (as much)” bubble. But then I got a Windows laptop and the Core Hound Pup was released as a promo available exclusively for authenticator users. I have an iPhone, and I’m a sucker for pets, so it was an easy decision. Why not? I admit that the act of authenticating each time puts an extra step between me and my game. I always feel I have to rush to enter the current number before it disappears. But I have peace of mind, my guild doesn’t have to worry about me getting hacked and raiding their bank, and I have pretty sweet pet to add to my collection. If Blizzard is really concerned about security, I think they should put the USB dongle authenticators in every Cataclysm box.
Edit: A commenter pointed out that the Blizzard authenticators aren’t USB dongles, nor do they connect to your computer at all. They’re just small devices that you can attach to your key chain. Not sure why I was under the impression they were USB…still living in my “lalalala” iPhone/mac world I guess. 
Yes, and have done before the core hound pups were unleashed [snarfle] – got one for the bf and i a while ago as a few people in our -then- guild had been hacked and our logic was that you dont see an issue with having to have interet security so why should using a really imple bit of kit to protect your favourite hobby be a problem?
the pets were a nice bonus though, for sure!
Yeah I authenticate.
And as an extra thought, I like to think of the hacker when he learns my password and then BAM! , the authenticator window pops! hahaha! Just makes me smile.
I m always very careful but still, it’s extra security. (and yeah, authenticator in the Cataclysm xpac has been talked about)
I’ve used my authenticator ever since I got it for free at Blizzcon ’08 — bought one for my fiance and my best friend once they were back in stock on the online store, and then we gave away the ones we got for free at Blizzcon ’09 to other friends who hadn’t been able to get them yet. Spread the account security love!
Getting a minipet for free was just an added bonus =) I have to say he’s one of my favorites.
I got an authenticator about 4 months ago, after our Guild Leader got hacked. The next day I had the authenticator on my iPhone. So it wasn’t the pet that convinced me. Although Lava Jr. is a nice bonus.
I remember the very day I decided to get my authenticator. I was doing daily quests in Icecrown whilst saving up for the Traveler’s Tundra Mammoth. I had about 12k gold when someone whispered me to say that my account had been banned and I needed to go to some bogus Blizzard-like website to get it back. I reported him for his tell, but it made me realize, hackers were targeting *me*, specifically. With so much to lose (12k gold), I purchased my authenticator immediately after logging out.
The pet was a nice incentive added after I got it, and I always proudly display it on all of my characters. People ask me about it all the time, wanting to know how I got it. Unfortunately, their visible annoyance after being told that they get the pet by purchasing an authenticator has made me realize just how many people aren’t going to get an authenticator if Blizzard doesn’t give it to them and force them to use it. It’s also made me realize just how many people think “gay” is an acceptable synonym for “that’s stupid,” but that’s another matter.
I have the iPhone app, AND I’m on a Mac, you can never be too cautious when you have 50k gold
. I have to say that the fact it was as simple as downloading an ap, I didn’t thought much about, dont know if I would have purchased the dongle one.
Just to clear something up, the stand alone authenticator isn’t a USB dongle. It’s a like a digital watch on a key chain. It doesn’t connect to your computer in any way, shape, or form. The only reason Blizzard knows which one you have is because you have to register the serial number with them.
Thanks Rob! I edited the post.
np. I had no idea how they actually worked til I got one. I liked it so much I put it on both my accounts. It also has the added bonus of keeping me from playing wow at school, while I should be listening to the professor, since I leave it at home during the day.
I’m still peeved with Blizzard for the Battle.net push. Account names may or may not be more secure than email addresses, but you can’t simply scrape websites for likely hits on account names. While this is only a factor in brute force account hacking, brute forcing is rare but not entirely unknown.
The authenticator is good for people likely to fall prey to phishing or keyloggers. Paranoia / “safe browsing” helps against those.
But a word of caution: Whether you’ve got the keyfob authenticator, or an iphone one, or some other variety: write your serial number down! Keyfobs go through the wash or drop off, iPhones get stolen, misplaced, or squished. If you lose your authenticator, and don’t have your serial number, you are in a world of hurt.
You missed a fifth category for the poll – I own an authenticator but I don’t use it. My boyfriend and I play together and sometimes he logs on to my toon to get horde auction prices (since I have horde money and he doesn’t) or he uses my maxxed out herbalist to find herbs. We also have a third account that we literally use together (for refer-a-friend benefits) and putting either of those accounts on an authenticator means we’d have to be physically present with each other in order to use it. We are both Mac users as well, and although I, too, have over 50k gold I am not fearful of being hacked. I do own an authenticator because we bought them before we realized the inconvenience of using our accounts the way we do. (YES, I know Blizz does not allow account sharing. But I bet 10% of the people I know share or have shared their accounts with their significant other or best friend or family member.)
Another thing that needs to be addressed: you can still be hacked with an authenticator. A very good guildie friend of mine used the iPhone authenticator. He picked up a keylogger somewhere (he’s guessing thottbot), and one day went to log on and it said his authenticator number was invalid. The hackers had contacted Blizz and got them to unlink his authenticator for a different one (theirs). They went in and cleaned out his gold and his flasks and mats for things. We were all surprised that even though he was using an authenticator, he got hacked. The method of protection is only as good as its gatekeeper – and if Blizz is going to allow people to reset their authenticators without REALLY good verification of who the account holder is, the problem will still exist.
Yikes! Hopefully Blizz has beefed up their account verification on that end…
Oh, and the question is “Do you authenticate your account?” Not do you own one.
Sorry, I read it wrong.
There was a blue post a while back on why Blizzard hasn’t put authenticators in every game box – it was because Blizzard recognizes that their fan base is not composed of the brightest bunch (of course, they said it much more PC), and most people have no clue what it is, what it would do, or how to work it – and so they make it optional, and rely on word-of-mouth (and now, a cuddly pet) to encourage it. I know that I talk mine up all the time – and it boggles my mind how many people have no idea what the authenticator is, why it would help them, and why they should bother.
I can definitely see (particularly after spending some time pugging a ToC yesterday…agh…) Blizzard’s intelligence in recognizing that a good portion of its fan base are really young, and would be confused by an RNG. Requiring it would alienate some players (and lose Blizzard some cash). I just wish more people would get an authenticator! My guild recently made it a requirement for all officers to have an authenticator – which I am very happy about! Then again, there is still a guy in my guild who refuses to get one because “he is too cheap”. /rolleyes
I authenticated before because a friend of mine got hacked, and he was more computer savvy than i was so I figured I ought to be safe rather than sorry.
In light of the USB comment in the article, I too used to think it was a USB device and that was a stumbling block for me given the location of the ports I owned. However it worked pretty well up until the time I quit playing.
Still have it for if I ever return
Both me and my boyfriend own authenticators and authenticate our accounts. We got them before the pet. I have dropped my authencator into a fresh large boiling cup of tea/coffee twice now (i keep mine on the shelve above my pc, accidents do happen..
) AND it still survives.
Just remember to write your serial number down somewhere safe just in case..
I don’t use an authenticator and Blizzard’s policy of single authenticator for each account discourages me from using it. I share my account with my sons – two sons, two accounts. This is perfectly ok with Blizzard. Using an authenticator means I will get a phone call at work from my kids asking for the authentication code or giving the kids the authenticator, neither of which I’m willing to do. I would use it if I could get two authenticators to work on one account, that way my sons and I could each carry an authenticator.
I don’t know how many people share their account with their kids but I think this is a group that is vulnerable to hacking – I can’t seem to convince them that this is a big deal no matter what I try.
This is something I would like as well – see above. I know other parents who share with their kids. And I know that kids are more likely to give out their passwords to their friends who are in turn more likely to get the bright idea one day to steal all their friend’s stuff due to a disagreement or “joke”. So an authenticator is crucial in this situation.
Well, I really, really want the corehound pup pet, but don’t feel the need for an authenticator for myself. I would never share my account info, and I only use my own Mac, run my virus updates, and try to be vigilant about safe browsing, etc.
Plus, besides the minor inconvenience of an extra log-in step, being forced to use the keychain thing is a major obstacle for me. I am one of the few, the proud, who still has a cell phone that only makes phone calls (ok, it also texts), so I would have no choice but to get the keychain thing. This is a problem, since I am a closet WoW-er, and would hate to have to keep anything emblazoned with Warcraft graphics lying out and about, just waiting to be noticed. Yes, I am that paranoid. I can’t help it.
As soon as they released the authenticator iPhone App I was all over it. The pet that came later was just a nice bonus.
By the by I know I’m a little late to the party with this comment but I wanted to say that I’m really loving your new art style. Keep up the good work!
I got one, as soon as the authenticator came out for android phones. Didn’t see much point in paying for and carrying around an extra device, when I had a smartphone I carried around everywhere.
I will admit to pangs of annoyance, however, when I go to log into WoW, and realize my phone is in my jacket, or in the bedroom, or whatever.
Not goining to get one. also like the one loge-in name more then the e-mail adress one. but playing now for a x amount of years.. and not bin hacked yet so… i havet though about. plus the last year i started playing less and less so the pet is not a motivation to get one. i so miss the old bg premade days…. hoop they will get it back in the next expansion… but will see
I don’t use a authenticator. I don’t think it is a necessary measure if you use a security policy about passwords. I use a Mac, and don’t log on my WoW account on others computers. If I do, I change my password. Actually, I change my password often.
If you understand how you can get your password stoled, it is easier to defend yourself. And if you are not a little bit aware of security policies, the authenticator won’t save you. I agree it is a extra door, but not a impenetrable one.
So in my case, the cost/benefit is really low. Although the pet is awesome.
I and my wife share one Authenticator on our two accounts. I was hacked last November and they took everything. Our guild bank was empty, my Bank alt bank was empty, they had invited 50 toons to our guild and most of my toons were naked. It took a week and a half to get my stuff back and our guildmaster put ‘security’ measures in place that effectively made the guild bank useless to me.
So yea I got an authenticator and it had nothing to do with the core hound.