Anyone else not need an Authentcator this morning to log in?

Anything, including off-topic posts

Moderators: Fridmarr, Worldie, Aergis, Sabindeus, PsiVen

Anyone else not need an Authentcator this morning to log in?

Postby sherck » Fri Jun 17, 2011 4:15 am

As the title says, I have a RNG attached to my account; however, this morning I did not need it to log in. My password was good enough to do so.

Checked my account, all was good. Checked my Blizzard.net and it indicated that the account did still indeed have an authentcator attached to it.

Thoughts?

Cheers,
sherck
 
Posts: 1475
Joined: Fri Feb 22, 2008 7:57 am

Re: Anyone else not need an Authentcator this morning to log

Postby KysenMurrin » Fri Jun 17, 2011 4:27 am

They announced yesterday that they were going to change it so people who always log in from the same location will not need to use their code. There were a lot of negative responses.
I don't play WoW any more.
Donnan - Nangun - Kysen - Kysen - Mardun - Timkins

Mostly-Book Blog.
KysenMurrin
 
Posts: 6832
Joined: Thu Jun 26, 2008 6:37 am
Location: UK

Re: Anyone else not need an Authentcator this morning to log

Postby Malkieri » Fri Jun 17, 2011 4:33 am

If you use an authenticator – and we hope you do – you may soon notice that an authenticator prompt may not appear with every login. We’ve recently updated our authentication system to intelligently track your login locations, and if you’re logging in consistently from the same place, you may not be asked for an authenticator code. This change is being made to make the authenticator process less intrusive when we’re sure the person logging in to your account is you.

We hope to continue improving the authenticator system to ensure the same or greater security, while improving and adding features to make having one a more user friendly experience. If you don’t already have a Battle.net Authenticator attached to your account, don’t wait until it’s too late


Is the blue post.
Malkieri
 
Posts: 44
Joined: Tue Sep 29, 2009 2:35 am

Re: Anyone else not need an Authentcator this morning to log

Postby Shathus » Fri Jun 17, 2011 6:01 am

Yah, I'm not a fan of the change. I just feel more comfortable entering my code in, and think the option is fine IF YOU WANT IT, but would chose to opt out given the choice.
Shathus
Maintankadonor
 
Posts: 1465
Joined: Sun Apr 06, 2008 5:02 pm

Re: Anyone else not need an Authentcator this morning to log

Postby sherck » Fri Jun 17, 2011 6:20 am

Thanks for the quick reponse all. I had not seen that post and was fearful that I was getting hacked somehow.

Cheers,
sherck
 
Posts: 1475
Joined: Fri Feb 22, 2008 7:57 am

Re: Anyone else not need an Authentcator this morning to log

Postby Shathus » Fri Jun 17, 2011 6:26 am

sherck wrote:Thanks for the quick reponse all. I had not seen that post and was fearful that I was getting hacked somehow.

Cheers,


You should probably give your gold to me for safe-keeping just to be sure though
Shathus
Maintankadonor
 
Posts: 1465
Joined: Sun Apr 06, 2008 5:02 pm

Re: Anyone else not need an Authentcator this morning to log

Postby Aerron » Fri Jun 17, 2011 6:45 am

Was having this discussion on another forum. I'll just cut and paste my comments from there over here:

If I had to guess, I'd say they're taking this "log in location" cue from RIFT, which does the same thing.

RIFT's is very specific as to where you log in from. I tried to log in to my wife's account from my computer. She normally plays on her comp which sits right next to mine, both connected to the same router. When I logged into her account, it totally locked me down.

Ask me, that's pretty specific.
Aerron
 
Posts: 475
Joined: Sat Oct 13, 2007 6:33 pm
Location: Richmond, VA

Re: Anyone else not need an Authentcator this morning to log

Postby Sabindeus » Fri Jun 17, 2011 6:47 am

Shathus wrote:Yah, I'm not a fan of the change. I just feel more comfortable entering my code in, and think the option is fine IF YOU WANT IT, but would chose to opt out given the choice.


So you're one of those guys that prefers Security Theater to actual security, eh? :p
Image
Turn In, an NPC interaction automator - http://wow.curse.com/downloads/wow-addo ... rn-in.aspx
User avatar
Sabindeus
Moderator
 
Posts: 10472
Joined: Mon May 14, 2007 9:24 am

Re: Anyone else not need an Authentcator this morning to log

Postby Zalaria » Fri Jun 17, 2011 6:52 am

Aerron wrote:Was having this discussion on another forum. I'll just cut and paste my comments from there over here:

If I had to guess, I'd say they're taking this "log in location" cue from RIFT, which does the same thing.

RIFT's is very specific as to where you log in from. I tried to log in to my wife's account from my computer. She normally plays on her comp which sits right next to mine, both connected to the same router. When I logged into her account, it totally locked me down.

Ask me, that's pretty specific.


Most likely it uses some way of defining the hardware as its way of defining 'location'. Whether that's as simple as MAC address, or as complex as building a hash from your CPU/motherboard/video card/etc, it would disallow what you tried.
Dovie'andi se tovya sagain - It's time to roll the dice
User avatar
Zalaria
Maintankadonor
 
Posts: 646
Joined: Tue Sep 11, 2007 7:27 am

Re: Anyone else not need an Authentcator this morning to log

Postby Shathus » Fri Jun 17, 2011 6:56 am

Sabindeus wrote:
Shathus wrote:Yah, I'm not a fan of the change. I just feel more comfortable entering my code in, and think the option is fine IF YOU WANT IT, but would chose to opt out given the choice.


So you're one of those guys that prefers Security Theater to actual security, eh? :p


Well, I have the authenticator so that is actual security technically, mostly I just don't trust hackers, they figure out too many ways around stuff. (apologizes in advance if this is just incorrect but) could someone spoof your IP to make their servers think it's your logging in from your PC and the authenticator code wouldn't be needed?

Yes yes, you can still get hacked w/ an authenticator, but I'll take the 5 seconds to make me feel safer. Now, the TSA at the airport can blow me.
Shathus
Maintankadonor
 
Posts: 1465
Joined: Sun Apr 06, 2008 5:02 pm

Re: Anyone else not need an Authentcator this morning to log

Postby Shoju » Fri Jun 17, 2011 7:03 am

Shathus wrote:
Well, I have the authenticator so that is actual security technically, mostly I just don't trust hackers, they figure out too many ways around stuff. (apologizes in advance if this is just incorrect but) could someone spoof your IP to make their servers think it's your logging in from your PC and the authenticator code wouldn't be needed?

Yes yes, you can still get hacked w/ an authenticator, but I'll take the 5 seconds to make me feel safer. Now, the TSA at the airport can blow me.


I'm assuming that they are building the profile based on what they collect in their non personal information system information requests.

I didn't try to login from my wife's comp last night, but I will try. I play from an external SSD drive, So I will run it into hers, and try it out.

And TSA, you mean they haven't tried that with you yet? Oh man... I thought my wife was going to get arrested when they "screened" her. The guy actually grabbed her breast, and she slapped him right across the face and said: "If you can't tell thats real, you shouldn't be working here."
User avatar
Shoju
 
Posts: 6355
Joined: Mon May 19, 2008 7:15 am

Re: Anyone else not need an Authentcator this morning to log

Postby sherck » Fri Jun 17, 2011 7:39 am

Don't touch my junk!

Cheers,
sherck
 
Posts: 1475
Joined: Fri Feb 22, 2008 7:57 am

Re: Anyone else not need an Authentcator this morning to log

Postby Shoju » Fri Jun 17, 2011 7:54 am

I really thought that was where we were headed. The guy simply turned beat red, apologized, and quickly finished up. no men in black suits waiting at the other end.
User avatar
Shoju
 
Posts: 6355
Joined: Mon May 19, 2008 7:15 am

Re: Anyone else not need an Authentcator this morning to log

Postby Sabindeus » Fri Jun 17, 2011 8:13 am

Shathus wrote:could someone spoof your IP to make their servers think it's your logging in from your PC and the authenticator code wouldn't be needed?


Spoof? No. There's plenty of potential man in the middle attacks that can be done against simple 2 way communication, but in general the shared secret authentication that Blizz uses with the authenticator is fairly strong against that sort of thing. The usual points of failure on that would be on either end of the connection, so for example if someone has control of your PC while you log in, then you can pretty much forget it.

Basically: If your computer is compromised then you can pretty much expect that your shit is forfeit whether Blizz asks for a token or not.
Image
Turn In, an NPC interaction automator - http://wow.curse.com/downloads/wow-addo ... rn-in.aspx
User avatar
Sabindeus
Moderator
 
Posts: 10472
Joined: Mon May 14, 2007 9:24 am

Re: Anyone else not need an Authentcator this morning to log

Postby fafhrd » Fri Jun 17, 2011 8:18 am

Interesting, if they keep this change, I might finally be willing to get an authenticator.

Although if they decide to revert the change later on I'd be pissed, so probably not.
ImageImage
1/1 Lore pre-nerf.
User avatar
fafhrd
 
Posts: 5432
Joined: Fri Aug 31, 2007 2:31 pm

Next

Return to General

Who is online

Users browsing this forum: Alandra, Arjuna and 1 guest

Who is online

In total there are 3 users online :: 2 registered, 0 hidden and 1 guest (based on users active over the past 5 minutes)
Most users ever online was 380 on Tue Oct 14, 2008 6:28 pm

Users browsing this forum: Alandra, Arjuna and 1 guest