The lack of Authentication
Old screencap of the iPhone Authenticator—a terribly convenient method
A guildie asked in gchat: Did anyone else not have to enter their Authenticator code?
Um, no, I always have/do. Turned out others in gchat didn’t, though. After some investigation, I came upon this Blizzard post:
If you use an authenticator – and we hope you do – you may soon notice that an authenticator prompt may not appear with every login. We’ve recently updated our authentication system to intelligently track your login locations, and if you’re logging in consistently from the same place, you may not be asked for an authenticator code. This change is being made to make the authenticator process less intrusive when we’re sure the person logging in to your account is you.
We hope to continue improving the authenticator system to ensure the same or greater security, while improving and adding features to make having one a more user friendly experience. If you don’t already have a Battle.net Authenticator attached to your account, don’t wait until it’s too late – http://us.battle.net/en/security/checklist
That’s well and good, I guess, and a bit startling. I suppose it’ll be nice not having to enter it all the time.
But here’s the thing…
I like having to enter it. That act gives me a sense of security, knowing that the extra effort I’m putting in is worth it. If the security is invisible it seems less secure—regardless of the actual truth of the matter. Sure, Blizzard is looking at IPs and employing all sorts of eldritch magic to keep our signing-ins secure and such, but I like having to enter the code. It’s real.
Mayhaps Blizzard will give us the option to always enter the code. Personally, I would like that.
(Of course, I say that now. Maybe in a week’s time I’ll get so used to it.)
Posted on June 18, 2011, in miscellaneous, World of Warcraft. Bookmark the permalink. 3 Comments.
Spell Rotation 
http://www.wowhead.com/forums&topic=191027/new-authenticator-workaround-make-it-ask-for-a-code-everytime
That’s what I did to get around Blizzards arbitrary decision to compromise my security.
I heard your comments in your podcast about the lack of security—but I don’t quite understand your lament. It seemed hyperbolic.
As I vaguely remember, someone(s) living in your household knows your password to your WoW account. My disconnect is why you would give that critical information to a person you cannot trust.
I did take an extreme stance – as I usually do. Nobody has my WoW Password – not even Freckleface! My point, being extreme, is that the “what ifs” outweigh the “it would never happen” in this scenario. That, and in IT Security, you never lessen the amount of security being offered without letting people choose to stay at their current security level. That’s security 101 there. Rookie mistake by blizzard on this one.
I don’t find it an inconvenience to authenticate. That’s why I bought a keyfob when they first became available. I want to make my account as secure as possible.
My scenario on the podcast was a “what if my son figured out my password”, or the same for Freckleface, or anyone else. Accidents happen sometimes, while other times malicious things happen. I’d rather have the full security I asked for, not someone elses idea of security they decided to shove down my throat.
Personally, I think the servers are getting overwhelmed. Blizzard pushed and pushed for Authenticator usage. They even give a pet away for usage. Now people are using it, and perhaps the server load is just too much. Solution? Ease the load on the server by caching credentials.
No thank you.