I'VE BEEN HACKED!

-
At least when I logged Sunday night I was absolutely positive that I had. See, upon logging into Warcraft, I was not prompted for my authenticator pin. I was sure that a hacker had my password and removed my authenticator from my account! To make matters worse, it was taking dreadfully long to get into my account last night, as Warcraft actually failed to load correctly.

I immediately went over to us.battle.net and found that my authenticator worked there. Hmm. OK, not removed. Come to find out, that Blizzard did this on purpose. They had implemented a new policy that states if you consistently access your account from the same location, they won't prompt for your authenticator, regularly.
Why didn't I get an Authenticator prompt this time?
The Authenticator system will now intelligently track your login locations, and if you are logging in consistently from the same location, you may not be asked for an authenticator code. This change was made to make the authenticator process less intrusive when we are sure the person logging in to your account is you.
 I like this idea, but hate the implementation. Blizzard has multiple means of communication with us end-users, and they could have used any of them to warn us of this major security policy change. I'd love to have seen on the realm page where I type in my password info, "We've changed the way we process authenticators, go to the Battle.Net Authenticator FAQ for more information."

The Good, Bad and Ugly.
How is Blizzard tracking my location? We will probably never know the full details of this, but Blizzard has straight said they were monitoring our account information. I believe it was soon after the mandatory roll over to the battle.net account requirement, that it appeared. I am guessing it is more complex that simply my IP address. Blizzard knows that:
  •  IP addresses can change regularly. All of users on dial-up DSL can guarantee a new IP each time they  start the computer. This would imply that each time I reboot, I'll be asked to type in my PIN. What's the point then?
  • A computer can be spoofed, sort of. You can spoof my PC name, by creating a virtual copy of my machine with my network card info (mac, IP) , but you can't spoof everything. Could Blizzard be doing a 'reverse lookup' of my IP address? Oh sure, why not. This is a spam-prevention technique. Take the IP address you are reporting, see if it is coming from a domain that owns it. 
Here's how I see it working, "The last 500 times, Elk accessed WoW, it was from 123.456.789.010. That IP address belongs to AT&T DSL in NorCal. Today he's coming in from 123.456.789.010, but it's tracing back to an enterprise connection provided by Cox communications, from a Las Vegas hotel. Get his authenticator PIN."

or else... (random stern look pic)
Blizzard, you can do better. Not everyone reads your forums, blog or other news outlets, but we all log into the game. Use the game to communicate to us, when you make changes to the way we access this game. This Warlock did not appreciate worrying about my security when there was no serious concern.


Sincerely,


Elkagorasa

Comments

  1. BigFireJun 21, 2011, 6:49:00 AM

    I have multiple computers behind an router. They're doing a computer profile check. My primary desktop isn't asking for token. My secondary laptop is getting challenged.

    ReplyDelete

Post a Comment

Popular posts from this blog

A (much belated) Liebster Award Post

-
Image
I've been nominated for a Liebster Award by that Grumpy Elf hunter over at the aptly named   The Grumpy Elf . Thanks for sending this over my way. Rules Write a blog post about the Liebster Award Thank the person who nominated you and link to their blog Display the award on your blog Answer the eleven questions that the blogger who nominated you gives you Give eleven random facts about yourself Nominate five blogs that you think deserve the award Create eleven questions for them to answer List the rules in your post Inform the bloggers that they've been nominated and provide them the link to your post So lets get on with them questions. What is your favorite expansion of warcraft and why do you think its your favorite? Wrath of the Lich King would have to be my absolute favorite. I started with WoW a few months before BC. This meant that my friends already had max level characters that were actively raiding. I wasn't able to really participate wit
Read more

Bee Math

-
Image
So you've finally realized that the Bee Mount is the absolute BEST mount in the entire game. You want one, no, NEED one right now. OK, so what do you need to make this happen. Step 0: Go to the auction house and buy a few monel-hardened stirrups . Using the stirrups is the best way to harvest jelly. No need to dismount unless you are attacking something. Try not to. Step 1: Head over to wowhead and read what they said over there. This will give you all the details on how to get started. Turning off ground clutter really does help. Step 1B: set your hearthstone to the inn in Brannadam. It's a bit of a pain if your dalaran hearth is on cooldown, but nice to not have to fly back to stormsong each time. Step 2: You've now finished the intro quest chain, and are planning to harvest lots of thin jelly. You need to level your baby bee up 10,000 (3,000 for baby, another 7,000 for mature) health points to 'mature' and each thin jelly feed this little guy 6, SIX. Th
Read more

Are you Mecha-Done?

-
Image
One of the most exciting mounts to come out this last expansion (personally) is the Model-W. This wheel mount comes in two variants, new and rusty. The rusty edition is dropped from Rustfeather with a 0.5% drop rate. The Model-W is a shiny edition that comes from a fairly lengthy bunch of achievements. I have been working on this achievement on my Alliance Warlock for some time now and thought it was time to look up the remaining portions. (Note: Comparing achievements with my alts, it appears the meta-achievements are BOA. My son has Making the Mount marked completed, yet hasn't completed the quest chain.) You can find the achievement under: Character > Achievements > Exploration > Battle For Azeroth It has 10 meta-achievements included in it. I believe the very first achievement " Unnamed Branch " is from completing the main storyline which concludes with killing King Mechagon in the dungeon "Operation: Mechagon". (update: as soon as
Read more