I'VE BEEN HACKED!

-
At least when I logged Sunday night I was absolutely positive that I had. See, upon logging into Warcraft, I was not prompted for my authenticator pin. I was sure that a hacker had my password and removed my authenticator from my account! To make matters worse, it was taking dreadfully long to get into my account last night, as Warcraft actually failed to load correctly.

I immediately went over to us.battle.net and found that my authenticator worked there. Hmm. OK, not removed. Come to find out, that Blizzard did this on purpose. They had implemented a new policy that states if you consistently access your account from the same location, they won't prompt for your authenticator, regularly.
Why didn't I get an Authenticator prompt this time?
The Authenticator system will now intelligently track your login locations, and if you are logging in consistently from the same location, you may not be asked for an authenticator code. This change was made to make the authenticator process less intrusive when we are sure the person logging in to your account is you.
 I like this idea, but hate the implementation. Blizzard has multiple means of communication with us end-users, and they could have used any of them to warn us of this major security policy change. I'd love to have seen on the realm page where I type in my password info, "We've changed the way we process authenticators, go to the Battle.Net Authenticator FAQ for more information."

The Good, Bad and Ugly.
How is Blizzard tracking my location? We will probably never know the full details of this, but Blizzard has straight said they were monitoring our account information. I believe it was soon after the mandatory roll over to the battle.net account requirement, that it appeared. I am guessing it is more complex that simply my IP address. Blizzard knows that:
  •  IP addresses can change regularly. All of users on dial-up DSL can guarantee a new IP each time they  start the computer. This would imply that each time I reboot, I'll be asked to type in my PIN. What's the point then?
  • A computer can be spoofed, sort of. You can spoof my PC name, by creating a virtual copy of my machine with my network card info (mac, IP) , but you can't spoof everything. Could Blizzard be doing a 'reverse lookup' of my IP address? Oh sure, why not. This is a spam-prevention technique. Take the IP address you are reporting, see if it is coming from a domain that owns it. 
Here's how I see it working, "The last 500 times, Elk accessed WoW, it was from 123.456.789.010. That IP address belongs to AT&T DSL in NorCal. Today he's coming in from 123.456.789.010, but it's tracing back to an enterprise connection provided by Cox communications, from a Las Vegas hotel. Get his authenticator PIN."

or else... (random stern look pic)
Blizzard, you can do better. Not everyone reads your forums, blog or other news outlets, but we all log into the game. Use the game to communicate to us, when you make changes to the way we access this game. This Warlock did not appreciate worrying about my security when there was no serious concern.


Sincerely,


Elkagorasa

Comments

  1. BigFireJun 21, 2011, 6:49:00 AM

    I have multiple computers behind an router. They're doing a computer profile check. My primary desktop isn't asking for token. My secondary laptop is getting challenged.

    ReplyDelete

Post a Comment

Popular posts from this blog

A (much belated) Liebster Award Post

-
Image
I've been nominated for a Liebster Award by that Grumpy Elf hunter over at the aptly named   The Grumpy Elf . Thanks for sending this over my way. Rules Write a blog post about the Liebster Award Thank the person who nominated you and link to their blog Display the award on your blog Answer the eleven questions that the blogger who nominated you gives you Give eleven random facts about yourself Nominate five blogs that you think deserve the award Create eleven questions for them to answer List the rules in your post Inform the bloggers that they've been nominated and provide them the link to your post So lets get on with them questions. What is your favorite expansion of warcraft and why do you think its your favorite? Wrath of the Lich King would have to be my absolute favorite. I started with WoW a few months before BC. This meant that my friends already had max level characters that were actively raiding. I wasn't able to really participate wit
Read more

Legion's Mythic+ Dungeon Final Impressions

-
Image
Yesterday, Ythisens  posted a question on the WoW forums asking for final impressions on the Mythic+ dungeons. With Legion coming to a close we thought we might try something a little different and collect some specific feedback on things. While we normally are reading tons of posts you guys make and sharing the details internally, we want to try collecting focused feedback to ensure your opinions are being heard. We're still doing our usual methods but want to see if this can be something we use going forward.    For the first one we're going to try one focused on Mythic+! We want to hear everything you guys have on this feature we introduced in Legion. What you think it does well, what you think it doesn't, ways you'd like to see it go, how did it work throughout the course of the expansion, etc.    Also a friendly note that just because you see it here doesn't mean it will be changed or added - and this topic is not an indication of future feature developm
Read more

Profession Opinions

-
Image
IMHO, spend your first points for herbalism or mining in 40 into [ botany ] or 35 into [ mining process ] so that you can gather while mounted.  I hate that the skinning trainer is standing immediately behind one of the leatherworking tables. I am constantly clicking on them.  I 100% agree with everyone that says the fishing profession needs a hat slot. We may need a secondary equipment slot for toons with a fishing ring.  I wish the crafting orders system worked 'better'. To complete "# of (profession) crafting orders" quests, my default is to go to my bank toon, and order low-level items. Gimme 3 bolts of cloth, or 2 handfuls of bolts, or 3 'profession equipment'. I sort of wish that when I specify a personal order, I could see their available recipes. Oh, look my hunter can make ___, lets's order 3 of those? My bank toon could order profitable items, not just garbage fillers.  Leveling engineering is dreadful. Creating 1 middle-level item, requires 1 ra
Read more