| 
	
		| 
				
					| Pages: 1 2 [3]   |  |  |  
	
		|  Author | Topic: Battle.net accounts required by November 11th  (Read 37538 times) |  
	| 
			| 
					
						| Ratman_tf 
								Terracotta Army 
								Posts: 3818
								
								 | 
 It's up to about once a month one of our guildies gets hacked. And so far it's always been someone with a deactivated account who's on break. Or is it not a coincidence and they're just sitting on the password for signs of inactivity so that they can hijack the account without user interference?I have no doubt this is what's happening. So while I don't plan on taking a big break soon, I have in the past, and I feel much better with an authenticator attached to the account for when that happens. |  
						| 
   "What I'm saying is you should make friends with a few catasses, they smell funny but they're very helpful." -Calantus makes the best of a smelly situation. |  |  |  | 
			| 
					
						| Signe 
								Terracotta Army 
								Posts: 18942
								
								Muse. | 
 Making a billion fake e-mails isn't a good solution either, since you have to track them in some fashion.  See Morat's and wife's recent fun because they missed the e-mails that would have told them something was up. Make your dummy e-mails, link them to the main using parental supervision features.  Problem solved.I don't think she's asking for advise, I think she's pissed off that if you want to maintain your sub it's mandatory to put yourself in a position of less security, however negligible you might think the risk is.  Did you read her posts? |  
						| 
 My Sig Image: hath rid itself of this mortal coil. |  |  |  | 
			| 
					
						| Soulflame 
								Terracotta Army 
								Posts: 6487
								
								 | 
 I wouldn't mind buying an iPhone, although I have little use for the actual phone aspect.  See:  Social recluse.  I am way too reluctant to lay down anywhere from $60+ dollars a month so I can replicate the functionality of a $7 dongle that'll do the same thing... and hell, having an iPhone authenticator might freeze out my account for two weeks if Blizzard patches.
 It's entirely fair to be worried about the email aspect giving away half the game, although I suspect the problem of information site or guild username harvesting already exists.
 |  
						|  |  |  |  | 
			| 
					
						| sickrubik 
								Terracotta Army 
								Posts: 2967
								
								   | 
 and hell, having an iPhone authenticator might freeze out my account for two weeks if Blizzard patches.
 It's easy to detach an authenticator from your account. |  
						| 
 beer geek. |  |  |  | 
			| 
					
						| Lantyssa 
								Terracotta Army 
								Posts: 20848
								
								 | 
 How easy? |  
						| 
 Hahahaha!  I'm really good at this! |  |  |  | 
			| 
					
						| sickrubik 
								Terracotta Army 
								Posts: 2967
								
								   | 
 How easy?
 It's in the account management stuff on the Battle Net site, which of course requires you to use the authenticator to login. So, someone who has gained your login information you can't disable it, if that's what you were wondering. |  
						| 
 beer geek. |  |  |  | 
			| 
					
						| bhodi 
								Moderator 
								Posts: 6817
								
								No lie. | 
 You have a point. If you lose your phone and need to detach, it's annoying, you have to call them up and do an account recovery type deal where they ask you questions. 
 Which would be a huge pain in the ass for anyone except blizzard who has great customer service. Instead, it's just a pain.
 
 Worth it for me, since we've got 100k in the guild bank and probably double that in mats and so it's not going to be MY fault if we get cleaned out.
 |  
						|  |  |  |  | 
			| 
					
						| Sheepherder 
								Terracotta ArmyPosts: 5192
 
 
 
 | 
 I think she's pissed off that if you want to maintain your sub it's mandatory to put yourself in a position of less security, however negligible you might think the risk is.  Did you read her posts? Yes, and they're wrong. Her concern is specifically brute-force hacking working from a known username, which presumably can be phished from a guild forum, Wowhead account, or whatever.  The solution to this is to make a new email address and make that your username, rendering it as brute-force resistant as a conventional username/password setup unless you name the account something really retarded (Lantyssa_BNet_account@______) which she criticized as cumbersome to manage.  This is solvable with parental controls, allowing access to the dummy email without needing to remember the name or password.  As a side-effect, you can presumably now change your username on a regular basis because it's linked to your email.  Ergo, B.Net accounts are more secure if you're actually concerned about security. Which is almost completely beside the point, because spyware is currently the most common form of account security breach, and neither setup offers any defense from keylogging.  I've heard people suggest using Copy/Paste, but that only works if the keylogger doesn't monitor the clipboard and is also cumbersome. |  
						| 
								|  |  
								| « Last Edit: October 15, 2009, 04:18:57 PM by Sheepherder » |  | 
 |  |  |  | 
			| 
					
						| Lantyssa 
								Terracotta Army 
								Posts: 20848
								
								 | 
 Her concern is specifically brute-force hacking working from a known username, blah blah blah
 Is it my concern?  I said I don't like it.  I didn't make a list of my specific concerns.  You're making a lot of assumptions, some of which are already wrong just from what you wrote there. It's in the account management stuff on the Battle Net site, which of course requires you to use the authenticator to login. So, someone who has gained your login information you can't disable it, if that's what you were wondering.
 But if the app is broken, how do you log in to manage your account?  I was just curious how the "easy to detach" and the "broken app" went together. |  
						| 
 Hahahaha!  I'm really good at this! |  |  |  | 
			| 
					
						| Ratman_tf 
								Terracotta Army 
								Posts: 3818
								
								 | 
 But if the app is broken, how do you log in to manage your account?  I was just curious how the "easy to detach" and the "broken app" went together.
 I imagine you'd have to call customer service, but I've never broken my app, so I wouldn't know from personal experience. |  
						| 
   "What I'm saying is you should make friends with a few catasses, they smell funny but they're very helpful." -Calantus makes the best of a smelly situation. |  |  |  | 
			| 
					
						| Rasix 
								Moderator 
								Posts: 15024
								
								I am the harbinger of your doom! | 
 The app briefly broke during one of the patches; I think 3.1.  I'm pretty sure that would only prevent it from working with the ingame login, not the account management.   |  
						| 
 -Rasix |  |  |  | 
			| 
					
						| Sheepherder 
								Terracotta ArmyPosts: 5192
 
 
 
 | 
 Is it my concern?  I said I don't like it.  I didn't make a list of my specific concerns.  You're making a lot of assumptions, some of which are already wrong just from what you wrote there. Okay then, you're going to have to elaborate the difference between selecting a random username unknown to any and selecting a random username unknown to any with @hotmail.com added to the end of it, because I'm just not following here. |  
						|  |  |  |  | 
			| 
					
						| Numtini 
								Terracotta Army 
								Posts: 7675
								
								 | 
 I got my penguin yesterday. He looks a little evil. |  
						| 
 If you can read this, you're on a board populated by misogynist assholes. |  |  |  | 
			| 
					
						| Signe 
								Terracotta Army 
								Posts: 18942
								
								Muse. | 
 I just got my penguin.  OMG.  It was so cute it gave me a sugar rush.  It's the cutest pet ever. |  
						| 
 My Sig Image: hath rid itself of this mortal coil. |  |  |  | 
			| 
					
						| dd0029 
								Terracotta ArmyPosts: 911
 
 
 
 | 
 So, I picked up the authenticator app for my iphone a couple of days ago.  Kind of interesting.  But this morning, I logged on to do some dailies.  Time for the code.  I punch it in, hit enter.  Noticed I did not type the first 0 in the code, figured I would get a no dice message.  Nope.  Got right through.  I wonder how much of the code you need to put in to get it to work. |  
						|  |  |  |  | 
			| 
					
						| AutomaticZen 
								Terracotta ArmyPosts: 768
 
 
 
 | 
 I got my penguin yesterday. He looks a little evil.
 Didn't it use to have red eyes?  Thing really looked evil then. EDIT: Sorry that's the 'exalted with the Walrus People' penguin.  |  
						|  |  |  |  | 
			| 
					
						| Sheepherder 
								Terracotta ArmyPosts: 5192
 
 
 
 | 
 I wonder how much of the code you need to put in to get it to work. Leading zeroes and computers tend to be problematic if the authentication process is just a simple integer comparison, or if a company assumes it's users will simply cut off the leading zero.  Calculating the complexity of a password is the same as calculating the maximum range of a hexadecimal or binary number.  Permutations/Range = Base^Digits A-Z, 1-0 = Base 36 Digits = 6 So normally the number of possible permutations is 2 176 782 336, with one less digit it's 60 466 176. |  
						|  |  |  |  | 
			| 
					
						| apocrypha 
								Terracotta Army 
								Posts: 6711
								
								Planes? Shit, I'm terrified to get in my car now! | 
 Oh god I just remembered I need to get my girlfriend to do this account merging thing too. She'll kill me if she doesn't get a penguin! |  
						| 
 "Bourgeois society stands at the crossroads, either transition to socialism or regression into barbarism" - Rosa Luxemburg, 1915. |  |  |  | 
			| 
					
						| sickrubik 
								Terracotta Army 
								Posts: 2967
								
								   | 
 It's in the account management stuff on the Battle Net site, which of course requires you to use the authenticator to login. So, someone who has gained your login information you can't disable it, if that's what you were wondering.
 But if the app is broken, how do you log in to manage your account?  I was just curious how the "easy to detach" and the "broken app" went together. [/quote] As was mentioned a bit above, it shouldn't affect the web login. (From what I understand, of course. There's always the opportunity for something to break, however slim, as you know.) |  
						| 
 beer geek. |  |  |  | 
			| 
					
						| Mattemeo 
								Terracotta Army 
								Posts: 1128
								
								 | 
 I got my penguin yesterday. He looks a little evil.
 Didn't it use to have red eyes?  Thing really looked evil then. EDIT: Sorry that's the 'exalted with the Walrus People' penguin.They were going to change Pengu's eyes to the same colour/style as Mr. Chilly's (Oswald, damn it!) but I'm really glad they didn't, they seem much more unique now, it's clear Mr. Chilly has an entirely redone texture. |  
						| 
 If you party with the Party Prince you get two complimentary after-dinner mints |  |  |  | 
			| 
					
						| Venkman 
								Terracotta ArmyPosts: 11536
 
 
 
 | 
 Heh, if not for this thread I'd not have known this was coming. On the off chance Cataclysm draws me back, I went ahead with this. Took all of 2 minutes.
 I already had the Authenticator. No reason to not have one really. And I'd much rather have that sitting on my desk at home than on the iPhone that travels the world with me.
 |  
						|  |  |  |  | 
			| 
					
						| Cheddar 
								I like pink 
								Posts: 4987
								
								Noob Sauce | 
 Worth it for me, since we've got 100k in the guild bank and probably double that in mats and so it's not going to be MY fault if we get cleaned out.
 What guild?  I am sooo lonely since Burning Region is 100% me now.  I even started my own guild.  With just me.  Help? Oh, and Today is the deadline.  Servers down. so finally "converted."   |  
						| 
 No Nerf, but I put a link to this very thread and I said that you all can guarantee for my purity. I even mentioned your case, and see if they can take a look at your lawn from a Michigan perspective.
 |  |  |  |  |  
	
		| 
				
					| Pages: 1 2 [3]   |   |  |  
	
 
  |