Battle.net accounts required by November 11th

[Ratman_tf]

It's up to about once a month one of our guildies gets hacked. And so far it's always been someone with a deactivated account who's on break.

Or is it not a coincidence and they're just sitting on the password for signs of inactivity so that they can hijack the account without user interference?

I have no doubt this is what's happening. So while I don't plan on taking a big break soon, I have in the past, and I feel much better with an authenticator attached to the account for when that happens.

[Signe]

Making a billion fake e-mails isn't a good solution either, since you have to track them in some fashion.  See Morat's and wife's recent fun because they missed the e-mails that would have told them something was up.

Make your dummy e-mails, link them to the main using parental supervision features.  Problem solved.

I don't think she's asking for advise, I think she's pissed off that if you want to maintain your sub it's mandatory to put yourself in a position of less security, however negligible you might think the risk is.  Did you read her posts?

[Soulflame]

I wouldn't mind buying an iPhone, although I have little use for the actual phone aspect.  See:  Social recluse.  I am way too reluctant to lay down anywhere from $60+ dollars a month so I can replicate the functionality of a $7 dongle that'll do the same thing... and hell, having an iPhone authenticator might freeze out my account for two weeks if Blizzard patches.

It's entirely fair to be worried about the email aspect giving away half the game, although I suspect the problem of information site or guild username harvesting already exists.

[sickrubik]

and hell, having an iPhone authenticator might freeze out my account for two weeks if Blizzard patches.

It's easy to detach an authenticator from your account.

[Lantyssa]

How easy?

[sickrubik]

How easy?

It's in the account management stuff on the Battle Net site, which of course requires you to use the authenticator to login. So, someone who has gained your login information you can't disable it, if that's what you were wondering.

[bhodi]

You have a point. If you lose your phone and need to detach, it's annoying, you have to call them up and do an account recovery type deal where they ask you questions.

Which would be a huge pain in the ass for anyone except blizzard who has great customer service. Instead, it's just a pain.

Worth it for me, since we've got 100k in the guild bank and probably double that in mats and so it's not going to be MY fault if we get cleaned out.

[Sheepherder]

I think she's pissed off that if you want to maintain your sub it's mandatory to put yourself in a position of less security, however negligible you might think the risk is.  Did you read her posts?

Yes, and they're wrong.

Her concern is specifically brute-force hacking working from a known username, which presumably can be phished from a guild forum, Wowhead account, or whatever.  The solution to this is to make a new email address and make that your username, rendering it as brute-force resistant as a conventional username/password setup unless you name the account something really retarded (Lantyssa_BNet_account@______) which she criticized as cumbersome to manage.  This is solvable with parental controls, allowing access to the dummy email without needing to remember the name or password.  As a side-effect, you can presumably now change your username on a regular basis because it's linked to your email.  Ergo, B.Net accounts are more secure if you're actually concerned about security.

Which is almost completely beside the point, because spyware is currently the most common form of account security breach, and neither setup offers any defense from keylogging.  I've heard people suggest using Copy/Paste, but that only works if the keylogger doesn't monitor the clipboard and is also cumbersome.

[Lantyssa]

Her concern is specifically brute-force hacking working from a known username, blah blah blah

Is it my concern?  I said I don't like it.  I didn't make a list of my specific concerns.  You're making a lot of assumptions, some of which are already wrong just from what you wrote there.

It's in the account management stuff on the Battle Net site, which of course requires you to use the authenticator to login. So, someone who has gained your login information you can't disable it, if that's what you were wondering.

But if the app is broken, how do you log in to manage your account?  I was just curious how the "easy to detach" and the "broken app" went together.

[Ratman_tf]

But if the app is broken, how do you log in to manage your account?  I was just curious how the "easy to detach" and the "broken app" went together.

I imagine you'd have to call customer service, but I've never broken my app, so I wouldn't know from personal experience.

[Rasix]

The app briefly broke during one of the patches; I think 3.1.  I'm pretty sure that would only prevent it from working with the ingame login, not the account management. 

[Sheepherder]

Is it my concern?  I said I don't like it.  I didn't make a list of my specific concerns.  You're making a lot of assumptions, some of which are already wrong just from what you wrote there.

Okay then, you're going to have to elaborate the difference between selecting a random username unknown to any and selecting a random username unknown to any with @hotmail.com added to the end of it, because I'm just not following here.

[Numtini]

I got my penguin yesterday. He looks a little evil.

[Signe]

I just got my penguin.  OMG.  It was so cute it gave me a sugar rush.  It's the cutest pet ever.

[dd0029]

So, I picked up the authenticator app for my iphone a couple of days ago.  Kind of interesting.  But this morning, I logged on to do some dailies.  Time for the code.  I punch it in, hit enter.  Noticed I did not type the first 0 in the code, figured I would get a no dice message.  Nope.  Got right through.  I wonder how much of the code you need to put in to get it to work.

[AutomaticZen]

I got my penguin yesterday. He looks a little evil.

Didn't it use to have red eyes?  Thing really looked evil then.

EDIT: Sorry that's the 'exalted with the Walrus People' penguin.

[Sheepherder]

I wonder how much of the code you need to put in to get it to work.

Leading zeroes and computers tend to be problematic if the authentication process is just a simple integer comparison, or if a company assumes it's users will simply cut off the leading zero.  Calculating the complexity of a password is the same as calculating the maximum range of a hexadecimal or binary number.  Permutations/Range = Base^Digits

A-Z, 1-0 = Base 36
Digits = 6

So normally the number of possible permutations is 2 176 782 336, with one less digit it's 60 466 176.

[apocrypha]

Oh god I just remembered I need to get my girlfriend to do this account merging thing too. She'll kill me if she doesn't get a penguin!

[sickrubik]

It's in the account management stuff on the Battle Net site, which of course requires you to use the authenticator to login. So, someone who has gained your login information you can't disable it, if that's what you were wondering.

But if the app is broken, how do you log in to manage your account?  I was just curious how the "easy to detach" and the "broken app" went together.
[/quote]

As was mentioned a bit above, it shouldn't affect the web login. (From what I understand, of course. There's always the opportunity for something to break, however slim, as you know.)

[Mattemeo]

I got my penguin yesterday. He looks a little evil.

Didn't it use to have red eyes?  Thing really looked evil then.
EDIT: Sorry that's the 'exalted with the Walrus People' penguin.

They were going to change Pengu's eyes to the same colour/style as Mr. Chilly's (Oswald, damn it!) but I'm really glad they didn't, they seem much more unique now, it's clear Mr. Chilly has an entirely redone texture.

[Venkman]

Heh, if not for this thread I'd not have known this was coming. On the off chance Cataclysm draws me back, I went ahead with this. Took all of 2 minutes.

I already had the Authenticator. No reason to not have one really. And I'd much rather have that sitting on my desk at home than on the iPhone that travels the world with me.

[Cheddar]

Worth it for me, since we've got 100k in the guild bank and probably double that in mats and so it's not going to be MY fault if we get cleaned out.

What guild?  I am sooo lonely since Burning Region is 100% me now.  I even started my own guild.  With just me.  Help?

Oh, and Today is the deadline.  Servers down. so finally "converted."