Mandatory Authenticators?

[WindupAtheist]

http://www.wow.com/2010/01/08/blizzard-giving-serious-consideration-to-mandatory-authenticator/

If they do this, it had better just come with the Cataclysm box. I've been playing MMO games for as long as the genre has existed, and with all due respect to everyone in the "I got hacked" thread, I've never ever been fucking hacked because I know how to handle my shit. I'm not going out of my way to buy one of their "Godfuckingdammit we're never gonna get these kids to quit clicking on sex leg forum posts" keychains.

[Sheepherder]

Someone should make a business out of transferring the innards of these into a leg shaped keychain.

[apocrypha]

I seriously doubt they'd force you to pay for one if it was mandatory. This is just about cost management by Blizzard - the cost of giving out the authenticators to everyone must be less than the CS costs incurred by dealing with account hackings.

[ajax34i]

Faulty reasoning...  giving authenticators to everyone will not reduce account hackings to 0. 

[Surlyboi]

Heh. I had one of those when I worked at the ibank and had to log in from home or the road or vacation. That was because stealing people's money was srs bizness. Keeping people from hacking your toons and selling your purps? Notsofuckingmuch.

[apocrypha]

Of course 100% authenticator use won't reduce hackings to 0. But it will greatly reduce them.

Heh. I had one of those when I worked at the ibank and had to log in from home or the road or vacation. That was because stealing people's money was srs bizness. Keeping people from hacking your toons and selling your purps? Notsofuckingmuch.

What's the point you're trying to make? That account hacking shouldn't concern Blizzard? Wat?

[Fordel]

http://www.wow.com/2010/01/08/blizzard-giving-serious-consideration-to-mandatory-authenticator/

If they do this, it had better just come with the Cataclysm box. I've been playing MMO games for as long as the genre has existed, and with all due respect to everyone in the "I got hacked" thread, I've never ever been fucking hacked because I know how to handle my shit. I'm not going out of my way to buy one of their "Godfuckingdammit we're never gonna get these kids to quit clicking on sex leg forum posts" keychains.

That's probably exactly what will happen. That's pretty much the only way they could do it, outside of just shipping every active account one via UPS.

[kildorn]

Amusingly, wouldn't this pretty much murder account sharing instantly?

I think I have one of these in a bag from blizzcon I still haven't used. I'm actually a little shocked nobody yanked my guild vault access last time I randomly logged in after months of inactivity <3

[Numtini]

Amusingly, wouldn't this pretty much murder account sharing instantly?

And that would eliminate at least 1/2 of the account "hacks."

[Dren]

I haven't been hacked but a few in the guild and a "friend of a friend" have.  In each of those cases, it was either:

a.)  Used a computer that wasn't their own or accessed WoW from a hotel room, coffee shop, book store, etc. via wireless
b.) Shared an account with a sibling/cousin/friend, etc. who, at one point, did a. above or stole stuff outright.

In either of those cases an Authenticator will help Blizzard lower their CS costs.

There is always the possibility of you getting a key logger on your own computer, but as stated elsehwere the Authenticator may not prevent theft in those cases if the thief is quick enough.  Right now this is the rare kind of thief.  This begs the question, if everyone has authenticators, will it just force the thieves to be more sophisticated and quick or will they just go on to an easier target?

Overall, it has to significantly lower incident rates.

[Dren]

Some more thoughts:

- Why do these thieves typically delete chars when they wipe them clean?  Why even sell off soulbound stuff either?  For their business model, it would seem prudent to keep their sheep productive so they can come back later again and wipe them again.  If it is an inactive account, by the time the player returns, they may not ever even notice anything is amiss.
- Related to that, by making the theft this destructive they force people to get Blizzard inovlved, plus they make Blizzard's job that much harder to reset everything for the victims.  This only leads them closer and closer to making their thieving more difficult (a la Authenticators.)

I guess they just have enough sadistic nature in them to add insult to injury and they can't help themselves.

[Nevermore]

There's a limit of 50 characters per account across all servers so they could be deleting characters to make room to make new ones on other servers?  Only practical reason I can think of.

[Fordel]

I want to say the vast majority of account thefts are from Gold Selling companies, where they'll sit on a account for months until they need to strip it of resources for a gold sale.


While it's certainly possible to still key-log the authenticator number and grab an account if you are purposefully waiting for it, having the window of opportunity go from months to seconds has to be a huge blow against them.

[Gobbeldygook]

Some more thoughts:

- Why do these thieves typically delete chars when they wipe them clean?  Why even sell off soulbound stuff either?  For their business model, it would seem prudent to keep their sheep productive so they can come back later again and wipe them again.  If it is an inactive account, by the time the player returns, they may not ever even notice anything is amiss.

They sell soulbound stuff because it's gold.  Epics can be worth 20+ gold each.  They know Blizzard will reimburse everything, so may as well take it all now and come back in a few months.

[Nebu]

I've been playing MMO games for as long as the genre has existed, and with all due respect to everyone in the "I got hacked" thread, I've never ever been fucking hacked because I know how to handle my shit.

I know how you feel and I was pretty pissed when my account got hacked.  Having a teen at home that uses my computer creates all sorts of problems with keyloggers and security issues.  I'm sure that I'm not the only one in that thread that has multiple users on their home system either. 

I'm fine with the game eliminating account sharing and using authenticators.  If it improves customer service by limiting the number of account theft issues, then we all win in the end. 

[Dren]

Some more thoughts:

- Why do these thieves typically delete chars when they wipe them clean?  Why even sell off soulbound stuff either?  For their business model, it would seem prudent to keep their sheep productive so they can come back later again and wipe them again.  If it is an inactive account, by the time the player returns, they may not ever even notice anything is amiss.

They sell soulbound stuff because it's gold.  Epics can be worth 20+ gold each.  They know Blizzard will reimburse everything, so may as well take it all now and come back in a few months.

I know why they are doing it, for gold.  Is this form of stealing really all that much easier and profittable than gold farming?  A full account of 80's can blow that kind of profit away by purely doing dailies 8-12 hours a day.  Pure gold farming has lower risk, less technology required, and lower skill involved.  There has to be more to it than just making money off of virtual gold or I'm just completely underestimating how wide spread this is.  If it is really that bad, I can see why Blizzard would force Authenticators on everyone.

[Rendakor]

Dren, they obviously aren't just hacking the account for the gold their epics sell for; they're looking for accounts with thousands of gold, which they will then sell. The extra hundred or so from vendoring the epics is just icing on the cake.

[Rasix]

They're probably very, very good at stealing by now.  I'm not very good at making money, but a person getting ahold of my account gets 15k and a guild bank.  Plus they get a miner/herbalist they use for exploit farming and a high level character they can spam with until they get caught.

Only way I get hacked is if there's a keylogger on my machine or someone steals my iphone. I really don't want to get hacked. 

[Ratman_tf]

http://www.wow.com/2010/01/08/blizzard-giving-serious-consideration-to-mandatory-authenticator/

If they do this, it had better just come with the Cataclysm box. I've been playing MMO games for as long as the genre has existed, and with all due respect to everyone in the "I got hacked" thread, I've never ever been fucking hacked because I know how to handle my shit. I'm not going out of my way to buy one of their "Godfuckingdammit we're never gonna get these kids to quit clicking on sex leg forum posts" keychains.

The LCD drags it down for everyone else. Price of hueg sucses.

[Numtini]

I know you can't log more than one character in at one time, but can you be logged into the game more than once ie, to the character select screen? Because if you can't, that would make it even more ludicrously hard to grab an authenticator code and actually do anything with it.

The big downside I can see is when someone's widget goes bad or they lose it and hang themselves rather than wait for 2 day shipping.

[Rendakor]

I know if you're logged into a character, and attempt to log into the character select screen on another machine, it kicks the logged in character off. I've never tried logging two copies both to the character select screen.

[Ingmar]

Amusingly, wouldn't this pretty much murder account sharing instantly?

I hope so, we have some account sharers in the guild and it makes me pretty nervous.

[Nebu]

They're probably very, very good at stealing by now.  I'm not very good at making money, but a person getting ahold of my account gets 15k and a guild bank.  Plus they get a miner/herbalist they use for exploit farming and a high level character they can spam with until they get caught.

Only way I get hacked is if there's a keylogger on my machine or someone steals my iphone. I really don't want to get hacked. 

This is why I asked you to limit my toons access to anything.  My account has been hacked in the past (presumably by keyloggers that my daughter downloaded) and I'd hate to cost someone else a headache.   I'm quite hesitant to even join guilds as I don't want to be blamed for something that happens when my account is under the control of someone else. 

[Lantyssa]

I hope so, we have some account sharers in the guild and it makes me pretty nervous.

I'm not too keen on that account sharing either.  It won't stop families, since they can leave the authenticator on the desk, but it would cut down on people outside the same household.

[Draegan]

I ordered an authenticator on Monday when I started playing again on an every day basis.  It's only $6 and change with shipping.  No sweat off my back.

[Dren]

Dren, they obviously aren't just hacking the account for the gold their epics sell for; they're looking for accounts with thousands of gold, which they will then sell. The extra hundred or so from vendoring the epics is just icing on the cake.

Right, but to make this feasible against pure gold farming, they'd have to have accounts lined up for none stop account hopping all day every day.  Some accounts will be void of much while others will be jackpots.  Just seems like pure gold farming would be the safe bet to me.  I guess it just comes down to something simple.  One way is more like work.  The other is more like a high energy/risk gamble.  Haxxors like Big money, no whammies!

[Lt.Dan]

just curious here: those with teenage kids wouldn't removing their admin privileges cut out installs of keyloggers ?

[Evildrider]

Well I just ordered my authenticator.  If I was hacked I'd probably not even go through with the whole process of getting my shit back, and just quit the game.

[Lightstalker]

The last two account hacks in my guild both had authenticators added to their accounts after the hacking - it slows down CS and creates ambiguity as to the real owner.  They'll also server transfer, faction transfer, account transfer etc. because: hey, it is your credit card anyway! 

Hacking around an authenticator would be the next natural target if authenticators become mandatory, professionals will just work the Blizzard CS Rep angle and talk their way into targeted accounts.  An authenticator will reduce the number of people who can currently hack your account but new paths to exploitation will suddenly become economically viable when the easy sources are tapped out.   


I use account sharing to work around many limitations in the game's design with respect to limited in-game resources (e.g. specialist crafters and gatherers) and limited available of people IRL.  Forced authenticator use provides only slightly increased security for a vastly more annoying game management experience.  Given the cost associated with my preferred mode of playing, perhaps I'm not the kind of customer Blizzard is interested in anymore.  I guess that's fine, but playing their game within the bounds of their terms of service isn't really sufficient for my needs.  I can't see many guild management teams thinking this is a great idea for themselves.  I think it is great for all the normals who get their accounts compromised with surprising regularity.  Of course, we keep very little of real value in the guild bank due to the nature of guild bank security (only 250-350k in gold and assets) so really from my p.o.v. any authenticator push just moves the problem around again instead of addressing it (guild asset security has always been a problem, authenticators don't protect assets on a guild level, game requires strong guilds to experience all content). 

[Rasix]

for all the normals

[Merusk]

just curious here: those with teenage kids wouldn't removing their admin privileges cut out installs of keyloggers ?

You're assuming everyone uses a login or even separate logins on their machines.  Power on -> Straight to windows is pretty much the default for home machines of most families and coworkers I've known. The only families I've known with logins had them because it was a work-provided laptop or to control the kids internet access.   Those controlling access only had one login name.

 

[Rendakor]

250k is very little value? 

[Ingmar]

250k is very little value? 

Shut up "normal"! 

[Trippy]

just curious here: those with teenage kids wouldn't removing their admin privileges cut out installs of keyloggers ?

You're assuming everyone uses a login or even separate logins on their machines.  Power on -> Straight to windows is pretty much the default for home machines of most families and coworkers I've known. The only families I've known with logins had them because it was a work-provided laptop or to control the kids internet access.   Those controlling access only had one login name.

You can auto-login non-admin accounts.

I removed admin privileges from my parents' machines cause my Dad kept getting his machine infected.

[Sheepherder]

just curious here: those with teenage kids wouldn't removing their admin privileges cut out installs of keyloggers?

It depends, but generally speaking no.  Once they have code running on your computer (standard vector is Java via your browser) the next step is usually to elevate their permissions.