GSH

I think Blizzard is selling it below cost. $6.50 is fairly cheap for one of those, especially when you take into account the extra training and customer service costs.

I think there's a price just to ensure that not everyone jumps out and gets it first thing. That way they can work out the issues and measure support costs and effect on reported hackings. If it seems successful, Blizz might include one with the WotLK boxes.

If anything, $6.50 is probably the minimum they can charge without getting into hassles with the credit card companies.

 

Mikari

Pretty sure it's just system specs etc to help them know what to aim at specs wise for future games.

 

drowsy

If it's indeed below cost, you'd have to imagine they see the value in needing less staff to handle keylogger incidents. It could well be cost-effective for them to eat the cost of some of the hardware.

 

Vagabond

The idea behind it is anywhere from good to great depending on your area and situation.... But am I the only one who's annoyed that you *still* have to input your password? Would rather they make the fob-string replace your password, leaving you with still only needing to enter 1 info string. And really, the fob obsoletes your PW.

Maybe I'm just being to anal about that extra 5-10 seconds it would cost me logging in.

 

◊ Merrack

Going from something you know to something you have is, in many ways, a decrease in security. I'll be able to leave my Blizzard keyfob lying around because my friends would still need to know my password to log in. Without the password, stealing the authenticator gets you access to the account.

Questions? Answers.

 

koaschten

Well you always could get a g15 to input your pw... but this is going totally off topic now...

 

◊ Wenge

No, it doesn't. Let's say I play at a LAN center; the guy next to me sees my username and notices I left my keys behind when I left. He logs in, grabs my gold, then turns in my keys to the cashier.

[e] The situation is the same whether it was obtained by me being "lazy" or "stupid" or having someone maliciously obtain it, through pickpocketing or mugging or some other means. The idea is that the fob should not be password equivalent.

 

GSH

Two-factor authentication requires two factors. One factor alone, regardless of what that factor is, is generally regarded as less secure.

 

beefkitten

As a generalized point here, being 'stupid' about your fob and passwords is your own fault. Same with visiting a phishing site, or whatnot. The end user can do much for their account security by basic downloads and just paying attention.

 

slant

Exactly. It's called two-factor authentication for a reason; it's only effective with both the password and the pre-shared key.

 

• frmorrison

There are some new key loggers that take advantage of autoplay, here are fixes for now:

Disable autorun on CDs How to disable AutoPlay

Disable autoplay for CDs Microsoft Corporation

 

◊ Cadfael

My company uses these too. They are not that cheap. Those $6 don't even cover handling, that's at most shipping cost. Even when you buy thousands of them, they do cost quite a bit, not to mention the authentication servers they are used against.

This sheds quite a light on how much account hacks do cost Blizzard.

 

Hypatia

I'm definitely considering picking one up, especially since I'm playing on a Windows box again instead of a Mac. Even on the Mac, I'd occasionally screw up my password a couple of times in a row or have some weird network problem and in the few seconds before I actually realized what was going on, my heart would give a big ba-DUMP.

Yes, it's an extra hassle to use this as well as a password. Yes, it's a bit more money to spend. But it's not even vaguely an outrageous price, and it's a tremendous boost in security.

One of my guildies lost everything from his account not long before BC came out, and never had the items replaced (it was in one of the big storms of people getting their accounts jacked)--instead of his AQ40+partial Naxx gear, he was given a mix of random really crappy level 60 greens. If something like that happened to me now--well, I'd probably not be really getting back into the game until WotLK--there's no way the guild could afford to waste time to gear up a tanking warrior to T6 levels from greens. Once WotLK came out, I could build up to be really geared again (which is basically what my guildie did--his main loss was that he'd been planning on re-rolling shaman anyway, and had collected tons and tons of materials for quest turn-ins, which were all vendored or destroyed.)

Anyway, what it comes down to is: I compute as safely as I possibly can. However, considering how aggressive the ecology out there is right now and how big a hit losing my gear would be, $7 is a bargain. That amount of money is worth less than an hour of my time, and far less than the time it would cost to recoup my losses in such a scenario.

(The more I think about this? Yeah, the more I'm going to order one as soon as they're available.)

 

Lazare

My "day job" deals a fair bit with network security and I'd been hoping Blizzard would do something like this for a long while. Great news. Now all we need is for them to change to using public-key crypto instead of *spit* passwords.

Oh, speaking of security - anyone else ever notice that the WoW password checking is *NOT* case sensitive? That blew me away when I noticed it.

 

• Playered

It's not? thats... interesting... I have always had one of my most secure passwords including different cases ontop of the normal functions and dont believe I have ever noticed this before...

Learn something new every day I guess :P

 

Vodrin

Hopefully they bundle it with WOTLK or atleast have a pack, $6 extra, with the fob in. Then I won't have to deal with guildies moaning about what they have left after someones purged their account of all its snacks.

 

GSH

Seems like a good design decision to me. Any brute force attempt should be noticed and blocked long before it comes close to finding the password. For keyloggers, it doesn't really matter, as they'll grab the correct password regardless of case-sensitivity.

In practice, being case-sensitive doesn't really provide any extra security that I can see, and being case-insensitive avoids a whole lot of user errors (mistyping caps, caps lock key, etc.).

 

Asteria

About time Blizzard took some proactive steps in combating the keylogger problem instead of just sticking its head in the sand, similar key chain validators has been use in Asian MMO for years.

 

Denogran

No, you'll hear them moaning about how their dongle broke and it's going to be several weeks before Blizzard can confirm their info and send them a new one.

 

Baalzaman

This would be a really smart move by Blizzard, upcoming expansion, what better time to give the keyloggers a black eye?

 

rihkama

I wonder how well (or not at all) the dongle will work with people playing WoW under Wine.

edit: My bad, seems like I misunderstood the device when I skimmed through the Blizzard's FAQ. Thanks for pointing out.

 

beefkitten

This could be a major pain in the butt. Reviewing their site for information indicates you will have to go through Billing. Now, I've gone through them a couple times, and I've had good results. That can't be said for some of my pals though. You would essentially be SOL until you received a replacement. Ick.

 

Ziggurat

It isn't a dongle, it doesn't connect to the computer at all. What platform you are running WoW on is irrelevant.

 

Oaken

Unlike, say, how easy it is to get your character and gear restored when you are hacked.

 

Dollar

I agree that it's a nice move, I just don't find any use for it when having a long complicated password and surfing safely seems to serve me and everyone I know just fine.

"Oh he's a sad little man? He's thrown a kettle over a pub, what have you done?"