Grungo

I'm unfamiliar with the key-press version of these, so I'm a little confused as to how that would work. Would the correct key to enter always be the next one that the generator generates? What if you press the button 200 times without ever inputting the code; would it be out of synch with what Blizzard's server thinks the key should be? Or when you press the key does it generate a code based on the serial number and time of button press?

On a lighter note, how long do you think it'll be before we start hearing theories along the lines of, "If the security key I logged in with ends in a 0, and I'm loot master, <rare loot X> drops every time!"

 

Blacksen

Sorry, but unable to find any information on this anywhere. Has Blizzard announced when these are being released?

 

SenorPez

Comparing the one I have from my bank with the one I use for work, the only difference that I've ever noticed was that with my work one (secureID), I can get "locked out" of a code if I don't enter it in time (or if I generate it at the end of a minute on the server). On my work fob, the numbers automatically change every 70 seconds or so. On my bank one, it doesn't.

There aren't any problems associated with repeated button pushing on the bank one... the "skipped" numbers aren't expected to be entered. If that were the case, it'd be a bad thing, since I'm sure it gets pushed several times rattling around with my keys in my pocket!

I suppose the bank one is "less secure" since someone who knew my login name and password could see the displayed code, and as long as they made it to a WoW terminal before me, log in with all that information, since the server doesn't know when a new code is generated. (Compared to my work fob, where the server also "expects" a new code every 70 seconds or so.) But as with many things security-related, that's fairly "low probability" and is probably acceptable.

Then again, I'm not sure of the mechanics of it. Maybe the codes will have a timestamp encoded in them, and the server will only accept a timestamp that was generated by a push of the fob button within the last 3 minutes or something. That doesn't completely eliminate the scenario above, but it makes it even less likely.

Heck, I'd take it one step farther. Any bets on how long until the first, "Fob-enabled accounts gets better drops. NERF PLZ!" post appears?

I'm getting one, for what it's worth. My computer is clean, my passwords are complex and secure, my login name is fairly anonymous. But extra security, especially when it adds essentially no inconvenience, is something I won't pass up!

 

Starfire

Ok. So I feel stupid enough just for asking this...

So when I first started reading... FOB to me = Fresh of the Boat, but clearly you guys are using fob to mean something else... someone care to enlighten me? (and/or the rest of us?)

 

Caulwynd

What about battery life? And how does one go about replacing it when/if it dies?

 

Oneiros

Just to add to what someone else said, yeah I've never been hacked ever, but the idea is simple: The accounts some of us have are worth thousands of real life dollars. Spending $6.50 to make them virtually un-hackable is a bargain and even if you're not a "high risk" person for being hacked, its still worth it.

Also, I know they said that they would work for multiple accounts. Does anyone know if this applies to only accounts registered with the same name or would it work for any accounts you want it to (i.e. if you've been given/traded/bought/etc an account its not going to have the same name as another account although against the TOS I know tons of people do this, including me)?

I believe in Harvey Dent.

 

• Snowcrasher

It's just a word for a pocket sized device. In this context it's not an acronym.

Key fob - Wikipedia, the free encyclopedia

 

clavarnway

Thanks, that was bugging me too.





If that person wanted the account back, I believe they could still get it back, as the article says that if the device is lost, you can call account people to get it back after verifying that you own the account (faxing ID, giving secret answer, etc). The original owner could theoretically do all these if he wanted to...but I wonder if you've had it this long, if he even remembers that he could.

http://sigs.guildlaunch.net/sig.php/1424974uXyta.png

 

◊ Wenge

I can say for the CryptoCard tokens, the CC server will look ahead a fixed number of keys; that is, it knows the last code that was used to log in, and will look at the next ten codes the token could make. If it's not in that range then the token typically needs to get resynced somehow. CC tokens are synced by having the server issue a "challenge" which is entered into the token (with one button, yes) and that syncs the token.

The Blizz tokens, to me, look similar to the ones PayPal and myid are using; those have a 30-second delay before they'll generate a new code. It also looks like these tokens can be resynced by just giving the server two successive codes.

 

Jelloshots

I wonder how long it will take before we start seeing "authentication key fob for your account required" in guild applications?

 

MatthewDB

Alternatively, "We only accept individuals who have not enabled an authenticator for their account as we may need to log into said account at times."

 

• Zoroaster

I'm definitely thinking about getting 1 for my main account which I use to raid.

However, I multi-box and only technically 'own' 3 out of my 5 accounts, so I'm wondering the same thing about the whole name matching issue. My guess would be Blizzard is going to turn a blind-eye towards it. You can use any name to pay for your account via credit card, doesn't have to be close to the name the account is registered in at all. Blizzard mainly cares about making money in the end.

 

• diospadre

Good reason to never join that guild. Does anyone actually trust their account info with anyone else at this point?

 

Fqubed

In the last point in recovering and account, if you forgot the secret question etc, they will ask you to fax them a questionsheet with the accountname and a few trivial bits of information along with some ID of the person to whom the account is set to.

 

Talgog

Most computer security is built around defeating stuff that is cost-effective/practical to try, namely things that can be done remotely. For example, corporations throw up 128+ (usually 1024) bit encryption on everything in sight to make all forms of brute force impossible. They use key fobs to make it so outright stealing of passwords via keyloggers or burglary (yes, this happens a lot, particularly with bank information pasted to the computer) is also no longer effective. They use lockouts on more "open" access terminals so even the knuckledragger employees who use 6 digit names and 6 digit passwords can't be easily guessed. For that matter, almost everyone uses lockouts because they are so damn easy to throw up.

If you can't brute force it (you already can't brute force a WoW account that's using any degree of complexity at all) and you can't steal it, you need to get considerably more exotic, which increases both your risks and the costs involved, and requires sophistication that puts it out of the reach of 99.9% of the online "hackers", who are basically knuckledraggers or acquaintances of the person who has the information.

You can't make something completely secure (at least in computers; there are many building security systems that are basically impossible to get through unless you have supernatural powers), but you can come very damn close. There is a big difference between theory and practice.

 

Rane

This is going to be a huge boon for their customer support - I can see them making this "mandatory" in the nearby future, include them in WotLK boxes as has already been discussed, and slowly fade out the compromised accounts procedures they have now when the expansion launches. Maybe a one-time reimbursal with a stern warning to get a Blizzard Authenticator because there won't be a next one. I can practically hear them cheering in the AA and GM offices (though they prolly knew about this before we did ) right now.

It's a big blow to account selling and trading as well as regular sharing. Scamming accounts is virtually out of the question now; scamming is going to be harder to do (most scammers use 2-3 scammed accounts to filter the gold through and advertise their "wares" - they will likely need to own several accounts to do this and they're no longer disposable/worth it), not to mention it'll be easier to crack down on because their GMs don't have to waste hours with retard player X who really needed an online girlfriend.

This has all the potential for a really bright future. Two thumbs up, kudos, applause, etc. I've never been hacked, I use the standard more secure stuff, but you know there's going to be this big vulnerability coming out like the Flash player thing and for 6 goddamn euros I'll better be safe than sorry. Really, that's what I spend on a sandwhich and a drink on my way to work. There's going to be people bitching about having to pay again but I'm sure they will be quickly squelched.

 

Akka

Someone has to be really naive to believe he is immune to malware on a network-linked computer.
Common sense and a bit of computer knowledge can reduce risks to being quite minimal, but 6 bucks is barely half a month subscription, while any hack will probably cost you at least a month, perhaps two, before getting back your gear.

I'll gladly pay this tiny bit of money in exchange for a nearly unbreakable security. A single hack avoided would make it worth it.

If violence doesn't solve your problem...
... you simply haven't been violent enough !

 

Ukerric

All of the Authenticators for sale at the WWI were sold in the first hour. Basically, if you did not start on the shop queues as soon as you entered the conf hall, you didn't had a chance.

 

orcsgotbooty

I know personally I've had about 8 different guildies account info (and they have mine just because I gave it to them because I had theirs but only one ever uses my account) mostly because if our feral druid isn't on I can hop on and do his job 90% (or w\e number) as well as he could of and we still have enough tanks that night. Or the same with another class etc. Never asked just kinda happened when we were farming content and people needed certain things and they asked me to bring them in for the loot/attunement (pre 2.4). To be honest I never have known anyone that got hacked, that wasn't less than computer competent, and there is a trust there.


This being said I plan on getting one and if a close friend needs/wants to get on all he needs to do is text/call or instant message me and he will be set and ill use my authenticator.

 

beefkitten

Having looked at their store, they won't ship outside of the US. Crypto export laws leave a lot of players out of luck.

 

◊ Wenge

The tokens are now available.

 

flyingtoastr

Just ordered mine, and with ground shipping all they are charging above the $6.50 price the is tax (no S&H, the total was slightly less than $7). They clearly want to get these things out there for as many people as possible.

I'm in your beta, fixing your holy tree...

Save Atlantis!

 

• Kaacee

Just ordered mine also. I just felt it was necessary as GM of our guild. The prospect of someone raiding the bank, and disbanding the guild is worth the inconvenience. I'll probably get tired of going back-and-forth between my two computers with the darn thing, but I'll at least give it a shot.

 

Azurai

Given the minimal time the device should be powered it should last several years at least. I figure I've had digital watches that have lasted two years on a single battery and those are on all the time, and that's with me playing around with the backlight and/or using it as a temporary flashlight. Realistically it's just a clock with one algorithm that will display a code on a tiny LCD screen at most a few times a day.