14-8975487248-89. That is the code to my Authenticator. Ok, so not really, but that one piece of information can be your accounts savior, and it’s downfall. The keyfob authenticators hit the scene around Blizzcon 2008, and they truly changed the way that people use their WoW accounts. These little, highly technical pieces of gadgetry have a chip that will, every 60 seconds, let you login to WoW once you provide your username and password. I was overjoyed to get mine, and the only time I have been worried is that one time I thought I had lost my fob in a move. Boy, was I glad I had been smart to put it with stuff I knew I would open early at my new place.
A few months after the key fob version was released, which most of the time saw the authenticator out of stock in the Blizzard Store, Blizzard released the Battle Net authenticator, an app for the Apple iPhone and iPod Touch, which opened up the Authenticator to many more people without the need to stock and ship an actual device. The biggest benefit, though, was the cost. At a great price of Free, the app based authenticator became an instant hit to iTouch and iPhone using WoW fans, though not long after Blizzard made the authenticator available to other platforms for a small fee, usually a buck or two.
When an iPhone OS update hit, the major flaw in the BattleNet Authenticator was revealed, that the code, a mock up of which I have at the start of this post, changed. Now, you might think that this number changing should be no big deal, right? Alas, you would be wrong. The number changing, made the numbers the game, which was calculating the number to expect based on the original number you supplied, was expecting a very, very different code. “Why not just tell blizz the number changed?” you might be asking. Good question. The information Blizz needs to change or remove the Authenticator on file, among other things, is your username, password, and the code you originally entered. Yup. That number that has now changed.
As this was the first update the iPhone OS since the app came out, no one knew to keep that code handy, and therefore thousands of iPhone or iTouch users were essentially screwed, and forced to call up Blizzard’s non toll free billing number to fix a problem that was not their fault. I am sure their phone companies were overjoyed at the long distance charges accrued in those first few hours of that OS update. This flaw is only the first of many that have cropped up in the app based Authenticators.
Another one cropped up for a listener and staff member of the show, Xandarr2112. Xan was an iPhone owner who had the authenticator on his phone, right up until he lost the job that was providing him the phone. Without the iPhone to get the code from, he too had to make that toll charged call out to California to plead his case with Blizzard to remove the authenticator from his account, the one attached to the phone his employers kept, all without the code he would need to do so. Not a call I would want to make, that’s for sure. Thankfully his account is once again secured, as the show was able to get him an authenticator(and a murloc plushy for his newborn) to replace the phone based one from before.
The final flaw in the entire authenticator system is the scam. The beauty of the authenticator is that a simple Trojan on your computer can get your username and password, but not your authenticator code. Scammers then turned around and began using phishing schemes to get players to give up their username, password, and… yes, even their Authenticator numbers. One would think there would be enough players smart enough to see through these, but the vision of a Spectral Tiger, one of the rarest mounts in the game, is a tempting specter to a player wanting a bit of the unique in a world of copy cat models.
As was reported awhile back on WoW.com, the WoW blog, the scammers used the lure of the Spectral Tiger mount to get players with lots of gold on their accounts to a website that they claimed would be used to redeem the ‘code’ for the mount. Players would go there, fill in the info like username, name, password, and their authenticator code, and once they did that, the hacker would use the handy section of account management to remove the authenticator, change the password, and rape the player’s characters of anything of value.
Blizzard has tried to work around all of these flaws, pulling the app until it is fixed that updates don’t change the authenticator code, changing the mount so that the scammer would just be asked by a smart player to see the mount item, since the TCG loot is no longer BoP, and made the authenticators easily removed with certain info. Still, though, a lost cell phone, a poorly implemented update to OS or app, or many other problems make the Authenticator more than just these handy little devices, or applications, to keep your account secure. Does this mean I recommend against them? Hell no! It is still better to have it, than not, but just be cautious with your info