Blizzard to Intro Hardware WoW Authenticator

It's clear that games are big business, and from the sheer number of password-stealing trojans trolling for your WoW info, it's also a big attraction for malware.  Blizzard intends to make it more difficult for anyone to log into your account, even if they have your password.

"An added security feature for those worried about account theft, Blizzard is introducing an Authenticator at this weekend's Worldwide Invitational (WWI) in Paris. The Authenticator is a piece of hardware (we're guessing USB-related) has a button you press whenever you start World of Warcraft that must be inputted to log in. "

What is the Blizzard Authenticator?

WoW Burning Crusade
Source:  Bizzard Entertaiment

The Blizzard Authenticator is an optional tool that offers World of Warcraft players an additional layer of security to help prevent unauthorized account access. The Authenticator itself is a physical “token” device that fits easily on a keyring.  Here's a snip from the Blizzard Authenticator FAQ...

Where do I get a Blizzard Authenticator?

The Blizzard Authenticator will be able to be purchased directly from the Blizzard Store for $6.50 *Coming Soon*.

How does the Blizzard Authenticator work?

You must first associate the Blizzard Authenticator to the World of Warcraft account you play.  Once the account has been linked, the Authenticator token will be required to log in to Account Management or to the game; when logging in, you will be prompted to supply a digital code generated by the Authenticator.

How do I associate a Blizzard Authenticator with an account?

You can associate your Blizzard Authenticator to the World of Warcraft account you play by logging into Account Management. Click the “Add Blizzard Authenticator” button and then enter the serial number on the back of your Blizzard Authenticator.

What is a digital code and where do I see it?

The digital code is a six-digit numeric code that is produced when you press the button on the front of your Blizzard Authenticator. Each code is unique and is valid only once.

Where do I enter the digital code when I log in to World of Warcraft or to Account Management?

After you enter the account name and password, you’ll be prompted to provide the digital code from your Blizzard Authenticator. You must press the button on your Authenticator and enter the code it displays to complete your login.

Can I apply my Blizzard Authenticator to more than one account?

Yes! You’re welcome to associate a single Blizzard Authenticator to as many accounts as you like. Please remember that you must have that Authenticator with you to log in to any of these accounts afterwards.

Can I have two Blizzard Authenticator associated to my account to have one at work and another at home?

No, only one authenticator can be attached to an account at a time you would need to carry it with you to log in from different computers.

Keyloggers, beware.  A hardware dongle isn't something you can bypass, at least for now.  Maybe we'll see follow-on products as well.

Via:  JoyStiq
mazuki 6 years ago
hardware dongles are quickly bypassed, and i'm guessing all it is is a USB drive that contains either your, or a universal cd-key, this will be quickly broken if WoW has the userbase they claim
miscpenguin 6 years ago

Agreed. If they charge anything for this, which of course they will, it's just another money scheme (like Blizzard needs any more money!). People need to take security into their own hands if they really want to be safe.


edit: $6.50 isn't bad, but take into account the inital cost, and all the monthly fees, you have to wonder... For instance, will it start shipping with new copies?

Lev_Astov 6 years ago
It's actually quite secure. I believe I know of this technology and it is used by some of the most secure companies to protect their users computers. I don't think they're impervious, but they haven't been cracked yet, since they are still in use.
baddaybeav 6 years ago
this isn't a usb dongle, (though the article makes it sound like one) it will likely be something like an RSA token with a predictable random number being generated. (according to some algorithm based on time).

this is a very good thing and extremely hard to crack as you have to get the algorithm to get the numbers.
mazuki 6 years ago
actually you don't even have to get the algo, you can make a digital copy of the USB stick, there are even companies out there that will do it for you for a small fee.
3vi1 6 years ago
It doesn't sound like it's a USB stick at all (can't tell because work proxy blocks the image in the post below). It sounds just like an RSA keyfob.

Most large corporations use them to protect their VPN sessions - you're not going to be able to copy it.
Crisis Causer 6 years ago

Dave_HH 6 years ago
Nice work, Crisis. I looked around for that but couldn't find an image for some reason.
dizowned 6 years ago
yep, looks like a nice RSA keyring. If its anything like what I've used in the pass, the algorithm is usually seeded and it starts rotating and will take something like 9-10 years for it to repeat. If this is being combined and mangled with your password somehow then its pretty secure.
steviesteveo 6 years ago

It's not a USB key in anyway, it's not the WoW equivalent of a Cubase dongle. As soon as it starts talking about giving you a so many digit code it's talking a pseudorandom number generator as part of an encryption system.

I first saw one of these on a nuclear engineer's keychain and he used it to authenticate his remote access sessions to a nuclear power plant's control system, his version was more than 6 digits, used alphanumeric characters and each key expired every 10 seconds to give a more serious level of security than they're going to use for WoW but it's the same concept.

I personally think it's a huge amount of overkill for a video game but I guess it shows the extent of the problem.

Post a Comment
or Register to comment