Good Security Habits being broken.

Blizzard has made the log- in process a little smarter . You may not be asked to type in and use your Authenticator if your logging in from what they consider to be a safe computer.  You will still need your password,  just not your code. Since the changes were announced I have not been asked for my Authenticator code at all, (have only logged in from my Home PC)

I’ve gotten my money’s worth out of the 20.68 US I paid in shipping plus the $6.50 back in Sep 2008,  but I still feel a little weird not having to use it.

My Authenticator has its own little hook on my computer.  I enter my password, and with my left hand I have automatically reached out,  grabbed my dongle ready for the next prompt to enter my code in, so I can then place it back on its hook. ( excuse my Olivia from fringe desktop – She’s Aussie ya know.. )
The hook has been useful and was implemented after a  minor ‘panic’ one raid night some time ago where I  spent 1/2 hour searching for my authenticator,  only to find for some strange reason I had packed it in my backpack the night before. ( I guess I should have been lucky It wasn’t the freezer.)   I then decided it needed a home, and so got some cheap stick on hooks and attached one to my monitor.
The change to the requirement for the Authenticator has  become a hard habit to break.  Logging in the last few days,  I still reach for my Authenticator. I hold it,  automatically press the button, and then I am on the Character screen,  the black digits on the LED screen looking at me forlornly.
Eventually I am sure I will break that habit of reaching for it.
It may even save the battery, but that has a life expectancy of 7 years apparently anyway

I know that Blizz are trying to make it easier to log in, it’s one less step,  and if they are assured that it’s me when logging in,  then they don’t need me to Authenticate,

But the Authenticator has been a good security habit.  It made me feel safe, in control of my own account security. That I need to use it regularity means I each time I log in,  I then effectively check to make sure I know where it is. ( back on your hook now  /pat  )  I choose not to use a mobile authenticator because I figured something was more likely to happen to my phone then it was to a dongle that didn’t leave my desk. I was actively in control by using the authenticator to protect my account.   It was only ever an inconvenience when I was having repeated log in issues.
Instead the authenticator has become a ‘big brother’ kind of security, and how am I reassured that it will kick in when I need it to if I never see it working.  I have to trust that it will protect me.

I no longer feel in control, an important part of empowering me, giving me responsibility for my security has been taken away, and its concerning that in an age where we are supposed to be more security conscious, more empowered about our finances, and passwords, and money that there are moves to make us complacent in not actively being as involved in our own security.

The good news regardless is that ” The bottom seems to have fallen out of Gaming- Related Cybercrime”   stealing MMORPG characters and selling them is apparently not as profitable.

11 Responses to “Good Security Habits being broken.”

  1. 1 Sephrenia June 20, 2011 at 12:06 pm

    I completely agree with you. While I was not as organised as you, I am missing the scrabbling round my desk trying to find my authenticator. It feels strange without it.

    The authenticator isn’t actually that a good a security blanket. I went on holiday to Malta, took my authenticator and had my account suspended for unusual activity, even though I used my authenticator 😦 Took me a while to work out how to log into my email when not at home to get the message about it, change my password and get online.

    Fringe – YAY! Best series ever 🙂

  2. 3 theerivs June 20, 2011 at 3:51 pm

    Blizz always did keep track of where you were playing from, and I have to say about time.

    Yeah it’s so easy to buy gold now, it’s not worth stealing to get it now.

    • 4 theerivs June 20, 2011 at 3:52 pm

      DOH!…I meant it’s so easy to get gold, it’s not worth stealing or buying it now…no demand…no need for supply

      Whats Fringe? LOL!

      • 5 Pugnacious Priest June 20, 2011 at 10:13 pm

        Most awesome tv show – fringe science 🙂 it’s a US show so I’m sure u’d be able to acquire an ep or two- then I shall need to be forgiven for 3 seasons you will have to watch

    • 6 Pugnacious Priest June 20, 2011 at 10:17 pm

      But then why have authenticators at all – it’s supposed to be based on more then your ip address and we know they check your game randomly for botting programs surely the ip and an imprint of your system and nomination of a safe pc would mean an extra layer of security from information they already have

  3. 7 Eden June 20, 2011 at 5:55 pm

    I was hoping for an opt out button with the “smart security” but alas, no. I too feel a sense of unease by not using it. I’m putting my faith that Blizzard knows what they are doing.

  4. 8 Shiva June 21, 2011 at 11:16 pm

    I personally love this change. I always found the authenticator to be annoying. Albeit, when I had a Blackberry it was way more annoying. But the iphone version is spiffy. I really dont want a standalone authenticator either because I fear I’d lose it. And leaving it at home or tied to a computer meant I couldn’t use it on other computers/other places.

  5. 9 Runzwithfire June 22, 2011 at 9:35 am

    Honestly, I hate this change. It wasn’t required because typing in your authenticator code wasn’t exactly a hardship at all and all it has done is potentially undermine my confidence that my account is as secure as it was. Maybe it’s paranoia but at least when I had to enter the digits I knew that what was required was my own authenticator tied to my account and no amount of phising or trojans was going to get that. There are very smart people out there who make all sorts of stupid viruses that ghost IPs etc – without seeing that little authenticator box appear which I physically have to type in, how do I know it’s working?

    At the least Blizzard should have given us the option to enable or disable this ‘smart logon’; mine would have been firmly set to disabled!

  6. 10 Sardit TheGoblin June 22, 2011 at 9:34 pm

    hate the change wich they’d revert it or let me opt out.

    No amount of system imaging, ip-adresses and geographical location can ever bear a completely randomn string of numbers that only i can provide in security.

    Don’t mention the key being hackable, i know they are, but they still require lareg ( as in several thousands ) of samples to break them. Cost efficiency dictates they will not spend the time / effort to get the right string for my specific authenticator. Who’s to say whats on my account anyway, it could be goldcapped three times, or just filled with low lvl alts. Nothing to say on the outside as long as i don’t give out my e-mail or realid ingame or forums.

  7. 11 Holywarrior July 15, 2011 at 12:18 pm

    7 years battery? Mine just died and I bought it as soon as the 2nd batch became available! I bought 3 at the time expecting there to be another shortage and be able to sell for massive profits on eBay. No shortage arose so I was stuck with 2 spares!

    Oh well, good job eh? No – I couldn’t find them when #1 died – GAH!

    So now I am on mobile Authenticator, which is pretty cool, but as you say, it makes me nervous as it’s more mobile and therefore more likely to get lost.

Comments are currently closed.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 1,017 other subscribers


Add to Google

Wanna Email me?

Provided by Nexodyne


Blog Azeroth

Blog Stats

  • 835,889 hits

%d bloggers like this: