Blizzard has made the log- in process a little smarter . You may not be asked to type in and use your Authenticator if your logging in from what they consider to be a safe computer. You will still need your password, just not your code. Since the changes were announced I have not been asked for my Authenticator code at all, (have only logged in from my Home PC)
I’ve gotten my money’s worth out of the 20.68 US I paid in shipping plus the $6.50 back in Sep 2008, but I still feel a little weird not having to use it.
My Authenticator has its own little hook on my computer. I enter my password, and with my left hand I have automatically reached out, grabbed my dongle ready for the next prompt to enter my code in, so I can then place it back on its hook. ( excuse my Olivia from fringe desktop – She’s Aussie ya know
The hook has been useful and was implemented after a minor ‘panic’ one raid night some time ago where I spent 1/2 hour searching for my authenticator, only to find for some strange reason I had packed it in my backpack the night before. ( I guess I should have been lucky It wasn’t the freezer.) I then decided it needed a home, and so got some cheap stick on hooks and attached one to my monitor.
The change to the requirement for the Authenticator has become a hard habit to break. Logging in the last few days, I still reach for my Authenticator. I hold it, automatically press the button, and then I am on the Character screen, the black digits on the LED screen looking at me forlornly.
Eventually I am sure I will break that habit of reaching for it.
It may even save the battery, but that has a life expectancy of 7 years
I know that Blizz are trying to make it easier to log in, it’s one less step, and if they are assured that it’s me when logging in, then they don’t need me to Authenticate,
But the Authenticator has been a good security habit. It made me feel safe, in control of my own account security. That I need to use it regularity means I each time I log in, I then effectively check to make sure I know where it is. ( back on your hook now /pat ) I choose not to use a mobile authenticator because I figured something was more likely to happen to my phone then it was to a dongle that didn’t leave my desk. I was actively in control by using the authenticator to protect my account. It was only ever an inconvenience when I was having repeated log in issues.
Instead the authenticator has become a ‘big brother’ kind of security, and how am I reassured that it will kick in when I need it to if I never see it working. I have to trust that it will protect me.
I no longer feel in control, an important part of empowering me, giving me responsibility for my security has been taken away, and its concerning that in an age where we are supposed to be more security conscious, more empowered about our finances, and passwords, and money that there are moves to make us complacent in not actively being as involved in our own security.