Tuesday, September 21, 2010

Battle.net authenticator, noobery narrowly averted

My World of Warcraft account has been inactive since April this year, when I ran out of things I wanted to do in-game. But a month or two back, a post by The Ancient Gaming Noob about yet another inactive account getting hacked brought it to my attention that (a) what I’d always thought of as a WoW account authenticator is actually a Battle.net account authenticator, and (b) you can attach one to your account, no problems, regardless of whether or not you have an active WoW subscription.

I’d always shrugged off these authenticators in the past, since while they’re cheap ($US6.50!), the postage and handling to ship one to Australia is blisteringly expensive – $US20.68 last time I looked, bringing the price of an authenticator close to that of two months worth of subscription. Ouch!

But, by fortunate coincidence, shortly before I read this story, the company I work for assigned me an iPhone for testing purposes – and the mobile authenticator iPhone app (there are versions for Androids and other phones, too) is free! So, a few minutes later..

authclip

Easy as that! Visit the Battle.net account management. Select the menu option to add a mobile authenticator. It sends an email to your registered email address with a link to add the authenticator. Download the app onto your phone. Run it. It gives you a unique serial number for the install. Go to the link you were emailed, enter that serial number, enter the current code from the authenticator app, and bam! You’re done. Didn’t take even 5 minutes.

But of course, as Stan Lee taught us, with great power comes great responsibility. And once you’ve attached an authenticator to your account, you’re in trouble if you lose it, or break it.. or forget to deactivate it before your work gives you a new iPhone 4 and takes the old phone back.

As if anyone would do something as silly as giving their phone back to their boss without deactivating the authenticator, though! Ho ho ho! What a noob they would have to be!

It’s easy to avoid: log into Battle.net account management – you’ll need your authenticator to do this, of course. Click on the [Remove] link shown in that picture above. It will prompt you enter the next two codes from the authenticator – clever, even if someone has intercepted a code in transit, they won’t be able to use that one code to unprotect your account. And you’re done!

Then follow the same original process to hook up the new authenticator app on your new phone, and you’re sorted!

2 comments:

  1. I recently had to get my iPhone replaced and forgot to deactivate the authenticator, wah! Support were really good about it and I was up and running within 20 minutes and in time for raid.

    I found it a bit like the overwhelming backup process if you want to do a clean install of Windows or something; if you remember your fonts you forget your bookmarks because your obsessively trying to remember your fonts >_<

    ReplyDelete
  2. I love the authenticators for the security they bring but it is possible to forget. I was so excited to get my iPhone 4 last year that I forgot to remove the authenticator from my WoW account before transferring my sim across.

    In the end I had to deal with Blizzard's European support centre which weren't that helpful. I had to send them a scan of my passport (!!!) and it took nearly 48 hours to unlock the account.

    ReplyDelete