WoW’s New Security – Authenticator

WoW’s Security gotten better!

WoW’s always been a little bit ahead in Account Security and restoration. Their “Launcher” (FFXI’s POL Launcher equilvalent) actually does a well-known trojan scan to ensure your PC is clean (also scans for hacking programs), as well as quick response time to a compromised account. Whereas FFXI is a little different.. I know a few friends who got their account jacked and takes 3 weeks to get something restored. Hell I even know one today that got partial item lost! Still have their account but item restoration (Rare/Ex) was not possible.. anyway, well Blizzard finally deploy industry-standard security login. Your Normal Login Authentication (which consists of your Username + Password) + Authenticator or a.k.a the “Clicker”. This is what so call a “two-factor authentication”, meaning even if one thing is compromised, it will still remain safe!

Blizzard Authenticator

After registering your authenticator with blizzard under WoW’s account management, the login screen will requre 3 piece of information instead of two.

UserName: (Or your POL ID)
Password: (POL Password)
Authenticator: (The randomly generated number based on “some information”)

The easy way of how it works.

The Authenticator is a number that is “generated” according to your serial ID of your authenticator combined with “some other information” that is calculatable such as time. The Authenticator code will only valid for 60 seconds before it expires.

For explanation, we’ll use an easy way to explain the general concept. The real authenticator will work in a much more complex way.

Say your serial of your authenticator 123456. Time now is 1400. Say you login at 2pm, when you press the authenticator, it will give you the number 123456 + 1400 = 124856

Blizzard knows exactly your account’s authenticator serial is 123456, so they are “expecting” the input of 124856 from you that is, “if” you have the authenticator. Part of the registration is “asking for your authenticator serial number”.

Say another person’s authenticator serial is 100000. Time now is 1400. Say you login at 2pm, the same person will have a total different Authenticator password: 100000 + 1400 = 101400 as their password. Which means your authenticator will not work with other accounts.

Because this is randomly generated, brute forcing is nearly impossible. Keep in mind, the real authenticator works in a much more complex ways, which probably requires a pretty complex algorithm (program codes/equation).

Its not new technology.

I’ve been using this to access my corporate network’s data. But I’m glad Blizzard has taken the step to to bring these security tecnology to their customers.

Now we just have to hope SE put this “Authenticator” into our next expansion or offer them for sale. Blizzard is selling it for 6.50, cheaper than mouse pad. Obviously they aren’t really looking into making money from this thing but, the cost saving from not having GM speaking to customer about account compromise is an indirect saving/profit from selling this Authenticator.

If you play WoW, you can keep an eye on this page. Its listed as sold out atm.

Here’s some article related to WoW’s Authenticator.

• WoW Forums: Authenticator needs to be free.
• Engadget: Review of the Blizzard Authenticator.
• WoW Insider: LOL to Authenticator Sold Out.

As always, keeping an account secure is the repsonsibility of the User. Here’s a guide from Blizzard regarding protecting your account.