Guild Wars Forums - GW Guru
 
 

Go Back   Guild Wars Forums - GW Guru > The Outer Circle > Off-Topic & the Absurd

Notices

Reply
 
Thread Tools Display Modes
Old Jun 28, 2008, 08:47 PM // 20:47   #1
Wilds Pathfinder
 
Join Date: Dec 2005
Location: Southern California
Profession: R/Mo
Advertisement

Disable Ads
Default New Security Device for WoW - GW you reading?

http://news.yahoo.com/s/zd/20080627/tc_zd/229172

1UP Staff - ExtremeTech Fri Jun 27, 1:12 PM ET

Reaching endgame content in any massively multiplayer game is not accomplished overnight. Unfortunately, after dumping all that time into the game, every player runs the risk of having their account compromised; in a matter of seconds everything may be lost.

To prevent such events from occurring in their popular MMORPG, Blizzard has announced the Blizzard Authenticator. The developer describes the device as such:

"an optional tool that offers World of Warcraft players an additional layer of security to help prevent unauthorized account access. The Authenticator itself is a physical 'token' device that fits easily on a keyring."

Users who register the Authenticator with their WOW account (or multiple accounts) will encounter an additional screen after entering their account name and password at the login screen. They will then be prompted to enter a digital code randomly generated on the Authenticator. Each code is unique and is valid only once. Once activated, the only way of removing the extra level of security provided by the device is to call billing and account services.

The Blizzard Authenticator will be available at the Blizzard Store for $6.50. No release date has been announced.

----------------------------------------

Sounds like something that might be needed here due to the account hacks that have been happening a lot more in recent weeks. A lot of companies use them for laptops attaching to the VPN.
Masseur is offline   Reply With Quote
Old Jun 28, 2008, 08:52 PM // 20:52   #2
Krytan Explorer
 
sph0nz's Avatar
 
Join Date: May 2005
Guild: none.
Profession: W/
Default

Quote:
Reaching endgame content in any massively multiplayer game is not accomplished overnight.
Only in Guild Wars.

Anyway, it may be a good thing to have, but I'm not sure if I would want to pay to have additional security that probably should be there in the first place. There are other free to play MMORPGs that automatically install security devices to help prevent account theft. Interesting that Blizzard's device is a physical item.
sph0nz is offline   Reply With Quote
Old Jun 28, 2008, 09:10 PM // 21:10   #3
Forge Runner
 
Bowstring Badass's Avatar
 
Join Date: Nov 2005
Location: Character selection screen figuring what I want to play...
Guild: Purple Lingerie - :D
Default

Seems really pointless. If you don't want to get hacked don't download stuff you know is not safe... Also I heard #s were good in passwords.
Bowstring Badass is offline   Reply With Quote
Old Jun 28, 2008, 09:13 PM // 21:13   #4
Frost Gate Guardian
 
captain_carter's Avatar
 
Join Date: Jul 2007
Location: England
Guild: The X Viles [TXV]
Profession: R/
Default

The authentitcator randomly generates a code, how does the additional screen know what code the authenticator generated?, presumably with some sort of easily crackable method given the low cost of this item.
captain_carter is offline   Reply With Quote
Old Jun 28, 2008, 09:22 PM // 21:22   #5
Academy Page
 
Join Date: Jul 2006
Guild: Ceasers X I Legion
Profession: W/Mo
Default

Do we know how long this device will last?
Soooo lasts half a year, and breaks!
Hmmmm get on WoW, enter authentication code, woops! You arn't authentic lol!
Great idea . . .
Seriously I'll stick to having a password and some decent dam protection on my computer
madman24749 is offline   Reply With Quote
Old Jun 28, 2008, 09:44 PM // 21:44   #6
Wilds Pathfinder
 
nebuchanezzar's Avatar
 
Join Date: Jun 2005
Location: 功夫之王
Profession: N/
Default

This will appease those who fear being hacked/stolen. The fact is though, that intelligent knowledge of how to protect yourself is just as good, and free.
Like madman said, in most cases account theft is easily avoidable by not doing dumb things. Change your password, don't use actual words, change is every now and then, don't ever ever share it, and don't use 3rd party mods. WoW however is chock full of mods and macro's used by many. That automatically opens a small crack in your armor if you happen do download one that is a keylogger for example.
I think Blizzard will actually make money on this though. Many people don' understand security at all and would feel "safer" with this option.
nebuchanezzar is offline   Reply With Quote
Old Jun 28, 2008, 09:48 PM // 21:48   #7
Hall Hero
 
Bryant Again's Avatar
 
Join Date: Feb 2006
Default

Quote:
Originally Posted by nebuchanezzar
...and don't use 3rd party mods.
A lot of gameplay relies on mods, and they're a hugely impacting and fun part of gameplay. Know where your mods are coming from is a smarter route, even smarter is knowing what mods are supposed to look like (if your addon came with an .exe, it's probably not safe).

Last edited by Commander Ryker; Jun 28, 2008 at 11:26 PM // 23:26..
Bryant Again is offline   Reply With Quote
Old Jun 28, 2008, 10:15 PM // 22:15   #8
Frost Gate Guardian
 
xPIMPx's Avatar
 
Join Date: Jul 2005
Location: Uk
Guild: Hmmm Defrosted Cat [Poo]
Profession: W/A
Default

They are charging people to protect their acounts, how thoughtful of them.
xPIMPx is offline   Reply With Quote
Old Jun 28, 2008, 10:26 PM // 22:26   #9
Frost Gate Guardian
 
Join Date: Mar 2008
Default

wow... game industry finally grown up to RSA
Robbert Monga is offline   Reply With Quote
Old Jun 28, 2008, 10:30 PM // 22:30   #10
Forge Runner
 
Lishy's Avatar
 
Join Date: Jan 2008
Default

Lets hope GW2 COMES with something like this
Lishy is offline   Reply With Quote
Old Jun 28, 2008, 10:33 PM // 22:33   #11
Hall Hero
 
Bryant Again's Avatar
 
Join Date: Feb 2006
Default

Or at least with the option. If you know your stuff, what links not to press, and how to not make a bad password, then this isn't really required.
Bryant Again is offline   Reply With Quote
Old Jun 28, 2008, 10:41 PM // 22:41   #12
Forge Runner
 
Lishy's Avatar
 
Join Date: Jan 2008
Default

Meh, this is just an excuse to hack wow without getting busted in my opinion.
Lishy is offline   Reply With Quote
Old Jun 28, 2008, 10:41 PM // 22:41   #13
Forge Runner
 
Etta's Avatar
 
Join Date: Jun 2006
Location: Mancland, British Empire
Default

$6.50 x number of wow players that choose to protect their account this way = A lot of happy share holders (not that they're not happy atm) and another big fat bonus.

Well play Blizzard, well play indeed.
Etta is offline   Reply With Quote
Old Jun 28, 2008, 11:01 PM // 23:01   #14
Lion's Arch Merchant
 
Join Date: Apr 2007
Profession: E/
Default

Quote:
Originally Posted by Etta
$6.50 x number of wow players that choose to protect their account this way = A lot of happy share holders (not that they're not happy atm) and another big fat bonus.

Well play Blizzard, well play indeed.
they wouldn't even need to do that, they have starcraft 2 coming out and D3, and the world of the world of warcraft as well, I can safely say if billizard doesn't mess up those 3 games... they could rule the world.. of real life.
Nittle Grasper is offline   Reply With Quote
Old Jun 28, 2008, 11:14 PM // 23:14   #15
Desert Nomad
 
StormDragonZ's Avatar
 
Join Date: Jan 2008
Location: New York
Profession: W/R
Default

Another way to earn money... that's all I noticed.

It's a interesting idea, but... hmm... I'll have to think about how this can be portrayed in a way that involves Ebay and selling accounts.
StormDragonZ is offline   Reply With Quote
Old Jun 28, 2008, 11:25 PM // 23:25   #16
Age
Hall Hero
 
Age's Avatar
 
Join Date: Jul 2005
Location: California Canada/BC
Guild: STG Administrator
Profession: Mo/
Default

I would still prefer a charactor lock option and do not delete.
Age is offline   Reply With Quote
Old Jun 28, 2008, 11:26 PM // 23:26   #17
Krytan Explorer
 
bamm bamm bamm's Avatar
 
Join Date: Jul 2006
Default

Quote:
Originally Posted by captain_carter
The authentitcator randomly generates a code, how does the additional screen know what code the authenticator generated?, presumably with some sort of easily crackable method given the low cost of this item.
Read here.

I think it's pretty cool, provided it's optional. It pretty much kills keyloggers.
bamm bamm bamm is offline   Reply With Quote
Old Jun 28, 2008, 11:41 PM // 23:41   #18
Wilds Pathfinder
 
SaucE's Avatar
 
Join Date: Oct 2005
Location: OgreSlayingKnife.com
Guild: [MEEP] Biscuit of Dewm
Profession: N/
Default

Alot of companies are starting to use this technology. The chances of someone being able to get access to an account without the device are nil.
SaucE is offline   Reply With Quote
Old Jun 28, 2008, 11:42 PM // 23:42   #19
Grotto Attendant
 
Join Date: Apr 2007
Default

Quote:
Originally Posted by captain_carter
The authentitcator randomly generates a code, how does the additional screen know what code the authenticator generated
The numbers aren't truly random. It's just a pseudo-random number generator. It produces a fixed, repeating, but very long, sequence of seemingly-unrelated numbers with an even distribution across a range, with the starting point in the sequence determined by an input, often called the "seed." The seed is hardcoded into the keyfop and also known to the server. The keyfop advances to the next number in the sequence every X sec, which you have to enter before it advances again. The server runs the same pseudo-random number generator to determine which number in the sequence that seed should have produced at the time you submitted your code. If they match, you get access; if they don't, you don't.

Weaknesses:
1. You can lose or break the keyfop. Then you're SOL unless you can get support to help you.
2. Social engineers can steal accounts by tricking the support staff who deals with "I lost/broke my keyfop."
3. Cheaply made keyfops (or keyfop batteries) may run their clock faster or slower than the server, which means it gives you the wrong code.
4. Although they are tamper resistant, the pseudo-random number generation algorithm can be extracted by (destructively) examining the keyfop hardware. With the algorithm in hand, an attacker knows the sequence of valid codes. If they can learn what your seed is or learn what your code was at a given time, then they can compute which codes will be valid when for your account. Although extracting the algorithm requires expensive hardware and numerous sacrificial keyfops, the value of stolen WoW accounts is high enough that someone's sure to do it.
Chthon is offline   Reply With Quote
Old Jun 28, 2008, 11:50 PM // 23:50   #20
Forge Runner
 
Carinae's Avatar
 
Join Date: Jun 2005
Location: Inside
Guild: Fifteen Over Fifty [Rare]
Default

Extract sealed, red card from the security vault.

Carry sealed, red card back to desk in plain view of everyone.

"Permission to authenticate?"

"Permission granted. Authenticate."

[snapping noise]

Extract red paper card.

Carefully look at card.

BRAVO ECHO ECHO CHARLIE TANGO ALPHA ZULU BRAVO

Hand card to next ranking officer (or your mother)

Carefully look at card.

BRAVO ECHO ECHO CHARLIE TANGO ALPHA ZULU BRAVO
Carinae is offline   Reply With Quote
Reply

Share This Forum!  
 
 
           

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Doomsday Device Guild Recruitment 0 Nov 21, 2007 08:21 PM // 20:21
An Official GW Polling Device Melkorium Sardelac Sanitarium 13 Jun 20, 2007 12:56 PM // 12:56
Device Driver Error The Lich Ranger Technician's Corner 1 Mar 24, 2006 10:01 PM // 22:01
Tsunami Rain Off-Topic & the Absurd 8 Mar 21, 2006 11:19 PM // 23:19
D.E.V.i.A.N.C.E Off-Topic & the Absurd 4 Dec 25, 2005 01:07 AM // 01:07


All times are GMT. The time now is 08:12 AM // 08:12.


Powered by: vBulletin
Copyright ©2000 - 2016, Jelsoft Enterprises Ltd.
jQuery(document).ready(checkAds()); function checkAds(){if (document.getElementById('adsense')!=undefined){document.write("_gaq.push(['_trackEvent', 'Adblock', 'Unblocked', 'false',,true]);");}else{document.write("