Curse

Masseur · Jun 28, 2008, 08:47 PM // 20:47

http://news.yahoo.com/s/zd/20080627/tc_zd/229172

1UP Staff - ExtremeTech Fri Jun 27, 1:12 PM ET

Reaching endgame content in any massively multiplayer game is not accomplished overnight. Unfortunately, after dumping all that time into the game, every player runs the risk of having their account compromised; in a matter of seconds everything may be lost.

To prevent such events from occurring in their popular MMORPG, Blizzard has announced the Blizzard Authenticator. The developer describes the device as such:

"an optional tool that offers World of Warcraft players an additional layer of security to help prevent unauthorized account access. The Authenticator itself is a physical 'token' device that fits easily on a keyring."

Users who register the Authenticator with their WOW account (or multiple accounts) will encounter an additional screen after entering their account name and password at the login screen. They will then be prompted to enter a digital code randomly generated on the Authenticator. Each code is unique and is valid only once. Once activated, the only way of removing the extra level of security provided by the device is to call billing and account services.

The Blizzard Authenticator will be available at the Blizzard Store for $6.50. No release date has been announced.

----------------------------------------

Sounds like something that might be needed here due to the account hacks that have been happening a lot more in recent weeks. A lot of companies use them for laptops attaching to the VPN.

sph0nz · Jun 28, 2008, 08:52 PM // 20:52

Quote:

Reaching endgame content in any massively multiplayer game is not accomplished overnight.

Only in Guild Wars.

Anyway, it may be a good thing to have, but I'm not sure if I would want to pay to have additional security that probably should be there in the first place. There are other free to play MMORPGs that automatically install security devices to help prevent account theft. Interesting that Blizzard's device is a physical item.

Bowstring Badass · Jun 28, 2008, 09:10 PM // 21:10

Seems really pointless. If you don't want to get hacked don't download stuff you know is not safe... Also I heard #s were good in passwords.

captain_carter · Jun 28, 2008, 09:13 PM // 21:13

The authentitcator randomly generates a code, how does the additional screen know what code the authenticator generated?, presumably with some sort of easily crackable method given the low cost of this item.

madman24749 · Jun 28, 2008, 09:22 PM // 21:22

Do we know how long this device will last?
Soooo lasts half a year, and breaks!
Hmmmm get on WoW, enter authentication code, woops! You arn't authentic lol!
Great idea . . .
Seriously I'll stick to having a password and some decent dam protection on my computer

nebuchanezzar · Jun 28, 2008, 09:44 PM // 21:44

This will appease those who fear being hacked/stolen. The fact is though, that intelligent knowledge of how to protect yourself is just as good, and free.
Like madman said, in most cases account theft is easily avoidable by not doing dumb things. Change your password, don't use actual words, change is every now and then, don't ever ever share it, and don't use 3rd party mods. WoW however is chock full of mods and macro's used by many. That automatically opens a small crack in your armor if you happen do download one that is a keylogger for example.
I think Blizzard will actually make money on this though. Many people don' understand security at all and would feel "safer" with this option.

Bryant Again · Jun 28, 2008, 09:48 PM // 21:48

Quote:

Originally Posted by nebuchanezzar

...and don't use 3rd party mods.

A lot of gameplay relies on mods, and they're a hugely impacting and fun part of gameplay. Know where your mods are coming from is a smarter route, even smarter is knowing what mods are supposed to look like (if your addon came with an .exe, it's probably not safe).

xPIMPx · Jun 28, 2008, 10:15 PM // 22:15

They are charging people to protect their acounts, how thoughtful of them.

Robbert Monga · Jun 28, 2008, 10:26 PM // 22:26

wow... game industry finally grown up to RSA

Lishy · Jun 28, 2008, 10:30 PM // 22:30

Lets hope GW2 COMES with something like this

Bryant Again · Jun 28, 2008, 10:33 PM // 22:33

Or at least with the option. If you know your stuff, what links not to press, and how to not make a bad password, then this isn't really required.

Lishy · Jun 28, 2008, 10:41 PM // 22:41

Meh, this is just an excuse to hack wow without getting busted in my opinion.

Etta · Jun 28, 2008, 10:41 PM // 22:41

$6.50 x number of wow players that choose to protect their account this way = A lot of happy share holders (not that they're not happy atm) and another big fat bonus.

Well play Blizzard, well play indeed.

Nittle Grasper · Jun 28, 2008, 11:01 PM // 23:01

Quote:

Originally Posted by Etta

$6.50 x number of wow players that choose to protect their account this way = A lot of happy share holders (not that they're not happy atm) and another big fat bonus.

Well play Blizzard, well play indeed.

they wouldn't even need to do that, they have starcraft 2 coming out and D3, and the world of the world of warcraft as well, I can safely say if billizard doesn't mess up those 3 games... they could rule the world.. of real life.

StormDragonZ · Jun 28, 2008, 11:14 PM // 23:14

Another way to earn money... that's all I noticed.

It's a interesting idea, but... hmm... I'll have to think about how this can be portrayed in a way that involves Ebay and selling accounts.

Age · Jun 28, 2008, 11:25 PM // 23:25

I would still prefer a charactor lock option and do not delete.

bamm bamm bamm · Jun 28, 2008, 11:26 PM // 23:26

Quote:

Originally Posted by captain_carter

The authentitcator randomly generates a code, how does the additional screen know what code the authenticator generated?, presumably with some sort of easily crackable method given the low cost of this item.

Read here.

I think it's pretty cool, provided it's optional. It pretty much kills keyloggers.

SaucE · Jun 28, 2008, 11:41 PM // 23:41

Alot of companies are starting to use this technology. The chances of someone being able to get access to an account without the device are nil.

Chthon · Jun 28, 2008, 11:42 PM // 23:42

Quote:

Originally Posted by captain_carter

The authentitcator randomly generates a code, how does the additional screen know what code the authenticator generated

The numbers aren't truly random. It's just a pseudo-random number generator. It produces a fixed, repeating, but very long, sequence of seemingly-unrelated numbers with an even distribution across a range, with the starting point in the sequence determined by an input, often called the "seed." The seed is hardcoded into the keyfop and also known to the server. The keyfop advances to the next number in the sequence every X sec, which you have to enter before it advances again. The server runs the same pseudo-random number generator to determine which number in the sequence that seed should have produced at the time you submitted your code. If they match, you get access; if they don't, you don't.

Weaknesses:
1. You can lose or break the keyfop. Then you're SOL unless you can get support to help you.
2. Social engineers can steal accounts by tricking the support staff who deals with "I lost/broke my keyfop."
3. Cheaply made keyfops (or keyfop batteries) may run their clock faster or slower than the server, which means it gives you the wrong code.
4. Although they are tamper resistant, the pseudo-random number generation algorithm can be extracted by (destructively) examining the keyfop hardware. With the algorithm in hand, an attacker knows the sequence of valid codes. If they can learn what your seed is or learn what your code was at a given time, then they can compute which codes will be valid when for your account. Although extracting the algorithm requires expensive hardware and numerous sacrificial keyfops, the value of stolen WoW accounts is high enough that someone's sure to do it.

Carinae · Jun 28, 2008, 11:50 PM // 23:50

Extract sealed, red card from the security vault.

Carry sealed, red card back to desk in plain view of everyone.

"Permission to authenticate?"

"Permission granted. Authenticate."

[snapping noise]

Extract red paper card.

Carefully look at card.

BRAVO ECHO ECHO CHARLIE TANGO ALPHA ZULU BRAVO

Hand card to next ranking officer (or your mother)

Carefully look at card.

BRAVO ECHO ECHO CHARLIE TANGO ALPHA ZULU BRAVO