Blizzard to Intro Hardware WoW Authenticator

rated by 0 users
This post has 10 Replies | 0 Followers

Top 10 Contributor
Posts 26,484
Points 1,196,275
Joined: Sep 2007
ForumsAdministrator
News Posted: Thu, Jun 26 2008 9:59 PM

It's clear that games are big business, and from the sheer number of password-stealing trojans trolling for your WoW info, it's also a big attraction for malware.  Blizzard intends to make it more difficult for anyone to log into your account, even if they have your password.

"An added security feature for those worried about account theft, Blizzard is introducing an Authenticator at this weekend's Worldwide Invitational (WWI) in Paris. The Authenticator is a piece of hardware (we're guessing USB-related) has a button you press whenever you start World of Warcraft that must be inputted to log in. "

What is the Blizzard Authenticator?

 
WoW Burning Crusade
Source:  Bizzard Entertaiment

The Blizzard Authenticator is an optional tool that offers World of Warcraft players an additional layer of security to help prevent unauthorized account access. The Authenticator itself is a physical “token” device that fits easily on a keyring.  Here's a snip from the Blizzard Authenticator FAQ...

Where do I get a Blizzard Authenticator?

The Blizzard Authenticator will be able to be purchased directly from the Blizzard Store for $6.50 *Coming Soon*.

How does the Blizzard Authenticator work?

You must first associate the Blizzard Authenticator to the World of Warcraft account you play.  Once the account has been linked, the Authenticator token will be required to log in to Account Management or to the game; when logging in, you will be prompted to supply a digital code generated by the Authenticator.

How do I associate a Blizzard Authenticator with an account?

You can associate your Blizzard Authenticator to the World of Warcraft account you play by logging into Account Management. Click the “Add Blizzard Authenticator” button and then enter the serial number on the back of your Blizzard Authenticator.

What is a digital code and where do I see it?

The digital code is a six-digit numeric code that is produced when you press the button on the front of your Blizzard Authenticator. Each code is unique and is valid only once.

Where do I enter the digital code when I log in to World of Warcraft or to Account Management?

After you enter the account name and password, you’ll be prompted to provide the digital code from your Blizzard Authenticator. You must press the button on your Authenticator and enter the code it displays to complete your login.

Can I apply my Blizzard Authenticator to more than one account?

Yes! You’re welcome to associate a single Blizzard Authenticator to as many accounts as you like. Please remember that you must have that Authenticator with you to log in to any of these accounts afterwards.

Can I have two Blizzard Authenticator associated to my account to have one at work and another at home?

No, only one authenticator can be attached to an account at a time you would need to carry it with you to log in from different computers.


Keyloggers, beware.  A hardware dongle isn't something you can bypass, at least for now.  Maybe we'll see follow-on products as well.

  • Filed under:
  • | Post Points: 95
Top 500 Contributor
Posts 150
Points 2,250
Joined: Sep 2007
Location: U.S.
mazuki replied on Thu, Jun 26 2008 11:09 PM
hardware dongles are quickly bypassed, and i'm guessing all it is is a USB drive that contains either your, or a universal cd-key, this will be quickly broken if WoW has the userbase they claim
  • | Post Points: 35
Not Ranked
Posts 62
Points 1,140
Joined: May 2008
Location: Michigan

Agreed. If they charge anything for this, which of course they will, it's just another money scheme (like Blizzard needs any more money!). People need to take security into their own hands if they really want to be safe.

 

edit: $6.50 isn't bad, but take into account the inital cost, and all the monthly fees, you have to wonder... For instance, will it start shipping with new copies?

  • | Post Points: 5
Not Ranked
Posts 0
Points 5
Joined: Jun 2008
baddaybeav replied on Fri, Jun 27 2008 12:23 PM
this isn't a usb dongle, (though the article makes it sound like one) it will likely be something like an RSA token with a predictable random number being generated. (according to some algorithm based on time).

this is a very good thing and extremely hard to crack as you have to get the algorithm to get the numbers.
  • | Post Points: 5
Top 500 Contributor
Posts 150
Points 2,250
Joined: Sep 2007
Location: U.S.
mazuki replied on Fri, Jun 27 2008 12:57 PM
actually you don't even have to get the algo, you can make a digital copy of the USB stick, there are even companies out there that will do it for you for a small fee.
  • | Post Points: 20
Top 75 Contributor
Posts 1,677
Points 24,005
Joined: Aug 2002
Location: Pittsburgh, Pennsylvania

Hello

  • | Post Points: 20
Top 10 Contributor
Posts 5,054
Points 60,735
Joined: May 2008
Location: U.S.
Moderator
3vi1 replied on Fri, Jun 27 2008 2:32 PM
It doesn't sound like it's a USB stick at all (can't tell because work proxy blocks the image in the post below). It sounds just like an RSA keyfob.

Most large corporations use them to protect their VPN sessions - you're not going to be able to copy it.

What part of "Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn" don't you understand?

++++++++++++[>++++>+++++++++>+++>+<<<<-]>+++.>++++++++++.-------------.+++.>---.>--.

  • | Post Points: 5
Top 200 Contributor
Posts 412
Points 5,250
Joined: Apr 2007
Location: United States, Maryland
Lev_Astov replied on Fri, Jun 27 2008 3:23 PM
It's actually quite secure. I believe I know of this technology and it is used by some of the most secure companies to protect their users computers. I don't think they're impervious, but they haven't been cracked yet, since they are still in use.

><((((">Lev Astov

  • | Post Points: 5
Not Ranked
Posts 65
Points 800
Joined: Jun 2008
dizowned replied on Fri, Jun 27 2008 10:54 PM
yep, looks like a nice RSA keyring. If its anything like what I've used in the pass, the algorithm is usually seeded and it starts rotating and will take something like 9-10 years for it to repeat. If this is being combined and mangled with your password somehow then its pretty secure.

It's not custom unless your the only one who can boot it.

  • | Post Points: 5
Top 25 Contributor
Posts 3,649
Points 55,380
Joined: Jul 2004
Location: United States, Massachusetts
ForumsAdministrator
MembershipAdministrator
Dave_HH replied on Sat, Jun 28 2008 6:16 AM
Nice work, Crisis. I looked around for that but couldn't find an image for some reason.

Editor In Chief
http://hothardware.com


  • | Post Points: 5
Not Ranked
Posts 1
Points 25
Joined: Jun 2008

It's not a USB key in anyway, it's not the WoW equivalent of a Cubase dongle. As soon as it starts talking about giving you a so many digit code it's talking a pseudorandom number generator as part of an encryption system.

I first saw one of these on a nuclear engineer's keychain and he used it to authenticate his remote access sessions to a nuclear power plant's control system, his version was more than 6 digits, used alphanumeric characters and each key expired every 10 seconds to give a more serious level of security than they're going to use for WoW but it's the same concept.

I personally think it's a huge amount of overkill for a video game but I guess it shows the extent of the problem.

  • | Post Points: 5
Page 1 of 1 (11 items) | RSS