Cancel Auctions Anytime

[Treesh]

To my knowledge, they're the only company that does this.

No, RIFT has smart phone authenticators just like blizzard although they don't have the physical key fob authenticators though. So there's at least another one out there.

[Quark]

I have an authenticator, and I'm torn on it, really. I appreciate that there's another layer of security protecting my account. At the same time, though, I can't help but feel like the only reason it exists is because Blizzard doesn't trust their own basic security. To my knowledge, they're the only company that does this.

I've had authenticators for Rift and Star Wars. Google has it as well. They're exceedingly common for MMOs now; some banks have them as well. There's a reason it comes up, though, that's not related to Blizzard's security. Hacked databases with salted/hashed/plaintext passwords are showing up constantly. When you have an attacker with one of these lists, the most profitable things he can do is hit banks directly, or hit games and find things to sell.

Banking:
People tend to take their banking security more seriously (different, stronger password). They might not have online banking at all. You might not get the right bank. A login from a new computer causes a security question to appear.

Games:
Take out the first three restrictions for banking. Add in the difficulty that you have to strip a character and sell stuff instead of just taking money directly. Without an authenticator, there's no security check for new computers. With one, there is.

Banking will have bigger wins, but they'll be rarer and easier to track, and a hell of a lot more punishing legally. Same if they get something like Amazon. So games actually is more reward for them - and Blizzard's are the most common that have resellable parts.

[Lissa]

It appears that Blizzard has taken action against those that use this trick.

Blizzard banning AH cancel auction exploiters

[Mavfin]

Also, if you hear of a gold-duping exploit outside of Asia...it was a 4chan troll, looks like. No such duping happened in EU/NA. Just the already-known Asia issue.

[RiotInferno]

I have an authenticator, and I'm torn on it, really. I appreciate that there's another layer of security protecting my account. At the same time, though, I can't help but feel like the only reason it exists is because Blizzard doesn't trust their own basic security. To my knowledge, they're the only company that does this.

I've had authenticators for Rift and Star Wars. Google has it as well. They're exceedingly common for MMOs now; some banks have them as well. There's a reason it comes up, though, that's not related to Blizzard's security. Hacked databases with salted/hashed/plaintext passwords are showing up constantly. When you have an attacker with one of these lists, the most profitable things he can do is hit banks directly, or hit games and find things to sell.

Banking:
People tend to take their banking security more seriously (different, stronger password). They might not have online banking at all. You might not get the right bank. A login from a new computer causes a security question to appear.

Games:
Take out the first three restrictions for banking. Add in the difficulty that you have to strip a character and sell stuff instead of just taking money directly. Without an authenticator, there's no security check for new computers. With one, there is.

Banking will have bigger wins, but they'll be rarer and easier to track, and a hell of a lot more punishing legally. Same if they get something like Amazon. So games actually is more reward for them - and Blizzard's are the most common that have resellable parts.

Quark / Treesh, thanks for the extra info on where authenticators are being used, and how banks seem to be more secure! Security is something that I know just enough about that I don't really look into it very deeply.

[Ashock]

No. However, there's been several threads in general about ppl getting hacked while using it. Either way, I'm not about to start using one.

oO

Major problem with a simple solution. Solution refused.

I hope you have a recliner, home theater system, and hot buttery popcorn in that hole you've got your head in.

Excuse me. Why should I spend my money and on top of that inconvenience myself in order to play a free-to play game? WTF is your problem?

And yes Mavfin. It IS Blizzards fault. No other games have this problem.
If you got your nose out of their butt, you would see that, Pinocchio.

Jeez, you are an annoying one.

[Mavfin]

No. However, there's been several threads in general about ppl getting hacked while using it. Either way, I'm not about to start using one.

oO

Major problem with a simple solution. Solution refused.

I hope you have a recliner, home theater system, and hot buttery popcorn in that hole you've got your head in.

Excuse me. Why should I spend my money and on top of that inconvenience myself in order to play a free-to play game? WTF is your problem?

And yes Mavfin. It IS Blizzards fault. No other games have this problem.
If you got your nose out of their butt, you would see that, Pinocchio.

Jeez, you are an annoying one.

As has already been posted, Rift and some other games have authenticators for the same issue, as well as even Google for gmail if you want. So, no, Blizzard is not the only company. They're just the most profitable to hit, and the most targeted, ergo the most known. B.net is a huge pool of users. Millions of WoW players, D3 players and SC2 players, all in one huge DB. Yeah, it's a great target.

The authenticators don't do anything for Blizzard's security, actually. Absolutely no positive or negative impact to the security of Blizzard's servers is made. They just save Blizzard money restoring accounts after client-side compromises of login information, however they may happen, whether it be client compromise or phishing, or too-similar passwords on other accounts. Just means if someone gets your info they can't just log right in and take over.

I hope you like your head in that dark, smelly cavern. Please post your tinfoil on the official forums where it belongs and quit trashing up the Lounge with it. I did call it right in my first post replying to you. Your Blizzard-hate is showing again.

---

Quark / Treesh, thanks for the extra info on where authenticators are being used, and how banks seem to be more secure! Security is something that I know just enough about that I don't really look into it very deeply.

Chase uses the same basic technology on their website, but generates and delivers the codes to the users in different ways than Blizzard's system. As Quark said, they have more restrictions that will simply get the online access stopped till the customer verifies it's them, but, Blizzard is gaming, not banking, so that makes sense.

[Quark]

And yes Mavfin. It IS Blizzards fault. No other games have this problem.

As has already been posted, Rift and some other games have authenticators for the same issue, as well as even Google for gmail if you want. So, no, Blizzard is not the only company.

Fun fact, very early on in its release someone found a spoofing attack for Rift. It definitely hit some people, and someone with a security background found out how to do it and detailed it very well to Trion who fully publicly disclosed the attack and fixed it very quickly. There have been public flaws in security for other games as well. Blizzard has never (yet!) had a pure flaw where you did not need someone's password to get in. They've also never had their passwords leaked.

So by "no other games", Ashock, what did you really mean?

[MongoJerry]

Excuse me. Why should I spend my money and on top of that inconvenience myself in order to play a free-to play game? WTF is your problem?

And yes Mavfin. It IS Blizzards fault. No other games have this problem.
If you got your nose out of their butt, you would see that, Pinocchio.

Jeez, you are an annoying one.

Ashock, Blizzard came up with a mechanism to make up for your lack of security with your username/passwords. This isn't an issue with their system at all. This is an issue with you continuing to reuse the same username/password. Nothing about Blizzard's system has been hacked (so far). Use a significantly different password from the one you have been using or even better, use the free authenticator that Blizzard provides. The choices are yours, and don't blame Blizzard for security breaches that originate with you.

---

It appears that Blizzard has taken action against those that use this trick.

Blizzard banning AH cancel auction exploiters

I seriously doubt that this message related to AH cancel auction exploiters, unless you think that changing your system clock is somehow using a "third party program." I suspect that they are more focused on people using third party bots to farm gold and items from exploitable area.

[NotSoDarklord]

This bug has been fixed in today's update.

[Concillian]

Excuse me. Why should I spend my money and on top of that inconvenience myself in order to play a free-to play game? WTF is your problem?

And yes Mavfin. It IS Blizzards fault. No other games have this problem.
If you got your nose out of their butt, you would see that, Pinocchio.

Jeez, you are an annoying one.

It is a problem in any game that has a marketable currency. Every MMO has had hacked account issues. Eve, RIFT, SWTOR, etc... all have had "hacking" issues. What you're seeing is the size of DIII is making what was a common issue more prominent.

I had my B.net account hacked and here is how they did it:
- I had the same email password as a forum password
- They stole the forum database
- The changed my password and useed my email account to verify it... bam, they had my account.
- Before I realized how they stole my account, I changed my B.Net password, which made them attach an authenticator.
- Only then did I realize they were in my email and I changed that password.

My point is that this was a case where I was ultimately at fault for using an email password the same as a forum password. Initially, I had no idea how they got into my account. I absolutely knew I did not fall for a phishing scam or something like that.

If your B.Net account or email account ever had the same password as a forum account ... ever... then you are at fault. They probably had a pile of old email / pass lists that they went through the first few weeks just checking old lists to see what they get a hit on. They probably had 2 years of old backlog just throwing stuff at the wall and seeing what sticks.

After that event (which was well before Diablo III came out) I did attach an authenticator to my account. No, you shouldn't NEED to. However, the amount of inconvenience involved means it's a worthwhile thing to do for me. Especially since I was GM and paying for WoW and it disrupted more than just me to have me getting hacked.

[Chesspiece_face]

oO

Major problem with a simple solution. Solution refused.

I hope you have a recliner, home theater system, and hot buttery popcorn in that hole you've got your head in.

Excuse me. Why should I spend my money and on top of that inconvenience myself in order to play a free-to play game? WTF is your problem?

My problem is people like you that do nothing but push blame onto others for their own mistakes and then fill up forum posts with trash.

This isn't a free to play game. It's 60$, that point should be obvious enough. If you have a smart phone you don't have to spend money on an authenticator, if you don't it is the price of postage. And really how much of an inconvenience is that compared to the alternative of you getting hacked, getting pissed off, and then spreading your pissy attitude and inconvenience to others via message boards.

Or I guess you could keep your head in a hole and insist it was some massive security breach on Blizzards part that just happened to be limited to people that don't bother with security on their end.

WTF is your problem?

[Kylearan]

Hi,

Is it really so implausible that Blizzard would lie about something like that? They sell the game, and they sell the authenticator (at least I think they do?), so they have to lose a lot here. Many other companies that got hacked in the past tried to cover up the event, and only admitted it after proof became undeniable.

I think it's very implausible. It's simply not something Blizzard would want to risk their reputation on.

They *should* not risk their reputation on that, I agree. However, this is true for many companies and yet, many (or some) companies still stupidly try to cover up security breaches. So just because we think they *should* not do this, I wouldn't jump to the conclusion they really won't do it.

However, in this case:

When the authenticators were gotten around with a man-in-the-middle attack a few years ago, they disclosed it. In 2001, when B.net got hacked, they disclosed it. They also sell the authenticators, if you get a physical one, for the shipping cost. They lose money on them, but they make it back on customer service costs in accounts they don't have to restore. They're definitely not using authenticator sales as a money-making thing.

I didn't follow battle.net security in my D2 days and didn't know this, so thanks for the information. So yes, given their past record on this, I'll give them the benefit of the doubt as well. (And in my case I knew my own stupidity was at fault anyway )

-Kylearan