Authenticators.

Add a reply
85 Gnome Priest
Golden Aegis
1725
02/17/2011 8:23 AMPosted by Dartaneon
i was under the impression that the phone in authenticator works by recognizing what IP address you normally use, then requires authentication when using a different one. So, wouldn't that be pretty darn secure short of someone logging onto my account from my computer?

It should be quite secure. I believe it's very difficult at best to spoof an IP address to Blizzard's servers.

If you're on a local network, though--especially a wireless network--there is the possibility a roommate, neighbor, or a stranger that comes near your residence could easily spoof your IP address.

Also, your ISP (Internet Server Provider) may change your IP address from time to time.

Lastly, if you ever travel and your phone's battery is low for whatever reason, or you haven't updated your phone number on record after changing it, you will not have legitimate access to your account until you've gone through whatever reset procedure Blizzard uses.
#22
2/17/2011
Reply Quote
90 Human Paladin
Mouthful of Justice
9795
ahh, very good points, i'll have to go home and make sure my wireless lan is secure.
#23
2/17/2011
Reply Quote
100 Night Elf Priest
Fallen
13265
I imagine the changing IP address is precisely the issue -- there must be some leeway built into the system to allow for some changes. The question is then regarding the looseness of their system.

The more traditional authenticators, on the other hand, require some rather nasty malware installed on your computer capable of spoofing log-in screens, and would require some quick action on the part of the malicious party -- they can't wait until later to use your login information, they must use it immediately, and as far as I know they can only cause disturbances until their login is interrupted.
#24
2/17/2011
Reply Quote
85 Gnome Priest
Golden Aegis
1725

The more traditional authenticators, on the other hand, require some rather nasty malware installed on your computer capable of spoofing log-in screens, and would require some quick action on the part of the malicious party -- they can't wait until later to use your login information, they must use it immediately, and as far as I know they can only cause disturbances until their login is interrupted.

A simple key logger could give someone a tiny window to log in. However, the small length of time available to log in and the tremendous amount of time required to perform cryptanalysis to determine what key will be valid at any other given time deters practically all account hackers and scammers from putting any effort towards it.
#25
2/18/2011
Reply Quote
Add a reply

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)
Submit Cancel

Reported!

[Close]