The infrastructure was added for this a while ago, but it's very nice to see rolled out.Even less excuse for people to not use an Authenticator.
"Operator, I need an exit."
This post was from a user who has deleted their account.
Sounds cool, good going Blizzard, F U hackers.
I wish they had let this act as an emergency authenticator too, if yours is damaged or lost, you'll be able to at least access B.N and turn it off.
So basically authenticators are going to be free? That's cool and all, but I've bought two, and I kind of want my fifteen bucks back.
More fuel for the those who want to pay to have WoW and unsafe browsing. Let's be blunt, most account compromises are the fault of the user, just like computer security in general. An authenticator is not going to prevent people clicking hostile links, following instructions in emails completely alien to Blizzard's stated policies, or trying already shady things like buying Spectral Tigers. Most of the tales of "super hackers" are covers for embarrassed people who don't want to admit doing the above. Besides, anyone capable of the breaches described in such stories is not going to waste time on WoW when there's much more important targets in the world. Use your brains, save your money.
Thank you Blizz, been hoping for a free authentication service for those of us without smart phones for a while now. Glad to see you provide.Got this up and running already.
I'm slightly worried about the ramifications of basing a security measure like this off of something like a phone number.Phone numbers are not exactly hard to spoof... and beyond that, it's just a matter of the attacker gaining knowledge of said phone number and the PIN, which as we've already seen is just a matter of a sophisticated (read: written by an illiterate, but happened into the inbox of an idiot) phishing attack.So I'm worried that users opting into this service won't be truly gaining any extra security... just an extra insecure step. My fingers are crossed that Blizz has considered all of this and designed a system to detect such spoofing. Apart from a "call and our system automatically calls you back in a few seconds" method, I'm not sure how that could work... but anyway, time will tell.
This seems to me very similar to what some banks do with credit cards. My bank knows what area I live in, so if I charge something 5 states away, they're going to call me and ask whats up.