The Bad Guys Go Phishing
I’ve been writing and blogging about World of Warcraft for many years and as a result I receive my fair share of spam email. Many of these are ‘Phishing’ attempts – email, faked to look like it comes from an authentic source (in this case Blizzard) with the aim of stealing my account username and password. Being a Net citizen for many years, I’m fairly wise to these scams. In addition, my email system nearly always flags them correctly as spam. But I’ve noticed an increasing number of these emails hitting my in-box.
How Secure Is Your Account?
Phishing emails nearly always use scare tactics to get you to logon to a bogus site. Once the bad guys have your username and password, your account is raided and your gold looted. All those hours of leveling, raiding and playing the Auction House wiped out in minutes. Unfortunately, no matter how obscure your username or how cryptic your password, it won’t protect you against this type of deception. Computer security folks call the use of just a username and password a ‘weak’ form of authentication (the process of identifying yourself using a set of credentials).
It’s Authentication, Jim, But Not As We Know It!
Being an online service, Blizzard (and many banking services) has long known that to really protect an account from the bad guys you need a stronger form of authentication. To this end Blizzard introduced an additional security measure that players can associate with their account. It’s called an Authenticator.
A traditional username and password type of authentication relies on just one secret piece of information: the password, something only you should know (unless you’re scammed into giving it away). With an Authenticator attached to your account you’re required to provide two pieces of information to logon: something you know (your password) and a one-time password generated every few minutes from a specific device (something you physically have). This is called ‘Two Factor Authentication’ and is very strong. Even if the bad guys scam your password, they can’t get into your account without being in the possession of your personal authenticator.
Using the Blizzard Authenticator
Blizzard has made it very easy to secure your account with one of their authentication devices. They basically provide two types: a key ring fob that displays a one-time code every few minutes and a mobile phone App (Android and Apple OS). The key ring fob will cost you a few dollars but the Phone Apps are free to download and fully compatible with both the iPad and the iTouch. I personally use an iTouch for my account, but you may prefer the dedicated key fob.
Associating an authenticator with my account was very easy:
1. Download the App and install to my iTouch
2. Register the App serial number with my Blizzard account
Now, whenever I logon to my Battlenet account or the World of Warcraft in-game screen, I must enter my username and password as before and in addition enter the code generated by the authenticator. This code changes every two-three minutes, so you have a short time to enter the code before it changes.
Don’t Lose Your Authenticator!
So, what happens if you loose your authenticator or wipe the App from your device? Well, simply, you can’t get into your account. You’ll have to contact Blizzard and answer your recorded security questions before they’ll give you access. Good security, but a pain if you’re in the habit of losing things!
In reality, most folks don’t misplace their iPhone (well, not many). And it’s not possible to simply re-install the App if you’re had to reset your particular iDevice. This is because the serial number associated with each install is unique. If you’re constantly wiping your iPhone or iTouch, then a dedicated key fob is probably for you. If you have installed App and need to reset the device it runs on, simple remove the authenticator from your account first – very easy.
Getting Your Free Core Hound Vanity Pet
Once you associate an authenticator with your account, those nice people at Blizzard will mail you, in-game, your very own Core Hound vanity pet. How nice is that!