Blizzard Sued Over Battle.net Authenticators
- Thread starter Andy Chalk
- Start date
Recommended Videos
Since you clearly aren't discussing my points and choose to give immature child responses, I'll just stop after this response.RoBi3.0 said:
Please tell me how steams e-mail authenticator for new computer usage would not be good to implement something similar for battle.net accounts.
Once again, in some of my original posts, not once did I hold up steam as a beacon of ultimate security, but that one single security measure would have prevented many accounts from being hacked, which has been my point throughout all these posts, unless you're going to tell me that it would be harder to implement then authenticators.
Actually, no, they don't. You know how Steam's forums were hacked? The PSN hack? Even Nintendo and I think Microsoft have had their services hacked. Heck, I even got an email one day from the Bioware forums telling me that I should change my passwords. Damn near everyone has had their own services attacked in this manner; except for Blizzard. Pretty much every time someone's account is hacked in WoW or D3 it's because the client (aka: the player) allowed a keylogger onto their system, or went to a third party site where they provided their password, or did some other stupid thing that allowed the farmers to get onto their account.Crono1973 said:
So explain to me how it's Blizzard's fault when you give your username and password to someone else? To say that "Blizzard has more security issues" is like Mac users bragging about how the iOS is "hack-proof" and impossible to design viruses for.
First off you are the one that thought it was cute to post memes I returned the favor.gmaverick019 said:
Second, I know I am fixing to point out the painfully obvious, but do you know what else would have stopped your D3 hacker dead in their tracks?..... An authenticator you know that thing blizzard offer to people for free if they have a smartphone or tablet and at cost for those who don't. Hell up until a few months ago they offered phone in authenicator service that could be used on that any phone smart or not. They discontinued the service cause hardly anyone used it. I would also like to point out that an authenticator is by far more effective then e-mail verification cause as you pointed out if your e-mail compromised that feature might as well not be there. Since keyloggers are employed frequently in blizzard hacks I think it is safe to say maybe your e-mail would be compromised as well. Authenticators are not so easily compromised, and therefore more effective.
because you were being an unnecessary smart ass, Instead of discussing what I was talking about.RoBi3.0 said:
Do I have to point out the painfully obvious, is that not everyone has a smartphone or tablet? (Such as myself) Buying something extra for a game that I have zero interaction with anyone else should not be required, ever, and is just plain lazy that I would have to purchase something extra for it.
I'm not arguing that an authenticator is not more effective, I never once said that, so please stop pointing it out when I have not ONCE ARGUED IT. but is it free for me? no it is not, which is why I pointed to steam's e-mail authenticator as a better solution for the basic security. Blizzard might/probably does have better server side security, but steam has yet to fail me on the user side of it, as others had mentioned as well.
I'm just curious: do they advertise this? The reason I ask is the assertion from the suit is more or less that they don't really tell people about it until after the fact.Aeshi said:
Which would also beg the question as to why they don't just package the technology, but I don't know enough about this situation.
I wasn't going to point this out as you said you were done responding to me but since you did respond. I will further explain while e-mail verification is a stupid idea for battle.net accounts. Blizzard log in credentials use your e-mail address you know the one linked to your account the one that a e-mail verification would be sent to. If a hacker had your log in credentials he would have half of you e-mail credentials which essentially means all e-mail verification would be is a second password to get into your account. A password that could be gotten in roughly the same manner that a large majority of user information is gotten in Blizzard hacks. If a second password was actually an effective means of online security all online accounts would have 2 passwords.gmaverick019 said:
Furthermore, you say Steam has never failed you client side, but refuse to listen to logically explanation has to why most hackers are not focusing hacking efforts on Steam accounts, because there is no profits in it.
I could park a beater Pinto station wagon next a custom Lamborghini and lock the doors of both cars. If one of the two cars is stolen there is a higher probability that the Lamborghini would be the one stolen and it wouldn't be because the the door locks on the Pinto were hard to get through. but you don't want to hear that cause it "isn't on topic". Steam is less likely to get hacked because it is a target less often. Plain and simple.
Many many Diablo 3 accounts were hacked without any virus, spyware, keyloggers, or other such programs installed in the host computer, Diablo 3 was vulnerable to brute force password hacking up until a "stealth patch" around 1.01b or so, addressed the issue and stopped it outright.NLS said:
So, its not always the users fault.
Same here, first week, account hacked, everything taken...I got a rollback, but still, first week, actually...it was 4 days after purchase.gmaverick019 said:
This was after going YEARS on WoW without security compromise, and I'm very careful about what I download and install.
There are plenty of people who don't have smartphones, requiring them to pay more for extra security is stupid. I do a good job of keeping my information safe so I'm not exactly worried about not having one, but that doesn't mean something bad won't happen and someone won't get your info anyway, no matter what precautions you take.mcattack92 said:
Hats. Vintage items. Anything else tradable in TF2, just off the top of my head.RoBi3.0 said:
Though wasn't there an article a while back that pointed out that the authenticator setup had already been cracked?
And as for the whole 'It's *always* the client's fault!'--all the client-side security in the world doesn't do a bit of good if the brats copy off the user and password files. Ask Sony about that one...and crackers are like cockroaches--if you spot one, there's probably at least a dozen more crawling around unseen.
Yes, of course hats why didn't I think of that cause TF2 hats are on every Steam account and a hacker can get a guaranteed pay out even if it is a small one. I did think we were arguing non-client side security. [If we are I think you already stated that you figure blizzard has better security on their end].Vulpis said:
Yes databases can be hacked and I don't think there is a game company of note that hasn't been hacked it happens. I don't believe I ever said hacks happen exclusively on the client side as that is obviously not the case. Most of my agreement thus far have been about client side hacks because that is what we have been talking about.
Also I have not heard anything about authenticators being cracked and I follow Blizzard news tightly, so if it had happened I would know about it. Maybe you are referring to a database hack that happened back in August where hackers accessed encrypted mobile authenticator serial numbers. These number are used to sync mobile authenticators to accounts. At best if the encryption was cracked hackers could have cloned authenticators, but this is easily countered by getting a new mobile authenticator number, which blizzard made everyone do. This incident is no where near cracking the authenticator system. So unless you can link a credible article about the authenticator system being cracked I am going to have to call BS on that point.
Edit: just realized you are not the person that has been arguing with me for the last day and half. Was responding from my phone which made your user name hard to read. Some of what I said does apply to you I will put it in brackets. I apologize for the confusion.
i know how it works, i'm just saying it adds another layer of security that would've required more effort on the hackers part, as he would then have to figure out a way to get my e-mail password also. Please tell me how that would impede the user that much more to have to verify their computer each time they used it at a different location.RoBi3.0 said:
Logical explanation? I have not once argued that hackers are not going for blizzard accounts over steam/*insert account here*, Stop ignoring the fact that I have said MULTIPLE times that blizzard has more to offer via their accounts. I've said it in multiple posts, I wasn't referring to the quantity of what they could steal, or how much they could steal, it was HOW they could steal it.
If you can't comprehend basic english as to what I've been saying the past 8 or so posts, then don't bother responding, I've not once argued that Blizzard has more attacks/hackers going for it, yet you have this silly notion in your head that I cannot comprehend what your saying, when in fact I was never arguing that at all.
Yes I don't agree with you insult my reading comprehension, cause that is classy.gmaverick019 said:
I am not saying that e-mail verification would impeded users, not once have I said that. In fact authenticators are way more disruptive then e-mail verification would be. What I am saying is that e-mail verification would be less effective at protecting Battle.net accounts then it is at protecting Steam accounts, and it is far less effective then authenticators. I don't feel that Blizzard should go out of its way to implement yet other safety feature that is less effective then what is currently available, because a relatively small (I am guessing less then 1%)part of its player base doesn't have access to free authenticator options and is also unwilling to spend 6.50 or so on a physical authenticator. Especially since having your account hacked will not ruin your life or credit at best you lose time making a phone call since more often then not Blizzard restores what ever was lost. Worst case scenario you lose time and some virtual crap.
I don't agree with you. You can keep trying to insult me if you wish, but that doesn't make your point anymore meaningful.
insult you? I was merely stating that if you keep ignoring the fact that I never argued that the authenticator worked nor was I arguing the fiscal value of blizzard accounts, hell that one post I quote pasted myself at least 10 times to get across the point, yet you continued to argue it. That is when I questioned your comprehension of English.RoBi3.0 said:
I wasn't arguing it was less effective, but I was arguing that it should be implemented in the first place, it is an easy and free layer of security for the users side that anyone can do in a matter of a minute or two, while the authenticator requires a purchase of some kind (a smart phone or paying for the physical usb drive). And as I said before, I never interacted with anyone else ever, on D3, as it was the only game I played, I should not be required to buy some authenticator to play my game, that is absolute garbage. No it will not ruin your life or credit, but that isn't the point, I could call "first world problems" all day on stuff, but that doesn't mean it isn't a nuisance/problem that shouldn't be happening. And as I had mentioned in my first post or two, it is a very long and painful pain in the ass phone call, because you HAVE to call in, there is no option of recovering your account online like most systems have (i'm not going to argue "security" on that point, if you respond saying something regarding calling in being more secure, i'm not going to respond on it, it doesn't change the fact it is much more of a hassle)
Lose time and virtual Crap? Weren't you just regarding it all being worth money? Pick one or the other, the account is either worth nothing or worth something.
Insult you? Oh right, because "u mad bro?" is so mature and enticing to a fruitful discussion. I did not go out of my way to quote you and then not even argue the point that I was trying to make, so try again. What don't you agree with? The only fact that I'm arguing is, is the fact that if blizzard implemented something similar to steam, or whoever might do a system like it, that it would've stopped the hacker from using my account for little to no hassle on my part, that didn't require me purchasing anything additional. That is all I argued, yet you keep bringing up the fiscal value of the account and the authenticator, and not once was I arguing those weren't valued more/effective respectively.
Your attempting to be insulting by telling me I can't comprehend basic English. And Condescending Wonka isn't meant to be insulting and I don't know condescending or anything. Your not required to buy an authenticator to play Blizzard games that is not at all a fact, so you should probably stop claiming it is. Without an authenticator you need to be super vigilant with your security, something you should probably be regardless.gmaverick019 said:
Gold is only worth real life money if you are willing to break the EULA and risk your account being banned. For normal players gold is worth nothing.
Interaction with people is not what puts you at risk pure shitty luck is all it takes to get hacked. I am not even gong to begin to try and guess why you got hacked, cause anything would be a blind stab in the dark.
I don't agree that an e-mail verification system is necessary. It may have prevented your hack it might not have. Cost verse reward is very low, as this system would ultimately only benefit a very small portion of the player base.
I find it weird you can spend 50 dollars on a game but 6.50 s a deal breaker, but that really isn't the point. I guess.
Client-side account security is your own responsibility - they've made available an option for people that can't be sure their systems stay clean, those who can't stop using the same password and email for sites (which then get hacked and people try the combinations in the game client for winners). They're offering an additional layer to you for the cost of materials because it's not their responsibility but they don't want you to get socially engineered out of your account. They offer free options as applications in other devices; you want this level of security and also want the convenience pay the token fee.Andrew_C said:
I never said that that client side security is not your responsibility. However it has been clear for more than a decade that 2 factor security (username and password) is inadequate and 3 factor security is the bare minimum for a secure transaction. Thus Blizzard also has a responsibility to ensure that their users use 3 factor security, which they ARE fulfilling here, however they are using it to make a tidy profit.Baneat said:
As I said before those are the same authenticators that banks hand out for free, just in a nifty package. I cannot believe that Blizzard are not making a profit of this. While I find plenty of fans claiming Blizzard are selling them at cost price, I can find no evidence that they have ever claimed that. I am aware that the price includes shipping, and I assume that this idea that Blizzard make no money off them came from that.
I do not have a smart phone, and see no need for one at the moment. If I used Blizzard products, I would have to buy an authenticator, because despite having an SMS service for confirmations and for revoking authenticators, Blizzard somehow can't do authentication by SMS, unlike Paypal (or Google).
Despite what I have said here I don't have any objection to the cost of Blizzard's authenticator, it is quite reasonably priced IMHO and is certainly a lot cheaper than PayPal's one. It is the idea that Blizzard are doing it out of sheer goodwill that I have a problem with.