Blizzard Sued Over Battle.net Authenticators

[gmaverick019_v1legacy]

Yes I don't agree with you insult my reading comprehension, cause that is classy.

I am not saying that e-mail verification would impeded users, not once have I said that. In fact authenticator are way more disruptive then e-mail verification would be. What I am saying is that e-mail verification would be less effective at protecting Battle.net accounts then it is at protecting Steam accounts, and it is far less effective then authenticators. I don't feel that Blizzard should go out of its way to implement yet other safety feature that is less effective then what is currently available, because a relatively small (I am guessing less then 1%)part of its player base doesn't have access to free authenticator options and is also unwilling to spend 6.50 or so on a physical authenticator. Especially since having your account hacked will not ruin your life or credit at best you lose time making a phone call since more often then not Blizzard restores what ever was lost. Worst case scenario you lose time and some virtual crap.

I don't agree with you. You can keep trying to insult me is you wish, but that doesn't make your point anymore meaningful.

insult you? I was merely stating that if you keep ignoring the fact that I never argued that the authenticator worked nor was I arguing the fiscal value of blizzard accounts, hell that one post I quote pasted myself at least 10 times to get across the point, yet you continued to argue it. That is when I questioned your comprehension of English.

I wasn't arguing it was less effective, but I was arguing that it should be implemented in the first place, it is an easy and free layer of security for the users side that anyone can do in a matter of a minute or two, while the authenticator requires a purchase of some kind (a smart phone or paying for the physical usb drive). And as I said before, I never interacted with anyone else ever, on D3, as it was the only game I played, I should not be required to buy some authenticator to play my game, that is absolute garbage. No it will not ruin your life or credit, but that isn't the point, I could call "first world problems" all day on stuff, but that doesn't mean it isn't a nuisance/problem that shouldn't be happening. And as I had mentioned in my first post or two, it is a very long and painful pain in the ass phone call, because you HAVE to call in, there is no option of recovering your account online like most systems have (i'm not going to argue "security" on that point, if you respond saying something regarding calling in being more secure, i'm not going to respond on it, it doesn't change the fact it is much more of a hassle)

Lose time and virtual Crap? Weren't you just regarding it all being worth money? Pick one or the other, the account is either worth nothing or worth something.

Insult you? Oh right, because "u mad bro?" is so mature and enticing to a fruitful discussion. I did not go out of my way to quote you and then not even argue the point that I was trying to make, so try again. What don't you agree with? The only fact that I'm arguing is, is the fact that if blizzard implemented something similar to steam, or whoever might do a system like it, that it would've stopped the hacker from using my account for little to no hassle on my part, that didn't require me purchasing anything additional. That is all I argued, yet you keep bringing up the fiscal value of the account and the authenticator, and not once was I arguing those weren't valued more/effective respectively.

 

[RoBi3.0]

Yes I don't agree with you insult my reading comprehension, cause that is classy.

I am not saying that e-mail verification would impeded users, not once have I said that. In fact authenticator are way more disruptive then e-mail verification would be. What I am saying is that e-mail verification would be less effective at protecting Battle.net accounts then it is at protecting Steam accounts, and it is far less effective then authenticators. I don't feel that Blizzard should go out of its way to implement yet other safety feature that is less effective then what is currently available, because a relatively small (I am guessing less then 1%)part of its player base doesn't have access to free authenticator options and is also unwilling to spend 6.50 or so on a physical authenticator. Especially since having your account hacked will not ruin your life or credit at best you lose time making a phone call since more often then not Blizzard restores what ever was lost. Worst case scenario you lose time and some virtual crap.

I don't agree with you. You can keep trying to insult me is you wish, but that doesn't make your point anymore meaningful.

insult you? I was merely stating that if you keep ignoring the fact that I never argued that the authenticator worked nor was I arguing the fiscal value of blizzard accounts, hell that one post I quote pasted myself at least 10 times to get across the point, yet you continued to argue it. That is when I questioned your comprehension of English.

I wasn't arguing it was less effective, but I was arguing that it should be implemented in the first place, it is an easy and free layer of security for the users side that anyone can do in a matter of a minute or two, while the authenticator requires a purchase of some kind (a smart phone or paying for the physical usb drive). And as I said before, I never interacted with anyone else ever, on D3, as it was the only game I played, I should not be required to buy some authenticator to play my game, that is absolute garbage. No it will not ruin your life or credit, but that isn't the point, I could call "first world problems" all day on stuff, but that doesn't mean it isn't a nuisance/problem that shouldn't be happening. And as I had mentioned in my first post or two, it is a very long and painful pain in the ass phone call, because you HAVE to call in, there is no option of recovering your account online like most systems have (i'm not going to argue "security" on that point, if you respond saying something regarding calling in being more secure, i'm not going to respond on it, it doesn't change the fact it is much more of a hassle)

Lose time and virtual Crap? Weren't you just regarding it all being worth money? Pick one or the other, the account is either worth nothing or worth something.

Insult you? Oh right, because "u mad bro?" is so mature and enticing to a fruitful discussion. I did not go out of my way to quote you and then not even argue the point that I was trying to make, so try again. What don't you agree with? The only fact that I'm arguing is, is the fact that if blizzard implemented something similar to steam, or whoever might do a system like it, that it would've stopped the hacker from using my account for little to no hassle on my part, that didn't require me purchasing anything additional. That is all I argued, yet you keep bringing up the fiscal value of the account and the authenticator, and not once was I arguing those weren't valued more/effective respectively.

Your attempting to be insulting by telling me I can't comprehend basic English. And Condescending Wonka isn't meant to be insulting and I don't know condescending or anything. Your not required to buy an authenticator to play Blizzard games that is not at all a fact, so you should probably stop claiming it is. Without an authenticator you need to be super vigilant with your security, something you should probably be regardless.

Gold is only worth real life money if you are willing to break the EULA and risk your account being banned. For normal players gold is worth nothing.

Interaction with people is not what puts you at risk pure shitty luck is all it takes to get hacked. I am not even gong to begin to try and guess why you got hacked, cause anything would be a blind stab in the dark.

I don't agree that an e-mail verification system is necessary. It may have prevented your hack it might not have. Cost verse reward is very low, as this system would ultimately only benefit a very small portion of the player base.

I find it weird you can spend 50 dollars on a game but 6.50 s a deal breaker, but that really isn't the point. I guess.

 

[Baneat]

Blizzard does its users a solid by offering authenticators at a price that prevents them from profiting from promoting user security. They get sued.

Fuck these guys

Those authenticators are exactly the same as the ones the banks give to you for free, just in a fancy case. There is no reason they couldn't include one in boxed copies of their games.

Client-side account security is your own responsibility - they've made available an option for people that can't be sure their systems stay clean, those who can't stop using the same password and email for sites (which then get hacked and people try the combinations in the game client for winners). They're offering an additional layer to you for the cost of materials because it's not their responsibility but they don't want you to get socially engineered out of your account. They offer free options as applications in other devices; you want this level of security and also want the convenience pay the token fee.

 

[Andrew_C]

Blizzard does its users a solid by offering authenticators at a price that prevents them from profiting from promoting user security. They get sued.

Fuck these guys

Those authenticators are exactly the same as the ones the banks give to you for free, just in a fancy case. There is no reason they couldn't include one in boxed copies of their games.

Client-side account security is your own responsibility - they've made available an option for people that can't be sure their systems stay clean, those who can't stop using the same password and email for sites (which then get hacked and people try the combinations in the game client for winners). They're offering an additional layer to you for the cost of materials because it's not their responsibility but they don't want you to get socially engineered out of your account. They offer free options as applications in other devices; you want this level of security and also want the convenience pay the token fee.

I never said that that client side security is not your responsibility. However it has been clear for more than a decade that 2 factor security (username and password) is inadequate and 3 factor security is the bare minimum for a secure transaction. Thus Blizzard also has a responsibility to ensure that their users use 3 factor security, which they ARE fulfilling here, however they are using it to make a tidy profit.

As I said before those are the same authenticators that banks hand out for free, just in a nifty package. I cannot believe that Blizzard are not making a profit of this. While I find plenty of fans claiming Blizzard are selling them at cost price, I can find no evidence that they have ever claimed that. I am aware that the price includes shipping, and I assume that this idea that Blizzard make no money off them came from that.

I do not have a smart phone, and see no need for one at the moment. If I used Blizzard products, I would have to buy an authenticator, because despite having an SMS service for confirmations and for revoking authenticators, Blizzard somehow can't do authentication by SMS, unlike Paypal (or Google).

Despite what I have said here I don't have any objection to the cost of Blizzard's authenticator, it is quite reasonably priced IMHO and is certainly a lot cheaper than PayPal's one. It is the idea that Blizzard are doing it out of sheer goodwill that I have a problem with.

 

[TwentyPercentCooler]

Since Blizzard's servers have been hacked several times and information was stolen, with absolutely no way to prevent compromise other than having an authenticator, there /might/ be a case. Normally, I'd say Blizzard's lawyers are expensive enough to make it go away, but some crotchety old judges hate video games. Get the right one and perhaps the suit won't be laughed out of the courtroom.

And no, the fact that there's a free app available for (smart)phones doesn't excuse Blizzard not securing their servers; it's pure laziness that they would rather their customers do their job for them, with the added slap in the face that they have to pay to do it. Some people hate (smart)phones. I'm one of them.

 

[Olikar]

These people had their accounts hacked, and now they want to blame Blizzard because they couldn't keep their account safe.

Any company that holds personal information on someone has a legal duty to keep it secure, any bullshit about "oh you have to buy an authenticator" is irrelevant and doesn't change their legal responsibilities as a company.

 

[RicoADF]

So you have to buy an expensive smartphone to be able to use the FREE authenticator. If you don't have a smartphone you have to buy the authenticator and don't claim the thing is optional, I had my account compromised once too and it's the only account I have ever had compromised.

I would say that the authenticators really are needed and they aren't really free.

It IS optional.
Like it or not, the "hack" is ALWAYS on the users end.
Can you 100% prevent it, no. Is it somehow blizzard's fault, No!

Most "hacks" are viruses or malware that log your login details from YOUR Pc.
These are usually from:
* WoW related sites (most of the time the site is unaware of this)
*giving your details to goldbuy/sell websites.
*phising mails like the one described above.

The last 2 is just user stupidity, the first one is the hardest to protect yourself against, but AGAIN, it's all on the client side.

Blizzard is selling the authenticators (or FREE apps) to provide with a added layer of security.
Like an additional lock on a door.
They sell these for 10 euro with 0 profit, and (if this still applies, it did when I bought one) you get a free in-game pet who are for sale at 10 euro as well.

This is an open and shut case.
Blizzard provides almost free additional locks for your door, if you leave them open, don't sue the locksmith.

It's interesting that no other online account I have ever had needed the extra security of an authenticator.

Of course not, WoW is huge, why pick other (smaller) markets when there is the behemoth called Blizzard.

Big company, lots of vultures.

I think Steam is pretty big too, never had any type of problems with them. Bank of America is pretty damn big too but once again, no problems with them.

Blizzard wants to force every game online as a DRM measure but they lack the ability to protect the accounts without an authenticator.

Again, the "hacks" are ALWAYS at the side of the CLIENT!

If I were to ask you in a mail to give me your bank account details, and you did.
Would you say that Bank of America has poor security? Cause 9 out of 10 cases this is what happens with Blizzard "hacks".

Notice how I keep saying "hacks" cause they're not hacks at all.

As for why Steam has less problems, I don't know. I'm sure they have their fair share of compromised accounts as well.

The compromise is not always on the users side, that's a common source but not the only one. Also blizzard has been hacked and had info stolen, they informed the public however the fact remains that their not securing their system adequately, esp considering their clearly a target. Another point, to your previous post, if someone's account is compromised by malicious software from the blizzard website then they are responsible for not securing it correctly. They should provide the authenticators for free (preferably in the game box) as its clear there's an issue. My bank gave me one for free, if a bank can be that generious then it says something for blizzards greed.

1) they were hacked, ONCE, no info was stolen and no accounts were compromised.

2)It's not the official blizzard sites that get targeted, it's fan-sites (HUUUUGE popular fan-sites like WoWhead and Wowwiki)

3)You mean like the free one for phones, yeah real greedy.
Or you mean the one that costs 10 euro, with a free in-game pet. Where all costs goes directly to the authenticator's producer and none to blizzard, again, real greedy.

If their going to require online accounts for games like star craft and Diablo then they should be required to provide an authenticator (especially when a lot of us just want to play SP/LAN MP. I don't care about WoW but since there's an issue once again they should provide the authenticator for free to those without smart phones. They make enough, regardless of weather they make money off the authenticator, they do make money off the game and thus they should provide the extra security for those without smart phones.

Why?

I feel like a broken record for saying this, but it's not blizzard's fault.
In the end, a bank is guarding REAL money, not fake in-game gold.
In your Blizzard account gets hacked, you're annoyed, if your bank account gets "hacked" you're possibly screwed for life.

I don't see why an entertainment company has to hand out free stuff, just because most users give away their security details?

Could they? Yes, probably. They'd make a small loss every time they do.
Should they? No, Blizzard already does enough <a href=http://www.escapistmagazine.com/news/view/120578-World-of-Warcrafts-Cinder-Kitten-Benefits-Hurricane-Sandy-Relief> Charity and is in no way obligated to protect people who can't protect them selves.

As I edited in the post above yours that you may not have seen if you started quoting before the edit

"edit: note it doesn't have to be a physical one like what they have, an email based one like steam but sent on every login would work too."

So theres no reason it has to cost anything, if steam can do it blizzard can.

 

[Ranorak]

As I edited in the post above yours that you may not have seen if you started quoting before the edit

"edit: note it doesn't have to be a physical one like what they have, an email based one like steam but sent on every login would work too."

So theres no reason it has to cost anything, if steam can do it blizzard can.

"The Battle.net Mobile Authenticator is an optional tool that offers Battle.net account users an additional layer of security to help prevent unauthorized account access. This includes World of Warcraft players who log in to the game using a Battle.net account. The authenticator application is a small program that you install and access on your cell phone or mobile device."
For FREE!

Besides, e-mails get hacked as well, the plus side of the (physical) authenticator is that it's NOT online. It generates a set of 6 numbers with some underlying algorithm, that checks against it's serial number, the serial number that is bound to the account, and time.

It would be rather pointless to have Steam's e-mail service, because if it can get your WoW password from YOUR pc, it can get your email too.

 

[RicoADF]

As I edited in the post above yours that you may not have seen if you started quoting before the edit

"edit: note it doesn't have to be a physical one like what they have, an email based one like steam but sent on every login would work too."

So theres no reason it has to cost anything, if steam can do it blizzard can.

"The Battle.net Mobile Authenticator is an optional tool that offers Battle.net account users an additional layer of security to help prevent unauthorized account access. This includes World of Warcraft players who log in to the game using a Battle.net account. The authenticator application is a small program that you install and access on your cell phone or mobile device."
For FREE!

Besides, e-mails get hacked as well, the plus side of the (physical) authenticator is that it's NOT online. It generates a set of 6 numbers with some underlying algorithm, that checks against it's serial number, the serial number that is bound to the account, and time.

It would be rather pointless to have Steam's e-mail service, because if it can get your WoW password from YOUR pc, it can get your email too.

Which is why I use my phone, but as I said the option should be there for people to chose. You don't seem to understand that its about having a free option for everyone that plays the game, weather they have a smart phone or not.

 

[Art Franklin]

Update: I guess I can't play Blizzard games anymore because apparently the authenticator is now required? Yet I don't have an appropriate mobile device and I refuse to pay extra for this add-on.

What is the latest and what changed in 2013?