No Authenticator, No Diablo III Cash Auction House

[John Funk]

No Authenticator, No Diablo III Cash Auction House

Blizzard wants your account to be secure before you buy or sell.

The real-money Auction House soon to go live in Diablo III is a fascinating, though controversial, design decision. Players will be able to potentially turn profit out of nothing more than playing a computer game - and while there were dozens of black market item-buying sites for Diablo II, this is incorporated into the game itself. It'll be very interesting to see how it develops.

In order to maintain an actual economic ecosystem, though, Blizzard needs to have a secure environment free from item duping and account hacks - it's one thing to lose your fancy new sword, but it's another thing entirely to lose a fancy new sword you just paid $15 for. To that end, a post on the Battle.net forums [http://us.battle.net/d3/en/forum/topic/5594218404#1] says that players must attach a Battle.net Authenticator to their account before they can play in the RMT house.

This isn't exactly a harsh requirement, to be fair - the Mobile Authenticator app for most smartphones is downloadable for absolutely free. If you haven't upgraded to a smartphone yet, Blizzard also offers a little keyfob for $6.50 [http://us.blizzard.com/store/search.xml?q=authenticator].

I'm still of mixed minds about the whole RMAH in general, but this is really one of the most sensible things that Blizzard could have done. Frankly, I'm just waiting for the developer to start offering an authenticator free with every purchase, and simply making it mandatory to log into Battle.net. It'd cut hacks way down.

Source: Battle.net [http://us.battle.net/d3/en/forum/topic/5594218404#1]

Permalink

 

[TsunamiWombat]

I was very annoyed to discover the dial-in authenticator doesn't work for D3. I don't want the auction house, I just want -security-. I do not have a smart phone, and no, I am NOT paying extra to buy an extra product because YOU CAN'T MAKE YOUR GAME SECURE.

Seriously, how is this acceptable? My account has been hijacked once already. I only played in a pub with a stranger ONE time. Because my -friend- invited them. Boom, lose all my loot and gold. Had to use one of my two rollbacks. That was how I discovered the phone authenticator doesn't work.

Why is it permissible I have to buy an extra product so the first product functions? FIX. IT.

 

[AzrealMaximillion]

Right, because authenticators prevented hacking entirely.....oh wait...

 

[shadowstriker86]

people are still playing this game?

 

[VladG]

I was very annoyed to discover the dial-in authenticator doesn't work for D3. I don't want the auction house, I just want -security-. I do not have a smart phone, and no, I am NOT paying extra to buy an extra product because YOU CAN'T MAKE YOUR GAME SECURE.

No, they are selling an extra security measure because you can't make your PC secure.

The only way to access an account is with the password. Everyone who got hacked had their password stolen

 

[Qitz]

And yet, until they fix the Man-In-The-Middle attacks that people were already using to hack D3 this won't do any good.

It'll help SOME but if they're that desperate then yeah, they'll just use Session Hijacks or MITM for which the authenticators help none.

 

[Eri]

I was very annoyed to discover the dial-in authenticator doesn't work for D3. I don't want the auction house, I just want -security-. I do not have a smart phone, and no, I am NOT paying extra to buy an extra product because YOU CAN'T MAKE YOUR GAME SECURE.

Seriously, how is this acceptable? My account has been hijacked once already. I only played in a pub with a stranger ONE time. Because my -friend- invited them. Boom, lose all my loot and gold. Had to use one of my two rollbacks. That was how I discovered the phone authenticator doesn't work.

Why is it permissible I have to buy an extra product so the first product functions? FIX. IT.

YOU are the unsecure one, not Blizzard. They have never been breached, if they had authenticators wouldn't work. Don't blame them for your own (and others') end user security.

And yet, until they fix the Man-In-The-Middle attacks that people were already using to hack D3 this won't do any good.

It'll help SOME but if they're that desperate then yeah, they'll just use Session Hijacks or MITM for which the authenticators help none.

None of those ever happened for Diablo.

 

[DevilWithaHalo]

OK, can we just go ahead and clear something up?

Your account didn't get "hacked", it got "compromised"; there's a difference. Here's the best way to explain it... you know after a few failed attempts to log into your email it get's locked and you have to go through a process to get it back? D3 doesn't have that, so a program can be run in the background that cycles through available passwords until it grants access to your account. Then wham bam thank you mam they have everything they want.

The only think someone needs is your account name, and they have unlimited attempts to access it. You also don't need to ever join a public game, it just makes getting your account name a little easier.

The authenticator is a program which ties a code to your account that is cycled every 10-15 seconds or so. Even if they had your password (which they can always reacquire after you change it), they can't cycle through the codes fast enough before they change again (unless they *really* know what they're doing).

Granted, Blizzard *should* have designed the login to be a little more secure. But the $6.50 charge is more to cover production and shipping costs of the physical asset, hence why the mobile one is free; it doesn't cost them anything.

If these was truly the work of real hackers, they wouldn't go after your paltry account. Why would they? Even lolsec has better things to do with their time than steal your precious D3 items. More than likely, they will be attacking the 'Real Money AH' directly, or accessing your emails or other more rewarding accounts, like login information to your bank.

When everything is said and done, you don't have to use the RMAH. And yelling at them for attempting to protect players is just plain dumb. You might not like their methods, but nothing is ever 100% secure, and Blizzard did offer ways to help players, considering they can only protect themselves, not you.

RMAH? So I could spend $15 on a sword I could farm for either in drops or gold runs from the standard AH? At what rate is your time worth? Jesus, if you're intended on blowing cash like that, I've got a bridge I can sell you.

 

[Antari]

When everything is said and done, you don't have to use the RMAH. And yelling at them for attempting to protect players is just plain dumb. You might not like their methods, but nothing is ever 100% secure, and Blizzard did offer ways to help players, considering they can only protect themselves, not you.

They are being yelled at for being stupid enough to put players in a position that they need this sort of protection. Thats the part none of you seem to understand.

 

[OldNewNewOld]

Isn't this now "falls advertising"?
They said that if you buy D3, you can use the RMAH.
But now they say you can't use it unless you give them more money.

Ohhh well, it's Blizzard. People will still give them money even if they kill their whole family.

 

[JerrytheBullfrog]

When everything is said and done, you don't have to use the RMAH. And yelling at them for attempting to protect players is just plain dumb. You might not like their methods, but nothing is ever 100% secure, and Blizzard did offer ways to help players, considering they can only protect themselves, not you.

They are being yelled at for being stupid enough to put players in a position that they need this sort of protection. Thats the part none of you seem to understand.

Okay? What have they been doing to "put players in a position" etc? There is nothing Blizzard does differently from any other big MMO; accounts there could be compromised just as easily via the same methods (keyloggers, brute force, etc). Blizzard's only sin here is being popular enough to warrant it because hacking (and selling to gold sellers, etc) is more profitable than say, doing it in Everquest 2.

 

[Antari]

When everything is said and done, you don't have to use the RMAH. And yelling at them for attempting to protect players is just plain dumb. You might not like their methods, but nothing is ever 100% secure, and Blizzard did offer ways to help players, considering they can only protect themselves, not you.

They are being yelled at for being stupid enough to put players in a position that they need this sort of protection. Thats the part none of you seem to understand.

Okay? What have they been doing to "put players in a position" etc? There is nothing Blizzard does differently from any other big MMO; accounts there could be compromised just as easily via the same methods (keyloggers, brute force, etc). Blizzard's only sin here is being popular enough to warrant it because hacking (and selling to gold sellers, etc) is more profitable than say, doing it in Everquest 2.

By making the item and therefore time in game worth real world money. They have made themselves and the user a target. Its a god damned game, none of this should be an issue. But greed has made it one. Games used to be about fun, not money, or security.

 

[DevilWithaHalo]

When everything is said and done, you don't have to use the RMAH. And yelling at them for attempting to protect players is just plain dumb. You might not like their methods, but nothing is ever 100% secure, and Blizzard did offer ways to help players, considering they can only protect themselves, not you.

They are being yelled at for being stupid enough to put players in a position that they need this sort of protection. Thats the part none of you seem to understand.

The only reason this is a problem is because D3 exists. That's. It'. End of story.

Blizzard didn't phone up a bunch of people and tell them to start sifting through accounts for passwords. They didn't hold a big sign in the middle of time square with "hack our players" written all over it. Their TOS doesn't secretly say; "All Chinese farmers, you can access the backdoor of our system by using the password 1...2...3...4...".

Let's blame Blizzard because a few people are stealing the goods of other players. Let's blame Sony for a few hackers accessing your account information. Let's blame EU, because League of Legends was hacked. In fact, let's blame every game company for making games that hackers get get into our accounts because the companies failed to secure their systems well enough to prevent any and all breaches.

While we're at it, let's blame Guiness for drunk drivers, Ford motors for road rage, JC Penny for kids looking like whores, Planned Parenthood for teenage pregnancy and all the failings in your life on your parents. Just so long as we don't yell at those actually responsible, we'll be fine!

 

[Antari]

When everything is said and done, you don't have to use the RMAH. And yelling at them for attempting to protect players is just plain dumb. You might not like their methods, but nothing is ever 100% secure, and Blizzard did offer ways to help players, considering they can only protect themselves, not you.

They are being yelled at for being stupid enough to put players in a position that they need this sort of protection. Thats the part none of you seem to understand.

The only reason this is a problem is because D3 exists. That's. It'. End of story.

Blizzard didn't phone up a bunch of people and tell them to start sifting through accounts for passwords. They didn't hold a big sign in the middle of time square with "hack our players" written all over it. Their TOS doesn't secretly say; "All Chinese farmers, you can access the backdoor of our system by using the password 1...2...3...4...".

Let's blame Blizzard because a few people are stealing the goods of other players. Let's blame Sony for a few hackers accessing your account information. Let's blame EU, because League of Legends was hacked. In fact, let's blame every game company for making games that hackers get get into our accounts because the companies failed to secure their systems well enough to prevent any and all breaches.

While we're at it, let's blame Guiness for drunk drivers, Ford motors for road rage, JC Penny for kids looking like whores, Planned Parenthood for teenage pregnancy and all the failings in your life on your parents. Just so long as we don't yell at those actually responsible, we'll be fine!

Actually the second they decided to make items in the game worth real world money, they were painting a big red and white target on themselves and the user. And if they didn't know it, they are incompetent. If the items were worthless, there would be a lot less people interested in stealing them.

 

[JerrytheBullfrog]

Snip

Oh and that hacking a lot of people and journalists were worried about for weeks?

It mysteriously stopped after Patch 1.0.2b: http://www.cinemablend.com/games/Diablo-3-Hacked-Account-Claims-Instantly-Stop-What-Happened-43412.html

NEWLY LAUNCHED ONLINE GAME HAS TECHNICAL ISSUES AND EXPLOITS THAT ARE STILL BEING DISCOVERED

FILM AT 11

 

[Denamic]

I was very annoyed to discover the dial-in authenticator doesn't work for D3. I don't want the auction house, I just want -security-. I do not have a smart phone, and no, I am NOT paying extra to buy an extra product because YOU CAN'T MAKE YOUR GAME SECURE.

The game is secure.
It's people's computers that aren't.
Dumbasses give away their account name and passwords through phishing sites and keyloggers.
Neither of which are even remotely Blizzard's realm of responsibility.

 

[Kordie]

When everything is said and done, you don't have to use the RMAH. And yelling at them for attempting to protect players is just plain dumb. You might not like their methods, but nothing is ever 100% secure, and Blizzard did offer ways to help players, considering they can only protect themselves, not you.

They are being yelled at for being stupid enough to put players in a position that they need this sort of protection. Thats the part none of you seem to understand.

The only reason this is a problem is because D3 exists. That's. It'. End of story.

Blizzard didn't phone up a bunch of people and tell them to start sifting through accounts for passwords. They didn't hold a big sign in the middle of time square with "hack our players" written all over it. Their TOS doesn't secretly say; "All Chinese farmers, you can access the backdoor of our system by using the password 1...2...3...4...".

Let's blame Blizzard because a few people are stealing the goods of other players. Let's blame Sony for a few hackers accessing your account information. Let's blame EU, because League of Legends was hacked. In fact, let's blame every game company for making games that hackers get get into our accounts because the companies failed to secure their systems well enough to prevent any and all breaches.

While we're at it, let's blame Guiness for drunk drivers, Ford motors for road rage, JC Penny for kids looking like whores, Planned Parenthood for teenage pregnancy and all the failings in your life on your parents. Just so long as we don't yell at those actually responsible, we'll be fine!

If I bought a car that someone could walk up to and try 100 keys untill one worked and drove off in it, you can bet your ass I'd blame the car company. Having a login system that allows for brute force password programs to function is basically the same thing. Further, people have reported having their accounts messed with despite using an authenticator. I agree that people should take responsability for their actions, and that includes blizzard.