I never did just the Authenticator. I understand the concept and how it is supposed to work but to me any game with an authenticator on it is just so poorly designed for security that they’re trying to tag on that added expense as per design.
And that’s exactly what a group of plaintiffs are arguing in a class action law suit against Blizzard Entertainment.
The plaintiffs in this case argue that the authenticators do not work because of a massive hacking and cracking that happened to the authenticators last year. The authenticators were cracked and people were losing personal information to Chinese farmers left and right. It was suggested over 1,000,000 accounts were hacked and that 90% of them had authenticators on it.
This go by and large to how Blizzard has setup their network.
Back in a day before Battle.net (and I mean the WoW version launched a few years ago) World of Warcraft required a username and password. Usernames and passwords are by and large the most secure login method because it created a 5-16 letter code (your username) that only you know.
And of course at some point Blizzard created Battle.net and made everyone log in with their E-MAIL. Emails are one of the more publicly available identifiers in the world. If I know for example that your email address is snappyprincess2012@hotmail.com all I have to do now is hack your Hotmail account (which is easier) and I’ll see that you in fact have a World of Warcraft account that I will freely be able to hack as well.
It was too much of their security being tied into personal information that is easily obtainable. It is like when someone steals your wallet with your picture identification card, call your phone provider and verify using your name and address…. information that is available in a PHONE BOOK.
So the authenticator was rolled out to deal with this, a $6.50 purchase (plus shipping) that would authenticate your account and provide maximum security. And of course as the story goes…. it failed.
So the case is arguing what we sort of have known for all of time. Blizzard Entertainment has crappy security. They sell the authenticator to people and make a profit off of it knowing full well that their security sucks. The case argues that there is a conflict of interest here in which Blizzard’s handling of personal and private information that is law regulated conflicts with their selling authenticators at a profit.
That is to say, the worst their security gets, the more side profits they will make off of these authenticators.
I really hope they win this law suit. In reality we all know it’ll just settle out of court for some insanely low amount. But hey it’s the first step in tackling these demon developers.