Thursday, January 28, 2010
We just talked this week of bloggers changing their mind, and here is one thing where I changed mine: I bought and applied a Blizzard authenticator to my World of Warcraft account, netting me a cute core hound pup pet. But I didn't get the authenticator for the pet, but because of more and more people swearing that their account got hacked *without* them having been careless with their passwords. Now I still believe that a large percentage of that "hacking" is not due to high-tech methods, but to rather low-tech scams, like the scammers who set up a fake WoW armory site and managed to get on top of the Google search for "wow armory" by paying for the link. Nevertheless I can't totally exclude the possibility of various other vulnerabilities like the recently reported Flash vulnerability compromising the security of my account.
Note that this isn't simple loss aversion. Sure, I don't want to lose my carefully hoarded gold, nor see all my gear vendored by some hacker. But by all accounts I hear, getting all or at least most of your stuff back is actually the common outcome of being hacked. So what I am trying to avoid by using the authenticator is the hassle, and the feeling of vulnerability that automatically results from being hacked.
Buying the authenticator was easy, and now that the shipping costs for them are waived not overly expensive. *Applying* the authenticator to your account isn't quite that easy. The thing comes with a leaflet sending you to a site with all sorts of explanations, but the description on how to apply the authenticator are badly done, and the link given there leads you to the wrong page on the account management site. You're told to use the apply authenticator function under "Free Services", but the option simply isn't there. What you need to do is first press the "home" button on the upper left corner of the page, then find the "change security settings" link among lots of small print on the middle right side, and THERE you can apply the authenticator to your Battle.net account. Not very user-friendly at the moment, if Blizzard really wants to make the thing mandatory, they'll have to streamline the process and put a big colorful button AUTHENTICATOR USE HERE on the first page.
Once the authenticator is applied to the account, things get easy again. You simply get a little popup window every time you try to login into World of Warcraft, and only need to press the single button on the authenticator to get a number to enter into that field. Really only takes a few seconds more per login, which unless you got disconnected in the middle of a fight, is unlikely to bother you. The main disadvantage is that you have to more carefully plan where and when you want to play WoW, and for example take your authenticator with you on trips if you want to play WoW on your laptop. I do not recommend the common practice of temporarily uninstalling the authenticator when wanting to play elsewhere, as I'd say you are more vulnerable when playing on somebody elses computer or unsecured WiFi network.
If you don't hear from me about the authenticator any more, it'll be because it is working just fine. I can assure you, the day the authenticator stops working and locks me out of my account, getting me into all the hassle with customer service I was trying to avoid by buying the thing in the first place, you'll be reading about that on my blog.