- The Blizzard Authenticator - Ultimate Security -

[rdr1994]

I also recently purcheased the Authenticator after being hacked, and I must say it's a very handy little device, it's codes refresh about each 30 seconds making the time to actually hack a code really small, and if you keep it at a good spot you will never lose it,
+rep for you mate, great post

[Minx]

Those things are pretty snazzy. If I get into WoW again soon I gotta pick one up. =]

[EliteScouter]

I am just curious, if you get keylogged and they get ur password... Wouldn't they get ur key also since you have to physicly type it in and keylogger will catch it?

[[T]orus[B]east]

Looks more like an advertisment to me..

Plus I've stolen accounts when they've had authenticators on them before. It's by no means 110% secure.

[SpaZMonKeY]

Quote:

Originally Posted by EliteScouter

I am just curious, if you get keylogged and they get ur password... Wouldn't they get ur key also since you have to physicly type it in and keylogger will catch it?

If you get keylogged, the person would have to obtain your password AND the authenticator key within 60 seconds of them using it. After that, the authenticator key that they used (And the keylogger recorded) will no longer be good, and a new one will be needed.

And too the guy who said he's "Stolen" Accounts with an Authenticator before, I would like to know how. Because I doubt you were able to do anything WITH the account after getting it.

[Prodian0013]

Ive been using the authenticator app on my phone for a couple months after my friend had two accounts hacked.

The authenticator is similar to the RAS SecureID technology.

[[T]orus[B]east]

Quote:

Originally Posted by SpaZMonKeY

If you get keylogged, the person would have to obtain your password AND the authenticator key within 60 seconds of them using it. After that, the authenticator key that they used (And the keylogger recorded) will no longer be good, and a new one will be needed.

And too the guy who said he's "Stolen" Accounts with an Authenticator before, I would like to know how. Because I doubt you were able to do anything WITH the account after getting it.

How little you know.... How very little you know. I'm sure you'd like to this this system is 100% fool proof. But it's not. Sorry accounts with authenticators on them are just as big of targets as one without. It just takes a little more time and know how.

I'm not releasing my methods here as they are painfully obvious to anyone who wants to use more then 5min of brain power (not to mention it's against the new rules of this particular forum). Fact is I've taken accounts and have had complete control of them with my method(s). It's really annoying that you would even challenge my techniques based solely on the fact that you think blizzard authenticators are a fix all for losing accounts.

[SpaZMonKeY]

Quote:

Originally Posted by [T]orus[B]east

How little you know.... How very little you know. I'm sure you'd like to this this system is 100% fool proof. But it's not. Sorry accounts with authenticators on them are just as big of targets as one without. It just takes a little more time and know how.

I'm not releasing my methods here as they are painfully obvious to anyone who wants to use more then 5min of brain power (not to mention it's against the new rules of this particular forum). Fact is I've taken accounts and have had complete control of them with my method(s). It's really annoying that you would even challenge my techniques based solely on the fact that you think blizzard authenticators are a fix all for losing accounts.

Never really intended to say that it makes an account 100% safe, but it's not common for them to be hacked. I don't really care to know your "Technique", as it must be something like obtaining FULL account info in order to call Blizz and get an Authenticator removed from the account via the phone. Otherwise I can't even imagine how you'd get 2 consecutive codes which is what's needed to remove the authenticator via online. And truthfully, if you lose you're full information to someone, you're probably asking to get hacked.

[[T]orus[B]east]

Quote:

Originally Posted by SpaZMonKeY

Never really intended to say that it makes an account 100% safe, but it's not common for them to be hacked. I don't really care to know your "Technique", as it must be something like obtaining FULL account info in order to call Blizz and get an Authenticator removed from the account via the phone. Otherwise I can't even imagine how you'd get 2 consecutive codes which is what's needed to remove the authenticator via online. And truthfully, if you lose you're full information to someone, you're probably asking to get hacked.

Firstly, you can't remove an authenticator via phone support. They just WON'T do it. I think my friend had success with trying it that way ONCE out of 52 attempts. So not to denote your creative thinking. But it does take quite a bit less info then you might thing to achieve this. No phone call needed and if you want a really easy way to remove it yourself... It just takes some really creative social skills.

I will agree with you that an authenticator is an extra "layer" of security but it won't detour those who know how to get around it with little effort

[SpaZMonKeY]

Quote:

Originally Posted by [T]orus[B]east

Firstly, you can't remove an authenticator via phone support. They just WON'T do it. I think my friend had success with trying it that way ONCE out of 52 attempts. So not to denote your creative thinking. But it does take quite a bit less info then you might thing to achieve this. No phone call needed and if you want a really easy way to remove it yourself... It just takes some really creative social skills.

I will agree with you that an authenticator is an extra "layer" of security but it won't detour those who know how to get around it with little effort

Okay, I can see where you're coming from now I fear for the poor saps that are prey to the social engineering scams, but at least I see where you're coming from now. I was looking at it more from a Keylogger perspective, which I am sure can STILL be done, just ridiculously hard too do.

[[T]orus[B]east]

Heh, social engineering is just one of my 2 ways. But i've never considered those that fall for it to be dumber than me persei. Simply because SE is VERY easy to get caught by. I will admit I have almost been duped by it in the past. People can be very clever even to the most cautious of individual. :P

[aamlord]

Hmmm... he's banned and hasn't explained how he could do it. AFAIK you NEED the original CD key and original info on the account to remove authenticator, and unless all those got keylogged you pretty much can't steal the account with authenticator tied to it.

[SpaZMonKeY]

Quote:

Originally Posted by aamlord

Hmmm... he's banned and hasn't explained how he could do it. AFAIK you NEED the original CD key and original info on the account to remove authenticator, and unless all those got keylogged you pretty much can't steal the account with authenticator tied to it.

Well, although he is banned, I CAN think of one way to possible steal accounts with an authenticator. I think it would involve a Buy/Sell scam where your trying to buy an account that has an authenticator, and through some social engineering skills, get him to remove the authenticator. Or something similar to that. Otherwise I can't think of any other way

[Biozerk1]

Btw, if you guys don't want to spend money on an Authenticator and have an
iPod Touch or an iPhone there is a FREE Blizzard Authenticator application.

[Gothica639]

Very nice, thanks for pointing this out. +rep