zhiva_the_mage (zhiva_the_mage) wrote in worldofwarcraft,

On security, Battle.net and authenticators

Say, someone was hacked and carelessly posted about this on forums. What kind of response will s/he receive?

Victim blaming, of course. "Lol, you were asking for it"
And, of course, "Buy authenticator, you fool".

And if s/he gets a blue answer, it will be "bla-bla-bla, and buy authenticator".

Wowinsider published an article advocating Battle.net merge, listing "common excuses" and their "solutions".

"Excuses" are lack of trust into Battle.net system and publicity of Battle.net login. "Solutions" are to buy authenticator and create a special secret e-mail just for Battle.net.

This is bullshit.

When you are buying a car, will you buy a car without door locks? A car, locks for which you are required to purchase separately? And these locks are often out of stock? If authenticators are so crucial for account security, they should be included in every WoW bundle, and every owner of existing account without authenticator attached should be getting it for free. Yes, for free. If Blizzard cannot provide account security without authenticators, it's their responsibility and headache to make sure every account has authenticator attached, not users'.

What does authenticator do? It adds one more authorization factor.
What does battle.net do? It makes one of authorization factors public.
"Then you should make a new email address and use that instead of your personal or work email". Bullshit. How is that different from using custom account name as login, apart from having to remember one password MORE?

Having just one password for everything is bad. But forcing users to make extra passwords is bad too - the more passwords you require users to have, the more users will use same password for several accounts.

TL;DR: Blizzard security approach is flawed; victim blaming and shifting responsibility to users is bad.
  • Post a new comment


    Comments allowed for members only

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

← Ctrl ← Alt
Ctrl → Alt →
← Ctrl ← Alt
Ctrl → Alt →