This is a split board - You can return to the Split List for other boards.

How exactly does an authenticator work?

#1legolas0008Posted 12/16/2009 6:13:21 PM
Couldn't a hacker just buy one to use on accounts?
---
http://i44.tinypic.com/wvzupx.png http://i44.tinypic.com/97ryo9.jpg
http://i37.tinypic.com/sg0dbr.jpg http://i32.tinypic.com/2pys40m.jpg
#2TriforceGanonPosted 12/16/2009 6:24:07 PM
You buy the authenticator and link the specific one to your account.

Everytime you log in, it asks for the 6 numbers that come from the authenticator.

So, unless someone has these 6 random numbers that change every minute, they will not be getting into your account.
---
DEATH TO THE SCOURGE, AND DEATH TO THE LIVING!!!
#3legolas0008(Topic Creator)Posted 12/16/2009 6:39:23 PM
So is it worth taking the time to set it up? I have an iPod Touch, so it would be free.
---
http://i37.tinypic.com/sg0dbr.jpg http://i33.tinypic.com/2dr7uiv.jpg
http://i43.tinypic.com/686fcp.jpg http://i32.tinypic.com/2pys40m.jpg
#4Michelles_back9Posted 12/16/2009 6:42:24 PM

From: legolas0008 | #003
So is it worth taking the time to set it up? I have an iPod Touch, so it would be free.


Keep in mind, it's a pain to remove an Authenticator since you need to email every single bit of info you have on your account, so if you bind it to your iPod Touch, you better be planning to keep that thing long term.
---
"Again? It's like you rescue Thrall from **** daily. He's the Princess Peach of WoW." - ZeroHiei
#5mimycriPosted 12/16/2009 6:45:01 PM
Unlikely.

I can only guess - as I don't care enough to research much like you -, but this is how it seams to work like:
You bind the authenticator to your account by registering the code on it and adding the code provided by the authenticator at the moment of registration. The code at the first activation is random - so 2 authenticators won't have the same code at a given time.
The authenticator changes the key code generated every minute according to a general algorithm.
At logon you need to enter the current code provided by the thing.
I take the server does a quick calculation based on the registration data and the time between the registration.

So how could the hacker get the account? Well if he has your account and password and a high number of used codes, he could technically revers engineer the algorithm. The other way is to monitor your traffic and catch the moment you've logged on and use the same account info + code [keylogger](that is still valid). If he loggs on quick enough, he could kick you. But you could still retry the logon. So he would have to disconnect or block your traffic for the time he requires the access.

In both cases a trojan is required. The 1st requires too much effort, while the 2nd would be relative easily detected due to the real time key watcher/ logger traffic generated.

And ahh..the 3rd option is social engineering. If he has your acc+pw he could try his luck with a call to blizz support and get the authenticator unregistered from the account. (this is probably harder then it sounds as I'd check in blizz's place the ID by using security questions and sending a verification e-mail to the account ovner)

These are only guesses, but they are unlikely to be far fetched.
#6boochyPosted 12/16/2009 6:45:41 PM
If you want to remove the authenticator, all you do is log into the Battle.net site, and type in the authenticator code+serial number of the Authenticator..

It seriously takes 2 minutes. I have it for my iPhone and it is awesome. If you have multiple accounts, you can sync up one authenticator to all your accounts as well.

I switched iPhones without removing it first, and all I had to do was call Blizzard and they fixed it for me.
---
Xbox Live GT/PSN ID - Duck Tales LOL
Yes, you can sing the Duck Tales theme song when I join a room, everyone else does.
#7boochyPosted 12/16/2009 6:47:33 PM

From: mimycri | #005
Unlikely.

I can only guess - as I don't care enough to research much like you -, but this is how it seams to work like:
You bind the authenticator to your account by registering the code on it and adding the code provided by the authenticator at the moment of registration. The code at the first activation is random - so 2 authenticators won't have the same code at a given time.
The authenticator changes the key code generated every minute according to a general algorithm.
At logon you need to enter the current code provided by the thing.
I take the server does a quick calculation based on the registration data and the time between the registration.

So how could the hacker get the account? Well if he has your account and password and a high number of used codes, he could technically revers engineer the algorithm. The other way is to monitor your traffic and catch the moment you've logged on and use the same account info + code [keylogger](that is still valid). If he loggs on quick enough, he could kick you. But you could still retry the logon. So he would have to disconnect or block your traffic for the time he requires the access.

In both cases a trojan is required. The 1st requires too much effort, while the 2nd would be relative easily detected due to the real time key watcher/ logger traffic generated.

And ahh..the 3rd option is social engineering. If he has your acc+pw he could try his luck with a call to blizz support and get the authenticator unregistered from the account. (this is probably harder then it sounds as I'd check in blizz's place the ID by using security questions and sending a verification e-mail to the account ovner)

These are only guesses, but they are unlikely to be far fetched.





If he calls he to Customer Service, they will ask you the serial number from the back of the Authenticator. WIthout that, the Blizzard rep won't remove it from the account(Or at least he shouldn't, not everyone follows the rules I guess.)
---
Xbox Live GT/PSN ID - Duck Tales LOL
Yes, you can sing the Duck Tales theme song when I join a room, everyone else does.
#8boochyPosted 12/16/2009 6:47:46 PM
If he calls into*
---
Xbox Live GT/PSN ID - Duck Tales LOL
Yes, you can sing the Duck Tales theme song when I join a room, everyone else does.
#9FishanelliPosted 12/16/2009 7:10:57 PM
I have a stand alone one as my phone isn't covered, so I can't speak on setup, but I highly recommend one. All I had to do was punch in the serial number on battle.net, and it's linked.

The only downside is that I can't log in fast enough to beat that screeching roar anymore. >_>
---
Steven Ste-ven [stee-vuhn]
-noun The subject of a particularly cruel prank.