Authenticator fails, removed from account without user's permission

Authenticator fails, removed from account without user's permission

Someone in this forum thread apparently logged out one night and logged on the next morning to find her account stripped of everything but PvP gear, and her Authenticator no longer connected to her account.

But obviously, this one was removed even without that, and we're being told that all you might need to remove the Authenticator is the answer to the user's secret question and a CD key (or even less). In other words, the fault isn't with the technology, it seems to be with the support reps on Blizzard's side of the phone line -- if they can be convinced to remove the Authenticator, the account can then be hacked.

Think a Blizzard Authenticator will keep your account from being hacked? Think again -- we've got our first known report of someone who was protecting their account with one of Blizzard's keys, and still got their character hacked down to their undies.

Supposedly, to deactivate an Authenticator from an account, you need to get in touch with Billing services, and reportedly they'll then ask for a notarized statement with a picture, like a driver's license, just to remove the Authenticator.
The little keys have been selling like hotcakes since they were released -- almost everyone has figured that $6.50 was cheap for peace of mind. But while an Authenticator still does provide an extra step in security, the sad truth is that it hardly makes an account impermeable.

[Via BRK]

Update: Married IRL has more analysis, including a comment that confirms all you really need to get past the Authenticator is the user's secret question answer, usual address information, and the original CD key. If the standard for getting an Authenticator removed really is a Photo ID, it's fairly clear that Blizzard's reps aren't doing their jobs right.

More after the break.

Update 2: Please note that we are not at all saying for sure that Blizzard employees made the mistake here. If it's true that removing the Authenticator from an account requires a picture ID, and if it's true that the authenticator was removed from this account (without, obviously, a picture ID), then the odds are that there is a security hole in there somewhere.

The fact that they were using the Authenticator and were still hacked, however it happened, is why we've posted this here: You should have known this already, but just in case you thought using the Authenticator make you impervious to hacking, know that it doesn't.

Author: This original article is the property of wow gold. We provides independent customer of cheap wow gold.
Note: You must also post the above author information if you would like to republish this article!

Share this article:

Changes in Beta Build Ulduar in the new Build BlizzCon tournament Passenger Mounts State Mage Mage State Welcome to Lichborne Championing in Wrath Itemization PvP Battlegrounds

Sholazar Basin Lake Wintergraps How to powerlevel your account? Continue fighting in world of warcraft The Master's gain and loss New version of wow About the PvP Review on world of warcraft Tournament in WOW The warrior class

The Lich King expansion pack of wow The New Inscription Some blue posts wow power leveling World of Warcraft classes The Beta testing World of warcraft at present The_New Graphics A case of Best Buy Voidwalker