Friday, January 8, 2010

An Open Letter to Blizzard: Add a Battle.net Authenticator Option

Recently Blizzard (vendor of World of Warcraft as well as the upcoming Diablo 3 and Starcraft 2 titles) has switched over to their networked gaming platform Battle.net to manage all accounts for their games. In doing this, they've also pushed out an authenticator that's much like many high tech employees use to work from home. These little gadgets have a secret formula that they use to produce the next number in a sequence every time you press the button. Battle.net knows this sequence, and can verify your identity by making sure that the code you enter is the next (or nearly next, just to allow for mistakes) number.

Recently WoW.com has been suggesting that Blizzard might be on the edge of making these mandatory for the game. I understand this move, but there are two primary reasons people don't agree with it, and that it may well hurt WoW. First I'll cover those reasons and then I'll discuss the ways to work around them without giving up on account security.

(more...)


The first concern is simply monetary. Many players can pay their monthly fee and that's it. They really won't pay $6 more to keep playing. Sure, they're probably the minority, but a sizable minority in an 11.5 million player base is not to be ignored.

The second concern is that of having to re-key your authenticator every time you log in, which for some players is fairly often (especially those with the previous concern and therefore have least-common-denominator equipment, resulting in frequent disconnects).

To solve the first problem, simply provide the tokens with the next expansion (Cataclysm) and require their use for any account upgraded to the new content. Sure, some old users won't upgrade. Those who can't afford to upgrade to the next expansion will of course be unprotected, but it's then more reasonable to say that you won't support replacing lost items when these accounts are hacked and they're also a less attractive target for such scams.

Next you have the harder concern. People who get logged out and have to re-connect, potentially in time-critical situations (like a 5-man group they'll be kicked from or a raid that will wipe). For these players, you offer a different way of authenticating (an option, but not the default) where they only have to authenticate once per day per IP address per account. Thus, the user would not be required to enter more than their password on the second login.

This is not an ideal model for shared resources such as school or work computers or laptops that are often left exposed, but it still solves for the primary threat of keyloggers and email scams. Plus, if it's not the default, then most users will never enable it, retaining a higher degree of security.