Anii - World of Warcraft

„About the Recent Authenticator Change” wysłany: 14 lat temu

after a month on non replies, the orginal linked posts being deleted, 13 CAPPED threads asking for an opt out or a rollback of the authenticator change(really we just wanted an opt out of the failed system)
as of now numerous players have quit or are quitting(my acct expires in days) as we are unhappy about the change and the lack of response from Blizzard

I expect this to be deleted in short order, but as the one on the Tech forum(and we suspect soon the one on the CS forum) have already been ignored and / or deleted
(yes this is a cut and paste)

System start date
http://us.battle.net/wow/en/forum/topic/2743697739?page=14#264
Official notice
http://us.battle.net/wow/en/forum/topic/2674529777#1 (deleted)
http://us.battle.net/wow/en/forum/topic/2674529793

A computer may have been marked as authorised before the system went into effect
http://us.battle.net/wow/en/forum/topic/2674980195?page=25#489

Computers marked as authorised may not need to be individually re-authorised
http://us.battle.net/wow/en/forum/topic/2743697739?page=14#278

Computers marked as authorised may not need to be individually re-authorised, even if in different locations
http://us.battle.net/wow/en/forum/topic/2674991820?page=24#474

A change in location and ISP may not prompt for an Authenticator code
http://us.battle.net/wow/en/forum/topic/2674990905?page=25#496
http://us.battle.net/wow/en/forum/topic/2674991820?page=25#485

The WoW client uses a registry key on the client machine to determine if an Authenticator code is required
http://us.battle.net/wow/en/forum/topic/2674990905?page=6#117

The system is designed to prompt for the Authenticator code weekly
http://eu.battle.net/wow/en/forum/topic/2226156035?page=27#536

Blizzard are still advertising the Authenticator as a 'use for every login' device
http://us.blizzard.com/store/details.xml?id=1100000822

There has been no official response from Blizzard on the US forums, but there have been two responses to a much smaller discussion on the European forums
http://eu.battle.net/wow/en/forum/topic/2226156035?page=26#519
http://eu.battle.net/wow/en/forum/topic/2226156035?page=27#536

A player also claims to have tested a proof of concept attack that duplicates the stored registry key onto a virtual machine to allow un-authorised login
http://us.battle.net/wow/en/forum/topic/2743697739?page=15#283

Whilst the registry hack will cause an authenticator prompt at login, this obviously won't effect any other 'authorised' computers.

I would also note that it would be relatively easy for a variant of the existing man in the middle attack to use this registry hack to force an authenticator prompt.

Whilst I acknowledge that there will be issues that Blizzard and I disagree on, I find it very disappointing that they have elected not to respond to player concerns, and even more disappointing that they are now deleting threads.