The popularity of games developed by Blizzard Entertainment make user accounts a high profile target.
Especially World of Warcraft, but also games such as Diablo 3 or Starcraft 2 are sought after by hackers, often in an effort to transfer and sell virtual items like character equipment and gold.
Blizzard customers whose accounts were hacked face two main issues: first that they cannot access the account or play games until account access is restored, and second, that hackers may have transferred virtual items and gold. Players may spend days or longer to accumulate wealth or rare virtual items in games and losing access to this can be devastating.
Blizzard, just like Google or Dropbox, created an application to add a second authentication layer to the sign in process. The method, often referred to as 2-factor authentication or 2-step authentication, protects the login by not only asking for the account username and password, but also for a code that is only valid for a short period of time and generated by the app.
Update: The program was renamed to Blizzard Authenticator. It is no longer called Battle.net Authenticator.
This makes it a lot harder for attackers to gain access to the account, as they not only need to steal the username and password but also the code that is generated on the smartphone. Several popular attack forms such as phishing won't work if the account is protected by two-factor authentication.
It takes three steps to set up the additional layer of defense for your Blizzard battle.net account.
When you sign in to your Blizzard account, you are asked to verify the sign in using the Authenticator app. You can allow or decline sign-ins from the notification area or from inside the app.
Tip: Enable Blizzard SMS Protect to unlock recovery functionality that may not be available otherwise. You can use it to remove a lost authenticator from an account, approve password resets, unlock Blizzard accounts, and recover account names.
Previous setup was more complicated than that. It required entering a serial number that the app displayed on the account page on the Blizzard Battle.net website. The process has been optimized in the meantime so that this is no longer necessary.
When you log in to a recent Blizzard game such as Diablo 3, Starcraft 2 or World of Warcraft, you are asked to enter the current code generated by the application on your phone after you enter your username and password. Note that older battle.net games may not support the functionality.
You can disable the authenticator at any time from the Security Options menu.
Note that you need access to the application to do so. The only recovery options that you have besides that is to use the official support site, contact Blizzard by phone, or, in case you have configured the SMS Protect service, by using that service. More information about the process is available on this page on Battle.net.Advertisement
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.