The popularity of games developed by Blizzard Entertainment make user accounts a high profile target.
Especially World of Warcraft, but also games such as Diablo 3 or Starcraft 2 are sought after by hackers, often in an effort to transfer and sell virtual items like character equipment and gold.
Blizzard customers whose accounts were hacked face two main issues: first that they cannot access the account or play games until account access is restored, and second, that hackers may have transferred virtual items and gold. Players may spend days or longer to accumulate wealth or rare virtual items in games and losing access to this can be devastating.
Blizzard, just like Google or Dropbox, created an application to add a second authentication layer to the sign in process. The method, often referred to as 2-factor authentication or 2-step authentication, protects the login by not only asking for the account username and password, but also for a code that is only valid for a short period of time and generated by the app.
Update: The program was renamed to Blizzard Authenticator. It is no longer called Battle.net Authenticator.
Android smartphone owners can install the Blizzard Authenticator app for their device to create codes on the fly when needed. The app has been published for Apple iOS devices as well in the meantime.
This makes it a lot harder for attackers to gain access to the account, as they not only need to steal the username and password but also the code that is generated on the smartphone. Several popular attack forms such as phishing won't work if the account is protected by two-factor authentication.
It takes three steps to set up the additional layer of defense for your Blizzard battle.net account.
When you sign in to your Blizzard account, you are asked to verify the sign in using the Authenticator app. You can allow or decline sign-ins from the notification area or from inside the app.
Tip: Enable Blizzard SMS Protect to unlock recovery functionality that may not be available otherwise. You can use it to remove a lost authenticator from an account, approve password resets, unlock Blizzard accounts, and recover account names.
Previous setup was more complicated than that. It required entering a serial number that the app displayed on the account page on the Blizzard Battle.net website. The process has been optimized in the meantime so that this is no longer necessary.
When you log in to a recent Blizzard game such as Diablo 3, Starcraft 2 or World of Warcraft, you are asked to enter the current code generated by the application on your phone after you enter your username and password. Note that older battle.net games may not support the functionality.
You can disable the authenticator at any time from the Security Options menu.
Note that you need access to the application to do so. The only recovery options that you have besides that is to use the official support site, contact Blizzard by phone, or, in case you have configured the SMS Protect service, by using that service. More information about the process is available on this page on Battle.net.
Please click on the following link to open the newsletter signup page: Ghacks Newsletter Sign up
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.
Thanks for this, Martin. I’ve been using the Authenticator since it first came out as a keyfob, have not been hacked since, but I know plenty of people without it who have been.
I’d like to mention that it’s possible to install the Android (or iOS) app on multiple devices and set them all to the same recovery code, so that you can pick up whichever one is handy. I have it on my phone, my tablet, and my APC.io computer.
Interesting. I never really bothered with the authenticator until now but decided to give it a try on my new phone. Works great so far.