The popularity of games developed by Blizzard Entertainment make user accounts a high profile target. Especially World of Warcraft, but also games such as Diablo 3 or Starcraft 2 are sought after by hackers, often in an effort to transfer and sell virtual items like character equipment and gold. Not only do hacked users lose items that they have often spend a considerable amount of time gathering but also access to the account itself which often leads to days of uncertainty before account access can be recovered.
Blizzard, just like Google or Dropbox, has created an application to add a second authentication layer to the sign in process. The method, often referred to as 2-factor authentication or 2-step authentication, protects the login by not only asking for the account username and password, but also for a temporarily created code that is only valid for a short period of time.
Android smartphone owners can install the Battle.net Authenticator app for their device to create codes on the fly when needed. This makes it a lot harder for attackers to gain access to the account, as they not only need to steal the username and password, but also the code that is generated on the smartphone. Several popular attack forms such as phishing won't work if the account is protected by authenticator.
Setting up the Battle.net Authenticator
It takes three steps to set up the additional layer of defense for your Blizzard battle.net account.
- Visit the official battle.net website and log in there using your username and password
- LocateĀ Account Security on the left under Account Details and click on the Add Security link next to Authenticator
- This opens the configuration page. First thing you need to do is verify that you are the account owner with the help of a verification email. Click on send verification email and follow the link that the email contains.
- You are then asked to download the Battle.net Authenticator application for your device. It is available for iPhone and iPod Touch, Android, Blackberry and Windows Phone devices.
- When you start the application on your smartphone you see a serial number and an authorization code that is generated anew every 15 or so seconds.
- Go back to the setup page on the battle.net website and enter the serial number and the currently valid code to complete the setup. Note that you need to leave out the dashes in the serial number field and be quick about adding the authorization code as it won't work once a new code has been generated by the application.
When you log in to a recent Blizzard game such as Diablo 3, Starcraft 2 or World of Warcraft, you are asked to enter the current code generated by the application on your phone after you enter your username and password. Note that older battle.net games such as Diablo 2 or Warcraft 3 are not supporting the authenticator.
You can disable the authenticator at any time from the Security Options menu.
Note that you need access to the application to do so. The only recovery options that you have besides that is to use the official support site, contact Blizzard by phone, or, in case you have configured the SMS Protect service, by using that service. More information about the process can be found on this page.
Thanks for this, Martin. I've been using the Authenticator since it first came out as a keyfob, have not been hacked since, but I know plenty of people without it who have been.
I'd like to mention that it's possible to install the Android (or iOS) app on multiple devices and set them all to the same recovery code, so that you can pick up whichever one is handy. I have it on my phone, my tablet, and my APC.io computer.
Interesting. I never really bothered with the authenticator until now but decided to give it a try on my new phone. Works great so far.