Protect your Blizzard account with Authenticator - gHacks Tech News

Protect your Blizzard account with Authenticator

The popularity of games developed by Blizzard Entertainment make user accounts a high profile target. Especially World of Warcraft, but also games such as Diablo 3 or Starcraft 2 are sought after by hackers, often in an effort to transfer and sell virtual items like character equipment and gold. Not only do hacked users lose items that they have often spend a considerable amount of time gathering but also access to the account itself which often leads to days of uncertainty before account access can be recovered.

Blizzard, just like Google or Dropbox, has created an application to add a second authentication layer to the sign in process. The method, often referred to as 2-factor authentication or 2-step authentication, protects the login by not only asking for the account username and password, but also for a temporarily created code that is only valid for a short period of time.

Android smartphone owners can install the Authenticator app for their device to create codes on the fly when needed. This makes it a lot harder for attackers to gain access to the account, as they not only need to steal the username and password, but also the code that is generated on the smartphone. Several popular attack forms such as phishing won't work if the account is protected by authenticator. authenticator

Setting up the Authenticator

It takes three steps to set up the additional layer of defense for your Blizzard account.

  • Visit the official website and log in there using your username and password
  • Locate Account Security on the left under Account Details and click on the Add Security link next to Authenticator
  • This opens the configuration page. First thing you need to do is verify that you are the account owner with the help of a verification email. Click on send verification email and follow the link that the email contains.
  • You are then asked to download the Authenticator application for your device. It is available for iPhone and iPod Touch, Android, Blackberry and Windows Phone devices.
  • When you start the application on your smartphone you see a serial number and an authorization code that is generated anew every 15 or so seconds.
  • Go back to the setup page on the website and enter the serial number and the currently valid code to complete the setup. Note that you need to leave out the dashes in the serial number field and be quick about adding the authorization code as it won't work once a new code has been generated by the application.

When you log in to a recent Blizzard game such as Diablo 3, Starcraft 2 or World of Warcraft, you are asked to enter the current code generated by the application on your phone after you enter your username and password. Note that older games such as Diablo 2 or Warcraft 3 are not supporting the authenticator.

You can disable the authenticator at any time from the Security Options menu. remove authenticator

Note that you need access to the application to do so. The only recovery options that you have besides that is to use the official support site, contact Blizzard by phone, or, in case you have configured the SMS Protect service, by using that service. More information about the process can be found on this page.

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


  1. Morely Dotes said on November 1, 2012 at 6:09 pm

    Thanks for this, Martin. I’ve been using the Authenticator since it first came out as a keyfob, have not been hacked since, but I know plenty of people without it who have been.

    I’d like to mention that it’s possible to install the Android (or iOS) app on multiple devices and set them all to the same recovery code, so that you can pick up whichever one is handy. I have it on my phone, my tablet, and my computer.

    1. Martin Brinkmann said on November 1, 2012 at 6:43 pm

      Interesting. I never really bothered with the authenticator until now but decided to give it a try on my new phone. Works great so far.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.