Protect your Blizzard account with Battle.net Authenticator
The popularity of games developed by Blizzard Entertainment make user accounts a high profile target.
Especially World of Warcraft, but also games such as Diablo 3 or Starcraft 2 are sought after by hackers, often in an effort to transfer and sell virtual items like character equipment and gold.
Blizzard customers whose accounts were hacked face two main issues: first that they cannot access the account or play games until account access is restored, and second, that hackers may have transferred virtual items and gold. Players may spend days or longer to accumulate wealth or rare virtual items in games and losing access to this can be devastating.
Blizzard, just like Google or Dropbox, created an application to add a second authentication layer to the sign in process. The method, often referred to as 2-factor authentication or 2-step authentication, protects the login by not only asking for the account username and password, but also for a code that is only valid for a short period of time and generated by the app.
Update: The program was renamed to Blizzard Authenticator. It is no longer called Battle.net Authenticator.
Android smartphone owners can install the Blizzard Authenticator app for their device to create codes on the fly when needed. The app has been published for Apple iOS devices as well in the meantime.
This makes it a lot harder for attackers to gain access to the account, as they not only need to steal the username and password but also the code that is generated on the smartphone. Several popular attack forms such as phishing won't work if the account is protected by two-factor authentication.
Setting up the Blizzard Mobile Authenticator
It takes three steps to set up the additional layer of defense for your Blizzard battle.net account.
- Visit the official battle.net website and log in there using your username and password.
- Click on your username and select Account Settings.
- Go to Account Security on the left under Account Details and click on the Add Security link next to Authenticator
- You are then asked to download the Battle.net Authenticator application for your device. It is available for iPhone and iPod Touch, and Android devices only.
- A short introduction is displayed when you start the app on your mobile device for the first time. You are asked to sign in to your account using your Battle.net credentials.
- Blizzard will send a verification code to the registered email address. Type the code in the verification field in the app to proceed.
- The Restore Code is displayed on the next page. Write down the serial and the restore code or create a screenshot of it. You may use it to restore the authenticator if you lose access to the phone.
When you sign in to your Blizzard account, you are asked to verify the sign in using the Authenticator app. You can allow or decline sign-ins from the notification area or from inside the app.
Tip: Enable Blizzard SMS Protect to unlock recovery functionality that may not be available otherwise. You can use it to remove a lost authenticator from an account, approve password resets, unlock Blizzard accounts, and recover account names.
Previous setup was more complicated than that. It required entering a serial number that the app displayed on the account page on the Blizzard Battle.net website. The process has been optimized in the meantime so that this is no longer necessary.
When you log in to a recent Blizzard game such as Diablo 3, Starcraft 2 or World of Warcraft, you are asked to enter the current code generated by the application on your phone after you enter your username and password. Note that older battle.net games may not support the functionality.
You can disable the authenticator at any time from the Security Options menu.
Note that you need access to the application to do so. The only recovery options that you have besides that is to use the official support site, contact Blizzard by phone, or, in case you have configured the SMS Protect service, by using that service. More information about the process is available on this page on Battle.net.
Previous Post: « X-Ray 2.0 VirusTotal frontend with a batch of extra features
Next Post: Microsoft applies for Big Brother DRM patent »
Thanks for this, Martin. I’ve been using the Authenticator since it first came out as a keyfob, have not been hacked since, but I know plenty of people without it who have been.
I’d like to mention that it’s possible to install the Android (or iOS) app on multiple devices and set them all to the same recovery code, so that you can pick up whichever one is handy. I have it on my phone, my tablet, and my APC.io computer.
Interesting. I never really bothered with the authenticator until now but decided to give it a try on my new phone. Works great so far.