Comments on: Time to Get Rid of my Authenticator

By: Authenticators! How Do They Work? | Random Waypoint

Authenticators! How Do They Work? | Random Waypoint — Mon, 17 Feb 2014 16:59:33 +0000

[…] actually work? When I looked around for some information on the more technical details when I wrote my last post, I realized that there isn’t a lot of easily available and understandable information around. […]

By: flosch

flosch — Thu, 13 Feb 2014 18:57:26 +0000

That’s what I wanted to say. It’s not only not required technically, but also not procedurally by Blizzard (at least not any more).

And I’m writing on a post about “how do they work” at the moment. I’ll have to see whether I can make the technical details behind how their security works understandable enough to make it a worthwhile post.

By: R

Thu, 13 Feb 2014 18:54:51 +0000

In terms of how they work, the serial number on the fob is known to the host server and has the ability to create the same code as your fob so it’ll know if the one you use is correct or not. That’s why it should only be necessary for setting up the connection, being required to remove seems like more of a “we want to be sure you’re holding it on your hand at the time” possession verification kind of thing. That’s why I’d suggest that you “lose” it when doing the disconnect, avoids the awkwardness of a partial serial number but may require a bit more effort for them to verify your identity as the account holder.

Here’s the link to the product the authenticator is based off if you’re looking for more info:
http://www.vasco.com/products/client_products/single_button_digipass/digipass_go6.aspx

By: flosch

flosch — Thu, 13 Feb 2014 18:36:39 +0000

Removing is actually not too bad. My authenticator still works, so I can simply log in and remove it from my account. Thankfully, you only need the serial number to register a key fob type authenticator, not to remove it.

By: R

Thu, 13 Feb 2014 18:33:32 +0000

At least in the North America region I heard they have the physical item store back up on the website, including authenticators, they weren’t available for quite a while from Blizzard (but may have been from Amazon.com, etc). Can’t speak to anywhere else but if not, it might be back up soon. If you’re just looking to remove the authenticator from your account, though, you should be able to do that, just “lose” the authenticator and proceed.

By: flosch

flosch — Thu, 13 Feb 2014 16:00:34 +0000

The problem with Internet in Germany is that you have forced disconnects every 24h, with some providers even every 12h. It’s been that way ever since flat modem/ISDN rates started to appear in the late 90ies. The providers seem to be horribly worried about people setting up servers on static IPs, so they disconnect you every 24h so you get a new IP from their range. I guess they want to make sure they can sell static IP contracts at a premium… So I needed my authenticator all the time. (Though still mostly at home, that’s true.) Since my net also sometimes went down in the middle of a boss fight for no apparent reason, I got pretty fast at logging in and using the authenticator. Too bad there are no Olympics for that.

And about that serial number… it’s obviously very important to register. Whether you need it afterwards depends on their policy, I guess.

When I searched around for information, I realized there are lots of posts with strange or downright wrong claims about authenticators. (This is the Internet, after all.) But I couldn’t find a single post that tried to explain how authenticators work on a technical level. Maybe if I have time, I’ll try to write an instructional “this is how they work, and what the serial is for, and where the numbers in your key fob come from” post. That might be a genuinely useful thing to have around.

By: Wilhelm Arcturus

Wilhelm Arcturus — Thu, 13 Feb 2014 15:41:42 +0000

Heh, I put my authenticator on my key ring for a little while, until I realized that I did not actually need it anywhere except at my desk at home. So it is hung up on a peg there. And even then, with the way Blizzard has worked thing, I only need it about once a week. So long as I authenticate from my machine, it assumes logons from that IP address are authenticated for 5-7 days.

And yeah, that number on the back, it’s kind of important.