you can select in the settings if you want it to auth everytime you login (d3, b.net, wow, etc) or everyweek.

but just a note, the authenticator IS NOT fool-proof. it's been defeated before, and WILL be defeated again.

wanna know why those haxxors need a maximum of 2 mins to clear out your account, even with the auth?

it's because the way blizzard uses the auth. everytime it generates a code, you have a few seconds (20-30 secs?) until it generates a new one.

but even if the code has expired after 30 secs, you still can use it. i think there is a grace period of 60-120secs before the code truly expires on b.net's side.

so a hacker can get your code with the MITM method (or some other exploit), login, change your password, add you as a friend, clean up account, and bye bye. all in under 2 minutes.

but however it is, no authenticator can be stronger than good logic - update antivirus, don't reuse your password with email, stop running unneeded programs/apps while playing, etc. it may be a hassle to you, but remember you only need to be screwed once.

This post has been edited by C-Fu: May 22 2012, 02:57 PM

better yeah, but like i said, you only need to be screwed once. then you're on the other side of the "battle" already

having more security is good, but nothing beats safe surfing. i personally would still recommend having beefed-up security that blizzard offers than none/little at all. reading up at blizzard forum on people's issues is making me (slightly) paranoid not to mention having a friend who got screwed as well, but probably not through hacking, but some server-side issues.

lyn is an open forum, anybody can read comments, especially that "post your battletag" thread. you never know who reads them and posts there

This post has been edited by C-Fu: May 22 2012, 03:42 PM

yeah, i know about that issue. time and history have shown that blizzard/activision will keep their mouth shut whenever they have problems (in a good or bad way) until shit hits the fan my best guess would be that they were trained by our Malaysian politicians


with the money pouring in, it's a surprise why they won't implement a machine auth feature like facebook where if you logged in using some unknown/new device, it'll send you an sms asking you to verify. it's a very simple and effective tool to prevent account takeovers in facebook/gmail/etc, and yet nobody there seems to care.

This post has been edited by C-Fu: May 22 2012, 03:50 PM