you can select in the settings if you want it to auth everytime you login (d3, b.net, wow, etc) or everyweek.

but just a note, the authenticator IS NOT fool-proof. it's been defeated before, and WILL be defeated again.

wanna know why those haxxors need a maximum of 2 mins to clear out your account, even with the auth?

it's because the way blizzard uses the auth. everytime it generates a code, you have a few seconds (20-30 secs?) until it generates a new one.

but even if the code has expired after 30 secs, you still can use it. i think there is a grace period of 60-120secs before the code truly expires on b.net's side.

so a hacker can get your code with the MITM method (or some other exploit), login, change your password, add you as a friend, clean up account, and bye bye. all in under 2 minutes.

but however it is, no authenticator can be stronger than good logic - update antivirus, don't reuse your password with email, stop running unneeded programs/apps while playing, etc. it may be a hassle to you, but remember you only need to be screwed once.

better yeah, but like i said, you only need to be screwed once. then you're on the other side of the "battle" already

having more security is good, but nothing beats safe surfing. i personally would still recommend having beefed-up security that blizzard offers than none/little at all. reading up at blizzard forum on people's issues is making me (slightly) paranoid    not to mention having a friend who got screwed as well, but probably not through hacking, but some server-side issues.

It's not really because of keylogger on your PC... It's their server. Even Blizzard's autehntication is not really helping.

Read more here: http://www.tomshardware.com/news/Exploit-h...-RPG,15713.html

and this : http://us.battle.net/d3/en/forum/topic/5235706038