#1 - July 24, 2011, 5:41 p.m.
as of now numerous players have quit or are quitting(my acct expires in days) as we are unhappy about the change and the lack of response from Blizzard
I expect this to be deleted in short order, but as the one on the Tech forum(and we suspect soon the one on the CS forum) have already been ignored and / or deleted
(yes this is a cut and paste)
System start date
http://us.battle.net/wow/en/forum/topic/2743697739?page=14#264
Official notice
http://us.battle.net/wow/en/forum/topic/2674529777#1 (deleted)
http://us.battle.net/wow/en/forum/topic/2674529793
A computer may have been marked as authorised before the system went into effect
http://us.battle.net/wow/en/forum/topic/2674980195?page=25#489
Computers marked as authorised may not need to be individually re-authorised
http://us.battle.net/wow/en/forum/topic/2743697739?page=14#278
Computers marked as authorised may not need to be individually re-authorised, even if in different locations
http://us.battle.net/wow/en/forum/topic/2674991820?page=24#474
A change in location and ISP may not prompt for an Authenticator code
http://us.battle.net/wow/en/forum/topic/2674990905?page=25#496
http://us.battle.net/wow/en/forum/topic/2674991820?page=25#485
The WoW client uses a registry key on the client machine to determine if an Authenticator code is required
http://us.battle.net/wow/en/forum/topic/2674990905?page=6#117
The system is designed to prompt for the Authenticator code weekly
http://eu.battle.net/wow/en/forum/topic/2226156035?page=27#536
Blizzard are still advertising the Authenticator as a 'use for every login' device
http://us.blizzard.com/store/details.xml?id=1100000822
There has been no official response from Blizzard on the US forums, but there have been two responses to a much smaller discussion on the European forums
http://eu.battle.net/wow/en/forum/topic/2226156035?page=26#519
http://eu.battle.net/wow/en/forum/topic/2226156035?page=27#536
A player also claims to have tested a proof of concept attack that duplicates the stored registry key onto a virtual machine to allow un-authorised login
http://us.battle.net/wow/en/forum/topic/2743697739?page=15#283
Whilst the registry hack will cause an authenticator prompt at login, this obviously won't effect any other 'authorised' computers.
I would also note that it would be relatively easy for a variant of the existing man in the middle attack to use this registry hack to force an authenticator prompt.
Whilst I acknowledge that there will be issues that Blizzard and I disagree on, I find it very disappointing that they have elected not to respond to player concerns, and even more disappointing that they are now deleting threads.