Regional Authenticator ChangesSource
Target Source
#1 - 2011/06/17 07:51:00 AM
If you use an authenticator – and we hope you do – you may soon notice that an authenticator prompt may not appear with every login. We’ve recently updated our authentication system to intelligently track your login locations and, if you’re logging in consistently from the same place, you may not be asked for an authenticator code. This change is being made to make the authenticator process less intrusive when we’re sure the person logging in to your account is you.

We hope to continue improving the authenticator system to ensure the same or greater security, while improving and adding features to make having one a more user friendly experience. If you don’t already have a Authenticator attached to your account, don’t wait until it’s too late.

Customer Service
Target Source
#519 - 2011/07/10 05:16:00 PM

Will you people please shut the hell up about spoofing IP addresses? Read the thread and realize it's not a valid attack vector.

God dammit...

True, the IP alone won't work. But if you tunnel through another PC (e.g. one you have a keylogger on) you can get in to their account without an authenticator. This definately works as I've tested it using my own account. It's a flaw that was brought up on day 1 of the changes, but blizzard have ignored it.

Since this is such an obvious flaw and not something blizzard would miss (I hope). They must have made this change for money reasons, reducing bandwidth usage at the cost of people who use authenticators. There is a way to re-enable it though by altering the registry and preventing wow from saving authenticator info on your system :)

This isn't a money saving scheme since your not actually spending anything to generate the code, nor are you impacting bandwidth in anyway. While your concerns are noted, your account no less secure than it was before, the only change is that you will only be prompted once a week to enter unless you change IP address, from where you'll need to enter your authenticator code.

There are a lot of valid concerns, which our developers are aware about, however we cannot give a direct response to all posts made.

Never the less we are not ignoring any feedback posted, its read and noted.

As for authenticator information, this is managed server side not on your actual system.

Customer Service
Target Source
#536 - 2011/07/15 01:47:00 PM
Last week I got asked for the code aswell, I thought it was a bug or something
But this week (today) I got asked for my code again (Just once a week tho, it seems)
Is this normal blizz?

Yes it is :)