Blizzard’s recent shift to a strict one-phone-number-per-account policy for authentication has created a serious security gap—one that many of us walked into unknowingly.
Originally, the system didn’t allow multiple accounts to share a single authenticator fob, which made sense from a security standpoint. But at some point, the platform began allowing multiple accounts to be tied to one phone number. I took advantage of that to secure a few inactive accounts I’d created for personal use and friends. All were dormant, but I wanted them protected.
Then I logged into my main account—the only one I actively play, fully updated with the latest expansion—and was greeted with an in-game message indicating my authenticator had been removed. Alarmed, I investigated and discovered Blizzard had removed it, likely due to the policy change. I promptly cleared my number from the other accounts to restore protection to my primary one. But now those other accounts are exposed, and I have no way to secure them.
The real issue here isn’t just the policy—it’s the lack of communication. There was no clear announcement when multiple accounts were allowed to share a number, and no proper alert when that functionality was revoked. These are major security changes. They deserve visibility beyond buried patch notes that many players never read through entirely.
Security should never be a silent update. Blizzard, please give these changes the spotlight they warrant.