Authenticator Infinite Loop issue

API Bug + Authenticator Bug.

Issue:

Infinite Loop Login screen WITH Authenticator.

Browser:

Vivaldi 5.5.2805.38 (Stable channel) stable (64-bit)

User-Agent:

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36

Issue Description:

If you enable the use of Authenticator app on your account, you can’t login, because you’re stuck in an infinite loop on the login screen. After entering your password and hitting Login button to go to the next page you are briefly shown on the next page to authorize the login using the Authenticator app. the API call to send the prompt to the mobile app is presented to the device, but before you even click the APPROVE or DENY button, you’re instantly thrown back to the username + password screen, so even if you hit the prompt button on your mobile app, you still can’t login. – By removing the Authenticator app for login, you’re able to login again as normal. This is consistent and will prevent you from logging in entirely until you remove the app itself.

Steps to reproduce:

  • Go to Account Settings → Security
  • Click on Set Up An Authenticator
  • Follow the steps to download the app to your mobile device
  • Once installed, open Authenticator app and login
  • Follow prompts to save and backup codes
  • Proceed to login from web page again
  • When prompted briefly after logging in you will be sent the APPROVE or DENY request to the app but can’t login.

Even if you followed from this Support page article 19092 to Clear Cache and Cookies, you still can’t login no matter how many times you do so.

From the looks of things many other people report same issue, so I’m not alone in this one. This is a web page issue, and API issue which receives a Failed Login attempt BEFORE you’re able to select APPROVE or DENY from the Authenticator app. While you’re given the prompt IN the app, the web page is doing other things before it’s received the prompt being approved or denied.

For the time being Authenticator app will remain DISABLED until this is fixed, and I highly recommend others leave it disabled also. If you need to disable it, follow the prompts from the login screen that you can’t login, and select Remove Authenticator and follow the prompts that it gives to remove it so you can login again.

Please fix this. Its been happening for ages & I want to turn my authenticator back on!

Lack of care of security means Blizzard accounts can and will be hacked. Or Blizzard’s backend servers in its entirety is compromised in which someone can and will steal data from Blizzard servers. The next big blunder in security issues waiting to happen due to negligence or acknowledgement from Blizzard team themselves who don’t take these issues seriously.

The headline will read: Blizzard Data Leak of 34.3TB Customer Data