So my son had an account that was old enough to still use the small keychain token authenticators. We were worried that since the thing is like 10+ years old it might kick the bucket soon so thought “hey, let’s remove the token one and add the app one from your phone”. Apparently a bad idea… once the token authenticator was removed we find out you can’t add a new authenticator without adding an (unused) phone number first.
Just… why? Why would you lock the ability to add security to your account behind some arbitrary restriction like that? Especially when the account had previously worked fine WITH an authenticator and WITHOUT a phone number for more than a decade.
Normally I’d say “well this is incredibly stupid and short sighted but fine, whatever” except he had created another account at some point over the course of that decade+ and had attached his phone to that account. So now he has an account that used to have 2FA that can’t be added back. Thanks Blizzard; appreciate it.
1 Like
I remember when they said that using your phone to get security meant to lock 2FA behind a login to stop hacks or whatever. Instead, it looks like they went overboard with having your phone be the authenticator through the app, even if your PC works just fine. Hopefully, they’ll fix it like I asked them to.
Blizzard has never supported any of the third party PC authentication services. The idea of the Authenticator when they rolled out the keychain token in 2008 was to have it separate from your PC. That way if the PC was compromised the Auth would not be.
The mobile app has been out for a long time - with the same concept. That is is stand alone separate from the gaming device.
Not sure how that works for their mobile games, but that is the concept anyway.
The need for the phone number seems to be fraud related. They require a valid (non VOIP) number for their free games and to set up the Bnet authenticator app now. Makes it harder to just make fake accounts over and over.