"Your Battle.net Authenticator is Changing" Better Not Be!

Hi Blizzard. Love you! If you revoke my existing authenticator and demand I install some proprietary ******* application, you better refund my historical Battle.net purchases.

Alternatively, I’ll start drafting emails and snail mail to my Attorney General.

Love you! So much! Weird “scum” isn’t a tag on this forum.

1 Like

It’s only that the Authenticator app and the Battlenet app are being consolidated into one app. Nothing changes for those using the physical authenticators.

However, understand that the physical authenticators were discontinued quite a while back, thus once the battery dies the only option is the mobile.

And… don’t cut yourself on all that edge.

1 Like

Since you clearly had to ‘sacrifice’ some development time, why not simply implement any other TOTP, such as google/microsoft authenticator or any other standard TOTP, instead of your proprietary in-app authenticator.

Thanks for your explanation in advance.


It literally says on the authenticator app that it’s moving to the battlenet app…don’t let the door hit you on the way out your highness, jesus.

Just posting this for visibility here as it’s quite obvious these users want to use a third party TOTP app like Aegis or password manager (Bitwarden, 1Password etc).

Blizzard does still have standard TOTP and this can now be done through the official swagger-ui without any third party tools needed to extract the device secret[1]. :+1: Maybe one day they’ll develop a nice frontend to that generates a pretty QR code.

There isn’t anything sinister going on here as this user points out[2]. The reason for merging into the main app is because that has working OAuth support and it was likely easier to invalidate all old authenticators before a certain date than try to do a database migration on all the old stored secrets. The new API for adding authenticators is an open source implementation (unlike the old one) with standard endpoints.

It also means now they only have one app that has to comply with Google Play target API requirements[3].

  1. github .com/jleclanche/python-bna/issues/38#issuecomment-1746656464
  2. github .com/jleclanche/python-bna/issues/38#issuecomment-1846591822
  3. developer.android .com/google/play/requirements/target-sdk

Slight point-of-order:

If they add “Google Authenticator” support, that *is* IETF RFC 6238 TOTP; there’s no way for a service to even tell whether you’re using Google Authenticator or a compatible alternative (such as Microsoft Authenticator or RedHat’s FreeOTP.) They only have to add “Google Authenticator” support and everything would immediately become perfect for everyone.

And of course as the Github thread linked by @Kalidarn-1132 brilliantly notes, they’re literally already using this exact thing internally, as deviceSecret; Blizzard just refuses to provide any way for users to acctually access this functionality without installing an unwanted social media executable or using 3rd-party Python scipts that violate §1(C)(iv),(ix) of the Blizzard Terms of Service, since it necessarily involves (respectively) either datamining the app or spoofing the Client ID:

1 Like

Thanks, verifying for anyone seeing this, I was able to remove my old TOTP enrollment and create a new TOTP enrollment with the instructions mentioned in comment-1746656464 on github. Working great.

I’m a little confused. As of today I am using Authy as my battlenet authenticator (configured to generate 8 digit codes). I genuinely can’t remember how I set it up and am now being told it will soon be detached.

Does this GitHub thread provide some way for me to continue to use Authy? I don’t really want my authenticator pinmed to a single device as today I sync it to several devices to avoid it being lost.