I have no shortage of these links. I could go on for days. But it doesn’t matter - SMS is not secure. Please tell your security operations team to stop doing this and reverse course. You should be seeking out other, more robust methods for authenticators, not SMS!
Even Valve, of all corporations, reversed course on this when they got well-deserved backlash on making a similar decision.
So I want to understand this correctly. You specifically dont want to receive texts for security. And you reference Steam, which stated…
We are delaying the rollout for these changes, with the expected launch date to now be November 8th, 2023. We’ll be adding support to use the Steam Mobile App to also approve default builds being set live for released apps or inviting new users on the Steamworks site. The Steam Mobile App will be an alternative to entering an SMS confirmation code.
Which references the Steam Mobile App will be an alternative to entering an SMS confirmation code?
You specifically have an issue with entering text message codes because you think people targeting your WoW account are going to also specifically target your phone, and will already know your SIM info to jack it.
You want Blizzard to use a mobile app instead of specifically using a text message confirmation number? Since Steam’s SMS authenticator sent a text from a 6 digit phone number as its method?
Am I on the right page, that this is what you dont want?
I just want to be sure I understand the complaint correctly when I then point out that SMS is not required.
You just need the battle.net app on your phone. Which sounds like what Steam is doing. I have never once received a text based code for security, despite having the authenticator option. Because I have the app.
Which seems to be what the OP is complaining about.
“Isn’t happening”
^ That’s straight from their FAQ.
The long and short of it is - unless you “upgrade” to this silly battle.net authenticator (which requires a phone number) - you no longer have an authenticator. They’re getting rid of TOTP authentication entirely.
Okay, to be fair, yes, you do need to have SMS setup in order to add the mobile authenticator, but you are not required to leave it setup. You can remove it afterward.
That said, having an authenticator on your account absolutely increases it’s security. I just wish that I could use a third-party authenticator like Google.
I actually don’t know why they require SMS to be used in order to add an authenticator. I think that part of the process is unnecessary and limits the number of people who would otherwise be able to setup an authenticator.
The only issue is that OP has gone beyond the usual necro’ing old threads, and is now raising up issues that used to be in threads on the old forums. Maybe it was even the old, OLD forums. Can’t remember. Meh.
Just for the start, you need an SMS after that its not needed you just won’t get any text alerts if someone is trying to change your password ditch your authenticator, or change E-mail
Once again. Receiving a SMS text is not required to use Battle.NET as your authenticating process. I have never once received a text for it.
There is literally an option to turn it off.
An option for security / Battle.Net within your account :
Always require authenticator for login
This will require the use of your authenticator every time you log in and remove the option to use an SMS security code in its place.
It sounded like you want an option to use a mobile app instead of SMS for security, like Steam. It sounds like that issue is covered.
