Blizzard, the authenticator migration (aka SMS is now REQUIRED) is an awful idea

Community General Discussion
21

This part isn’t correct. If you currently have a legacy physical authenticator attached, that will still work for as long as the actual device works…which honestly can’t be that much longer considering how old these things are now.

No, but it is required in order to setup the mobile authenticator. It’s an unnecessary additional step that Blizz added a while back. If you already had an authenticator setup, you were Grandfathered in without the requirement for SMS.

As I mentioned above, you can still disbale it after you have the authenticator setup if you wish.

2 Likes
22

The titles of the two wings of the megadungeons are bugged, and a player without a cellphone cannot select the one they need.

2 Likes
23

This is absolutely ridiculous. MFA has been around for years and is secure as anything.

Good lord.

24

And one of the specific things mentioned from the OP, is the Steam Mobile App (which OP apparently wants Blizzard to copy with its set up).

Its setup flow also requires a phone number.

I am just pointing out what the OP is asking for already exists.

1 Like
25

These kinds of threads are silly to be honest, since basically everyone has an authenticator-capable smartphone in the year 2023

If you still don’t have one i don’t know what to tell you… because even little kids and old-timers/boomers are commonly seen holding one out in public

As for the OP’s concerns about SIM-jacking, that mostly happens in the world of cryptocurrency, and even there hackers/thieves go to great lengths to find out what your phone number/carrier is to call them up to fraudulently impersonate you - it’s unlikely someone is going to go thru aaaaaaalllll that trouble for something as lowly as a WoW account with no cash value (like crypto) :rofl:

SIM-jacking is mainly an identity theft technique used for stealing crypto and bank accounts, let’s not be overly-dramatic claiming (…falsely) that it is something that happens in WoW

2 Likes
26

Every once in a while it feels good to be the old guy. :sunglasses:

3 Likes
27

They want to sell your phone number, how can they dot hag if you don’t give them your phone number?!?!

I have NEVER had an authenticator on my account, and never will. The moment they make it a requirement “for my security” (aka because they want to fire all the cs staff) will be the day I switch to console or GPU only.

1 Like
28

Bliz does not sell your phone number.

29

True. My Blizzcon acquired physical authenticator started alerting me to a Low Battery condition two years ago.

The easy solution would be to put the app onto my smart phone but I do not have one of my own. As an employee benefit, I have always had a fully functional smartphone - but for security reasons, the research institute I work for only permits us to add apps if they are pre-approved by IT. Gaming (or gambling) apps are specifically prohibited so I’ve been using the physical auth as long as possible.

In fact anticipating an eventual low battery issue, I’ve kept a second unregistered physical auth in the fridge to preserve it - only to find that these days - Blizz will not allow anyone to replace an old physical auth with a preserved one.

So two years ago I bought a Pay As You Go (no contract) cell phone just for Warcraft only to find that these prepaid numbers were rejected by Blizzard for the purpose of authorizing play. I gather there is something different about numbers from prepaid plans - they are “virtual” or something. Don’t know the details and couldn’t fix it so I returned the prepaid phone.

I did find a solution though… MobileSMS.io. They are a phone number rental service that uses real sim card numbers that are NOT prepaid. If you Google them up and check it out you’ll see they offer a variety of temporary phone numbers to choose from, including one-time use, 7 day rental, 30 day rental, and long term rental numbers.

So I used the rented phone number - entering the verification code sent to the temporary phone number provided by MobileSMS.io filling out all the details on the Battle.net account page, including the temporary phone number provided by MobileSMS.io.

I played that way for quite some time and all was well.

But while this was going on, a bunch of us who work there (almost 100 employees including some top researchers) signed a petition to our IT department asking they take another look at the Blizzard phone authenticator app, and a couple of months ago they added it to the approved list - so I canceled my cheap MobileSMS.io rental - ultimately adding the Blizz app to my work phone (like a normal person).

As a great little bonus I now understand that a bunch of people I work with also play Blizz games - which is fun because I never knew that. Some of us have even started playing together - despite all being on different servers and factions.

But the bottom line is if you do not have a phone or just do not want to give Blizz your real phone number, you can do as I did for a while and rent one from a company like MobileSMS.io

6 Likes
30

Funny thing… I don’t have a phone :joy:

31

It does limit some people. I don’t have a phone number compatible with their requirements and cannot setup authentication.

I have learned to ignore the backpack trying to make me sign up though.

It’s annoying how badly they want me to have an authenticator to boost my bag space or to post custom lfg titles though and predicate the process on having a contracted phone number.

32

This in hindsight seems like the most deserved shot at an audience ever. I mean, we’re talking about a group of people who can afford gaming PCs, which require updates every 3-5 years, can afford to fly to California for a 3 day convention, but a bunch of people are crying poverty about the affordability of cell phones, which in many cases are FREE??

2 Likes
33

you’re preaching to a choir that doesnt want to listen.

1 Like
34

sms 2fa is not more secure than physical based mfa or basically any other form of 2fa. is it the most insecure of the 2fa forms.

4 Likes
35

no thanks, i’m a christian :angel:

yeah, i never understood why people think this was such a hilarious moment. it wasn’t said in 1986. basically everyone there had a cell phone in their pocket.

36

To me, it isn’t that people don’t have cell phones, it’s that cell phone games are objectively bad. And with what Diablo Immortal ended up becoming, even with its PC port, that was proven to be quite true.

2 Likes
37

These are not random attacks that can intercept one’s SMS messages. These rely on malware that the user has to install and then give full permissions. These are being done to hijack one’s bank account, not the ability to login to WoW.

We’ll know this is happening as one’s phone is no longer able to access the Internet. In 2021 the FBI was aware of less than 5,000 such incidences as this isn’t an easy hack to implement.

Yes it is a potential threat but it isn’t a likely one as long as one is judicious about what is downloaded and empowered once set-up. This is a possible attack, not a probable attack.

That said, I appreciate you keeping an eye out for us. Thanks!

38

Well dang…mine is ten years old and never updated. :joy:

2 Likes
39

Well if you likeplaying at 10 to 20 fps on new games hey more power to you

1 Like
40

Authenticator is also classist.

Not saying this as a joke either. It literally only lets you set it up if you have a post-paid phone, aka a phone with a monthly phone service plan. You cannot use any prepaid phones at all.

This didn’t used to be the case either.

2 Likes