Meh, go ahead with the insults.
I honestly don’t give a rip.
1 Like
What a stretch. Grow up.
1 Like
My Cataclysm authenticator still works.
1 Like
LOL!!!
Classic.
Yeah, claiming you’ve been insulted after a de-escalated rebuttal is pretty classic for GD.
Yes, mobile messages and mobile One Time Passcodes can certainly be subject to sim swapping attacks or in incredibly rare cases a user may have accidentally been infected with a compromised message mirroring service.
But the Authenticator is not sending you daily SMS codes every time you try to auth.
It’s a single SMS code you use 1 time when you first install the app, and every challenge after that is handled in-app.
Suggesting that this implementation is vulnerable to SIM swapping and SIM mirroring is highly mis-representative given the limited use of SMS involved (ie never actually used in sign on, just used in MFA setup).
While it may be technically possible to have an attacker implement SIM swapping for an account takeover, lets be realistic about what this means: An attacker would either have to physically steal and mirror your SIM, sell you a pre-mirrored SIM, social engineer an ISP into the SIM migration, or trick someone into installing a message mirroring app in order to hijack your MFA setup— AND be willing to go through that process on an account-by-account basis for each user they compromise.
That’s worth it to compromise a large bank account or a fortune 500 sysadmin or the owner of a big cryptowallet. It is too expensive of an attack to leverage against a player for a Bnet account.
Worrying that SIM attacks will be used to steal WoW accounts is like worrying that WickedPanda and TwistedPanda APT are using their backdoor into Discord thanks to the CEO accepting bribes from Tencent just to figure out what games you play.
(Yes we should all be very wary of Discord but the risk is not to the “what games does Discord know we play”).
Would it technically be more secure if Blizzard fed us QR-tokens that we could install into a rotating code app like Microsoft Authenticator? Yeah sure.
But using SMS for setup actually has a huge benefit for the game in the war against botting in that each battle.net account also requires a valid mobile number, which drastically increases the overhead for botters and basically no one else (because everyone else already has a mobile number).
If the setup was allowed to be done over a free third party service that did not require a number, Blizz loses out on the ability to punish botters with that overhead.
2 Likes
This is a horrible decision. I have a key fob authenticator for two REASONS: 1) I use it for both of my accounts, 2) I want to put away my fob periodically to tune out and not be reminded of WoW. I used to give my wife my fob so I could break the habit lol. Further, requiring a phone per account is also terrible, in that I have two accounts simply because one account is maxed out with chars that I do not wish to delete. Whoever is making this trouble for users is misguided, assuming the worst about people who have multiple accounts. I pay monthly for my accounts, I bought the expansion(s), etc. Requiring 2-factor is fine, but crimping down on the number of accounts???
Unless blizzard will migrate my characters on the 2nd account, I will be extremely displeased.
1 Like
Nope. You can’t use a pre-paid number. Well actually you can but it involves a workaround.
What one can easily do is “rent” a cheap number from any number of companies that do that (Google it)
You should bold this IMO. It’s the primary reason the 2FA exists at all.
No you can’t. I tried pre-paid. I know they won’t do a google phone either.
1 Like
Yep. still works fine, got it day 1.
1 Like
Then you can use Verizon test drive esim.
Test out the carrier for 30 days if you don’t like it, you get your money back say you don’t like it. Then one is good to go
Because you literally just need the SMS for startup after that you don’t need it.
Basically the only WoW players actually “at risk” of being the victim of a SIM-swap attack are big/popular streamers but then again… they’re big/popular streamers, so Blizz would have a real-life human being customer support agent respond ASAP and quickly undo the hack
Maybe, maybe a well-known/popular “goblin” with millions of gold might be targeted - but it’s unlikely even with them
As an average “nobody” WoW player you probably have a higher chance of being struck by lightning than being targeted for a SIM-swap attack
SIM-swap attack happening in WoW is about as believable as Santa Claus coming down a chimney with a fat sack of toys… basically the only place I’ve regularly seen people posting SIM-swap horror stories over the years is in the r/cryptocurrency subreddit
1 Like
Yep, another way is $10 for one top off of a mobilesms.io phone # rental and you are done.
Everyone who didn’t have a phone number saved to their account appears to have been sent an email saying their authentication would be disabled, though, which is likely causing some consternation.
If you download the mobile Bnet app and it doesn’t ask you to set up your authenticator when you go to the “Authenticator” section of the app, though, you’re good, is my understanding. That wouldn’t cover people who only ever had a physical authenticator, but for people who added then removed their phone number and got set up on the old authenticator app it should’ve carried over.
I’m pretty sure that they don’t allow phone numbers flagged as being used for those kinds of services and other “burner” or virtual phone numbers to be used. Which causes some consternation, sometimes, when the records that phone companies have are outdated and a phone number is reused for a regular line.
In this case it does work. I only had a company phone (not permitted to add gaming or gambling apps to it) and my physical auth was dying to low battery. This worked for me:
Blizzard Phone Number Bypass Method - Battle.net | MobileSMS.io
I no longer need it - the company reversed its policy concerning Battle.net’s app
Yeaaaaaaaah that feels…shady. Your mileage might vary, obviously, but that looks…
Well. Shady.
Its renting a genuine sim card-based phone number from a company every bit as reputable as the pay-as-you-go companies many use.
Seemed fine. They don’t use VoIP numbers like pay-as-you-go services - which is why contractless phones do not work with Battle.net. This company offers only real sims which is why they do work.
Yet using it you can NOT do a thing like play Korea WoW or China WoW because you need further verification (Korea requires not just a phone number as proof but also a Korean equivalent of a USA social security #). Everything has its limits.
People who left bad reviews did so because they couldn’t get it to work with an app (like Kleinanzeigen) that the company never said it would work with. Or they wanted a number from a country that was unavailable to them.
MobileSMS Reviews | Read Customer Service Reviews of mobilesms.io (trustpilot.com)
Don’t forget that it doesn’t work with a bunch of phone companies and depends on whether you’re post-paid or pre-paid.
Blizz is a Californian company.
California is like the ONLY US state that has such laws and mandates, to where it requires a company to give you receipts of essentially everyone and everywhere any information related to your account goes.
They are not out to sell your phone number.
It depends on the provider and plan. A lot of times if you have a generic pre-payed or pay as you go phone plan. After a while of not paying, your phone number could physically be given to someone else. It’s a not a static/guaranteed number that you have or own.
1 Like