Hello I’ve been using a physical authenticator since they were released 13 yrs ago and i moved over to the smart phone app authenticator. It said i could not have both at the same time so i was wondering , is the phone app version better than the physical token ? I know you get the 4 extra bag slots but from a secure point of view which one would be better ?
if i remember correctly, the physical was 6 digits, the phone is 7? is that right? i know its more digits, and that should make it harder to replicate. i think thats how it works… pretty sure atleast.
The phone actually uses 8 digits.
I prefer the phone version because when I’m heading out of town, I’m less likely to leave my phone behind.
2 Likes
just looked at the code sent is 6 digits aswell, may i ask which one do you use ?
1 Like
I still use the physical one and got the 4 bag slots. The bag slots were for adding your phone number to your security, not for using the phone app for authentication.
3 Likes
are you sure ? cause it only shows 6 digits in the text sent. Also i dont even have to enter it, all i need to do is hit “Approve” when my phone buzzes
1 Like
With the phone version, you can either use one-button where you basically respond to authenticator requests with a Yes or No (or Allow or Deny, it’s been a while since I’ve had to reply to a request), or… you can enter a code manually. At least on my phone, the manually entered code is 8 digits long.
oh ![:confused:](https://d38bqls1q93fod.cloudfront.net/en/wow/images/emoji/twitter/confused.png?v=6" ":confused:")
, i thought it was needed for the extra slots
Nope, but you have to enable SMS text, which requires giving them your phone number. I actually verified with CS and they assured me they don’t sell our numbers to advertisers.
yup 8, my bad. i dont log in else ware very often, so i hadnt seen it in a while. and thats why i switched to the phone one too, back when i house sat for my sister often, id forget that little thing all the time… no WoW weekends for me then…
it just makes me click to approve now… the text one was just to verify your phone and wasnt the authenticater itself.
So if the phone one is 8 digits it would be more secure than the token version which is only 6 digits right ?
I find it annoying sometimes when my phones afk in the next room charging.
I’ve used phone for quite some time. It’s much more convenient for all of the reasons provided above, plus it actually gives you a notification immediately upon your trying to login. Meaning, if you randomly get a notification on your phone and you’re not logging in … you can immediately deny access and it blocks whoever is trying.
I don’t think the physical one provides this sort of control over your account.
From a security point of view, the phone authenticator is just as good as the physical one. Unless someone get to control your phone entirely, there’s no way they can get a code from it. Phone viruses don’t usually go that far.
Plus, without your actual password a code alone won’t help anyone steal your account either. But it’s just a matter of preference IMO.
yeah, like longer passwords are more secure than short ones, same with the security codes. i cant find it now, but there was a table that showed how length can increase the time it would take to brute force a password or code.
thats all technically, but its not like it really matters for us and a WoW account.
sorry, im tired and probably not explaining things right…
I still use one of the two physical authenticators I got the first week they were available. The first one finally crapped the bed a couple months ago.
I’ve been weary of using the phone one because I’ve used one in the past with SWtOR and my ipod at the time bricked and I lost the app recovering it. Meaning I had to go through the prossess of having the authenticator removed from the account.
It’s a lot easier to remove an authenticator now but I still see having the keychain sitting on my desk, never moving as being more secure. You never know when something is going to happen to your phone and you lose access to the app.
I switched to the phone app when my physical authenticator seemed to be getting a low battery after about five(?) years of using it. I like that I don’t have to worry about a battery running out unexpectedly and I’m very unlikely to forget my phone anywhere to which I would be bringing my computer. (If I fly somewhere, my plane tickets are almost always on my phone.)
It seems to be fairly secure, but I remember a ways back when apparently someone/some group(?) found a way to hack the app. It was taken care of quickly but it’s worth mentioning, since the physical ones are impossible to hack. I still had a physical one at the time, I hadn’t moved to the app yet, so I was glad to be safe.
As far as the extra digits making it more secure, it really makes no security difference. Yes, more digits/longer passwords make passcodes harder to brute force, but most hacks are not accomplished by brute force. (If any at all are brute forced anymore, I would be surprised.) Passcodes are found by keyloggers and other programs which directly give the passcode to the hacker or by getting the passcode owner to give it to the hacker via phishing methods.
Phone version is infinitely better;
- Phone does not require you to manually enter numbers to access, simply click “approve login” on your phone boom done.
- Phones are rechargeable, authentication dongles use expensive button batteries.
- If you lose your smart phone, call it and find it, if you lose the dongle… you are screwed.
- I would imagine if someone wanted to, it would be harder to hack your smart phone than some 10+ year old lcd dinosaur
Thanks for the info everyone. I decided to stick with the physical token since the SMS protection sends the notifications. I also like the fact that a physical token is impossible to hack whereas the phone app can get hacked and has been hacked in the past. I’m not saying that it will happen but if it did happen those with a physical token wont be affected
Thanks for the info and help guys and ladies.
I had my accounts attached via physical ones for years, one crapped out, so i just removed them all, and attached via phone. But the weird thing was, when i tried to reattach the physical authenticators, it wouldnt let me. I know the code sync’s because when it would ask me for the code, everytime i pushed the button it worked. Now when i try to attach them, it either says the number on the back of the auth doesnt work, or the authenticator code doesnt work. Seems like there trying to do away with the physical ones. Also, when the phone ones got hacked, that was a while ago, and im not sure if the app was the even remotely the same to how it is now, i think it was the old SMS one. Ive never heard of anyone having issues with the new one. But i find it pretty annoying i cant reattach my physical authenticators. Can someone else test this and see if it lets them? I know its risking basically ur authenticator, not everyone has a phone that can use the app, i use to have a blackberry via work so the app never came across my mind to use untill i got a new type of phone. But yeah the physical authenticator thing needs to be figured out asap. I cant get onto one of my accounts, its an older one i dont use anymore but still the fact i cant get onto it and have to message support and remove it is annoying, but i heard the phone authenticator can be used for more than 1 account. I havent tried this, but someone claimed it did.