• Meta

  • Contact Me

    casualhardcore DOT kyrilean AT gmail DOT com
  • Categories

  • Archives

  • Creative Commons License
    This work is licensed under a Creative Commons Attribution-Noncommercial 3.0 United States License because let's face it...anyone wanting to steal my ideas needs it way more than I.
  • Disclaimer

    World of Warcraft™ and Blizzard Entertainment® are all trademarks or registered trademarks of Blizzard Entertainment in the United States and/or other countries. These terms and all related materials, logos, and images are copyright © Blizzard Entertainment. This site is in no way associated with Blizzard Entertainment®

Blizzard Authenticator

My Blizzard Authenticator came in the mail just the other day.  So far works like a charm!

I don’t visit gold buying or power leveling sites.  I visit a few forum sites, blog sites, etc. so I don’t know that I’d ever be in danger of geting hacked, but with all the stories out there from people claiming to have never purchased gold or paid for power leveling and still getting hacked, I decided to buy one.  Personally, I still think those that claim they didn’t do those things and still got hacked either are lying or they got ripped off by someone they gave their password to.

Anyway, I feel better about having it so it’s worth it.  Now the only question I have is how does it work?  By pressing the button, how does Blizzard know what password it’s giving me?  Does it send a signal somewhere?  If so, it’s awfully fast!  If anyone knows, please let me know because I haven’t found the answer and I’m too lazy to call Blizzard.

2 Responses

  1. It doesn’t send or receiving anything. The authenticator is completely independent. It’s what is called a time-synchronous token.

    Basically it generates a random key based on some kind of high speed and high precision timer, a random seed number, and some secure algorithm. Blizzard has the seed, the algorithm, and the specifics for your authenticator’s internal timer (e.g. rate and drift), and therefore can generate the same number that your authenticator can at any future time. They are basically simulating your authenticator whenever you log in based on the above information.

    Since the timer characteristics and the random seed are unique to each and every authenticator, each number generated at any time are completely unique to that authenticator. This is why you must register your authenticator’s serial number to your account.

    So when you link one of these to your account, unless someone has your physical authenticator, they cannot possibly know the number, and therefore cannot access your account.

    I hope this helps demystifies the authenticator for you, and shows how having an authenticator can dramatically improve your account’s security.

  2. […] told my friend about getting an Authenticator in the past, but he figured he didn’t have anything to worry about. I know my friend well […]

Comments are closed.

%d bloggers like this: