This site makes extensive use of JavaScript.
Please enable JavaScript in your browser.
Classic Theme
Thottbot Theme
Mobile Authenticator question
Post Reply
Return to board index
Post by
Boomrocket
I currently use a regular authenticator, but I am looking to possibly use the mobile authenticator instead. I am doing this because I always have my phone with me and it would be one less thing to carry around if I want to log into battle.net away from home. Is the mobile authenticator as secure as the regular authenticator? I have "heard" stories about peoples mobile authenticators getting hacked and their account stolen, are any of these claims true?
Post by
Lutenantj
I don't know about others, but I''ve been using the mobile authenticator on my iPod since it came out and I haven't once been hacked, even when I mistook a phishing email for an actually Blizzard one (changed password and account email once I figured out it was fake, but I think the authenticator helped.) I also haven't heard of anyone having their mobile authenticator hacked. Hope this helps.
Post by
thelaks
Afaik, there are no confirmed instances of any authenticator (physical, mobile or otherwise) being hacked or cracked. All previous "hacking" was due to compromised passwords or sharing of account information (or the recent security breach)*.
In some circumstances, the mobile authenticator is not as secure as the physical one. For instance, using it on a rooted Android device where the secret key is not encrypted, so any root-access app can easily steal your key. However, this is not an issue for non-rooted Android devices or iPhones (even jailbroken).
The other security risk is that the app can show a restore code. Because of this you must prevent physical access to you phone, as if someone can get your phone and copy the restore code and serial number, they could clone your authenticator.
Essentially, yes, using the BMA is good as and will protect your account like the keychain authenticator, and it has not been hacked. Just be aware of the above.
* Edit: I should add the recent security breach at Blizzard did compromise all existing US mobile authenticators, as the secret key had been released, but they have since forced users to register new keys. This would not affect any new authenticators created after that date. It also did not affect keychain authenticators.
Post by
PineconeMagazine
I made a post about this on the WoW Official Forums titled "Account Security Question".
I have not had my account hacked with my mobile authenticator on my iPhone, but it did get removed from my account with no warning. (I did not receive an e-mail from blizzard saying it was deactivated.)
I am currently unaware of how long it was not active but I was sure to add it back to my account as soon as I had realized it was gone. Nothing to my knowledge was changed/taken, but it was not something that I was very happy to figure out.
As for having the mobile app on your phone, I find it extremely easy and convenient. I bought my boss the physical one after he told me his account had been hacked without one. He told me he keeps it by his computer so it is easy to log in. I asked him "What do you do if you need to log in on another computer not at home?" And he said he guesses he will just be S.o.L
Post by
Gnub
I currently use a regular authenticator, but I am looking to possibly use the mobile authenticator instead. I am doing this because I always have my phone with me and it would be one less thing to carry around if I want to log into battle.net away from home. Is the mobile authenticator as secure as the regular authenticator? I have "heard" stories about peoples mobile authenticators getting hacked and their account stolen, are any of these claims true?
I'm fairly certain you should have no doubts at all.
In either case, make sure that you note down the Serial and Restore codes from the application, in case your phone decides to do funny stuff.
Post by
Adamsm
Off-Topic but....HEY GNUB! lol. Go to RB, talk to us!
Post Reply
You are not logged in. Please
log in
to post a reply or
register
if you don't already have an account.