So my trusty physical authenticator finally kicked the bucket after probably a year of BATTERY 000 messages, quite impressive really. I have some questions regarding getting rid of it and adding the mobile authenticator.
I have one PC where my bnet automagically logs in, a trusted unit or whatever. My questions are as follows:
Can I change the password without removing the authenticator first? The reasoning for this is I’ve read about monitoring armories for the authenticator pet and hacking attempts when it is removed. It wouldn’t take long to do but it feels sweaty.
And yes, it is an old password.
Can I remove the authenticator without using a code from it? It would be awkward if removing it requires a code from it, thus putting my trusted unit into a state of limbo.
This is tangential, but disabling the setting “Always require authenticator for login” in the Account Settings - Security tab, does that imply that the “usual” log in spots are flagged as ok and any unusual spot requires the authenticator? I see that some of my logins are from a geographical location quite some distance away, though in the same country. I’d chalk this up to IP shenanigans or maybe a refreshed IP at some point.
I’m pretty sure it requires the code to remove it. Ideally you should have done this when the battery warnings were appearing (hindsight is wondeful right?). If you cannot remove the dead authenticator from your account, you will need to submit a ticket and attach a copy of some official ID to prove you are the account holder. Then support can remove it so you can add the new mobile one.
When you do get the mobile one applied, remember to take a screenshot of your serial and restore codes in the app. That way if you ever lose your phone or it breaks, get it upgraded etc, you can download the app onto another phone and enter the serial/restore from the old app and it takes over.
Yes, hindsight is 20/20. It’s not quite dead, but I got a string of invalid authenticator code errors last I used it, so I’m working with the assumption it will be of no use. I will try for sure.
Would you happen to know if I can change my password without using it? I suppose not.
I’m trying to avoid sending my trusted unit into limbo while still maintaining some semblance of opsec.
I was able to change my password without entering an auth code. However, doing so immediately logged me out of battle.net and when I logged back in with the new password I had to authenticate.
So the short answer is you cannot change your password without the authenticator.
That was beyond expectation of you to do. Thank you kindly.
Yes, removing it is indeed the plan. Thank you.
As a final question for now, does support have the ability to reset ones password? If I need assistance from support to get the authenticator removed, I mean. It would be somewhat sweaty to have it unprotected, so to speak, without having a new password in place.
Adding the authenticator has never removed the password so the account is still protected by it. If you have a reason to believe the password has leaked you should have changed it instantly when you discovered that rather than wait until the authenticator needs to be switched.
There are a couple of videos on Youtube where people show how to change the battery in those physical authenticators. However, fair warning, Blizzard went out of their way to make it as close to impossible as possible.
You literally have to destroy the plastics to get in, so while you will have a working authenticator at the end, it will no longer look nice.
No, no, I realize that they are independant. I have no reason to suspect the password has leaked, it is unique and fairly strong (according to the Blizzard password thing). You are absolutely right about changing it, laziness and complacency I suppose.
I know I’m being irrational about this.
Yep, I’ve seen a couple. Very intrusive and finicky to say the least. I considered it since I like the physical authenticator and Blizzard have terminated that option. As Grelier pointed out to my password issue, I should have done that when I suspected the battery was going out of juice. I reckon it would be too late once it starts giving out invalid codes.
As an update, I finally got around to doing it, you are indeed asked for a code when you remove it and I suppose having not used it for a while allowed it to give up a final valid code because it was accepted and I could remove it no problem. Getting the mobile authenticator going was a different matter. It seems you have to get the SMS protect in addition. Very strange, it is not made explicit in any of the guides or support pages.
As for the mobile authenticator, I’m not aware of it being a requirement to use SMS notifications as well, but it’s generally a good idea too also use these, with SMS notifications you’re able to more quickly remove the authenticator should you reset/desync your phone for example.
The SMS notifications will be used to send a verification code and then remove it without contacting support. (Of course if you change phone number there is still a problem )
If you do have issues, don’t hesitate to reach out
It should really be stated plainly if that is the case that SMS protect is required. I probably spent 30 minutes fiddling around, reinstalling the app, clearing caches, rebooting the phone, but mostly waiting for the app to go past the “setting up” stage. The relevant support page has no mention of it either, ref:
Other than that, the app seems pretty nice. The number string is longer, which is curious.
This answer might be a little late.
However, i was getting close to the point where you were and i didnt want to go using my mobile and/or some app to authentificate.
What i did was that i just openend the physical one that i have and changed the battery. Still works and i can see the numbers very clear again now
)