PSA: Blizzard Authenticator 🔒

I’ve got it on. It’s a huge boost to security, and it’s quite rarely inconvenient with one exception: I need it to log into the forums, and I auto-delete cookies, so whenever I come back I have to get my phone out.

But that’s a small price to pay for not having all your items rinsed out and having to spend half a day with Blizzard CS trying to get it back.

Another thing you can do, which significantly increases your password security, is use a Password manager. Using one you get to have a completely different password for every single site, and they all get to be… like 36 characters and completely unreadable. Nobody would ever guess them and even if something gets hacked because they can’t figure it out, you’re still safe everywhere else.

There are quite a lot of them out there, but most of them are for profit and I don’t necessarily trust them. LastPass is a good example of this. I have no proof of any wrongdoing at all, but I’m a little paranoid on this.

I use KeePassXC. There’s a browser plugin for Firefox and Chrome as well for autofill.

That means many of my passwords, except for Blizzard actually and it’s one I should change, look like this:
§m;eSp"Ú²ÏNçóâ7}ìv_º=Û]Îç®KÔJ86H8àÑáàP&XTR+È’S]²EÔ

Good luck guessing that.

I have the database is synchronised via Dropbox, but it’s encrypted with a certificate that I put on my devices offline - usually by transfer to the phone or sharing it locally over BlueTooth or the local network.

KeePassXC helps you set up all of this with a little setup wizard. It’s A LOT easier than it sounds.

I also encrypt my devices and put a password like one of those in front, and then I put touch or PIN log in on. So basically you get 3 attempts at typing a 6 letter password, and if you fail, you get one of those 50 letter random BS passwords to deal with.

Windows likes to send a lot of your data to Microsoft for “analytics and bugfixing” purposes. I tried to switch it all off, but it’s literally impossible. If you try, Windows just starts ignoring settings and may even disconnect itself. So I switched to Linux. WoW runs great on Linux if you want to try it.

Another fun little trick is that, if you use an e-mail service which is not based on Outlook (it’s a unique exception to this rule!) you can actually add a + before the @, and everything between + and @ will be disregarded!

So let’s say I had this e-mail (I actually don’t):
ishayu@oimail.co.uk

I could give my e-mail to Blizzard like this:
ishayu+blizzard@oimail.co.uk

And then whenever Blizzard sends me mail, the receiver, that is me, will be ishayu+blizzard@oimail.co.uk, even though it lands in my e-mail!

So if Blizzard gets hacked and I start getting spam, it’ll go to ishayu+blizzard@oimail.co.uk!

This enables me to do 2 things:

1. I make a spam filter for anything sent to ishayu+blizzard@oimail.co.uk.
2. I contact Blizzard and tell them there’s been a breach, and I ask to have my e-mail changed to, say ishayu+blizz@oimail.co.uk.

Yes, I spend way too much time thinking about this stuff, but I hope someone found it useful.

You actually only get it if you do Authenticator + SMS, SMS makes you less secure not more due to SMS exploits. Also, phones are less secure than desktops… so it’s not exactly as secure as people like to think when it’s an app on your phone. Phones are one of the most common things stolen, or having to be changed out too.

No phone in 2020?

Just so you know, there is a recovery (restore code) thing on the Blizzard website too.

https://account.blizzard.com/security

Edit: I can’t link a blizzard site on a blizzard site.

https://account.blizzard.com/security

Blizzard sites aren’t on the list of trusted sites wowhead is though…

Also, pre-paid phones are not allowed to be used for this. So unless you’re on a plan with an ‘approved company’ you’re SOL.

How did you manage that???
I have mine since TBC and it still works!

I assumed it was the battery, it just stopped working

The thing that annoys me about bnet authenticator is… you have to turn on your Mobile Data/Internet on the phone to approve your login. Why? I can login with a code in my Steam account when my phone is offline.

I have unlimited internet on my phone, but I turn my data off cuz it drains my battery faster.

Oh, thanks for the info Shammoz
I didn’t know that the Authenticator can be restored on a new phone, so it is useful, I will store my serial on google drive too, this is a good idea

i still use the digipass authenticator, there is no alternative for me since i don’t use mobile phone , no need for it since i’m always at home due to my illness. I tried to add it to WinAuth once but it looks like blizzard still doesn’t support that.

Well the extra space is awesome, especially when leveling xD

The click bait is stronk, but useful!

What if someone wants to message you on whatsapp or send you a snap? Or what if you get a tinder match? You can’t have internet turned off

Wut? Wut is tinder or whatsapp? I dont have any friends anywhere.

https://i.imgur.com/IxazC33.png
Not even in Bnet.

During wotlk I had a troll shaman named johaylon. My account was compromised but for whatever reason the person that stole my account didnt change my password or anything.

My gear was totally fine, my gold was there, everything was exactly the same EXCEPT my name was changed to “Pyreman”. That was the only thing the account thief did. I think he even played with my character.

I did the necessary things and got my account secure. Sadly blizzard said they couldnt change my name back so I played with “Pyreman” for years before changing the name back to Johaylon.

Just a bump for awareness

A reminder of the importance of the authenticater