The Blizzard Authenticator is one method of making your World of Warcraft more secure.
Rather than depending on just user name and password to keep your account secure, the authenticator provides a code, which changes every 30 seconds, to put in as part of the logon process. You just press the button, get your six digit code, enter it, and complete logging on. Even if somebody has a keylogger on your account, the code is only valid for a very short period of time, so breaking into your account is made just that much more difficult.
This is all good news for you, if you opt for the authenticator, either the key fob version or the mobile authenticator that can run on your phone. (It is not just for iPhones any more.)
On the other hand, if you don’t use the Blizzard authenticator, the hackers now have another tool in their arsenal to help them take over your account.
It seems that the hackers have bought into the authenticator scheme and now, when they hack your account they lock you out by putting their authenticator on your account. Now you’re really stuck, since you cannot do anything with your account without the authenticator once it has been enabled.
And judging from the number of requests in the forums, this is happening quite a bit.
So beware of phishing email scams and the like, there are a lot of them going around. I get at least one a day and often more. Blizzard has a their own page on account security that lists out the only legitimate sites where you should enter your password.
As they say, two steps forward, one step back.