Daily Archives: June 2, 2014

Authenticators… Are They Still a Thing?

In which I demonstrate I am clearly running out of things to write about.

There was a point in time, a few years back, when account authenticators were very much a thing.  Back when WoW accounts seemed to be getting hacked almost constantly and people were even phishing for EverQuest II account data, authenticators were news.  I, my daughter, and my mother all have authenticator fobs for our respective WoW accounts.

How many times have I used this shot?

How many times have I used this shot?

I also have an authenticator fobs for SOE games, although I stopped using it.  Blizzard managed to streamline the authenticator process, requiring it only weekly so long as my IP address/login computer doesn’t change.  SOE’s “append your token to the end of your password” method, which was always a bit awkward, is also resistant to any streamlining.  (And they show a freakin’ SOE mini-splash screen for two seconds when you hit the button? WTF?)  So I decided a long password would suffice for them  Plus, who steals SOE accounts these days?  Is there any money in that?

Other companies offered them as well.  Square Enix had them for their Final Fantasy XI and Final Fantasy XIV MMOs.  EA offered up an authenticator fob for Star Wars: The Old Republic as part of the collector’s edition.

The key item for me

Look, a fob!

If I recall right, CCP even gave out an authenticator fob, or at least talked about one, for EVE Online at FanFest a couple years back, though they have not to my knowledge, implemented multi-factor authentication with it so far… which seems odd, given the meta game there.

All of these are branded versions of the VASCO Digipass Go 6 device.  The trend seemed to be to go that route, no doubt because VASCO has a package that made integration manageable and ability to supply a company like Blizzard, which has millions of customer accounts.  This also allowed companies to go with a “mobile authenticator” option, giving players access to authenticator functionality on their smart phones.   Some companies, such as Trion, have opted to go solely with such an options.  Others, like SOE, only have the authenticator fob option, but promise to get smart phone functionality in the near future.  (But not soon.  We know what SOE means when they say “Soon™”.)

Not that the SOE approach bothers me.  I do not actually own a smart phone, and while I have an iPad, it tends to be a device I only use when away from my computer.  So the authenticator fob works out well for me.  It is a small, single purpose device that sits right where I need it, next to my keyboard.

But, aside from SOE and Blizzard, not many companies seem to be pursuing the who authenticator fob idea.  Square Enix was perpetually out of st0ck on fobs, while I am not even sure you could buy one independently from EA.  And even Blizzard seems to go hot and cold on the idea.  For a while they were giving them away if you knew where to look, while at other times they haven’t been available for love or money.  That was most recently the case when they split the Blizzard Store into the Battle.net Shop and the Gear Store. (Hint: It is in the Gear Store.)

Then again, WoW is the only game where accounts getting hacked seemed to reach epidemic proportions, with nearly everybody in our little guild who didn’t have an authenticator having their account hacked or otherwise compromised at one point a couple of years back.  So I am not sure I really need to bother with an authenticator for other games.  Somebody tried to access my GuildWars 2 account last month… I got three email messages that were in response to a request for a password reset… but there isn’t anything there to steal.  I am not sure I would even notice if somebody got in and did something.  But I changed the password on that email account ahead of schedule, just in case.

So where do people stand on the whole authenticator thing these days?  I wouldn’t remove mine from my WoW account given past history, and I might like the option for EVE Online, given its meta-game tone.  But I feel comfortable enough with decent, unique passwords on other accounts.

How about you and authenticators, fob or mobile based?