Why is Authenticator required for forums?

Q u o t e:
This was (appropriately) removed long ago from the forum login ... and it's back.

Why?

Is this a bug, or intentional?

As far as I am aware, Vuelhering, this change is intentional.

When originally introduced if you had an Authenticator on an account you needed to enter the code when logging into the forums. It was decided then that perhaps it was not entirely necessary so the requirement was removed.

Everything I have been told though indicates that turning on that requirement again is intentional.

When an account is compromised it is sometimes used to spam advertisements in-game, as well as whisper other players in an attempt to direct them to a phishing site. An Authenticator on your account can help prevent something like that happening because even if they were able to gain your password they would not be able to access your account in-game.

That was not the same for the forums though. Phishing attempts and posting bad links may not be nearly as common but they do happen fairly often. Leading forum goers into picking up keyloggers or otherwise endangering their account. This allows your extra layer of security to translate to the forums as well.

It also serves to help protect your posting privileges, though we do consider that an account may be compromised when they post such links repeated violations of this nature may lead to those privileges being removed.

If you do not like this change you are welcome to post in the Suggestion forum, our Developers and policy makers appreciate your feedback.

Q u o t e:
I see a lot of compromised accounts posting for help because they have an unauthorized authenticator on their account. Won't this make it impossible for them to get help online?

Direct assistance was never intended to be possible view the forums. We have stickied threads which give appropriate instructions on how to deal with each issue.

It should also be mentioned that as of yesterday when you attempt to attach an Authenticator to an account an e-mail is sent to the registered address for the account. Only once you have clicked the link contained in that e-mail can you attach the Authenticator.

Q u o t e:
Take your stupid morality and go elsewhere. The purpose of the authenticator is to prevent hacked accounts, not to prevent forum postings.

Please communicate appropriately, Vuelhering, this is a discussion not an argument and not a place to badger others. If anyone insists on treating it as such I will have to insist that they refrain from posting.

The purpose of an Authenticator is to add an extra layer of security to your account. I don't see why it wouldn't extend to what the account posts as well. Given that you are responsible for all activities on the account I think it would be a benefit to ensure that no one is posting on your behalf.

Q u o t e:

I would rather Blizzard require some kind of identification to prove that the person requesting the Authenticator be removed is the original owner of the account. It would give me more peace of mind if my account was compromised.

A maliciously applied Authenticator is fairly obvious in most cases. That is why some of the avenues of contact were viable to have them removed. Without those conditions being met or very specific information and evidence provided to us an Authenticator will not be removed. You don't need to worry about that, Selenic. :)

Q u o t e:

I'm not sure why blizzard would do this. It has been suggested as a requirement many times and shot down many times in the suggestion forum.

I'm not certain who would be shooting down the suggestion except other players, Khahan, Blizzard posters are unable to provide commentary on suggestions and feedback in that forum. Though they do review the feedback there and consider the suggestions made.

Q u o t e:

They get into the part where they change info, update the email address then attach and authenticator. I do not see any extra security here other than a few phantom minutes.

In order to change your e-mail address they would need to provide a password, the answer to your Security Question as well as access to your e-mail address in order to click on the confirmation link within the e-mail that is sent.

It is a bit harder to get the password to both your e-mail address as well as your Battle.net account. Is it still possible? Absolutely, but it no longer just requires the password to your account in order to attach an Authenticator.

Basic internet safety would hopefully be used in these cases and people are not using the same password for multiple applications.

Q u o t e:

As for the authenticator to access the forums, please reconsider this making it a requirement.

That is not our consideration to make, if you believe it should be removed you are welcome to post in the Suggestion forum where your feedback can be reviewed.

Q u o t e:
Basically by restricting some people's access to the forums you have given people a reason to not want an authenticator. Me, I'll just stay in game and choose not to use the forums. I prefer the authenticator. But really, honestly, what security is there by this on the forums?

Hopefully it would give them a reason to attach it to their keyring. :) That's where mine is, it's very stylish, brings out my eyes. If they have a mobile Authenticator, well I don't know many people who don't travel with their phones.

I am sorry for the inconvenience that this may cause some, some times extra security measures cause a bit of inconvenience but overall the positives far outweigh the negatives.

Since this thread seems to be ongoing, I'd recommend you post in the main thread on this subject in general....or in Suggestions.

Your viewpoint will have a little more visibility there.

Thanks!

http://forums.worldofwarcraft.com/thread.html?topicId=26262926741&sid=1