Send News. Want a reply? Read this. More in the FAQ.   News Forum - All Forums - Mobile - PDA - RSS Headlines  RSS Headlines   Twitter  Twitter
Customize
User Settings
Styles:
LAN Parties
Upcoming one-time events:
Greenbelt, MD 08/22

Regularly scheduled events

Report this Comment
Use this form to report the selected comment to the moderators. Reporting should generally be used only if the comment breaks forum rules.

5. Re: WoW Security Warning Jun 25, 2013, 12:42 m00t
 
Speculation on how authenticators work: Specifically in the case where it doesn't require it every time, I believe it leaves an authenticator cookie on the local machine, so if you try to log in with a different machine, it'll still ask you for it. Now, if your machine is compromised, you're screwed either way. If you have a cookie, they probably can just take that (or use malware on your machine to utilize it directly from there), or next time you log in and enter your authenticator, they block the log-in attempt from reaching Blizzard servers and use the auth key, login and password to do it from their machine.

So, authenticators are good if they haven't compromised your machine but they know your login/pass (lazy / bad password management), but as with most security, anyone with full access to your local box can do whatever they want.

What I don't know for sure is if the cookie is tied to a specific machine, made non-transferable by some technical method. (overcome if you use a custom login program because you just lie, but prevents it from being copied and used with the normal launcher)
 
 
Subject
  
Optional
Message
 
Login Email   Password Remember Me
If you don't already have a Blue's News user account, you can sign up here.
Forgotten your password? Click here.
 




footer

Blue's News logo