This site makes extensive use of JavaScript.
Please enable JavaScript in your browser.
Live
PTR
10.2.7
PTR
10.2.6
Beta
Blizz mobile authenticator is easy and fun!
Post Reply
Return to board index
Post by
thrakx
Sadly, authenticator isnt 100% protection, and no, you can still get your account hacked by a keylogger even if you use an authenticator. All it takes is them logging into your account and using your authenticator key within 5 min of you using it, and your account is jacked.
But, that isnt saying that the authenticator wont help, it will help alot in the long run. Enless you got a sneaky person watching your computer.
I thought once you used a code to log in, that code was no longer valid? Am i wrong?
yeah the code resyncs itself like EVERY TWO MINUTES OR SO!. Basically it would take you logging into wow, then logging out within the two minutes it takes to resync, and having X guy read your key info or screenshot or w/e , and THEN logging into your account.
I don't know though. I'm of the opinion that it would take longer to get/read/input all the logged info then it would for the code to resync, meaning that by the time they get around to putting your info in to
STEAL
your account, their code would be invalid already. I mean for me sometimes its a race to read the dam thing and enter it before it resyncs.
**EDIT: just timing the resync on my phone and its at just around 60 seconds or so. I'm going to go ahead and declare
loki's
statement wildly inaccurate, though loosely plausible.
DOUBLE EDIT!***
I meant XENONS statement OFC!
Post by
Squishalot
Xenon's statement, you mean.
At the end of the day, it requires someone to be watching your computer at the point in time when you log in, which isn't what most keyloggers do. They can then try to log in while you're still in there, booting you off, and changing your password in the minute it takes you to work out what just happened.
So you're relatively secure, but if a hacker really wants to steal your account, you're no more secure with an authenticator unless the code gets 'used up' as and when you use it to log in once (so any attempt to connect requires a new code each time, a la banking systems).
Post by
thrakx
Xenon's statement, you mean.
At the end of the day, it requires someone to be watching your computer at the point in time when you log in, which isn't what most keyloggers do. They can then try to log in while you're still in there, booting you off, and changing your password in the minute it takes you to work out what just happened.
So you're relatively secure, but if a hacker really wants to steal your account, you're no more secure with an authenticator unless the code gets 'used up' as and when you use it to log in once (so any attempt to connect requires a new code each time, a la banking systems).
yes i meant Xenon ofc. As far as i know, the code resyncs every 60 seconds or so, making the old code you entered the last time invalid. Which is basically what you're saying right?
So i gotta say, in the end, you
ARE MORE SECURE!
with the authenticator
BECAUSE!
the code becomes invalid. I mean if it didn't, then wth would be the point?
Post by
261871
This post was from a user who has deleted their account.
Post by
ChairmanKaga
yeah the code resyncs itself like EVERY TWO MINUTES OR SO!. Basically it would take you logging into wow, then logging out within the two minutes it takes to resync, and having X guy read your key info or screenshot or w/e , and THEN logging into your account.
I don't know though. I'm of the opinion that it would take longer to get/read/input all the logged info then it would for the code to resync, meaning that by the time they get around to putting your info in to
STEAL
your account, their code would be invalid already. I mean for me sometimes its a race to read the dam thing and enter it before it resyncs.
Or they're using
one of these
to keylog you. The code does change every 60 seconds, but there's still that brief window if an attacker can gather the required data fast enough.
I can't say I've ever seen a two-factor system that doesn't prevent a code from being reused once successfully authenticated, for precisely this reason -- to fend off a
replay attack
. If Blizzard is allowing this for some reason, that's a pretty epic fail on their part.
Post Reply
You are not logged in. Please
log in
to post a reply or
register
if you don't already have an account.