Blizzard giving serious consideration to mandatory authenticators

[Tim]

I have spoken!

[Paul1337noob]

In my books, its not about willing to pay for protection, its just being careful what your doing, use of good strong passwords is first thing obviously, changing them every now and then, not downloading stupid files you have no idea what they are or who they are from, using trusted sites, running anti virus scans.

why pay extra for a piece of hardware that eventually, it's gonna get exploited anyway.
at least anti virus software update there databases when a new piece of malicious software is found, like its been said already in this thread,
authenticators have already been compromised, guess what, you've all thrown away $7.

a bit of care for your PC and tbh respect for the stuff out there, and there is no need to throw away money on useless gimmicks what all in all is putting money in some one else's pocket, when it could be in your own

[Lindline]

Quote:

Originally Posted by Paul1337noob

In my books, its not about willing to pay for protection, its just being careful what your doing, use of good strong passwords is first thing obviously, changing them every now and then, not downloading stupid files you have no idea what they are or who they are from, using trusted sites, running anti virus scans.

why pay extra for a piece of hardware that eventually, it's gonna get exploited anyway.
at least anti virus software update there databases when a new piece of malicious software is found, like its been said already in this thread,
authenticators have already been compromised, guess what, you've all thrown away $7.

a bit of care for your PC and tbh respect for the stuff out there, and there is no need to throw away money on useless gimmicks what all in all is putting money in some one else's pocket, when it could be in your own

Not too long ago there was a huge flash exploit showing up in flash ads. Trusted sites were unwittingly compromising their viewers computers. Anti-virus databases are created through a completely reactionary process. Anti-virus software offers ZERO protection from zero-day infections. By the same logic you're using, we shouldn't by anti-virus software because thats just throwing away money.

That's stupid right? It is. Because even AV software is just a layer of protection. Just like an authenticator. The layers work in concert, covering holes that other layers leave. There is no 100% perfect solution that will give you perfect protection from internet-based threats as long as that Ethernet cord is connected to your PC. All you can do is get those layers in place and hope for the best.

Telling people not to buy an authenticator is extremely irresponisible. Just like telling someone to not get AV software.

[Paul1337noob]

Quote:

Originally Posted by Lindline

Not too long ago there was a huge flash exploit showing up in flash ads. Trusted sites were unwittingly compromising their viewers computers. Anti-virus databases are created through a completely reactionary process. Anti-virus software offers ZERO protection from zero-day infections. By the same logic you're using, we shouldn't by anti-virus software because thats just throwing away money.

That's stupid right? It is. Because even AV software is just a layer of protection. Just like an authenticator. The layers work in concert, covering holes that other layers leave. There is no 100% perfect solution that will give you perfect protection from internet-based threats as long as that Ethernet cord is connected to your PC. All you can do is get those layers in place and hope for the best.

Telling people not to buy an authenticator is extremely irresponisible. Just like telling someone to not get AV software.

What im saying is that once the authenticators have been compromised there is practicly no solution to fixing it, at least when an AV picks up a new virus its added to their global database, not to mention not all antivirus software comes at a price, there are always alternatives.

In everything ive done so far ive never had a single thing comprimised (that i know of), ive played many online games, had many websites, bought stuff off the internet, do online banking, have multiple email accounts, u name it online.

for the record i block most flash things except youtube ETC,
you know what i did as soon as i heard about the flash ads, i went and updated my flash and changed any passwords that may have been affected

all i use is a free antivirus, have many different strong passwords, run a scan before my computer is turned off, and becarefull of what im doing and dont do nothing stupid.

i dunno maybe im just lucky, but i dont know many other people who can say they havent had something happen to them.

im not saying dont take the extra steps, im saying you dont have to pay for extra protection, if you want to do that then sure.
just remember you dont always have to pay to get the best service out there.
but ive never had an authenticar, dont plan on ever paying for one, and i dont see it necesarry, but thats just my opinion.
if your specificly been tragetted im pretty sure there gunna be ready for an authenticator.

if somebody wants to specificly keylogg my bank details there gunna send me something fresh, something new that hasnt been detected, are they gunna put that in a flash add, so yes your right, you are always under threat, but paying for an authenticator i still see it as throwing my money away

once again im not telling people not to pay for extra protection, im just saying i dont think its necessary.
if some one is specifically going to target me then sure there aint gunna be a damn thing i can do about it with any level of protection

[Nghtmr9999]

Paul makes many good arguments. Back when there weren't authenticators for WoW, I used strong passwords for everything, watched what I was downloading online and never had a single account issue. In fact, my AV program (at the time, McAfee) actually corrupted my system 32 files so I couldn't boot and had to resort to a backup.

However, having the authenticator is a nice second-level of security. If a zero-day virus/trojan happened to slip through and installed a keylogger on my computer, the authenticator would help protect my accounts until I scanned and removed it.

Basically, with good online habits such as not downloading random crap, not clicking on the "JOIN WoW CATA ALPHA" links and avoiding the "Greetings, I am a very wealthy business man from Port-au-prince..." and using strong passwords, there is not much concern about getting your accounts compromised. But what is an extra $7 (or $0 if on iPhone) for a just in case option?

[paintrain]

Paul, you're ahead of the curve as far as staying protected.. but good habits can still fail in the long run.

First off, Tim's warnings on the authenticators are FUD more than anything. He doesn't have a real vulnerability on the authenticators themselves. They likely won't be compromised for the length of their lifespan. Secondly, today might have a 50/50 split on keyfobs and phone application-based authenticators.. but as the number of "smartphones" will continue to grow, the ease of upgrading an authenticator grows. If the authenticators are broken, all it takes is a free software update to fix.

Take Lindline's advice. The authenticator protects against a compromised password as well as increases the difficulty for the attacker. It does not completely protect against someone having control of your computer.. and having a compromised computer is *not* a compromise of the authenticator. Having an authenticator greatly reduces your exposure, regardless of the vulnerabilities that exist today.

Oh, and on the bank thing, they *do* attack the masses today because it's the path of least resistance. Trying to exploit everyone and have success on 0.01% of the people would be a big win for them. Make yourself a more difficult target, and they likely won't go after you.