You are playing DH and using the Sharpshooter skill rune.
-
Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.
Diablo III |OT3| Turn On Elective Mode, Get an Authenticator
- Thread starter CarbonatedFalcon
- Start date
- Status
Kinky John
Member
I wonder how many of these idiots on the battle.net forums posting/clicking on links to a particular porn site (which installs a browser hijacker apparently, and Christ knows what else) will be back in a day or two to tell everyone that their account was hacked.
Except, you know, the guy who was online with an authenticator while his character got cracked and stripped only a few pages ago.
OK, we can try. My only problem is the last phase. I just end up getting smashed by his massive hands. In coop, the snakes get tougher to handle, I can tank for a bit but when revenge decides to not proc anymore, I have to kite.
If they were listed as intangible, it wouldn't be as bad. Right now, pets try to tank them, my leaping spiders try to kill them, AE spells that "jump" targets try to jump to them, they walk in front of your shots blocking you from hitting the boss. Way too frustrating.
Oh I've been waiting to use this line FOREVER.
*clears throat*
Seems like he's part of the...1%.
Where's that?
That guy made it known that he had added his authenticator very recently, his account was likely compromised as he was adding it. Thats not the same thing as having an Auth on your account. He was compromised likely before it even completely took effect.
There are still zero proven hacks on accounts with Authenticators attached prior to being compromised.
For what?
FieryBalrog
Member
He added it while he was logged in and was hacked like 45 minutes later. I don't know what that means exactly, but it doesn't sound typical.
If their security is so shit that you are almost guaranteed to be hacked if you don't have an authenticator, Blizzard should be including them in the box and should be sending them out to everyone who purchased.
It's ludicrous to blame the consumer for purchasing a game and having expectations of being able to keep the stuff they find in-game. How does a company who has ran the most successful MMORPG of all time allow such a drastic security flaw in the biggest game release in years?
And adding the fact that soon items will be stripped from people who paid Real Money to purchase them...Blizzard really needs to plug these holes.
It's ludicrous to blame the consumer for purchasing a game and having expectations of being able to keep the stuff they find in-game. How does a company who has ran the most successful MMORPG of all time allow such a drastic security flaw in the biggest game release in years?
And adding the fact that soon items will be stripped from people who paid Real Money to purchase them...Blizzard really needs to plug these holes.
What a load of crap. The other person should have been logged out by him logging back in, and he *changed his password* during the whole thing. Whether his account had been compromised before or not it should not have been so trivial for the other person to get back into the account, pre-authenticator crack or not.
Even then, though, you're just speculating that the person had gotten in some time prior to the authenticator being added. And there have been other reports elsewhere of people being cracked with authenticators on their accounts (dismissed, just like you just did, with speculation that they're lying).
Here's the thing, though. Even if you're right, adding an authenticator should reject all already established sessions. If it's not doing that, that's a security flaw as well. Even this apologism leads to a conclusion that Diablo 3's security is riddled with holes.
Plan: Exalted Grand Sovereign Helm
Would be pretty trivial if his computer itself was compromised.
Also, his story doesn't make total sense:
It doesn't matter what that option is set to, logging on from a new location would have asked for a code regardless....
Seriously, you people who are apologetic about this must believe every computer on the planet is completely compromised from the moment it's turned on. No other service seems to have this degree of problem, and a lot of them have a hell of a lot more at stake than D3 does (pre-RMAH, at any rate).
Again, if keyloggers were so prevalent the entire internet banking system would have collapsed by now.
Shouta
Member
Are you NA or EU? 'cause I thought plans were commodities.
My first thought was "My Diablo account is worth more than my bank account"
My second thought was "I hate myself"
Whats dps of your xbow?
SnakeswithLasers
Member
If you don't want your account hacked, you shouldn't be wearing tight clothes.
Is this glove worth anything?
Yes, that's worth a lot.
Int+Vit+AR+Crit damage is great for wizards.
That will sell really, really well
I'd make you an offer but it'd be too low for what you should get on the open market
No way, it is much easier to trace money via internet banking than on D3 or WOW.
hah
Battle.net accounts are worth money, and they're far less of a legal risk than bank accounts are.
And excuse me for being so apologetic, but I've seen every excuse in the book over seven years of World of Warcraft. The reality is that people can and do get compromised. And they often say anything they can to pass off the blame to Blizzard, when it's entirely their fault to begin with.
Don't get me wrong either, I've criticized Blizzard's security (in this very thread, no less) before, but I'm not going to start pretending that people don't do stupid shit to get their PC compromised.
BTW, other services (and other MMOs) DO have this problem, and Hawkian's story is setting off alarms in my head because not all the details seem entirely accurate.
"damn i got hacked"
...
"you fucked up"
"what did you do wrong"
"dont visit pr0n sites lol"
"you compromised your pc, you must have"
"its not blizzards fault, its yours"
"i bet your password is crap"
There's this culture that seems to surround the authenticator that I find part irritating and part depressing.
What the hell does that mean? Prior to the authenticator taking effect?
xxjuicesxx
Member
Umm the dude a few pages back said he added it while he was being hacked.
He wasn't using the authenticator. Please use reading comprehension skills.
He wasn't using the authenticator. Please use reading comprehension skills.
It's also easier to trace a stolen car.
Are we going to pretend no one ever does that?
He added it an hour before. Maybe try some comprehension skills yourself before pointing at others. Maybe you'll be able to buy them on the RMAH.
In what way would internet banking have collapsed? Doesn't the whole concept of authenticators come from internet banking in the first place?
938.9
OTP is a very very old concept mostly used by corporate security. My dad had one to get into his office in the late 80s/early 90s. They're basically the pre-fob. They are a solid security measure, but frankly they're ridiculous overkill for an online game. The security flaws in Blizzard's services seem to run much deeper. You guys are trusting the protestations of a company that doesn't even use case-sensitive passwords for fuck's sake.
And I'm not actually aware of any banks that use them. Mine certainly doesn't. It does, however, have case sensitive passwords, two-step login for unexpected IPs, and rate limiting.
SnakeswithLasers
Member
I doubt that the Russian and Chinese hackers who are profiting from D3/WoW are all that intimidated by doing the same thing with someone's bank account.
I've been banking online with Wells Fargo for years and years, which is about as big of a bank as you can get, and I don't have one, nor have I been offered one.
Read his story carefully; It's sketchy. Very sketchy. He says he added an authenticator an hour beforehand, but he was not prompted for the code. Regardless of what the setting is set to, you are always prompted for a code when the authenticator is added for the first time, and prompted when logging onto a new location.
I would not be using his story as fact until he clarifies a few of the details.
As for your "trace a stolen care" example, I'm just going to outright ignore that. There's so much wrong my brain doesn't even know where to start.
I wouldn't. Although you're right and there's clearly less of a risk for them. =P
What?
SnakeswithLasers
Member
I could go back and read it, but I'm pretty sure what he said is that he was already logged into D3, then he alt-tabbed out and added an authenticator. Doing so didn't log him out of D3, so he was de-facto logged in sans authenticator.
Regardless. Once the authenticator was added, it should have prompted anyone for a code. Remember: It has no valid locations on memory. He wouldn't have been logged out of D3, but nobody should have been able to get in.
xxjuicesxx
Member
Yes but he never actually ADDED it. He signed up for it while logged on and never logged on with it. Its like having condoms in your drawer and thinking thats good enough.
It sucks but he never actually used the authenticator before the hack.
Either way the internet is full of crap. I'm sure theres people now claiming they use the authenticator and still got hacked and are full of shit.
If people really are getting hacked with it. Then something definitely needs to be done. If not still something needs to be done.
SnakeswithLasers
Member
Yes, and this is precisely the point that is debatable.
If he is relaying correct information, then the authenticator SHOULD HAVE required authentication from anyone, but he got hacked, so that implies that it DIDN'T.
AndyMoogle
Member
I'm pretty sure that every bank in Sweden use one. That's obviously not what you meant, but still.
https://www.wellsfargo.com/biz/jump/securid
Public companies use those. Not sure how many individuals use one. I have never, but I wonder if I should.
I'm in Canada, actually. There's pretty variable security here for the banks (one has 6 character numeric passwords ugh), but they all have severe rate limiting at least, locking out the account if a very low failure threshold is reached.
SnakeswithLasers
Member
Makes sense.
- Status