As we were warned by quite a few WoW bloggers this past week (including Kestrel, Anna, Rohan and World of Snarkcraft), a rather sophisticated WoW phishing scheme has been circulating disguised as a 3-day suspension notice. While, yes, Blizzard has pounded it into our heads that they will never ask for our username or password, sometimes in a moment of panic or unclear thinking or, hell, just haven’t had caffeine yet, you may still accidentally compromise your account by falling for one of these scams.
Now, if you have the Blizzard Authenticator, you’re not hackproof by any means – but you at least have an extra level of security. However, I’ve heard a lot of recent confusion from different sources – how does the Authenticator connect to my account? How does it “know” it’s me? That sort of thing. Well, I’m here to not just tell you, but to show you – I’ll walk you step-by-step through connecting an Authenticator to your Battle.net account or unmerged WoW account, and using it to log into WoW.
Step 0: Get an Authenticator
First things first: get an authenticator. You have two options for doing so.
- A physical “keyfob” authenticator. Blizzard sells these in the Blizzard Store, but they often sell out about as fast as they arrive, so you have to be really on the ball to catch one. I got lucky and got mine out of the first batch into the store; others still can’t catch one. Blizzard also gives these away, usually with special branding, for their events like Blizzcon.
- The new Battle.net Mobile Authenticator. If you have an iPhone or an iPod touch, and if you have merged your WoW account into a Battle.net account, you can pick this up in the App Store on your mobile device (just do a search for ‘blizzard,’ you’ll find it pretty easily). You only need to be connected to the internet or a cellular network while downloading the app and synchronizing it the first time with Blizzard (more on that below). Otherwise, you can be offline and it’ll work just fine. If you don’t have an iPhone or an iPod touch, take heart! The Mobile Authenticator is designed for a variety of phones in Korea, so I feel confident it’ll spread to other mobile devices over here in the US as Battle.net usage expands.
Alright, got your authenticator in hand? Let’s get ready to roll! First, log in to your system of choice. I’ll start with adding an authenticator to an unmerged WoW account (remember, these kinds of accounts can only use the keyfob authenticators), since it’s such a short procedure.
Adding a Keyfob Authenticator to an Unmerged WoW Account
First, log in to Account Management on the World of Warcraft site. Scroll down until you see a box that looks something like this – it should tell you the account type, and has a nice obvious “Add Blizzard Authenticator” button on it.
Once you do, you’ll get to a screen that asks you to enter the serial number of your Authenticator. Flip the keyfob over, and type in the unique serial number from the back of your authenticator.
Hit Attach, and you’re done! You now have an Authenticator attached to your World of Warcraft account. You’ll want to skip down to “Logging into WoW With an Authenticator.”
Adding an Authenticator to Your Battle.net Account
First, log into the Battle.net website. Once you’re in, you’ll want to look for “Change Security Options” along the top of your profile. Click that.
Next, you’ll see a screen that lets you pick the kind of Authenticator you want to use. Battle.net accounts have the freedom to use either the keyfob or the mobile phone authenticator, but you can only use one or the other – not both. However, you can freely go back and forth between the two types, as long as you remove any existing ones from your account.
If you choose to add a Blizzard Authenticator, you’ll see a screen that looks a lot like the one above for the unmerged WoW account, and works exactly the same way – you put in the serial # from the back of your keyfob.
However, if you choose to add the Battle.net Mobile Authenticator, you’ll get a screen that asks for the serial number from the Mobile Authenticator program instead. SPECIAL WARNING: If you ever remove the Authenticator from your iPhone or iPod touch, BE ABSOLUTELY SURE to remove the Authenticator from your Battle.net account first. Otherwise, you’ll probably have to jump through a lot of hoops with Blizzard’s account people to get it removed from your account. And no, just downloading it again won’t work – each downloaded copy has its own serial number.
So, how do you find the serial number of your Mobile Authenticator? First, look at the home screens of your iPod touch or iPhone, and find the Authenticator application. Tap it to open it. It looks a like the Battle.net logo with a small grey key overlaid onto it.
You’ll see a title screen that looks like the following. Tap ‘Setup.’
The application will show the serial number of your authenticator to you. Remember, this is unique to your authenticator!
I couldn’t think of any ill effects of showing the serial number other than maybe someone tying my authenticator to their account, but I’d rather not have to worry about it. You actually need the authenticator itself to remove it from the account.
Either way, whether you attach a keyfob or a mobile authenticator to your Battle.net account, once you get back to your profile you should see a little info bubble appear next to the security option:
Hooray! You’ve got an authenticator on your account! Now, on to the important part…
Logging into WoW With an Authenticator
It’s actually super-simple to log into WoW once you’ve got an authenticator attached to your account. First, log into WoW like normal…
And after you put in your username and password and hit “Login,” your client talks to the Battle.net or WoW login servers, who respond like some kind of security guard: “Whoa, whoa, hey there buddy! We’re gonna need some more credentials! This is an Authenticator user!” And as a result, your client will then show you a new popup window, which will wait patiently for your Authenticator code:
Now it’s time to generate a code. Special note: you’ll note that in the pics below I show the numeric codes, whereas above I whited everything out. Why? Because these codes are
- Unique to your authenticator’s serial number, which is tied to your own account, and
- Only last for one login or 30 seconds, whichever comes first.
Frankly, by the time I started writing this post, even I couldn’t log in with the codes shown below. So I figure it couldn’t hurt to show you the real deal just this once, right? Anyway, generate that code. On the keyfob, that means pressing the button to generate a six-digit code:
While on the Mobile Authenticator, you launch the Authenticator, then click ‘View Code’ from the home screen to show your 8-digit code. (After you’ve done this once, the Authenticator will usually go straight to the code screen when launched.) The Mobile Authenticator has a nice little plus over the keyfob in that it shows you how much longer a code is valid by means of a sliding bar below the number. As you can see, I’ve probably got about 5-6 seconds on the code below, so I’ll probably just wait for a new one.
Then press enter or click ‘Okay,’ and voila! You’re in! Welcome to playing WoW with an authenticator! Like I said above, you’re not completely hackproof – no system is completely hackproof – but you’ve taken a big step towards increasing your personal security where World of Warcraft is concerned.
Removing a Blizzard Authenticator
There might be a time when you need to remove a Blizzard Authenticator from your account – say, to switch from a mobile to a keyfob or vice versa, or some other such situation. I’ll put instructions here for doing so with a Battle.net Mobile Authenticator. Unfortunately, I cannot do the same for a WoW unmerged account, as the screenshots above are actually graciously provided by a friend of mine who does not have an Authenticator. (I know, I know…)
Anyway, you’ll want to log into Battle.net’s website, then click ‘Change Security Options’ like before. Now you’ll see that one of the links has changed to ‘Remove Authenticator,’ while the other is completely unavailable and tells you that you need to remove the first authenticator before enabling that one. For example, here’s mine with a Mobile Authenticator attached:
As you can see, I can remove my mobile authenticator, and would have to do so to switch back to my keyfob. Clicking the Remove Authenticator link takes you to the same page in both cases, however. You’ll need to input two codes in a row (generate one, input it, wait for the next one, generate it, input it too) to confirm removal – in other words, you normally can’t remove the authenticator without the authenticator. You can probably jump through some hoops with Blizzard’s account department in the event you lose yours, but you shouldn’t ordinarily have to do so.
Regardless, after you’re done, you’ll see a little confirmation message, just like when you successfully attached an authenticator. If you’d like to attach a new one, just follow the steps above!
I hope that helps clear up any confusion anyone still had about the Authenticator(s) for your WoW accounts. Happy securing!
Thank you for posting this guide!
Seris last blog post..Seri sez: L2WWS Episode One: Laying the groundwork.
WRITE DOWN YOUR SERIAL NUMBER.
I had the authenticator on my ipod, car got broken into, bye bye ipod. Now ive been waiting 4 days to get this bastard removed.
WoW is currently the only Blizzard game I still play. I’m still using a WoW account instead of the Battle.net account, and I use a keyfob Authenticator. Is there any reason for me to upgrade to the Battle.net account, since I only play WoW and don’t really have any intention of playing the upcoming Starcraft or Diablo games? Also, have all the connection/account issues related to upgrading from a WoW account to a Battle.net account been resolved?
Thanks!
@Xpyre: A very good point. I’ve got mine written down in 2 or 3 places now.
@Sindrow: For your first question, I’d recommend going on and merging soon, because Blizzard has said in the future, it’s going to be mandatory – i.e. everything, even if all you play is WoW, will be merged under one Battle.net login. There’s also some minor benefits if you dual-box or just have multiple accounts – you can merge multiple ones into one Battle.net account, only have to remember one login, and can pick between them at login time. (Additionally, if you have WoW remember your login name, the dropdown to pick an account appears directly under the username on the login screen.)
Your second question’s a bit trickier. I haven’t seen any reports of any problems in a couple weeks, and to be entirely honest, I haven’t had a single problem logging in with my battle.net account – knock on wood – and I merged on the very first day it was available to do so.
[...] You’re welcome. When my Square-Enix security token arrives, I’ll probably do another one for that one, too. I will become the all-knowing source of attaching one-time use security tokens to accounts, muahahahahahahaha! [...]
Not sure if there was a question in there, but: if someone has added an authenticator to your account, you will know, because it will ask for the authenticator code when you try to log in.
Any other log in problems are not related to this.
I have not purchased anything closeley related to an authenticator generator nor have i attached one to any of my accounts. i recently started playing wow again and havnt had any trouble logging in untill today. i have not released my infromation to anyone so i dont believe someone else is using an authenticator against me but i do not know
why when i open the app does it tell me network error please try again later but yet i know my ipod touch is connected to my wifi….i cant even get the code to register the app in the first place….someone please help