Kicking off a weekend of Blizzard-related news, Blizzard Entertainment announced today the introduction of an optional account security device for players of World of Warcraft.
Designed to attach to a keychain, the lightweight and waterproof Blizzard® Authenticator is an electronic device that generates a six-digit security code at the press of a button. This code is unique, valid only once, and active for a limited time; it must be provided along with the account name and password when signing in to the World of Warcraft account linked to it.
"It's important to us that World of Warcraft offers a safe and enjoyable game environment," said Mike Morhaime, CEO and cofounder of Blizzard Entertainment. "One aspect of that is helping players avoid account compromise, so we're pleased to make this additional layer of security available to them."
To learn more about the Blizzard Authenticator, please visit http://www.blizzard.com/security-token.
The device will cost $6.50 and can be associated with multiple accounts. The FAQ describes the functionality pretty well - it's similar to a security token used by some banks. Initially it can be purchased at the Worldwide Invitational event held in Paris this weekend.
As account compromises due to keyloggers, plishing and social engineering have risen to epidemic levels, it's a good move. Personally I like the "low tech" method of single-use password lists used by Finnish banks, but this system is the other obvious way of adding a layer of security that defeats keyloggers. The only potential drawback is that should you lose the token, you are locked out until you can verify the ownership of the account to Blizzard. Inconvenient, but I guess that beats the prospect of getting your account stripped of all valuables by some criminals involved in gold selling.
GLSA 200805-20 GnuTLS: Execution of arbitrary code
Blizzard beefs up WoW account security