Diablo 3 real-money auction house to require authenticator

Having your Diablo III account hacked and plundered already sucks, but it'd be far worse if you'd paid money for that gear. So Blizzard will require that players use a Battle.net Authenticator for the real-money auction house.

60

Having your Diablo III account hacked and stripped of items is horrible when you've put so many hours into getting them, but if you'd paid genuine cash money for that snazzy sword you'd be more than a mite annoyed at being plundered. As rapscallions continue to plunder accounts the length and breadth of Sanctuary, Blizzard has announced that players will be required to use a security-boosting Battle.net Authenticator to wheel and deal in the real-money auction house.

Technically, players will be required to have an Authenticator to add to their Battle.net Balance. So if you want to add money to spend on items or send the proceeds from sales back to your Balance, you'll need an authenticator, which come in both physical and mobile app form.

"While we understand that this creates an extra step for players during the login process, we believe this added layer of account protection will help foster a safer auction house environment for all of our players," Blizzard community manager 'Kaivax' posted.

And, of course, having real money at stake would mean players might respond in stronger, more litigious forms than angry forum posts if they were hacked.

Hacking has been a real problem for Diablo III since it launched last month. Though Blizzard can roll an account back to recover stolen items, it's a right royal pain in the rump. Early reports claimed that some had been hacked even with authenticators, but it seems just good old-fashioned stolen passwords are to blame.

While Diablo III has sold enormously well, hacking and the overwhelmed servers have made it far from the smoothest launch. In South Korea, Blizzard's offices were raided by the country's Fair Trade Commission following complaints from disgruntled players who were denied refunds.

From The Chatty
  • reply
    June 11, 2012 6:00 AM

    Alice O'Connor posted a new article, Diablo 3 real-money auction house to require authenticator.

    Having your Diablo III account hacked and plundered already sucks, but it'd be far worse if you'd paid money for that gear. So Blizzard will require that players use a Battle.net Authenticator for the real-money auction house.

    • reply
      June 11, 2012 6:28 AM

      So to use this thing in the game whose existence was the main reason the game had to be online at all times, you now have to use something which doesn't come with the game.

      • reply
        June 11, 2012 6:35 AM

        It's $6.50 and you need one anyway. Buy it.

        • reply
          June 11, 2012 6:42 AM

          Or if you have an iPod/iPhone/IPad you can get the free app.

          • reply
            June 11, 2012 6:44 AM

            there are also apps for windows phone, Blackberry and Android

        • reply
          June 11, 2012 7:30 AM

          $6.50 + $20 shipping, max of two authenticators to an order here.

          • reply
            June 11, 2012 8:57 AM

            Lies. Free overnight

            • reply
              June 11, 2012 9:30 AM

              That's for Americans only.

            • reply
              June 11, 2012 9:33 AM

              "overnight" that took 6 days for me last week :P

              • reply
                June 11, 2012 11:13 AM

                took 8 days for me, but I got it.

                • reply
                  June 11, 2012 11:55 AM

                  Overnight from when they shipped it. :) Was around a week for me.

            • reply
              June 11, 2012 10:09 AM

              Not everyone lives in the USA. It's hard to believe, I know.

              • reply
                June 11, 2012 11:05 AM

                The way their website works, if you're in the USA it looks like it's free shipping anywhere. Seems to be causing a lot of confusion around here.

              • reply
                June 11, 2012 11:53 AM

                Really? It's hard for you to believe?

      • reply
        June 11, 2012 6:46 AM

        By that logic you should be able to play without patches, no?

        (since there is a software authentiicator)

        • reply
          June 11, 2012 8:07 AM

          Software in what way? Are you talking about the phone apps? Great... if you have a smartphone. Which not everyone does.

          I'm saying: Blizzard should send one (1) free hardware authenticator tp anyone who requests one. Anyone with a smart phone won't want it because it's one more damn thing to wag around. Everyone else doesn't have to spring $6 to not get fucked in the game they've already sunk $60 in. Done.

          • reply
            June 11, 2012 9:30 AM

            This world of not having a smart phone. I don't understand it. Like, at all.

      • reply
        June 11, 2012 7:44 AM

        How do people like you still exist? Can you seriously not follow one step of logic? Like, the time it took you to post this, you could have thought for 5~ seconds (don't hurt yourself) and figured this one out.

        -Millions of people buy d3
        -Including an authenticator per box would be like $6/box
        -Many people already may have an authenticator (mobile / fob) from previous games
        -Many people prefer mobile authenticators which costs Blizzard nothing

        Would you seriously spend $6~ of your profit per-game to include a dongle that is likely wasted in a significant portion of the audience?

      • reply
        June 11, 2012 7:46 AM

        it's like buying a nice knife without buying a hone. or a car without buying insurance

        • reply
          June 11, 2012 8:10 AM

          Automobile analogies don't work here because they're regulated by the government which requires by law that you have insurance.

          As for the hone - I'm not a knife guy but this is more akin to someone selling you a house without a lock on the door. Yes, you're going to get broken into but wouldn't it make more sense to just sell the house with locks on the doors? Like they currently do?

          • reply
            June 11, 2012 10:07 AM

            The reality is you WONT get hacked randomly. You did do something wrong. You can't relate that to a house without a lock. You do have a lock, but the lock can share keys with other locks you use, and lots of travelling salesman come by asking if they can inspect your house / lock and you're just a really nice person who likes to let them check it out. This is all silly, why do we need analogies?

            The reality is that security is changing nowadays, and many people do not accept 2-factor authentication as required yet. It requires companies like Blizzard pushing people into thinking about security to make progress. I have lots of friends and family moving onto keepass / 2 factor for their google and it takes a lot of convincing, despite that being infinitely more important. People just don't want to think about security, and I can't blame them. It's annoying to have to deal with, but that's the times we live in now, can't argue that.

    • reply
      June 11, 2012 6:39 AM

      How many shackers called this?

      • reply
        June 11, 2012 6:40 AM

        About three fifty

      • reply
        June 11, 2012 11:07 AM

        This news isn't new, they said authenticator would be required months ago.

    • reply
      June 11, 2012 6:40 AM

      Sounds like an excellent way to profitize security.

      • reply
        June 11, 2012 6:57 AM

        maybe they should partner with symantec. what could possibly go wrong

      • reply
        June 11, 2012 7:25 AM

        Profitize what? Grow up already. The apps are free and the physical authenticator costs you what, 6 dollars? That's what they cost to make.

        Kids..

        • reply
          June 11, 2012 7:32 AM

          Now that you're finally 20 don't delude yourself that you're older than everyone else on the internet. 6 dollars is probably $5.50 more than it costs to make.

          • reply
            June 11, 2012 7:48 AM

            No, they sell them at cost or below. They also give out a ton of them at events like Blizzcon. It's just in their best interests to have people have the best security because it costs them more to staff customer service for hacking issues than to develop and sell the authenticators.

            • reply
              June 11, 2012 7:54 AM

              There is no way they sell them at below cost.

              • reply
                June 11, 2012 7:59 AM

                The ones they give away are.

                • reply
                  June 11, 2012 8:13 AM

                  And the ones they give away are a tiny, tiny fraction of what they sell.

                  • reply
                    June 11, 2012 8:24 AM

                    Not sure how that changes what I said. They're available at cost or below. Don't forget that they also pay to develop the free apps, run all the SMS and dial-in services, etc.

                    • reply
                      June 11, 2012 8:25 AM

                      I don't believe for a minute they cost $6 to make.

                      • reply
                        June 11, 2012 8:27 AM

                        To be fair, I doubt Blizzard can purchase them from the manufacturer for less than $6

                        • reply
                          June 11, 2012 8:56 AM

                          This. We're in the process of looking at similar devices at work, and the per-unit cost to us for ones *very* similar to the ones Blizzard sells is $6.

                      • reply
                        June 11, 2012 8:43 AM

                        Blizzard isnt making them. They buy them from someone else who does. I agree that the BOM for the device is less than $6, but $6 could absolutely be what the ODM is charging blizzard.

                        • reply
                          June 11, 2012 8:51 AM

                          ^^ this ^^ but, we have this surge of BELIEVERS in certain things for some strange reason

                • reply
                  June 11, 2012 8:31 AM

                  Yes, giving away authenticators at Blizzcon where the ticket prices to just get in are $175...

            • reply
              June 11, 2012 9:26 AM

              Then why not give them away with the game?

              • reply
                June 11, 2012 9:31 AM

                Not sure. I figure a lot of people already have them and putting them in every box, regardless of whether they'd be used or not would be really expensive? I mean, if it costs them anywhere near what they sell them for and they stick them in a $60 game, then they're taking 10% of their profits off the top of the game right there.

              • reply
                June 11, 2012 9:34 AM

                Look at the backlash you see here when someone suggested you should have had an authenticator. Look at the backlash when they announce you will need one to use the RMAH. Can you fucking imagine the shitstorm if they actually required people to use an authenticator to play that game?

              • reply
                June 11, 2012 9:34 AM

                because the dongles are heavily subsidized, don't cost $6 for blizzard (likely much higher), and most people do have smartphones. they'd be dropping at least $80-100 million on dongles. more over the lifetime of game sales.

              • reply
                June 11, 2012 10:10 AM

                They probably didn't expect it to be this bad. I doubt anyone did.

          • reply
            June 11, 2012 9:02 AM

            ^^Self-entitled ninety-nine percenter.

            Listen: Blizzard doesn't owe you their profit margin. It's their game, their property, and totally up to them how they price their property. If you think you deserve or need what they made possible in the first place then you need to chiggity check yourself.

            And while a buck fifty is probably how much it costs Blizzard to buy the units from the factory in Taiwan or Taipei or wherever they're manufactured, the other 5 dollars is probably exactly the amount of money Blizzard needs to markup for the entire Authenticator program to break even. This includes the cost of their call center, customer service dept, R&D, authenticator servers, etc.

            • reply
              June 11, 2012 9:29 AM

              Listen you stupid fuck, I don't give a shit about their profit margin or blizzard at all. I don't play their games.

              You're the fucking entitled one to think someone can't have a differing opinion than your own without devolving into asinine name-calling. Whatever you think about what I think about blizzard is wrong; get over yourself.

              • reply
                June 11, 2012 4:41 PM

                Whoa, someone's angry.

                • reply
                  June 12, 2012 12:37 AM

                  Probably less than you would imagine. But if you'd like to trade insults, I'm more than willing.

              • DM7
                reply
                June 11, 2012 7:18 PM

                Jesus dude, calm down you'll live longer. Why participate in this thread if you have no vested interest in Blizzard games unless you just wanted to make a snide comment?

              • reply
                June 11, 2012 8:05 PM

                If you don't play their games why do you care so much? That's weird you're weird.

              • reply
                June 11, 2012 8:35 PM

                can we bring more attention to this ragey subthread?

                I am a bit confused why you would make an inflammatory comment and go around insulting and raging at people who reply to it.

                • reply
                  June 11, 2012 11:31 PM

                  I made one comment that it sounded like they were looking to score profit (rather than solve the problem). I'm not sure that's necessarily inflammatory for the average adult. Companies look to make profits. I made similar comments about Microsoft back when RROD threads were a weekly thing.

                  I don't have to have a vested interest in a company's games to make comments. One, it's a free country, two, it's a game forum and three, there are a lot of game companies I have nothing to do with. I never did buy a 360, yet I have owned a original xbox, ps2, gamecube, wii and PC. I probably wouldn't have bought Diablo 3, but I certainly wouldn't after this nonsense.

                  I replied civilly to the people that responded civilly.

                  That help?

          • reply
            June 11, 2012 9:35 AM

            RSA charges a per-token license for the authentication algorithm, it's that and not the plastic that costs money. Blizz said that they were selling authenticators at cost back when they introduced them for WoW, if you want to call that a lie then go ahead but if you distrust them that much I donno why you'd buy their products in the first place.

            • reply
              June 11, 2012 9:55 AM

              See, this part is actual information. Interesting.

      • reply
        June 11, 2012 7:59 AM

        Are you a 9/11 truther y/n?

        • reply
          June 11, 2012 8:12 AM

          Why don't they include them with each copy of the game?

          • reply
            June 11, 2012 8:15 AM

            I stirred the shit above but I can understand why (if it costs $6 to make the thing) they'd not want to include one in every game because a large % of the purchasers will opt to use the phone app instead. Fair enough.

            But put a coupon in the box or something for anyone who does want a hardware one - anyone with a smartphone won't want one more damn thing on their keychain, so I don't think there would be some huge influx of people asking for these things. I assume they a'ready limit it to one per Battle.net account.

        • reply
          June 11, 2012 10:02 AM

          911 was real as a cartoon

      • reply
        June 11, 2012 8:16 AM

        I really wish they'd publish numbers regarding how many accounts have authenticators attached, and how many of those are the smartphone apps, so we can end this incessant talk of Blizzard scamming people. I honestly don't think the majority of people who have a PC powerful enough to play D3 are without smartphones. Since you can get smartphones for free with many carrier plans, unless you are anti-internet or something, there's almost no reason not to have one.

        • reply
          June 11, 2012 10:05 AM

          Smartphone plans cost a lot more with the big companies, and with prepaid where the plan is more reasonable the phones suck and aren't subsidized.

    • reply
      June 11, 2012 6:44 AM

      I trust my authenticator, but I'm going to give the RMAH a few months to work the links out before I use it. Having gold stolen is one thing, rent is another story.

    • reply
      June 11, 2012 7:08 AM

      I fail to see how this is a big deal. The authenticator apps are free.

      • reply
        June 11, 2012 7:36 AM

        Is big Blizz gonna give me a smartphone to run them for free too?

        • reply
          June 11, 2012 8:12 AM

          Lol GTFO out of here. You are approximately .5% of their audience. Go get a smartphone because it's 2012, and you get shit like this for free with them.

          Alternatively, don't use the RMAH. And when you come back saying "you mean I bought this game and I can't even use all the features it comes with?" I'm going to laugh at you.

          • reply
            June 11, 2012 8:16 AM

            Not sure why you're being such a douche about this but answer me this: these people who are getting hacked, are they all using the RMAH? I was on the impression that people who were not using the RMAH at all were losing their shit to hacking.

            • reply
              June 11, 2012 8:20 AM

              The RMAH hasn't been released yet. Everyone who is getting hacked is having their items and gold transferred to other accounts so that the gold can be resold on the black market, like in WoW.

            • reply
              June 11, 2012 8:31 AM

              I was only commenting on the prospect of someone using the RMAH and being upset that it requires an authenticator. This seems incredibly obvious, given what's been going on.

        • reply
          June 11, 2012 8:38 AM

          Big Blizz is just trying to profitalize on security here, it disgusts me.

        • reply
          June 11, 2012 9:04 AM

          This post is sarcastic, right?

        • reply
          June 11, 2012 9:14 AM

          Stop being poor

        • reply
          June 11, 2012 9:21 AM

          $6 dongle.

        • reply
          June 11, 2012 9:34 AM

          I don't understand why they don't mimic Steam, which has tradeable items that are worth hundreds of dollars and a security scheme that doesn't require you to buy anything.

        • reply
          June 11, 2012 11:09 AM

          man you must have fapped furiously at being set up for that one

        • reply
          June 11, 2012 5:04 PM

          You can emulate the Android authenticator on your PC for free.

          • reply
            June 11, 2012 5:08 PM

            Wait, it's even easier than that. Open-source Windows version of the Blizzard authenticator here:

            http://code.google.com/p/winauth/

            There is literally no excuse.

            • reply
              June 11, 2012 5:19 PM

              It's best if you have two computers, but considering it seems likely that most hacks are from people using the same email / password elsewhere, and not keyloggers / trojans / voodoo, it's probably safe enough to use it on the same computer you play with. I'm using it at the moment (running it on a separate computer), and it definitely works.

            • reply
              June 11, 2012 5:41 PM

              Good info.

            • reply
              June 11, 2012 6:48 PM

              Danke for the link.

            • reply
              June 11, 2012 7:19 PM

              Awesome

            • reply
              June 11, 2012 8:48 PM

              Yep, I'm putting this on my laptop and never letting it connect to the interwebs again. Thank you!

            • reply
              June 11, 2012 10:29 PM

              Even if this app is clean and open source, I have a feeling that it's only a matter of time until people start writing viruses that target it and hijack the key when you log in. That's why a 2-factor system that relies on a different platform entirely is best, but running it on a different physical computer should hopefully prove sufficient.

        • reply
          June 11, 2012 7:33 PM

          I hate people who respond to this with LOL $6 YOU POOR. After shipping, the thing came to $20. So I'm expected to pay 1/3 of the sticker price just so I don't get robbed blind? I'm not sure I wanted a $80 game.

          • reply
            June 11, 2012 7:52 PM

            Or, you know, it's entirely free and you don't have to pay a dime.

            • reply
              June 11, 2012 8:12 PM

              Didn't know till after the fact. But, you know, whatever my fault lol authenticator.

              Yeah I seriously don't care what you say at this point.

            • reply
              June 11, 2012 8:14 PM

              If you already have a smart phone. Saying "Oh buy there's an emulator through which you can download and then run a program to do that" does not make it seem like something I would want to do. Maybe Bilzzard should have thought about shipping an authenticator with every boxed copy, or figure something out so these accounts don't get hacked or something.

              • reply
                June 11, 2012 8:20 PM

                Honestly, if you refuse to do any of the myriad things you can do to secure your account, I don't care if your shit gets hacked. Blizzard does so much more than even many banks to keep your shit secure but it's worthless if you refuse to use it.

                • reply
                  June 11, 2012 8:25 PM

                  lol

                  I can't use my credit card in another country unless I walk into my bank and say I'm going to be out of the country at that time. I don't believe Blizz does that, but if they do, good for them. I also have up to 250,000$, I think, insured by banks/the government so I don't really need to worry about anything getting stolen because I know I'll get it back. Pretty sure Blizzard doesn't do that either.

                  Now none of that matters for me, because I didn't buy that game, and shit like this is why I don't plan to any time soon.

                  • reply
                    June 11, 2012 9:07 PM

                    Good luck if someone gets your debit card number, bucko. Your deposited money may be insured, but it won't matter if they believe you're the one who spent it and they won't give a shit.

        • reply
          June 11, 2012 8:48 PM

          Give me your login i'll install an authenticator on my 9 year old nephews smart phone for you.

      • reply
        June 11, 2012 9:45 PM

        I'm honestly curious why they're not able to lock down their authentication and prevent this without requiring a hardware device to compensate.

        • reply
          June 11, 2012 11:07 PM

          They would have to lock it down such that one with the login and password wouldn't be able to get in. The only way to do that is with two-factor authentication.

    • reply
      June 11, 2012 7:38 AM

      and at this rate you'll need an authenticator for the authenticator next

    • reply
      June 11, 2012 7:55 AM

      ITT People bitching about having to spend money on something that enables them to spend money.

      • reply
        June 11, 2012 8:00 AM

        Except you can get the apps free.

    • reply
      June 11, 2012 7:58 AM

      I know this has been discussed a ton, and I don't mean to beat a dead horse, but to me an authenticator should just be an extra security measure, not a requirement. I think Blizzard could a bit further on their end in terms of security and making things a bit safer by implementing a PC authenticator, similar to what iTunes, Paypal, or several online brokerage accounts have, where if you log in from a different PC, you require additional steps to log in, like another password, or security questions or maybe a code sent in a text message.

    • reply
      June 11, 2012 8:06 AM

      Alice, passwords aren't getting brute forced, either. Blizzard has methods in place that make brute forcing extremely unlikely and there are much, much easier ways of obtaining access to accounts that don't have authenticators, namely testing accounts against third-party hacked account databases.

    • reply
      June 11, 2012 8:17 AM

      Hey everybody. Just got the call, apparently somebody here was criticizing Blizzard? I've got my bat and everything, let's get that motherfucker.

    • reply
      June 11, 2012 8:52 AM

      People here are all geniuses. It's clearly way better to allow RMAH access without an authenticator so that people can lose real money when they get hacked. Also blizzard should buy people smart phones.

      • reply
        June 11, 2012 9:39 AM

        they should buy them blackberries, that'll learn 'em

    • reply
      June 11, 2012 9:07 AM

      So how many of you DONT have an authenticator ??? If you dont there are a few reasons why...

      1. You cant afford to go to Blizzcon
      2. You cant afford a Smart Phone
      3. You like getting hacked
      and
      4. Your parents already blew a bunch of money on all the other things you bitched about wanting but dont work for..

      Everyone else that does have one.... congrats and enjoy :)

      • reply
        June 11, 2012 9:27 AM

        1/10 on the troll scale.

      • reply
        June 11, 2012 7:36 PM

        My current issue is that I can't remove my SMS authenticator lol

        • reply
          June 11, 2012 8:23 PM

          Does it really authenticate though? Mine doesn't. It just texts when a change has been mad to the account.

      • reply
        June 11, 2012 8:29 PM

        I've tried to set up an authenticator several times now. For whatever reason, the email they're supposed to send during the process never arrives. I even purged my blocked list completely to see if that was the problem and it's still a no go.

    • reply
      June 11, 2012 8:08 PM

      Well shit. I got a new phone and now I can't play cause I can't log in to battle.net to update my account with the new authenticator details.

      • reply
        June 11, 2012 8:10 PM

        So I have to submit a help ticket and play the "sit around not playing D3" game.

        • reply
          June 11, 2012 8:15 PM

          Isn't that about half the diablo 3 experience?

    • reply
      June 11, 2012 8:44 PM

      The entire economy is terrible right now. Why are they rushing this? I imagine all bots are going to be banned tomorrow or the next day.

    • reply
      June 12, 2012 5:44 AM

      Can anyone answer me, don't Blizzard have any "White Knight" hackers? Haven't they tried to reconstruct how hacking is done, so that the hole can be plugged? How exactly does it work when someone "steals" your login info and cleans your characters out? Can someone point me to an article or youtube video that explains the process?

      I had already decided not to get Diablo 3 until patch 1.1 is out, containing PVP, now I feel like waiting until they've beefed up security and the effectiveness of that "authenticator".