![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
zhivaTuesday, October 13th, 2009 06:32 pm
Say, someone was hacked and carelessly posted about this on forums. What kind of response will s/he receive?
Victim blaming, of course. "Lol, you were asking for it"
And, of course, "Buy authenticator, you fool".
And if s/he gets a blue answer, it will be "bla-bla-bla, and buy authenticator".
Wowinsider published an article advocating Battle.net merge, listing "common excuses" and their "solutions".
"Excuses" are lack of trust into Battle.net system and publicity of Battle.net login. "Solutions" are to buy authenticator and create a special secret e-mail just for Battle.net.
This is bullshit.
When you are buying a car, will you buy a car without door locks? A car, locks for which you are required to purchase separately? And these locks are often out of stock? If authenticators are so crucial for account security, they should be included in every WoW bundle, and every owner of existing account without authenticator attached should be getting it for free. Yes, for free. If Blizzard cannot provide account security without authenticators, it's their responsibility and headache to make sure every account has authenticator attached, not users'.
What does authenticator do? It adds one more authorization factor.
What does battle.net do? It makes one of authorization factors public.
"Then you should make a new email address and use that instead of your personal or work email". Bullshit. How is that different from using custom account name as login, apart from having to remember one password MORE?
Having just one password for everything is bad. But forcing users to make extra passwords is bad too - the more passwords you require users to have, the more users will use same password for several accounts.
TL;DR: Blizzard security approach is flawed; victim blaming and shifting responsibility to users is bad.
Victim blaming, of course. "Lol, you were asking for it"
And, of course, "Buy authenticator, you fool".
And if s/he gets a blue answer, it will be "bla-bla-bla, and buy authenticator".
Wowinsider published an article advocating Battle.net merge, listing "common excuses" and their "solutions".
"Excuses" are lack of trust into Battle.net system and publicity of Battle.net login. "Solutions" are to buy authenticator and create a special secret e-mail just for Battle.net.
This is bullshit.
When you are buying a car, will you buy a car without door locks? A car, locks for which you are required to purchase separately? And these locks are often out of stock? If authenticators are so crucial for account security, they should be included in every WoW bundle, and every owner of existing account without authenticator attached should be getting it for free. Yes, for free. If Blizzard cannot provide account security without authenticators, it's their responsibility and headache to make sure every account has authenticator attached, not users'.
What does authenticator do? It adds one more authorization factor.
What does battle.net do? It makes one of authorization factors public.
"Then you should make a new email address and use that instead of your personal or work email". Bullshit. How is that different from using custom account name as login, apart from having to remember one password MORE?
Having just one password for everything is bad. But forcing users to make extra passwords is bad too - the more passwords you require users to have, the more users will use same password for several accounts.
TL;DR: Blizzard security approach is flawed; victim blaming and shifting responsibility to users is bad.
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
An authenticator would be more like paying extra for power locks + a remote key fob whereas a standard password only would be more likened to standard non-power locks.
Locking doors have come standard on cars since, I believe, at least the 1950s anyway.
Oddly, basic "locks" are standard from Blizz as well; they call it your password.