Originally by: Chribba

---

Additional security features for our accounts, yes please.

---

Originally by: Carine Parnasse

---

Originally by: Valandril

---

Originally by: Chribba

---

Additional security features for our accounts, yes please.

---

It's not real security, only ilussion of it

---

Care to explain how authenticators don't offer real security? Or do you just like inserting random assertions?

---

Originally by: Carine Parnasse

---

Originally by: Valandril

---

Maybe because most of account stolen are via worm attacks which have no issue to hijack your session, login with it you your account and remove the authenticator and then hook up their own (just like it happends in wow) so in order to react you have to wait for support ?

---

Ahhh i see. You're a moron. How about a link to any evidence for any of that? You think the majority of account hijackings are worms taking over your session? Which somehow also gives them access to account management? And you can't remove an authenticator from a wow account without either using the authenticator twice, or calling Blizz.

Most account hijackings are keyloggers, to steal an authenticated account you need to do a man in the middle attack, which means any theft has to be targeted, you can't just release a keylogger.

---

Originally by: Chribba

---

Originally by: Valandril

---

Originally by: Chribba

---

Additional security features for our accounts, yes please.

---

It's not real security, only ilussion of it

---

If they implement my idea of restricting your accounts via IP-addresses, I wouldn't count my restriction as illusion at least.

---

Originally by: Nuts Nougat

---

They should just do what they did on the forum. If you log in from an unknown IP, it asks you for a character on your account. This wouldn't hinder a targeted attack but would add some security for people downloading random keyloggers.

That said, I'm probably one of the rare people that only plays from 1-2 different IPs (home, + work ip to change skills), most people have dynamic ones. Suckers

---

Originally by: Chribba

---

Originally by: Valandril

---

As neat this idea is, most people play from multiple places (and on top of that have dynamic IP numbers) so this would receive very small audience. To be frank if we want to improve security, we are looking in wrong direction. Instead of another mechanisms (that won't stop idiots from getting hacked anyway) we should simply educate people more so they will know that downloading "hotlesbianaction.avi.exe" is not a good idea.

---

Of course this idea is directed a bit more towards the 'advanced' users than the everyday mass - and as such the idea was suggested as an optional feature for increased security when I first posted it in assembly hall (some years ago).

The basic "do not click hotchick.exe" obviously would need to be a part of the general education, but that just won't cut it - nor will it stop brute force attacks or random attemtps of trying passwords. Hence some sort of external dongle/device/stuff would indeed be a good option, and/or additionally features like IP-restrictions.

I'd say an external device generating numbers in some way would be a smart solution - as long as you somehow can link multiple accounts to the same device - for those of us that do not wish to have double-digit number of devices lying next to our keyboard

/c

---