Security Tightens As Diablo III Prepares For Auction House Launch

Security Tightens As Diablo III Prepares For Auction House Launch

When Diablo III‘s real-money auction house goes live, anyone wishing to add to their monetary balance in it will have to use an authenticator, Blizzard told its community on Friday.

An authenticator, which was previously an optional security measure, is meant to address the claims and instances of hacking in which players’ accounts have been taken over and looted of gold and items. Authenticators exist as free smartphone apps, a keychain fob costing $US6.50, or as a free dial-in service to provide two-factor account login.

“This means you’ll need to have an Authenticator to add to your balance via Account Management or to send the proceeds of your real-money auction house sales to your Balance,” Blizzard wrote in an official forum thread. “Please note that players who previously added Balance to their account prior to this change will be able to use it to make eligible purchases on and in the auction house without attaching an Authenticator. However, an Authenticator will be required to add to your balance in the future, as explained above.”

“While we understand that this creates an extra step for players during the login process, we believe this added layer of account protection will help foster a safer auction house environment for all of our players,” Blizzard said.

The changes became part of the terms and conditions listed on the website on Friday. When the real-money auction house opens, players will have to reconfirm their acceptance of them.



  • also read as:

    “We couldnt afford proper security measures before launch, we had no time or money.

    We can’t afford to develop proper security measures now, despite having tons of cash and time up our sleeves post launch.

    Lets make authenticators mandatory, which will outsource the workload to our player base, and provide an extra layer of deniability in case anyone is hacked in the future.”

    • Or, you can be less of a dick, understand that the authenticator is a free app for phones and such and is a fantastic way to ensure account safety. I use it for my accounts, its very simple, you click the app, it comes up with a number, enter the number and done. Its not like its intrusive.

      If they didn’t do something like that you’d be whining they didn’t do anything in terms of security measurements.

    • No, it’s an added layer of security for the users so they won’t have an issue where they complain about losing real money. There is absolutely nothing else Blizzard can do to protect users getting hacked, its purely human error from the user. Popular games with real money involved will attract hackers massively, so this is actually a really good step up. There is no vulnerability on Blizzard’s end, user accounts are just as hackable as any other form of account, it’s just that Diablo 3 happens to be the popular one and a more juicier target.

      • So far this push for authenticators has been the only comments by Blizzard about account hacking. No explanations, no mention of security flaws or any updates to fix security holes.

        A fast majority of hack happen in-game through packet sniffing, this is the real issue.

        So far all we have gotten is some guff about authenticators, because they prevent people getting into your account AFTER they are hacked.

        • Do you have any further information about packet sniffing as a source of hacking? It seems unlikely, as it’d be defeated by even the most basic of security mechanisms, but if there’s any truth to it I’d certainly like to know more.

        • Man in the middle attacks are really hard to do, extremely unlikely this is occurring. Even so, if you are hacked due to a man in the middle attack, it is at no fault of Blizzard, as they don’t control your local network or anything up till the Blizzard servers themselves to be exact. Most of these hacks are happening through phishing and fansite database hacks. Keyloggers would be a minority of the threats, as the victims would be complaining about bank account hacks as well.
          What the authenticator protects against, is when a moment of human error occurs and you fall for one of these hacks.

      • The problem i see with this approach is the fact as a practice its giving Blizz a “Get out Jail for Free” Card. Yes authenticator is a great security enhancing feature. And yes there is a “free” version of it.

        The problem lies in the fact that you MUST rely on Authenticator now. It shifts the blame on the user for not using the app. I’m not here to judge whether every “hack” is legit or not or whether its a case of bad security practices (from user or server). The fact remains if something goes wrong and you don’t have authenticator Blizz can just hang you to dry (luckily Blizz isn’t that kind of a company) and say “well you didn’t have authenticator” which is NOT supposed to be the be all and end all of security.

        The security accountability should start and end w/ Blizz not User (for not getting the security enhancement) then Blizz.

    • Not really sure how you can complain about this. I never plan to use any aspect of the real money auction house but I still voluntarily opted to use the authenticator app on my phone just for an added security layer.

    • “We can’t afford to develop proper security measures now, despite having tons of cash and time up our sleeves post launch.”

      The authenticator *is* them developing proper security measures. It’s a fairly fool-proof security measure used by banks, governments, defence forces and corporations with highly-confidential material.

      What on earth would you suggest they do instead?

    • Dear User,
      we take a 15% AH cut + 15% CASHOUT cut, of your REAL MONIES!
      This is why you have lag in your single player game.

  • The problem isn’t blizzard-side.

    People download keyloggers from questionable sites, the keyloggers watch you type your password, which is then sent to keylogger HQ, where they then log in and hijack your account.

    Blizzard has no control over this, bar authenticators.

    • True – mostly. Look at the recent Xbox Live ‘hijacks’. Poorly trained, outsourced customer support led to ‘hijackers’ getting people’s login details. Not saying Blizzard support would be similar… I have no experience there… But an authenticator in your hand can’t be taken over the phone.

  • Or simply not use the RMAH, i have issue with putting money down on a virtual item for a game that will loose popularity over the years.

  • I’m not sure of the legality of promising a feature in a game, and then forcing people to pay extra to use it…

    And no, some of us prefer older phones over smart phones – so it’s not FREE as many claim.

    • it costs money if you buy the keychain fob… if you have an android/iphone then you can download the app for FREE…

    • the cost of your preference to not change with the times. It’s like choosing to ride a bike instead of driving a car, and then complaining about how long the trip took, that’s just silly.
      At the very least, compared to getting a new smartphone, the physical authenticator is relatively free.

  • This should be entertaining. I’ve actually deleted Diablo 2 from my computer for security purposes.

  • Well I use an authenticator, though believe blizz should include it in the box. Not that it matters. Farming Inferno for level 51 blues gets old fast. As does using Tyrael in Act 4 to kill minibosses for a chance at decent loot so I can actually do act2 inferno without getting 1shot, but plating as a barbarian with Australian ping and blizzard server lag = instant death cause you can’t dodge attacks even those with a big wind up. Did I mention I quit already? This game was a big disappointment..

  • So… they took out the offline option for fear of losing money to pirates (among other reasons).

    I wonder if the level of tarnish on the Blizzard name after all this will have affected future sales of other products.

    My guess: Not enough to deter Activision from staying the course. Not unless there’s a mass boycott of SC2 expansions and other Activision franchises.

    Quite simply, nobody cares that much.

    Looks like I’m indie and retro gaming from now on.

  • I was going to get the keychain authenticator but 30 dollars postage was a joke, and then a mate offered me his old iPhone for around the same, better deal imo. I got a new “fancy” phone and was able to get the authenticator app.

    I would like to see a system where Blizzard text you a one off code everytime you login as a system for those who don’t have a smartphone and don’t wish to fork out for the extravagant postage!

Show more comments

Log in to comment on this story!