|
ghoselle
|
 |
« on: March 05, 2010, 01:06:47 PM » |
|
I'll admit I've been lame about getting an authenticator set up on my account. Part of this is I play on a second computer very sporadically so keeping the authenticator by my main machine would be problematic. Part of this is that I've bought an authenticator, then promptly lost it. Which made me nervous about associating it with my account. So what I really want is a way to have _2_ associated with my account. Which isn't supported. However, I found this on EJ: http://elitistjerks.com/blogs/koaschten/443-emulated_authenticator_edition.htmlAssuming I set this up, and then duplicate it over to the other computer, it seems this would do what I want it to do. Other than potential CPU overhead (which I honestly don't care about), what would be unwise in doing this? I'll admit I suspect its a bit of security through obscurity, in that if everyone started doing this it'd be a target for hackers. |
|
|
|
|
Logged
|
|
|
|
|
jsoh
|
|
« Reply #1 on: March 05, 2010, 01:13:26 PM » |
|
Disclaimer: Have not looked at all at the Android VM stuff.
The thing that immediately comes to mind is how the Blizz authenticator gets the serial number, which its presumably using as a unique key. The implication is that its coming from some hardware-specific seed (vis the 'wipe everything, and see if the serial number is the same' bit). My concern would be that the emulator doesnt actually report unique serial numbers (or has a very small set of serial numbers or overrideable serial numbers), at which point anyone else with the emulator and the app could theoretically have the same keyfob as you.
|
|
|
|
|
Logged
|
|
|
|
ulveig
Newbie
Posts: 16
|
|
« Reply #2 on: March 05, 2010, 01:20:10 PM » |
|
It breaks "something you (exclusively) have; something you know" by allowing anyone who has access to your machine (think: remotely compromised) to have access to your authenticator.
|
|
|
|
|
Logged
|
|
|
|
|
Gwyddyon
|
|
« Reply #3 on: March 05, 2010, 02:09:50 PM » |
|
It strikes me as less secure than a single keyfob authenticator but less secure than not having one at all. A brilliant insight, I know.
|
|
|
|
|
Logged
|
Gwyddyon | Gwyllow | Gwyah | Gwystal | Eckhardt | Gwymbulvetr | Tethys | Gwynyang | Gwyabolic | Gwynchester
|
|
|
|
Andy
|
|
« Reply #4 on: March 07, 2010, 02:19:22 PM » |
|
It's simple Ghos. Get your nipple pierced and chain your authenticator fob to it.
And by nipple, he means scrotum. |
|
|
|
|
Logged
|
|
|
|
Ungrimmar
Cupcakes Member
Posts: 41
|
|
« Reply #5 on: March 07, 2010, 06:47:02 PM » |
|
It's simple Ghos. Get your nipple pierced and chain your authenticator fob to it.
And by nipple, he means scrotum. and by scrotum, he means taint. |
|
|
|
|
Logged
|
|
|
|
|
Glognar
|
|
« Reply #6 on: March 08, 2010, 11:14:58 AM » |
|
|
|
|
|
|
Logged
|
|
|
|
|
ghoselle
|
|
« Reply #7 on: March 08, 2010, 11:41:48 AM » |
|
I've already had issues with my current phone becoming unreliable, such that I don't want to but my raid group at the mercy of apple's fickle tech support/software updates. I think blizzard's restore everything procedure has been observably faster than getting my iphone fixed was. The software authenticator replicated across two computers gives a nice backup. Especially if I generally only run it on the laptop that sits next to the desktop. What I really wish is they had a way for me to have both a software and hardware authenticator. That way I'd have a reasonable way to get in to my account the next time the iphone decides to go belly up, but could use the iphone for the majority of my auth'ing. |
|
|
|
|
Logged
|
|
|
|
|
**andius
|
|
« Reply #8 on: March 09, 2010, 11:09:31 PM » |
|
I've already had issues with my current phone becoming unreliable, such that I don't want to but my raid group at the mercy of apple's fickle tech support/software updates. I think blizzard's restore everything procedure has been observably faster than getting my iphone fixed was. The software authenticator replicated across two computers gives a nice backup. Especially if I generally only run it on the laptop that sits next to the desktop. What I really wish is they had a way for me to have both a software and hardware authenticator. That way I'd have a reasonable way to get in to my account the next time the iphone decides to go belly up, but could use the iphone for the majority of my auth'ing. Buy a real phone then  |
|
|
|
|
Logged
|
Andius (Survival Hunter 80),Belandius (Shadow Priest 80),Dalandius (Arms Warrior 80),Drandius (Enhance Shaman 80),Elandius (Assassination Rogue 80),Vandius (Frost Mage 80),Deandius (Frost/Blood Deathknight 80),Delandius (Bear/ Kin Druid 80),Jinandius (Ret Paladin 76),Shandius (Demonology Warlock 80)
|
|
|
|
ghoselle
|
|
« Reply #9 on: March 10, 2010, 05:44:59 AM » |
|
Buy a real phone then If you are offering to pay the early termination fee... |
|
|
|
|
Logged
|
|
|
|
|
Aviel
|
|
« Reply #10 on: March 10, 2010, 05:49:32 AM » |
|
Attach Blizz fob to your keys. That is what I do. I have not lost my keys since! Well, not for very long anyway.
|
|
|
|
|
Logged
|
|
|
|
|
**andius
|
|
« Reply #11 on: March 10, 2010, 01:10:29 PM » |
|
Buy a real phone then If you are offering to pay the early termination fee... Sorry but no I'm running mine on a old phone my mother was not using mostly because while I could buy a Authenticator paying 3 times it price in postage at the time did not seem good to me. Just checked now and whle they have raised the price a bit they are doing it postage free in Europe just like it has been from the USA store. I like Aviel idea myself  Attach Blizz fob to your keys. That is what I do. I have not lost my keys since! Well, not for very long anyway.
I like the idea of allowing two Authenticators to share the same code, if my phone/Authenticator breaks I'm lock out  |
|
|
|
|
Logged
|
Andius (Survival Hunter 80),Belandius (Shadow Priest 80),Dalandius (Arms Warrior 80),Drandius (Enhance Shaman 80),Elandius (Assassination Rogue 80),Vandius (Frost Mage 80),Deandius (Frost/Blood Deathknight 80),Delandius (Bear/ Kin Druid 80),Jinandius (Ret Paladin 76),Shandius (Demonology Warlock 80)
|
|
|
|
Glognar
|
|
« Reply #12 on: March 14, 2010, 07:46:41 AM » |
|
Wow. Just realized that the Android SDK lets you download apps from the Android market. That sounds like a bad idea. Would have thought the SDK would allow you to develop and test your app, not download others.
So now the bad guys who are trying to get into your account just need to hack your machine, get your serial number, and pop it into their Android emulator.
Too bad you are having bad luck with your iPhone. Mine been trouble free over the almost 16 months I've had it.
|
|
|
|
|
Logged
|
|
|
|
|
