Sunday, June 29, 2008


Blizzard is going to sell a One Time Password device. I suppose I should comment about security adoption or something like that but every time I see WoW now I just can't stop thinking about that South Park episode.

Isn't it kind of funny when an online game has better security than most banks?


Marisa Fagan said...

Blizzard has had a handle of permissions for years... Don't forget about the two factor Strength=20 Dexterity=15 authentication before you can access the Staff of Shadows!

Christian "@xntrik" Frichot said...

Just posted on the same thing. And yeah, if a Bank isn't offering you 2FA now, it's starting to get a little bit embarrassing.

yoshi said...

Has anyone documented which banks offer 2FA? I keep a major account at E*Trade partially because they offer a token. And watched with amusement as they almost went out of business last December. When that drama was unfolding I looked around at other banks and had a bitch of a time determining who offered and who didn't.

yoshi said...

To clarify my previous question: ...offer token based authentication to people who aren't millionaires.

Christian "@xntrik" Frichot said...

Hey Yoshi,

I can't really comment on anywhere except in Australia. But I know, by the end of the year most of the banks here will offer retail customers 2FA either through tokens or SMS.

Uthacalthing said...

No, it's not at all embarassing that Blizzard offers tokens and banks don't.

People who play Blizzard games like World of Warcraft are losing stuff they care about to credentials theft, and in significant numbers. The transactions resulting from the theft are hard to reverse. Blizzard has the support costs for straightening this out.

Contrast this with people who play banking games like "credit card account". They're not losing money in sufficient numbers that the support costs for banks are rising the same way.

First, the banks are bigger. Second, the transaction reversal is well-practiced, since that's one of the ways the banks make their money. Third, at least in countries with rational policies, the banks have become good at detecting and preventing the fraud, plus cleaning it up. Even better, in countries with insane policies like the UK, the banks get to say "sux2bu" or perhaps even charge the victim with fraud, and their support costs go to zero.

It makes more sense for Blizzard to offer tokens than it does for a bank to do the same. Blizzard has a different problem, with fewer back end controls, and no way to sluff off their support costs onto someone else.