Gaming Secured

A very interesting bit of news dropped recently that is going to have profound effects reaching well beyond gaming:  Blizzard  just created a "Mobile Authenticator" application for the iPhone.

Essentially, months back the company released a physical device that generates what looks like random numbers, but is actually synced with its servers.  When logging in, users enters their password and this number, which theoretically protects against unauthorized remote login, and at very least limits account compromise (trojans are still a problem, though).  The problem with this method is, it required a $5 dongle to be sent to users, and then carried around for logins.

The system has been implemented by a number of banks, not just Blizzard.  But they have all faced the issue of having to distribute physical devices.  Until now.  By releasing a mobile app that serves the same purpose, Blizzard has consolidated the functionality of the dedicated device into a mobile phone.  The company is planning on rolling the application out to more than just the iPhone, and offering the service for free.

I think it's only a matter of time until we see a major trend toward this two-factor authentication now that it's being incorporated into phones.  For financial service companies, these apps will be a great branding opportunity to get on users' phones, and can always have additional services and functionality rolled into them.

Kudos, Blizzard -- this was a very smart move.

Tags: gaming
Recommend (5) Print RSS
2 comments about "Gaming Secured".
  1. Troy Gilbert from Mockingbird Games , April 3, 2009 at 1:20 p.m.

    Actually, this is a horrible idea. Why would I want to start carrying around physical devices (or loading my iPhone with additional apps) for the sole purpose of logging into a single service?

    I've used dongles like this before for truly high-security scenarios, e.g. remote VPN access to corporate networks.

    Honestly, there's a flaw in your entertainment product is this is necessary. I respect Blizzard and think they're largely brilliant in most things they do, but would seriously wonder what security hole is being exploited that requires this type of security for WoW.

  2. Josh Lovison from Josh Lovison Consulting , April 7, 2009 at 6:41 p.m.

    Troy,

    I have to disagree. WoW accounts are high value items - they sell for over $500 on eBay and can represent months of time investment. It isn't that Blizzard has a "hole" that's being exploited, it's that they have a giant target painted on their backs because of the inherent value of accounts.

    On the contrary, Blizzard is one of the most security conscious companies out there in any category, especially for a gaming company. This two-factor authentication is an optional measure that they provide for free to those interested in participating. By consolidating that functionality into an iPhone app, they lower the barrier to entry significantly.

    The idea here is that a mobile application is a much better execution than a physical dongle for these purposes, especially if this is implemented across various secure institutions -- while it is ridiculous to carry a dongle for your bank, your corporate VPN, and you WoW account, having three apps on your iPhone is much more manageable.