A very interesting bit of news dropped recently that is going to have profound effects reaching well beyond gaming: Blizzard just created a
"Mobile Authenticator" application for the iPhone.
Essentially, months back the company released a physical
device that generates what looks like random numbers, but is actually synced with its servers. When logging in, users enters their password and this number, which theoretically protects against
unauthorized remote login, and at very least limits account compromise (trojans are still a problem, though). The problem with this method is, it required a $5 dongle to be sent to users, and
then carried around for logins.
The system has been implemented by a number of banks, not just Blizzard. But they have all faced the issue of having to distribute physical
devices. Until now. By releasing a mobile app that serves the same purpose, Blizzard has consolidated the functionality of the dedicated device into a mobile phone. The company is
planning on rolling the application out to more than just the iPhone, and offering the service for free.
I think it's only a matter of time until we see a major trend toward this
two-factor authentication now that it's being incorporated into phones. For financial service companies, these apps will be a great branding opportunity to get on users' phones, and can
always have additional services and functionality rolled into them.
Kudos, Blizzard -- this was a very smart move.
Troy,
I have to disagree. WoW accounts are high value items - they sell for over $500 on eBay and can represent months of time investment. It isn't that Blizzard has a "hole" that's being exploited, it's that they have a giant target painted on their backs because of the inherent value of accounts.
On the contrary, Blizzard is one of the most security conscious companies out there in any category, especially for a gaming company. This two-factor authentication is an optional measure that they provide for free to those interested in participating. By consolidating that functionality into an iPhone app, they lower the barrier to entry significantly.
The idea here is that a mobile application is a much better execution than a physical dongle for these purposes, especially if this is implemented across various secure institutions -- while it is ridiculous to carry a dongle for your bank, your corporate VPN, and you WoW account, having three apps on your iPhone is much more manageable.