Is your World of Warcraft account more secure than your online banking account?

Blizzard, creator of the immensely popular MMORPG game World of Warcraft, has come out with authentication tokens as an added layer of security for game account holders. For $6.50, you can order a key fob that generates a random number when you press a button on the fob. Account holders who have tied their accounts to this authentication token will be required to enter that random number along with their standard username and password in order to login to the game.

The idea here is that even if someone else has obtained the player’s username and password, they will be unable to login unless they have the authentication key fob physically in their hand, since the number generated by the token expires after a certain time and is randomly generated each time the user pushes the button on the key fob itself.

I used to have one of these Citrix-based key fobs when I worked at a blood bank in California, and the token was required in order for me to access the internal network from a remote location. Understandable, since the blood bank network contains quite a lot of very personal information such as social security numbers and donor eligibility based on any diseases the donor might have.

Blizzard’s move certainly makes a degree of sense, considering some high-level, well geared WoW accounts can sell for $1000 or more, and an account of that stature has clearly taken months or years of the account holder’s life to attain. Paying $6.50 for an extra layer of protection on your time and money investment seems like a pretty good idea.

What is perhaps a little troubling, however, is that neither of the two banks I do business with offer this level of security to protect my actual bank accounts. My online banking systems, both of which are hooked into bill paying, online statements, full account histories, scanned check copies (through which my checking account number could easily be snagged), are merely a username and password away.

Would you pay seven bucks for an extra layer of security on your banking information? I know I would. So what are the banks waiting for? Why is my video game using a more secure two-factor authentication system, but my banking institution is not?

And as a side note, as these types of systems become more commonly implemented (as they should be), is there a company out there that will find a way to tie multiple systems together, so I don’t have to walk around with 15 different key fobs?

Advertisement

Themeforest

Advertisement

468x60_makemoney
Mr. Right gift newsfeed
Previous post

Planning a Facebook Application: Part Two

amazon_header
Next post

Put a Fun, Techy Spin on the Boring Office Card

snipe

snipe

Iā€™m a tech geek/dev/infosec-nerd/scuba diver/blacksmith/sword-fighter/crime fighter/ENTP/warcrafter/activist. I'm the CTO at Mass Mosaic and the CEO of Grokability, Inc. in San Diego, CA. Tweet at me @snipeyhead or read more...

  • I couldn’t agree with you more that more companies need to adopt two-factor authentication.

    Regarding your last question on a system that allows you to only have one keyfob (or other two-factor credential) and use it on multiple sites, what you’re looking for is the VeriSign Identity Protection Network. This is the technology behind PayPal’s popular Security Key, and allows you to use the same device on any other member site, including eBay, AOL and GEICO. You can read more about it at: https://idprotect.verisign.com/wheretouse.v

  • I couldn’t agree with you more that more companies need to adopt two-factor authentication.

    Regarding your last question on a system that allows you to only have one keyfob (or other two-factor credential) and use it on multiple sites, what you’re looking for is the VeriSign Identity Protection Network. This is the technology behind PayPal’s popular Security Key, and allows you to use the same device on any other member site, including eBay, AOL and GEICO. You can read more about it at: https://idprotect.verisign.com/wheretouse.v

  • Hi Jeff – thanks for the info! Its good to know there’s a working system to address that. Just so I understand correctly though, the company (in this case, the bank, and/or Blizzard) would need to set up their keyfob system through Verisign, yes? Or at least somehow make the decision to work with Verisign to link them in some way, so the user is at the mercy of the corporation making the decision of using that solution.

    In other words, me as a consumer cannnot consolidate my fobs using this service unless all of the fobs I want to consolidate are members of the Verisign Identity Protection Network, correct?

  • Hi Jeff – thanks for the info! Its good to know there’s a working system to address that. Just so I understand correctly though, the company (in this case, the bank, and/or Blizzard) would need to set up their keyfob system through Verisign, yes? Or at least somehow make the decision to work with Verisign to link them in some way, so the user is at the mercy of the corporation making the decision of using that solution.

    In other words, me as a consumer cannnot consolidate my fobs using this service unless all of the fobs I want to consolidate are members of the Verisign Identity Protection Network, correct?

  • “me as a consumer”? Oy. Been a long day already, it seems. Try “I, as a consumer”.

    I, as a consumer, have teh dumb and cannot brain today.

  • “me as a consumer”? Oy. Been a long day already, it seems. Try “I, as a consumer”.

    I, as a consumer, have teh dumb and cannot brain today.

  • That’s right, it’s up to the site that’s accepting the device to pick the backend technology that validates those 6 digit codes.

    So while there’s not much I can do about Blizzard, we can help with the more, ahem, “enlightened” companies that use our service.

  • That’s right, it’s up to the site that’s accepting the device to pick the backend technology that validates those 6 digit codes.

    So while there’s not much I can do about Blizzard, we can help with the more, ahem, “enlightened” companies that use our service.

  • Got it – thanks for the clarification! Its certainly a step in the right direction. I would expect (and hope) that two-factor authentication systems will become more commonplace in the future, and it would sure be nice if companies consider the end-user in these scenarios.

    I’m curious to see how this evolves. I would expect someone will (if they haven’t yet) step up to create some friendly competition for Verisign, offering something similar, with their own set of registered member companies. Even so, two key fobs (yours and theirs) would still be a helluva lot better than 15 šŸ™‚

  • Got it – thanks for the clarification! Its certainly a step in the right direction. I would expect (and hope) that two-factor authentication systems will become more commonplace in the future, and it would sure be nice if companies consider the end-user in these scenarios.

    I’m curious to see how this evolves. I would expect someone will (if they haven’t yet) step up to create some friendly competition for Verisign, offering something similar, with their own set of registered member companies. Even so, two key fobs (yours and theirs) would still be a helluva lot better than 15 šŸ™‚