12 August 2012

Mild authenticator sync issues

While mostly AFK; I am still maintaining my wow account subscription.

With the recent security notice where blizzard recommended that you change your password, I decided to log back in and change mine.

I have an authenticator fob I got a couple of years ago, that is meant to last for 5 years.  However, my authenticator got out of sync (grumble).  It happens when the clock in your authenticator runs at a different speed to the clock at blizzard.

The game launcher gives the same message regardless of whether you have a password or authentication token number issue. However the battle.net website gives a different message for authentication token problems.

This has happened twice.  The first time; I had tried to search for an online resync tool.  I found one; it didn't work; and I locked myself entirely out of my account.  That only happened about 2 months ago.

A phone call to blizzard and in a reasonable amount of time; the tech support reset my authenticator.  Despite that there is meant to be a 5 year life on an authenticator; mine is only 18 months old; and the tech support suggested that I change it already.  Mmmm. Incidentally - those of us in Australia will often get priority phone support - Blizzard doesn't like our rates for keeping someone on hold.  (There really are times that those outside of the US get faster support.)

When I tried to change my password; I again had the same problem with authenticator synchronization.  This time I thought I would try to figure it out myself.  Again I went looking for the reset synchronisation tool; but this time I could not even find the page I found last time, so that failed.

But then I got thinking.  Authenticators work by two different machines, with two different - but meant to be accurate clocks, generating the same number with the same algorithm at the same time.

It can go screwy when one clock runs faster than another. In this instance; it is possible that the Blizzard clocks were 'slowed' by the addition of a leap second 30 June this year. As far as I know - authentication servers try to adjust their local clock to allow for the the tokens last use; but I have not been logging in much.

But what I tried worked.  Instead of entering the authenticator code as soon as it came up on my token, I typed the code in straight away; but waited until the token's code changed before hitting enter.  It worked and let me in.  My authenticator's clock was faster than the Blizzard server's clock.

This approach will only work if your authenticator is faster than the server.  If you have problems with your authenticator codes; it is worth trying.

I also set up my SMS alert at the same time; which will allow me to disable the authenticator should this error occur again.
 
Incidentally - if you re-use passwords (and you shouldn't but most do), then you should change the password for anything that re-used your blizzard one.  Especially if it is your email account's password. (No I wasn't that bad at least).

As a final note; I had *awful* problems with the Cataclysm installation when it came out, that were fixed by restoring from a second copy of WoW on another PC.  I will be writing about how I restored my Window XP installation.  I can theoretically tell others how to fix a Windows 7 installation (which will be similar), and might be able to work out a Mac or Wine install, but thing that it would be better if fellow bloggers wrote about how to back up and restore a their own operating system's WoW folders.

1 comment:

  1. If you have the means, consider going with the free iphone/ipod authenticator tool which will not only resync on command, but also provides more numbers to secure your login.

    I was going to go with a keyfob until I realised the app was actually more secure and easier to administer.

    The SMS security backup will ensure you're covered if anything goes wrong regardless.

    ReplyDelete

Due to the blog mostly being inactive and the only comments recently being anonymous spam; I have restricted comments to "Registered Users"; hat includes anything google recognises as an account (google, openId, wordpress etc). I am still (mostly) active on foo-eve.blogspot.com

Blogger comments supports basic html. You can make a link 'clicky' by <a href="http://yoursite/yourpage">yoursite/yourpage</a>

Disagreements are welcome - especially on speculative posts. I love a great disagreement.

I have a comment moderation policy (see the pages at the top)