My mother has one of these as well (she works as an enforcement officer for FINRA, which works closely with the government as well). The number isn't random as was mentioned in this post, but it is based off an AES key. Essentially, it would be EXTREMELY difficult for someone to pick up the algorithm just by watching the numbers you use.
It's interesting to see these in use for a game, but given the level of security some people want for their account, it's certainly a viable option.
Originally Posted by Sepioth
With the amount of authenticators they will be producing there will most likely be a high chance of there being duplicate generators. (In the same way that house keys have several duplicates out there as only so many ridges can be on a key ... eventually the pattern can repeat) But seeing as how you still need your original username and password the chances of this ever being hacked are next to nil seeing how they have only a few seconds to enter the exact same number that only the wow servers know.
|
No, there will be an extremely low chance of a duplicate keyset. Think of how many keypairs already exist on the internet, and we aren't even close to the threshold. If you consider 128 bit keys (I have no idea what they're using), we have 3.4x10^38 keys to use. Significantly higher than the 10 million-strong playerbase they boast about. RSA offers 128, 192, and 256-bit keys in their devices.
Originally Posted by Sepioth
The only downfall I really see is what happens when the battery dies or the unit malfunctions. How much of a hassle is it going to be to get back in to WoW?
|
When the battery dies, you replace it. The key is surely stored in ROM, and it is NOT a random number, it's based off time. The device should have an internal battery as well which serves only the purpose of providing backup power to an xtal oscillator or whatever other means they are using of keeping time, which should last a very long time. This is how your computer keeps time even after you unplug it or remove the battery from your laptop.
Malfunctions, on the other hand, you'll have to contact account services for. However, given that this can be done with an extremely simple microcontroller, an xtal, a couple of resistors and an LCD panel, there is extremely low chance of failure. It is not a complex piece of equipment.
BTW: This is not a new technology. Check out RSA's page on it and what it's all about
:
http://www.rsa.com/node.aspx?id=1156