[keycloak-dev] lost World of Warcraft authenticator
Bill Burke
bburke at redhat.com
Wed Sep 18 20:12:39 EDT 2013
I recently had my iphone short and break because I got it wet. World of
Warcraft uses TOTP and I wanted to walk through the 3 different options
they have for handling lost authenticators.
Option 1: Remove the authenticator via the Web
This required specifying:
* Your secret answer. An "answer" being, what is the name of your pet
or something
* Email
* Attaching a image scan of your ID
Option 2: Remove the authenticator via an SMS message
Sends a verification SMS message to your phone that allows you to remove
the authenticator. Note it doesn't reset your password.
Option 3: Call up support
They asked for:
* 2 secret answers
* Address
* Phone number on account
They then allowed me to set up the authenticator on the phone in which I
had to give them the autogenerated key provided by the authenticator.
For Google Authenticator, it would have to be switched, the admin would
have to provide the totp key to the user to type in. The admin then had
you log in to make sure everything worked.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list