Me and Love ordered some WoW-account authenticators mid-january and some days ago they finally arrived. I've never been particularly afraid of my account being hacked, I don't surf porn sites (really I don't) or other dubious places of the internets and I regularly change my password which is quite complex (which wouldn't matter to a keylogger though). With the recent increase in hacking of accounts I know you can get scammed even by doing things you've always done though. Maybe an addon over at your favorite addon site has a keylogger? Not impossible. Love insisted on us getting them and I thought why not, they're not expensive and there is only things to gain from using them.
So how does it work?
You get a little paper with your Authenticator, which is quite small (both the paper and the authenticator), which tells you where to go to connect your Authenticator to your account. You can bind several accounts to one authenticator, but not several authenticators to one account. The address on the paper didn't work at all for me though. First I got an error page because I hadn't typed the last "/" in the internet... I mean wtf, who needs the last "/"? But ok, maybe the security around Blizzard pages is so high you simply have to be very very exact when typing the addresses.
When finally getting the page working the asked me to log into my Account Management Page and add my authenticator to my account. But when logging on I got the message that no WoW-account was bound to that login. I got a little worried here since I know fake login screens is one way to snatch your account information. But I had got the address from Blizzard themselves, right? And I had definitely not typed it wrong.
I went over to wow-europe.com instead and logged onto my account as usual. Got into Battle Net and then everything worked like it should.
Using the authenticator itself works really nice. You log onto your WoW-account as usual, with your battlenet username and password and will then be asked to fill in your authenticator code. The code is received simply by clicking the only button there is on the little authenticator and then a 6 digit code will appear which you type in. The code will only be visible for about 10 seconds, so you better memorize it fairly fast. It will also only be valid for about 5 minutes (not sure exactly for how long) which is the reason no authenticator-account has yet been hacked. The password doesn't last long enough for the hacker to get in!
Theoretically it's still possible though. If you're under a targeted attack, where the keylogger sees what you type in real time so to speak, he'll have 5 minutes (or what it is) to log into your account and change your password. He'd also first probably have to remove the authenticator from your account. Tight on time, but doable. No hackers have the amount of time to spend looking at people in real time however, so this happening is very slim.
It's easy to use, cheap and greatly increases the security of your account (and most importantly of course, you get a little Core Hound Pup in game companion pet!), so I recommend getting you an authenticator for your account!