Battle.net OTP

Instructions on setting your battle.net account up with Yubikey's authenticator app.

As of 08/15/2023 -- it has been confirmed that using the WinAuth program no longer works. Battlenet has changed their endpoint API and the program now times out when attempting to communicate with Battlenet. Additional means of adding Battlenet to your Yubikey, Bitwarden, and KeePassXC are currently being looked at.

❊ What is Battle.net?

Battle.net is an Internet-based online game, social networking service, digital distribution, and digital rights management platform developed by Blizzard Entertainment.

The service was launched on December 31, 1996, followed a few days later with the release of Blizzard's action-role-playing video game Diablo on January 3, 1997. Battle.net was officially renamed to "Blizzard Battle.net" in August 2017.

The platform currently supports storefront actions, social interactions, and matchmaking for all of Blizzard's modern PC games including Hearthstone, Heroes of the Storm, Overwatch 2, and StarCraft: Remastered, as well as various Call of Duty games, and Crash Bandicoot 4: It's About Time from corporate sibling of Blizzard Entertainment, Activision. The platform provides cross-game instant messaging and voice chat service.

❊ Battle.net Mobile Authenticator

The Battle.net Mobile Authenticator, simply called Battle.net Authenticator on the app stores, is a security mobile application.

The application is available for iOS and Android devices.

When you log in to your account, an authentication request is sent to your device. If the code on your device matches the one on your computer, press Approve.

If you want to login using the authenticator’s randomly-generated numeric code instead, click Use Authenticator Security Code on your computer. Then press Enter code manually on your device to generate an authentication code. Each code is unique and valid only once.

❊ Battle.net Secret Key

The battle.net authenticator secret key is the key you are given that is used by the mobile authenticator in order to generate a OTP every 30 seconds. Battle.net does not provide an easy way to view your secret; and they really don't want you having it. However, once you obtain your secret; you can use that secret to add your Battle.net account to any authenticator, including the Yubikey.

❊ Obtaining Battle.net Secret Key

Your secret key should be kept secret. Under no circumstances should you EVER give out your Secret Key to anyone, for any reason.

If someone obtains your secret key; they can then generate OTP codes and allow themself to access your battle.net account.

Since services like Steam and Battle.net do not want you having your secret key, we need to utilize a program called WinAuth. This is a free open-source application that has been around for years and is trusted. Using this application will allow you to obtain the secret key needed.

Download From Github

Download the latest version of WinAuth from the official Github page.

On the official website above, two versions available for download:

The first link appears to throw an error when you attempt to run it on Windows, and complains about a security certificate being expired.

If WinAuth-3.6.2.zip does not work, download WinAuth-3.6.2-NET35.zip.

At the time of writing this guide, the second file works fine.

Direct Download

The direct download has been provided here if you want to immediately download it. It is the latest version. The application has been marked as a Public Archive which means that no more versions of the program will release anymore by the original developer, however, the application still works as of 2023.

Once you have downloaded the exe file, execute it.

You will see a dialog with a few questions and instructions:

Enter a name at the top, and select an icon.

Select the New Authenticator tab and follow the instructions on-screen; which will ask you to sign into your Battle.net account in your browser.

Out of the options at the bottom, select:

  • Already enabled your Authenticator app? Link it to this Battle.net Account.

Last updated