It's kind of crazy. I know that my battle.net account is more secure than a lot of people's online banking credentials: not only do I need a user name and password to access my bnet account, but my account is linked with a mobile app that gives me time-sensitive one-time-use 8-10 security code.
Recently I had to wipe my phone without being able to get the serial number information from the bnet app. It was kind of a pain, but I had to actually scan and send in an image of my drivers license for them to release the old authenticator from my account so I could attach a new one.
Think about that. An online gaming company is more secure about account authorization than a lot of banks are.
The law doesn't care about their game's fictional currency. They have more incentive to protect it than a bank has to keep real money as secure as possible.
Blizzard pays support costs when player's accounts get hacked and are motivated to keep the players as happy paying customers.
Many banks seem to regard deposit holders as merely some kind of annoying obligation necessary to participate in FDIC programs (and occasionally as a source of absurd fees).
See my comment. This is all in the above-and-beyond category. HOWEVER note that the profits Blizzard is seeing from battle.net may be more than the profits of that entire bank. They have more clients, need a reputation, and are in fierce competition. That bank may not be.
It is overall saddening that Blizzard, a game company, protects user data better than a bank. HOWEVER note that this happened in 2009. I doubt Blizzard was this secure back then. Also iPhone and Android were not as big then as they are today, and they were more up-and-coming than anything.
This is a tad off topic, but the iPhone authenticator was added early in 2009 (see: http://wow.joystiq.com/2009/04/03/battle-net-mobile-authenti...) and the hardware fob was already in use well before that, with the same stringent identity verification methods in place in case the authenticator was lost.
Blizzard offers the best of both worlds in my opinion: the authenticator is cheap/free and optional so you can choose how secure you want your account to be. Though, as noted, it's expensive for Blizzard to restore all the hacked accounts so they have incentives (free Corehound pet, for example) if you opt-in to have an authenticator on your account.
Chase is similar. Username and password, and to login from a new device (web, iphone app, etc) requires putting in a time-sensitive code sent to your phone by SMS or email. An actual dedicated mobile app is somewhat a bad design since many people do not have smart phones and it makes it client dependent vs. account dependent.
Recently I had to wipe my phone without being able to get the serial number information from the bnet app. It was kind of a pain, but I had to actually scan and send in an image of my drivers license for them to release the old authenticator from my account so I could attach a new one.
Think about that. An online gaming company is more secure about account authorization than a lot of banks are.