WoW Rookie: Keeping your account safe and sound
by Lisa Poisso 
May 6th 2009 at 7:30PM
It doesn't take keyboard gymnastics to prevent your account from getting hacked. As a new player, you're bound to be concerned – and if you do any digging at all, you're also bound to uncover a tangle of acerbic, rather arcane-sounding comments (many of them on posts right here at WoW Insider) about what operating systems, browsers and browser add-ons are most secure.
You really don't have to change your entire computer system simply to keep your WoW account safe. This week, WoW Rookie rounds up a selection of WoW Insider posts that show you how (and why) to keep your WoW account from being hacked and prevent your computer from spilling its beans to the world at large.
 |
Account security basics Although this older WoW Rookie post doesn't contain information on newer security measures such as the Blizzard authenticator key, it does a good job at reviewing the routine steps you should be taking to protect your World of Warcraft investment. Find about about creating a strong password, how to dodge keyloggers and phishers, and what to do if you find your password has mysteriously stopped working. |
 |
Tips for keeping your account safe More security basics: keeping software up to date, scanning for viruses, avoiding gold sellers and powerleveling services, recognizing e-mail scams and using the Blizzard account authenticator key. |
 |
Blizzard speaks on authenticator security Blizzard answers WoW Insider's questions about how Blizzard authenticator keys work and clarifies common questions about security. |
 |
Activating your account authenticator key Here you go: step-by-step instructions on how to activate your own Blizzard account authenticator key. |
 |
Account security is your responsibility Gaming companies place some of the blame for a compromised account on you, the account holder -- and for good reason. The browsers you use, the sites you visit, your firewall settings, the anti-virus software you use and how often you update your software are just a few of the ways that you contribute to your own hacking experience. |
 |
Account security mythbusting Contributing Editor and former Blizzard CM Michael Sacco shares his inside experience and knowledge to burst or confirm common account security myths. |
 |
Preserving your online privacy Even if you think you've got nothing to hide, you don't want to discover your Social Security number posted on the WoW forums or hear guildmates discussing your home address and telephone number. Here's how to maintain your personal information privacy. |
 |
Patient patching prevents problems In a hurry to patch? Downloading from unofficial sources puts you at risk for all sorts of malignant surprises. Here's why you should stick with Blizzard (or a verified source like our sister site, Big Download). |
WoW Rookie feeds you the basics to get you off to a good start in the World of Warcraft. Find more tools you can use in the WoW Insider Directory and WoW Insider Leveling Guides.Filed under: Features, WoW Rookie, Account Security
Reader Comments (Page 1 of 2)
Shade May 6th 2009 7:37PM
I know they had an authenticator app for the iphone - have you guys (or anyone else for that matter) heard if they're making one available for the G3?
Agerath May 6th 2009 7:43PM
Any news on the Blackberry one that was said to be under development?
Fizzl May 6th 2009 7:52PM
To quote the mythbusting article:
"If your account is compromised, it is your fault."
More importantly if you do get hacked you need to have a think about how it happened and is the same thing going to happen again. Is your machine still infected? Was it something else that was compromised that gave then access, for instance your web based e-mail account that you use for WoW, E-Bay and online banking...?
Your best weapon is a fully patched OS, Browser and all other software. Unpatched versions of Flash player or JAVA remaining on your system is a classic way in. Second engage brain before random clicking, there are better places to look for porn and win iPods than on warcraft sites!
peon47 May 6th 2009 7:59PM
And for those people who share their account details with friends, even though you may trust your friend not to mess with your account or character, are you 100% sure they have all of the above, and are are security conscious as you?
(Clue: No, you cannot be 100% sure)
AishaLove May 6th 2009 8:48PM
I would be very weary of using an app for a phone as an authenticator, it opens the authenticator to be more easily compromised.
Right now, if you want the data used to generate codes from a blizzard key, you need to crack open the case, this fries the chips, if you do not fry the chips I belive that the chips are coated in resin so you would physically destroy the chip trying to extract it.
If someone can get ahold of your phone they can copy the app off conceivably and then they don't even need to find the data needed to generate the codes, they can just use the copied application.
Always best to buy a physical key that is temper proof
Malkavos May 6th 2009 9:14PM
I think the apps the above person was referring to are to use an authenticator to access the phone itself, not to use the phone as an authenticator.
gr8rx May 6th 2009 11:52PM
Wrong, wrong, and more wrong...
It doesn't work how you think it does at all. It uses an algorithm based on a unique key code generated when the software is setup, which is then linked to your account.
It's not a case of "LOL YOUR CODE IS 2323233223!!", it changes every time you use it based on many factors. Go read up on it before you make assumptions and start spreading it as gospel.
For the most basic information on it: http://www.wowwiki.com/Blizzard_Authenticator
Not knowing exactly how the iPhone app works, I'd hazard a guess that it does the following;
- Generates a unique code on installation, saves to iPhone
- Asks for you to enter this code into the Blizz. auth system
- Randomly generates a valid code upon each request
They would have to essentially steal your phone, much akin to having to steal the authenticator, in order to replicate *your* code.. And as mentioned, also know your password.
lytstep May 6th 2009 8:50PM
I would like to know if or even when the authenticators will be available. I have been trying to get one since my account was compromised in January, and they haven't been available, ( I am in Canada so I haven't been checking the availability in the states). They will not even let you preorder for if they become available. If they cannot get any at the low price, I have a feeling they were selling them at cost, could they tell us what other brands of authenticators that can be used with WoW. Maybe you can ask them and report to us. I have been changing my password everyday through a very secure compurter at work for now.
Zhabroah May 6th 2009 9:11PM
http://www.blizzard.com/store/details.xml?id=1100000443
Authenticators used for Canada are available right now from the Blizzard store. Coming from Australia I bought the same one just last month.
Joshua Meadows May 6th 2009 9:19PM
This isn't very accurate. You can't get "the data used to generate the codes" from the key, it's a random algorithm, nothing inherent to the device itself.
And if you have the device itself, why do you need to figure out how the number is generated? You have the authenticator in your hand!
You still need to know the account password (not to mention the account name) though t0 get in; and frankly if I need t0 start worrying about WoW account hackers knocking me over to steal my keychain or iPhone then the world is a scary place for gamers.
While the app method isn't quite as secure as the keyfob one (technically), the difference in security between the two of them is so infinitesimal that you're fine using it. And frankly using an app is still better than not using anything at all.
Joshua Meadows May 6th 2009 9:20PM
This was meant for AishaLove above, got to love that WoWInsider comment system.
fauxgt4 May 7th 2009 1:55AM
Steps to easy not-losing an account:
1) Buy a mac.
2) Make sure you don't enter your password into any program except WoW.
There we go! You're done.
Next week... one easy step to avoid viruses, worms, and other computer baddies.
Dudar May 7th 2009 2:23AM
Ha! Buy a Mac! Hilarious!
If WoW is the only game you'll play, please go ahead. Otherwise, please spend the extra costs of the "elitist-idiot-box" on a better (or a 2nd videocard) for your PC and have some decent in WoW.
I've had a WoW account since day one and I've never had any problems with it. Golden tip: don't be an idiot. That's just about it. Only log into the WoW client with your password and keep your Windows up to date. Get yourself Windows Defender to keep spyware out, in case you have a little sister or a little brother who IS in fact an idiot and uses your box.
Michael May 7th 2009 9:09AM
I run a PC and have never had any issues. I do not use any anti-virus or a authenticator. I simply do not log into the forums or go to questionable sights(I have a second pc to surf the net with), and only use my PC for WoW.
Commons sense is the best security, but you cannot buy that and it is rare these days.
Michael May 7th 2009 12:49PM
WTB editor!! lack of sleep and fast typing do not mix.
'I run a PC and have never had any issues. I do not use any anti-virus or a(an*) authenticator. I simply do not log into the forums or go to questionable sights(sites*)(I have a second pc to surf the net with), and only use my PC for WoW.
Commons(Common*) sense is the best security, but you cannot buy that and it is rare these days.
Endless May 7th 2009 3:46AM
I keep hearing Authenticator this, Authenticator that... did you know your Authenticator can break rather easily? Did you know it can just stop working, without any good reason and any chance to fix it? Did you know it has a warranty of two months (and I dunno how it fits with the fact that any electrical device has -two years- warranty by law in most of EU countries)? Did you know that, when your authenticator breaks, you're stuck out of WoW and you got to write to Blizzard, sending them all sorts of your precious info, including a copy of your ID card?
Chance to get hacked is very, very low, unless you are a sloppy computer newb who shouldn't be on Internet at all. On the other hand, eventual breakdown of your Authenticator is almost certain (which is why they put two month warranty on it: it's a crappy and faulty piece of cheap chipboard, and they know it)...
Noraa May 7th 2009 3:49AM
Blizzard's security has serious, serious issues. For example, not one hour ago I lost access to both of my accounts. I can't get them back, and they're MY ACCOUNTS! Yet come Chinese farmer can break into it, change everything in a matter of minutes.
I can't change my email, because my email is no longer associated with the account.
I can't post on the forums, because I can't log into my account.
I can't call Blizzard, because they are closed.
I find it astounding that I can't give their little automated website some kind of piece of personal information to get my account back before I have to call them - you know, when they wake up - tomorrow at 8 am. In the meantime, I have to hope that no farmer destroys my accounts.
Rediculous. They are my accounts, and I cannot give their stupid website any information to rescue them.
But hey, whatever sells authenticators.
Pizzathehutt May 7th 2009 6:12AM
I feel your pain, it has happened to me twice in a two week period where I lost both of my accounts and the authenticators were sold out.
Luckily they are available again to buy and have been available for the last month and a half. I live in Western Australia, I ordered one on a thursday afternoon and a Fed xpress van delivered on the same Monday, that is how fast they come.
Since they have changed your passwords and email address as they did to me you should start the ball rolling straight away if you can and start a trial account and get a in game GM to lock your accounts for you. Also get up at 2am and make the phone call, it is worth it. When you get your accounts back ask them if you haven't done so already to convert them to battlenet accounts.
The speed blizzard have got their account recovery down too is actually quite impressive. In four days they had recovered both my accounts and sent me all my gear back, minus an epic belt but I wasn't going to squabble about it. Two years ago my account was hacked and it took over a month, was so annoying.
Their automation system sucks and I am pissed off that anyone can change your password with just your email address using their system. 'Forgot your password'. They don't ask for you secret question once and that is the frustrating bit.
Neriell May 7th 2009 5:45AM
I agree that Blizzard site security has major issues.
I had to get my legal name changed on my account, and the webform where I was requested to upload scans of my old and new IDs, not to mention my account name, CD key and secret question, wasn't on a secure connection from what I could tell.
Blizzard EU store could also use some work. It doesn't use VbV which my bank requires for security, so I can't buy an authenticator.
With the issues of compromised accounts, hacking, and everything else that goes with it, I would expect them to invest a lot more on their site security.
And yes. I have been hacked, and I was lucky to get my stuff restored.
Shaibachan May 7th 2009 8:42AM
Hmmm, text file with password.
Ctl+A, Ctl+C, Ctl+V
3 keystrokes and no hacker knows what it is. And that's without an authenticator.