Patch 5.3 interview with Ghostcrawler
Mystery of the Unborn Val'kyr
The latest patch 5.3 news
All of the latest Mists of Pandaria newsIn defense of care packages and mandatory authenticators
by Alex Ziebart 
Jan 11th 2010 at 11:00AM
First, how many of you have had your accounts stolen, or know someone that had theirs stolen? Chances are good every single person that reads this post will raise their hand to that question. The problem is not a small one. I'm in a rather large guild, and every few weeks someone has their account stolen and the little bits of our guild bank they have access to go with them. My large guild is also just one guild in a larger guild alliance which suffers the same problems. Every two weeks or so, someone I see online on a regular basis gets their account stolen.
This is only a small set of guilds on one server, and the problem is not unique to us. It's a problem you will find anywhere you go in WoW, so you can guarantee that every single day, hundreds of accounts are stolen. Each of these stolen accounts needs to be investigated, retrieved, and if everything turns out right, restored. Much like anything else in the world, this takes time. When you rush these things, you end up with the Martin Fury situation. As hilarious and intriguing as that was, it's not healthy for the game.
Plus, if that person you just restored is especially lacking in computer know-how, there is no guarantee they won't get their account stolen again the very next day after their restoration. Score one for the bad guys. Two stolen accounts for the price of one.
The Care Package
In many cases, after the care package policy was first implemented, Game Masters were offering players the care package and only informing them of the ability to do a full restore after they turned the original offer down. Since we've reported on this situation, the policy has been reiterated and it's been made clear that the intent is to offer both simultaneously, and let the player make their choice. With that clarified and reinforced, the policy is surprising, but not a wretched sleazy thing.
Remember that not all WoW players are people decked out in phat epic loot. WoW has a significant number of players still running around in greens, or even just leveling up for the very first time. Do these people really need full gear restores for their character(s)? This care package, for those players, could potentially be above and beyond what they had to begin with. For a player leveling for the first time, 2500g could easily purchase them a new set of gear on the auction house, pay their various mount/flight costs pre-epic flying, and then some. Not a bad deal for a couple days' worth of inconvenience, is it?
A full restoration for those characters with very little of value likely takes just as long as restoring an Icecrown Citadel geared raid tank that was nearing the gold cap. If those players in greens will accept the care package, that's a smaller number of characters in the restoration queue. With fewer players in the restoration queue, your raid's main tank will be restored faster and you can get back to grinding your face against Professor Putricide.
This care package policy is, overall, a good thing for the game. The problem only came in when it was being pitched incorrectly, making players believe they had to settle for a few badges and some gold instead of getting back the character that they (or their raid/guild) worked so hard on. How your message is communicated is everything.
Mandatory Authenticators
I admit, I am baffled at how divided the community is over this issue. Authenticators are wonderful things, and if Blizzard can get one into the hands of every single player of the game, a lot of the most frequently mentioned problems with WoW's customer service would be repaired. I would be most pleased if every copy of Cataclysm shipped with an authenticator.It is difficult (if not totally impossible) for Blizzard to completely protect a player from being hacked, phished or scammed. There is very little that they can do with the client itself to protect someone from their own mistakes, and that is the root of almost all hacked accounts. Blizzard keeps things secure on their end, and the players need to do the same on theirs. Most do not. In fact, I cannot even count the number of times I've heard someone say, "I don't need an authenticator, I think I know how to keep my computer secure" and then they get hacked not even weeks after. There are a lot of ways to get nailed with a keylogger, and they can be as simple as missing out on a Flash update by a matter of hours.
Accounts are rarely, if ever, hacked via brute force. Any limit Blizzard places on login attempts or any password blacklists they introduce would make people feel more safe, but it wouldn't actually make them safe. The authenticator, being a third party item that does not actually communicate with your computer, is the best possible way to keep your account secure. There's no threat of getting a keylogger in Vasco's authenticator.
I know that many people are concerned about losing their authenticator, and here is my tip to you: If you only use your authenticator in your own home, find a small strip of double sided tape and stick it to the outside edge of your monitor. It will be there forever. If you do use it in multiple places, use a strip of velcro instead of tape. You can put it there when you're at home, and when you're taking it to a friend's house or wherever you might be going, put it on your keychain or a necklace.
As soon as Blizzard can stop worrying about hacked accounts, they can focus on the myriad of other issues players face every day.
Final Thoughts
It's no secret that Blizzard's support department is worked to the bone, and the solution to that problem is not to hire dozens of people and throw more manpower at it. No matter how many game masters they hire to fix players' hacked accounts, those people cannot stop the accounts from being hacked. The game experience won't improve, players will just be inconvenienced for a slightly smaller amount of time. When one problem is dominating your entire staff, you don't simply hire more staff. You find a way to solve the problem.
The care package offer is a band-aid on a gushing wound when what you actually need is stitches. Yes, the band-aid will help a little, but it's not going to make the problem go away. You're still bleeding out. The path to healing is through shaking things up, and getting those authenticators in player hands. If incentives like the Corehound Pup aren't working, a more drastic decision needs to be made. I sincerely hope that the day I open my Cataclysm box, there is an authenticator inside waiting for me. I don't need it personally, being one of the earliest adopters, but it will be good to know Blizzard's support department will be on the road to healing and players won't need to worry about their guild bank disappearing like clockwork.
Filed under: Analysis / Opinion, Blizzard, Account Security
Reader Comments (Page 4 of 17)
Speedmonkay Jan 11th 2010 11:44AM
IIRC recently Blizz removed the shipping cost on their authenticators. Since you live in another country, shipping would be alot more than the miniscule amount they waive for domestic customer.
I've noticed alot of people who have issues getting authenticators are those in other areas especially in areas where the game isnt even sold. If Blizz was to make it mandatory it might be a big issue for them but Blizz will probably get out of helping them by saying they arent in a country where the game is authorized to be sold.
Im torn about the Authenticator in the Cataclysm box idea. Yes it would be great way to get everybody a token but would waste alot at the same time. I got one as soon as they were announced and then I got another one in my Blizzcon bag. I dont really need a 3rd token.
leonardocelso Jan 11th 2010 11:59AM
I've played WoW with my wife for over 3 years now and I've got to say that although the Authenticators seem like a Godsend answer to everyone who was or knows someone who has been hacked, I can see it being most troublesome getting to the more than fair player base outside the US.
Blizzard actually have Latin America servers but won't sell/ship the authenticators to them. I live in Brazil myself and you all can imagine the hardships of buying Vanilla, BC and Wrath all the way from here. After a long time Blizz has finally decided to start accepting Paypal for the monthly subscriptions, but every other service (name/faction change, transfers, etc.) still require US issued credit card.
I've had relatives help me out; when they moved from the US to Europe I had to resource to my guild master - though I wasn't comfortable with it, it was either do this or stop playing.
The vast majority of players that play WoW from other countries outside the US *did* get their copy online, so what do you do on that scenario? Try purchasing any games at Amazon or any other store and have it ship to Brazil, Argentina, Chile or somewhere else (just to cover Latin America) and see what you get - either it's not allowed to, or you'll end up paying over $200 in tax + ship/handling.
I'm just saying, authenticators are the way to go imho, but there's more to it than simply $6.50.
leonardocelso Jan 11th 2010 1:38PM
Aaaanyway, after a bit of fiddling around, I found out that my Blackberry model is actually supported for the Mobile Authenticator; I'm now $0.99 poorer and way happier and more comfortable (and I even got me a new pet).
So, some good came out of this thread after all, at least for me :D
Oh, btw: WTB edit button
Sadaye Jan 11th 2010 1:46PM
From what I understand the issue with shipping Authenticators is this:
Since it is technically a computer security device, customs on such an object can be incredibly high, and in some nations the import/export of such objects is restricted or even forbidden. In order to get the device into some countries, Blizzard would have to lie about what's in the package, or ship it with another item which falls under another category that they could then call the main contents of the package (ie, shipping it with a T-shirt, the majority of the package would then contain "apparel").
If Blizzard were to lie on the contents of the package, they could potentially get into a heap of legal trouble.
I'm not on Blizzard's Sales or Legal team, of course, so I can't confirm this is the case for them, but a friend who does eBay sales of computer hardware explained to me how this could be an issue.
NekoAli Jan 11th 2010 11:10AM
I would compare the authenticators to the seatbelts in your car. Put in as a safety measure for the owner's sake, yet people still refuse to use them and come up with all sorts of reasons not to take a simple step that could save your account/life in the case of something bad happening. People have a very 'it can never happen to ME' attitude towards these things. And as soon as talk about it become a mandatory thing pops up, everyone is up in arms protesting over something meant to keep them safe.
Othor_NL Jan 11th 2010 11:27AM
/Agree
When we had three hacked accounts in our guild in a timespan of 2 weeks, I decided to buy myself an authenticator. Works like a charm, and only costs me 5 extra seconds to log in. Well worth the €'s!
Also agree with the idea of having 2 queue's, one for hacked account with authenticator and one w/o authenticator, which get less prio.
Crowqueen Jan 11th 2010 11:20AM
Getting rid of the shipping cost to the UK - so that an authenticator cost £4.50 but with postage came to £12 - was the best thing Blizz ever did IMO. I ordered one the other night, won't get here for a bit with the snow and post being up the swanee (like usual I suppose), but when it does come I'll have a bit more peace of mind. My friend was hacked before Christmas, took her all of four days to get back on, but it meant four days of nerves for me because I'd played over her network and Blizz said allegedly she'd downloaded something nasty.
I cleaned my computer top to bottom, can still play and that, but £12 when I have a weekly budget of ~£40 for unnecessary things is a stupidly large amount. It didn't mean I was unlikely to get one, but it made it less appealing to do so. £6 is VERY reasonable to spend on peace of mind.
Delshay Dethecus US Jan 11th 2010 11:11AM
I'm with you on the Auths. being shipped with Cata. make it so peeps that get the exp. have to put in the code for the Auth. to play.. Simple fix if you ask me. I bought mine after becoming a Guild Master. I worried about getting hacked, even if I don't visit just any site or click on any link, it was a cheap fix to a worry, I also asked my officers if they had one and the ones that said no, I bought and shipped them one. just a few weeks after doing this one of our members got hacked because he didn't have one, I felt a lot better spending that $6.50.
It's not a 100% fix, but it works a lot better then having nothing!
Gamer am I Jan 11th 2010 11:19AM
It's nice to see true responsibility in a guild leader, coupled with the selflessness to help others fulfill their responsibility as well. I salute you, sir.
Sadaye Jan 11th 2010 11:12AM
Thank you for being the voice of reason! The sheer amount of paranoia and Blizz-hating from those two posts last week was sickening. I use and love my Authenticator, and I think the Care Package is a perfectly reasonable offer to make. They were never taking away the option for a restore, so I never saw what all the fuss was about.
Rob Jan 11th 2010 11:13AM
For what it's worth...
I play with a regular group of friends. All of them are on Macintoshes. None of us has ever had our account compromised. Not saying it's more or less likely to happen on a Mac, but there is a LOT less of an avenue for attack.
I have authenticators on both my accounts anyhow. Though none of my friends use one.
Authenticators will not protect against stupidity or ignorance. If you click on a Phishing email claiming to be from Blizzard, with language like, "Blizzard system scan to your account insecurity" then you deserve to be hacked. That line is from an ACTUAL phishing email that one of the group got in the mail today.
You have to be smarter and more aware than the people trying to get the accounts.
Hoggersbud Jan 11th 2010 11:19AM
>You have to be smarter and more aware than the people trying to get the accounts.<
Not even that much. You just have to be reasonably thoughtful and aware, and cognizant of some of the vulnerabilities. It's not like we're facing against Lex Luthor.
Kapture Jan 11th 2010 12:28PM
Actually, it would help especially well for people who stupidly fall for phishing scams. Can't phish an authenticator number.
Celton Jan 11th 2010 11:15AM
I'd love to get an authenticator on my phone since its always with me and I'll never lose it, but I guess my phone isn't supported (I have an HTC Imagio). I've sort of been waiting to see if maybe it will get support soon. Maybe I'll just have to buck up and get the external authenticator though. I don't know if I can wait all the way until Cataclysm.
Does anyone know if they are increasing support for more mobile phones? Mine is pretty modern and popular, I think.
Hoggersbud Jan 11th 2010 11:41AM
Check and see if your phone supports JAVA app installation. If it doesn't, then there's no chance of it ever being supported, if it does, then maybe.
But no sense hoping if it's a lost cause.
jcyr Jan 11th 2010 11:15AM
I just don't understand why hacking is so prevalent in wow. Are people really giving away their account information so easily? Or is Wow community really that much more likely to install garbage that often includes keyloggers and such? Perhaps a blog entry featuring the top 3-5 ways people end up 'hacked' would be in order. I know you have done interviews with said people in the past which I found interesting.
My understanding is:
1) Power lvlers and other such 'services' will have your info, and use it later to get access to your account. Then use that account to sell everything then promote same said service.
2) Keyloggers. Download some porn, game, etc that secretly installs keylogger software, then the hacker sells off the info to interested parties.
3) Phishing. Stupid people giving their credentials to other sites or someone they think works for blizzard.
BubblePriest Jan 11th 2010 11:30AM
The reason why hacking is so prevalent in WoW is simply because it's low risk and highly profitable. It's low risk because, unlike hacking a bank website, they're unlikely to wind up in jail for it. It's profitable because of gold buyers. Gold buyers are the reason accounts are hacked, which is the number one reason in my opinion that buying gold is shady business.
As for HOW accounts are hacked, I was one of those people who thought it wouldn't happen to them because I have a reasonably secure password and understand phishing, etc. well enough to stay away from them. However, I was hacked without having ever clicked on a phishing e-mail (they go straight to spam anyway), not having downloaded anything to my computer and never having given my user name and password to anyone.
If you've ever gone to a website that has Flash advertisements or runs any sort of scripts, it's possible they may have been hacked and your computer may be at risk of getting a keylogger (and you don't have to click on the advertisement). Curse.com had it happen to them not too long ago. Since you are reading WoW.com, I'm going to assume that you read other WoW or gaming related websites, and those are likely the ones hackers would target.
I'm sure there are other ways to get hacked that I don't know about. The bottom line is, you can't ensure your computer is 100% safe unless you keep a dedicated computer for WoW and WoW only (and don't use addons!) and do everything else on another computer.
Psiwave Jan 11th 2010 11:34AM
I am 99% sure I got hacked by misstyping be imbas web site. It's all I visit on my wow laptop (bar this site) I know I got it wrong a few times, not entering it as .hu or whatever and got directed to a similar looking site. However it wasn't till my naughton account ran out and I installed avast that I uncovered a couple of trojans.
The only other hacks I know of were guildies that fell for the rediculous I use a mac / chrome so I'm safe BS.
Tethra Jan 11th 2010 2:12PM
There was a guy on my server the other day /yelling in Orgrimmar about how his account had just been hacked. He was pissing and moaning, then he said "I don't even know how I got hacked. all I did was log into the Armory." There was a pause, then someone said, "You....don't log into the Armory. You went to the first link that came up when you Googled WoW Armory, didn't you?" The hacked guy was quiet after that.
The moral of the story is: When you go to an official Blizzard website, make sure you're actually at an official Blizzard website. If you go to the Armory and it asks you to log in, you're not on the real Armory site.
Tyr Jan 11th 2010 11:15AM
Nice article. I kind of understand why people are so divided on this issue... most people don't like having something forced upon them, even though it's in the best interest for everyone but hackers.