Blizzard shines the spotlight on account security
by Eliah Hecht 
Jan 30th 2010 at 6:00PM
A lot of it is common sense - things like using an authenticator (which also gets you a nifty Corehound pet), not giving your account name/password to anyone (even if they say they're a Blizzard employee), and keeping up-to-date browser software and anti-virus on your computer. It never hurts to reiterate these things, though; many accounts get compromised every day through not observing these rules.
It also contains a list of "safe, official Blizzard Entertainment domains," which are the only domains you should ever enter your Battle.net login/password on. That list is Blizzard.com, Battle.net, WorldOfWarcraft.com, WoWArmory.com, Starcraft2.com, and Diablo3.com (though I imagine it'll get expanded whenever they announce their new MMO).
Give the site a quick read if you're feeling unclear on WoW security principles, and more importantly, recommend it to your less-informed friends. Only you can prevent WoW account theft.
Filed under: Blizzard, Account Security
Reader Comments (Page 1 of 4)
Tremelizzer Jan 30th 2010 6:06PM
Kind of confusing, enormous blabbering about account security yet Wow account passwords aren't even case-sensitive. Bad Blizzard. Bad!
Valt Jan 30th 2010 6:28PM
It would be nice if we could use case sensitive passwords and even better alt+753 type of things (alt+753 = ± ). I dunno about the alt thing would it mess up but atleast casesensitive. I watched some year old password hack test on IT magazine and their systems couldn't hack password that looked like "Itw4sTyp3dLiketh¶s" because of cases and the mark.
Also dont ever use same email you are actually using specially with things like msn. hotmail etc accounts are under constant hack snipes.
kia Jan 30th 2010 6:49PM
Not really sure it would help much, given how many people fall for phishing scams and wind up with keyloggers on their systems. Just spend a day in the Customer Service Forum (I think it's called In-game support for EU) and see what I mean. All the clever passwords in the world mean nothing if you hand them over to hackers like lollies.
Nebalee Jan 30th 2010 6:51PM
An expanded character set wont keep people from falling for phishing attacks and I doubt that anyone seriously tries to get passwords by brute-fore as this can easily be countered by Blizzard.
Kaylin Jan 30th 2010 9:21PM
Assuming we know the password length, which we do not, and assuming every character we can use has an alternate printable character via the shift key which they don't, allowing a larger character set via caps etc would still be far less secure than adding an additional character. imagine you have a 10 character password in lower case. now make one of these characters able to be upper case (it doesn't have to be) note: extra keystroke required(shift key). the password has at most twice as many possibilities(yay?). now take an eleven character password, also requiring one extra keystroke. Assuming you have more than two keys on your keyboard, a longer password is far better and takes the same number of keystrokes. Just as easy to remember, many times more secure.
Of course, most people don't choose good passwords anyway even when educated. They're difficult to remember and take time to type. Passwords aren't really the issue though. There are far easier ways to getting access to an account (not an arbitrary account) than guessing the password. For example, if it doesn't matter which account I got, I could just email a bunch of random people asking them for their password. It clearly works.
TL;DR:
get an authenticator. Update your software. Don't be stupid.
Hoggersbud Jan 31st 2010 6:38PM
>even better alt+753 type of things <
Good luck with that, there's far too many different systems involved for that to work. Unless you want everybody to switch to Unicode...
Momus Jan 30th 2010 6:09PM
hunter2
Zeke Jan 30th 2010 6:26PM
All I can see is *******
Miles Jan 30th 2010 7:20PM
That's because it's his password. He can type "hunter2" as much as he wants, and all you'll see is *******.
Shrike Jan 30th 2010 8:01PM
(for those that didn't get the reference)
http://bash.org/?244321
Sanguinarius Jan 30th 2010 9:22PM
Now THAT'S comedy. XD
Daniel Jan 30th 2010 6:19PM
I think one of the reasons many people discount account security is because most account compromise aren't genuine. I was in a raid last week with a person who was bitching up a storm about how slow Blizzard was to respond to his "hacked" account. As the details come forth it turned out that the account wasn't hacked by any ordinary definition of that term. He had lent his account name and password to his roomate so he could try out the game. His roommate then deleted two of his level 80 toons as a "joke".
I suspect that a very large percentage of Blizzard's time is wasted on these type of "hacks". Rather than admitting to the truth to Blizzard, they blame it on gold scammers and so on. No amount of account security reminders or authenticators is going to stop this type of "hacking".
Neirin Jan 30th 2010 6:43PM
Even when it's not a situation like that, a large number of "hacks" are really just phishing/social engineering schemes. Still, it's nice to know that blizz is trying to make sure every ELECTRONIC security hole is filled - not much they can do about careless users.
Finnicks Jan 30th 2010 7:47PM
If a "roommate" of mine deleted my 80s as a "joke" he would be finding a new place to live, after I reformatted his XBox 360/PS3 hard drives, and reformatted/erased any other form of memory he used for his own games, as a "joke".
Just reading that statement makes be twitch with rage.
And no "but I didn't know how much they were worth" or "I didn't know it took that much work to level up a toon" or "I didn't know you couldn't just undelete it!" excuses. Seriously, if you're so inconsiderate that you won't even take the time to find out what something is worth before you destroy it as a joke, you aren't fit to live in human society.
freeway8989 Jan 30th 2010 10:35PM
@Finnicks:
Just my two cents:
I understand that it takes a LONG time to get a character to where he is in the game, but I think kicking out a roommate over deleting one is a little silly and a kind of antisocial.
I mean, it's not like he deleted anything real or unrecoverable. That's placing too much importance on WoW in your life.
Greg Jan 31st 2010 9:08AM
Gotta disagree here. An authenticator would have prevented this exact thing.
It's on a keychain so it is intended to stay with the person who owns it at all times. Much like keys.
It's also available as an App for the iPhone or iPod touch. I might leave my keys on a counter for a moment or two while I'm around other people. But I pretty much never leave my $200 authenticator (iPod) unattended for any reason ever. Maybe while I speep, but only on account of unconsciousness.
If his roommate is getting into his things while he sleeps- time to talk to the RA- or landlord- or parents- or whoever.
mel Jan 30th 2010 6:24PM
In before:
"I got an email from us.batle.net/security.. Put in my info and nothing happened. Blizz failz."
asaq Jan 31st 2010 2:50PM
Yeah, this happened to me too.
Wtf?
Blizz fails.
Byron Jan 30th 2010 6:50PM
Bliz should just make the authenticators mandatory already, forum whiners be damned. They're cheap, easy to use, and highly effective, even for luddites. No reason not too, and would save tons of headaches for both Blizzard and the playerbase.
Elmouth Jan 30th 2010 7:36PM
My GF got hacked trough a facebook Keylogger (someoneone else actually got it while using her comp) she's been waiting for over 3 weeks now with no news whatsoever.
I wish I had bought the damn authenticators.
Making them mandatory is a necessity imo. All the scammers/hackers can fuck people up way too easilly nowadays and they're everywhere.