Patch 5.2 interview with Dave Kosak
Inside an old alt's vault
The latest patch 5.2 news
All of the latest Mists of Pandaria newsEmail confirmation added to authenticator setup to foil hackers
by Robin Torres 
Jul 28th 2010 at 1:00PM
Note: Changing the email address on the account requires not only your password (which the account thieves already have at this point) but also the answer to your security question. So make sure the answer to your security question is not guessable or obtainable by any phishing information. As I have suggested before, if you use a password for your security answer rather than an actual answer, you are adding a very thick level of security. Make it a separate password you use just for security questions, like p45sw0rd (don't use that one).
Of course, the best way to prevent someone from stealing your account and then adding an authenticator to it is to put an authenticator on it yourself. There are keyfob and mobile versions available.
[Thanks for the tip, Joel!]
Filed under: Blizzard, News items, Account Security
Reader Comments (Page 2 of 4)
Koleckai Jul 28th 2010 1:20PM
Pretty soon, they'll have email confirmations on the email confirmations. More security on this account than there is on my online banking and it also has an authenticator. Though my bank account simply texts the number to my cellphone.
Pwnzoar Jul 28th 2010 1:32PM
I say we should forget about all these authenticators and passwords, and just instead use fingerprint/retina scans. Much safer.
Tunahead Jul 28th 2010 4:00PM
But what if someone harvests my fingers and eyeballs? :C
Mohsus Jul 28th 2010 5:42PM
then I would guess you would have bigger problems to worry about >: l
Stannislaus Jul 29th 2010 3:29AM
If someone harvests your fingers and eyeballs, the Vatican City will soon by consumed by light.
+1 if you get the reference.
El Pollo Grande Jul 30th 2010 4:26AM
I bet Tom Hanks got it.
tulipblossom Jul 28th 2010 1:39PM
This is another great reason to make sure that your e-mail password and ID password are different from one another. Just makes it that much harder for the hacker to tap into your e-mail address, if they've hacked your account. Because, while the ID for your wow is the same as your e-mail, the passwords being different helps immensely.
I think this is a really smart move by Blizzard. Especially the requiring of the secret question. That adds even an extra level and that's really smart. I definitely like this change.
Moeru Jul 28th 2010 1:40PM
Hacking is getting bad again I've had 6 hacks in my guild this summer, and I'm constantly messaging GMs to help out my members and to get back my stuff for the GB. I'm about to only let people with Authenticators use the GB.
Duulket Jul 28th 2010 2:03PM
There are a lot of guilds that do that now.
Branco Jul 28th 2010 1:41PM
Finally! This is good news.
When I added an authenticator a few months ago I was baffled by the fact that no confirmation was sent to my email address to approve the authenticator.
I even sent -- as probably many others did -- an email to blizz warning about this reeeeally serious security issue...
I'm sure a lot of hacking would have been prevented if only the legitimate account owners had a chance to deny the authenticator -- which would also tip then of their account being hacked.
DarkKnight388 Jul 28th 2010 1:52PM
"So make sure the answer to your security question is not guessable or obtainable by any phishing information"
Pro-tip: But do make sure that you know the answer to your security question, as I know a certain person that tried for about 40 times to answer his and kept getting the "wrong answer" reply from battle.net.
Koleckai Jul 28th 2010 5:51PM
I use a free program called KeePass. It has all my Passwords, Security Answers, and Authenticator Serial Numbers in it. It is stored on a thumb drive so I just take it with me when I leave the house.
jfofla Jul 28th 2010 1:53PM
It boggles the mind to think there are still people playing WOW that don't use an Authenticator.
(cutaia) Jul 28th 2010 2:20PM
Your mind seems fairly easily boggled.
hacknstabber Jul 28th 2010 1:54PM
This is a good idea, I got hacked a few weeks ago and they put one of these on. Very frustrating to try and get this removed before you can even start to gain control of your account back. GG Blizz.
BTW. This is creating an incentive for hackers to be a little more intrusive i.e. your e-mail account getting hacked. Blizzard recommends using a different e-mail than you would use for other things in your personal life which is a good idea but in any case if your e-mail password is the same as your wow password it is a bad idea and is even more likely to be exploited now.
niko Jul 28th 2010 2:13PM
"GG Blizz."
seriously? You don't protect your account like any sane person would do, get hacked, and then have the audacity to say "GG Blizz"??
As someone that can take responsibility for my own mistakes, i'm pointing it out for you to do the same. Getting hacked was your fault. Not Blizzard's.
I doubt hackers will need to turn to hacking email accounts when there are plenty of people like yourself with no authenticator to speak of that are such easy pickins'. GG Blizz, indeed.
hacknstabber Jul 28th 2010 2:20PM
Wow. lol. The GG was to Blizz for adding this new layer of security to foil the hackers. Some easy rage in here today.
So is not having an authenticator considered not protecting your account and if so then would it not be up to Blizz to ensure people had them (they make you select a password so case in point before you go off).
Sorry don't mean to feed the trolls.
(cutaia) Jul 28th 2010 2:25PM
"Getting hacked was your fault. Not Blizzard's."
No...getting hacked is the fault of hackers.
And by the way...even if the "GG Blizz" was meant as a sarcastic note, there would still be some merit there. It's been common practice for hackers to use this security device AGAINST their victims for a long time now. I've long wondered why the hell Blizzard didn't do something about this and I'm still surprised it took them this long for them to implement an easy common sense solution such as this.
You can mock people who get hacked all you want...it still doesn't mean Blizzard couldn't have done more to avoid this post-hacking abuse of their own security measures.
niko Jul 28th 2010 2:31PM
I certainly wasn't trolling, and tbh I'm really having to re-read your post to get your intention as you explained in your followup post, and still just barely see what you're trying to say. It is really easy to misinterpret what you wrote!
However, be that as it may, I'm not sure that you can follow your logic down to the letter when it comes to their obligation to account security vs. what they already have created to secure your account. IMO, I think they've already done a fairly nice job with just the addition of the authenticator.
I still think "authenticator in the box" for Cata should be on their list of things they should consider, if they are in fact concerned about account security hitting the company's bottom line.
hacknstabber Jul 28th 2010 2:39PM
In the future I will have my lawyer review my wow.com posts to ensure they meet the niko standards, except this one of course. lol, yeah it does look like I could be giving them a hard time but so what. They made this mess.