Transmog yourself into an Avenger!
6 blue posts to read before Diablo 3's launch
Cross-realm zones coming soon
All of the latest Mists of Pandaria newsBlizzard posts new account security guide
by Michael Sacco 
Feb 16th 2011 at 7:00PM
To that end, Blizzard has assembled a new account security guide. It's a pretty comprehensive list of the steps you can take to secure your account, from getting an authenticator to learning how to recognize phishing emails to making sure that your computer itself is secured through the use of antivirus software. Learn it, live it, love it. In account security, as in Planeteering, the power is yours.
Filed under: News items, Account Security
Reader Comments (Page 1 of 2)
jsin1276 Feb 16th 2011 7:19PM
Hopefully this will help out cut the problem of peoples accounts getting compromised. Be careful everyone of what you click and the sites that you visit.
Sleutel Feb 16th 2011 7:34PM
Is that... Is that a drawing of a Goblin being raped by a Core Hound?
On second thought, given Rule 34, I don't think I want to know.
Gordal Feb 17th 2011 5:35AM
Oh good, I thought I was the only one thinking this. Also happy to know there's someone equally disgusted as I am by the thought.
ctishman Feb 16th 2011 7:37PM
The best security system in the world is no match for a stupid end-user. If Fred wants his Bonzai Buddy, he'll find a way to install it, then be surprised when his account is compromised.
SR Feb 16th 2011 7:46PM
HEY. You keep Bonzai Buddy out of this.
Drakkenfyre Feb 16th 2011 7:57PM
You just had to remind me of that, didn't you? I remember when it was a purple parrot, before it was a purple gorilla.
And Comet Cursor. God, I hated finding that crap (all of it) when cleaning up someone's computer.
SR Feb 16th 2011 8:21PM
To make things clear, I don't know what Bonzai Buddy is.
Or what Drakkenfyre just said.
:(
Drakkenfyre Feb 17th 2011 12:52AM
Bonzi Buddy was a "digital pet", it originally took the form of a purple parrot, then moved on to a purple gorilla. It sat on your desktop, and talked to you. It could chat via text, or via speech-to-text. It also spied on you. It was serious spyware. It would also suggest things you were looking for. From what I remember of it, when I tried it, before it was known it was spyware, it would also occasionally pop stuff up for you, as an advertisement. It did this by saying something like, "Hey, I thought you'd like this".
It was heavy advertised on the web. It was EVERYWHERE. And because it used a cartoon character, and was kid-friendly, kids were suckered into downloading and installing it on their computers. The guy who owned the company was sued, and it, including the program, was shut down.
http://media.ebaumsworld.com/2006/07/bonzibung.jpg
Mike Feb 17th 2011 8:52AM
You just keep having that arrogant attitude, buddy. I'm sure you think you're so much better than the rest of the world that it would Never happen to you. Your accounts are perfect. Every single one has a different 16 letter randomized password. You've never needed virus or software removal becuase you've Never had one before, and you're Way too smart to fall for any "tricks". Ah well. I was once like you and thought the same way. Pride comes before a fall, my friend.
Drakkenfyre Feb 16th 2011 7:51PM
Too many people say "I don't click on everything, and I watch what I download", and think that's enuf. It isn't.
As someone who runs a system with antivirus, an antimalware program ready, is careful what I run, and keep everything patched up and security updated, I have been nailed three times by exploits. Luckily, they were fake antiviruses trying to extort money and nothing else (knock on wood), and were cleaned off easily. It's still a pain and keeping eveything updated and "watching what you download" doesn't always work. Simply visiting a site can get you nailed, even legitimate sites. You would be surprised at how many companies don't screen the ads they take, and the person behind the ads puts in an exploit.
On day-one attacks, where your security programs don't have the definitions needed for defense, you can still be nailed.
Keep your system updated, especially Flash and your PDF readers (dump Adobe, seriously, it's 800MB for a PDF reader, WTF? Get something else, just about anything else) and turn off autorun on PDF files, and don't use the same email address for the game anywhere else. That's how people get dozens and dozens of phishing emails each day. You used it somewhere related to the game, the address got out, so now they are spamming you.
If "Blizzard" sends you an email with links, don't click them. Go straight to the Battle.net site and login and check yourself. I hear they don't even put clickable links in the official emails anymore.
And on the subject of downloadables, whenever you update an addon, never EVER use an exectuable file. There are only a few legitimate ones, and even those don't need to use it. The rest are keyloggers.
Anon Feb 16th 2011 8:33PM
I have the perfect solution to zero-day exploits: I wait a day before logging in.
(Sshh... wait for it....)
pwherman Feb 17th 2011 3:44AM
"If "Blizzard" sends you an email with links, don't click them. Go straight to the Battle.net site and login and check yourself. I hear they don't even put clickable links in the official emails anymore."
While that's generally good advice, there's one exception to this that I know of -- the use of parental controls results in an official email from Blizzard stating that "To manage Parental Controls on the accounts below, simply click the link under the child's name." Instructions say to keep the email for future access to these controls.
As long as this email arrives in a timely fashion, as a result of your actions as opposed to randomly, though, you could probably be assured that it came from Blizzard.
Samual Barshow Feb 16th 2011 8:08PM
I have an authenicator had one since announced. Well worth it. Also dropeed avg antivirus. After microsoft security essentials found 4 items avg happened to skip. So in ending id say drop avg and get an authenticator now. Seriously now.
SamLowry Feb 16th 2011 10:43PM
Any idea how long authenticators are supposed to last before the battery dies?
I've been booted off the server so many times since the big pre-Cata patch that I've averaged 3-4 clicks per day on that thing. And that's an average, since there were days I had to reboot more than six times and days I had to reboot only once or twice. Plus, I've already had the authenticator about two years, so I'm guessing it's been clicked at least a thousand times.
Literaltruth Feb 16th 2011 11:55PM
@SamLowry
As someone said the last time this issue came up here about authenticators running out of battery - they last a *long* time...a really *long* time. What might eventually happen is that the drift between your authenticator's internal clock and the clock on Blizzard's authenticator will become too much and the codes it produces won't work any more - this is likely to happen before the battery runs out - although it's still going to be a *really* long time.
However, if this happens, you can just phone up Blizzard and either get a new authenticator put on your account or get it removed completely. You'll just need to answer some standard security questions about your mother's maiden name, the first pet you had, your social security number, every payment you've ever made to Blizzard and when you made it, your worst nightmare, your hopes and dreams about the future, your length, girth and technique, how many fingers they are holding up and whether cake is better or worse than pie.
Drakkenfyre Feb 17th 2011 1:09AM
7 years.
The battery on Authenticators are rated at 7 years.
It can vary, you might get a defective one, you might get one with a messed up battery, but that's what the company says they last for.
Dez Feb 17th 2011 1:52AM
My friend has had one since they came out (and he plays a lot), but recently switched to the iPhone app because it was starting to look a bit woebegone. 7 years may be a bit of an overestimate.
Once an authenticator dies, it's a bit of a pain to regain access to your account, since you need to prove to Blizzard that you're you. So long as you can scan a copy of your passport/driver's license/whatever, it should be fine, but best thing is to just take the authenticator off your account if it's looking sickly. :)
SamLowry Feb 17th 2011 6:41AM
Well, I'm glad to hear my authenticator still has a couple years left, but that still doesn't clarify whether you mean seven years from the date of manufacture, or seven years' worth of clicking if we assume one click per day. Because if it's the latter than mine has already lost an extra year's worth of use due to all these server disconnections.
Animaneth Feb 17th 2011 3:42PM
@Dez: one of the keys you used to activate an expansion or your vanilla wow, is enough.
Last time I had a problem (hacked) I couldn't remember the answers I gave for the questions, so they asked me for another way to prove I am who I said I was, and told them if having the key for WotLK was enough and they said that it was considered equally valid to any other data except the CC number or the name of the owner.
Magma Feb 16th 2011 8:25PM
Firefox with NoScript and ABP. Physical authenticator with my alphanumeric password. Kaspersky anti-virus. I got this shit on lock down. If anyone wants in my account, they'll have one hell of a time.