Skip to Content

WoW Insider has the latest on the Mists of Pandaria!

Posts with tag Password

Blizzard's tips for dealing with a locked account

Having your account locked isn't an uncommon problem -- and it doesn't necessarily mean your account has been compromised. Because Blizzard is trying to stop hackers in their tracks, doing anything that makes it look like you aren't the one playing the game -- like logging in from an unusual location -- can trigger a lock. So what's a gamer to do when hit with a locked account? Fortunately for all of us, Blizzard CS representative Araxom has explained how to avoid locked account woes -- without even getting in touch with customer support.

An easy fix? Change your password from your new computer or new location. This requires you to authenticate with Blizzard -- and answer your secret question -- so the servers are sure that you're actually you. Another helpful tidbit: have an authenticator (or authenticator app) attached to your account and SMS protect enabled. These helpful security features not only make it harder for your account to get stolen -- they can make it clear to Blizzard that your account is in your hands, even if you're logging on from a new computer.

For more details and tips, check out Araxom's thread on Reddit. And if your account actually has been hacked, it's going to take a few more steps, but we'll walk you through it.

Filed under: News items, Account Security

Breakfast Topic: When was the last time you changed your WoW password?

Breakfast Topic When was the last time you changed your WoW password
Hey there -- Mom here! I know you're busy trying to hide the fact that you licked your plate to get all the stuff that was stuck in the gravy. (We see that little dab on your jaw there, just so you know.) I also know that the reason you keep jumping up to offer refilling people's drink is because you're actually mooching off tiny slivers of pie when nobody's watching ... But even on a holiday, it's my duty as a mother to remind you that you need to change your account password regularly.

It might be true that I don't practice what I preach quite as often as I should. (I didn't say it is true. But it could happen.) So my breakfast questions to you this morning are threefold: How long has it been since you changed your account password? Do you follow any set schedule or password schema for keeping your password up to date? And do you use an authenticator and any other security measures to keep your WoW account safe?

Poll: When did you last change your WoW password?
Within the last month718 (12.1%)
Within the last three months1398 (23.5%)
Within the last six months1038 (17.5%)
Longer than six months ago1176 (19.8%)
I can't remember522 (8.8%)
I don't think I've ever changed my account password1095 (18.4%)


Filed under: Breakfast Topics, Account Security

North American players may now update their security questions

Image
As an update to the security breach last week, players on North American realms will now be prompted to change their security question and answer when logging in to their Battle.net accounts. The security breach included no financial information; however, answers to personal security questions were compromised, as well as some information related to Mobile Authenticators.

In addition to the security question update, players may now also update their Mobile Authenticators as well. Please note, this is only in regards to North American accounts; players in Europe need to do neither of these things. And remember, if you are a North American player and have not changed the password on your account, doing so is an excellent idea.


Nethaera
As a precaution following our recent security update, players on North American servers please take a moment to visit Battle.net account management, where you will be prompted to change your security question as well as update your Mobile Authenticator. There you'll also find helpful tips and an FAQ, as well as instructions on how to add additional layers of security to your account, including the Battle.net Authenticator or the Mobile Authenticator for those that aren't already using one.

Filed under: News items, Account Security

Blizzard security breach, no evidence that financial data was compromised

Important security update from Blizzard
Mike Morhaime, the president of Blizzard Entertainment, reported today in a blog post posted on the official Blizzard website that a list of email addresses for Battle.net users, answers to security questions, and information relating to the Mobile and Dial-in Authenticator program were illegally accessed by outsiders. The security hole has been closed, but Blizzard is officially recommending that all Battle.net users change their passwords immediately. In the coming days, players will be prompted to automatically change their security questions and update their mobile authenticator software. A FAQ is available here.

The full post is below.

Mike Morhaime
Players and Friends,

Even when you are in the business of fun, not every week ends up being fun. This week, our security team found an unauthorized and illegal access into our internal network here at Blizzard. We quickly took steps to close off this access and began working with law enforcement and security experts to investigate what happened.

At this time, we've found no evidence that financial information such as credit cards, billing addresses, or real names were compromised. Our investigation is ongoing, but so far nothing suggests that these pieces of information have been accessed.

Some data was illegally accessed, including a list of email addresses for global Battle.net users, outside of China. For players on North American servers (which generally includes players from North America, Latin America, Australia, New Zealand, and Southeast Asia) the answer to the personal security question, and information relating to Mobile and Dial-In Authenticators were also accessed. Based on what we currently know, this information alone is NOT enough for anyone to gain access to Battle.net accounts.

We also know that cryptographically scrambled versions of Battle.net passwords (not actual passwords) for players on North American servers were taken. We use Secure Remote Password protocol (SRP) to protect these passwords, which is designed to make it extremely difficult to extract the actual password, and also means that each password would have to be deciphered individually. As a precaution, however, we recommend that players on North American servers change their password. Please click this link to change your password. Moreover, if you have used the same or similar passwords for other purposes, you may want to consider changing those passwords as well.

In the coming days, we'll be prompting players on North American servers to change their secret questions and answers through an automated process. Additionally, we'll prompt mobile authenticator users to update their authenticator software. As a reminder, phishing emails will ask you for password or login information. Blizzard Entertainment emails will never ask for your password. We deeply regret the inconvenience to all of you and understand you may have questions. Please find additional information here.

We take the security of your personal information very seriously, and we are truly sorry that this has happened.

Sincerely,
Mike Morhaime

Filed under: News items, Account Security

Exporting guild calendars from the Armory

Reader Bob sent us a neat little tool a while back that will help you get your guild's calendar off of The Armory and on to another calendar program, like Google Calendar or iCal. This little script he built (which unfortunately will probably get beat up as soon as this post goes live, so give it a break if it's down) will give you a link for your guild's calendar, which you can then take over to Google Calendar (in the Other Calendars box, click Add, and then "Add by URL") or any other calendar service that accepts ICS data by URL, and put all of your guild's raids and events right into the calendar app that you actually use every day.

However, there are a few hitches. Because the information you need lies on the Armory, you'll have to enter a Battle.net password into your calendar app to access that (which as Bob says, should be fine, but if you don't trust it, don't do it). Also, Blizzard is apparently not that happy with people accessing this data on the Armory either -- they've removed links to scripts like this off of the forums before. It's probably not a bannable offense (they probably just don't want tons of calendar queries into the Armory's servers), but if you try to connect this stuff together, you'll do it at your own risk.

Still, it's a shame Blizzard isn't more open with this guild data -- it would be extremely useful to easily export guild information out to an .ICS file or even an RSS feed (for bank and join/quit info). We're not sure what all of their concerns are, but given that the info is already updated on the Armory, there has to be a way to more easily get it out of there and into more places where we can use it.

Filed under: Analysis / Opinion, Tips, Guilds, Odds and ends, Blizzard

Internet Explorer exploit targets game passwords

Is anyone still using Internet Explorer on a computer where they have control of the software? The browser is so targeted and so flawed, and there are so many worthwhile and free alternatives that it's almost silly to continue using Microsoft's monster of a browser. But if you still are, watch out -- the BBC says that Microsoft has announced another vulnerability, and this time it could be used to obtain "game passwords," like your account information for World of Warcraft.

The good news is that, like most virus scares (ever notice that all of the virus warnings come from companies that happen to make their money on antivirus software? In this case, it's Trend Micro, spreading as much FUD as they can), this warning is probably overblown -- even if you are using a browser full of holes like IE, you have to wander off your beaten path of trusted sites to get in trouble. So don't click random links or follow spambait on the forums or in your email, and you'll probably be fine. But again, installing and using another browser is so easy (and will help you so much in the long run) that you might as well give up IE anyway.

Thanks to everybody who sent this in! And yes, I used the old login screen for this post's picture. But don't you kind of miss it?

Filed under: Patches, Analysis / Opinion, Virtual selves, Odds and ends, Blizzard

Forum post of the day: Rage against the authenticator

Alright, so the splash screen mystery is dramatic. Whatever the important announcement is, I don't think they could come up with one that makes me happier than the new authenticator. I will be first in line to buy mine once it comes out. It seems that most of us are with me. We've been clamoring for better authentication, and we're going to get it.

A one-time charge of six and a half bucks for an extra layer of security seems like a smoking deal to me. It hasn't occurred to me to be bothered by the price. Tuhrell of Malrone believes that the authenticators should be distributed by Blizzard for free. Vallana of Thaurissan is on a short list of responders in the thread that agreed with the original poster. She believes that her $15/month is enough to spend on WoW and is "not retarded enough to get hacked so I really don't need it."

Read more →

Filed under: Blizzard, Forums, Hardware, Account Security, Forum Post of the Day

Anti Keylogger Shield may offer some protection for your account

Hackers are getting more and more brazen lately, hiding various trojans and keyloggers not only in random forum links, but in ad banners and even in electronic devices. Even common sense avoidance of suspicious links and websites doesn't always seem to work anymore. Luckily, there are other tools you can use, such as the Noscript extension for the Firefox browser. Lifehacker reported on a new one yesterday as well: Anti Keylogger Shield for Windows.

This freeware program purports to work not by blocking installation of keyloggers, but by preventing them from logging your keys once installed. Lifehacker tested it by loading a keylogger and reported that it seemed to work, at least in that case, as the keylogger's log file was completely empty.

Of course, you probably shouldn't just install this program and go off clicking strange links willy nilly, but it does look like it could be one more line of defense in the ever escalating battle to protect your computer and your account from those who would steal it. Plus, it's free, so that's even better.

[Thanks for the forward, DrDiesel!]

Filed under: Odds and ends, Account Security

Breakfast Topic: Hacked

My first post on WoW Insider was about a friend of mine being hacked, this time it's about me. I woke yesterday and tried to copy a character over to the public test realm as I've been doing often lately. I got a password error. I tried to log into my account- same thing. My email had this happy little surprise for me:

Hello Amanda,

The character transfers listed below have been completed as of 2/14/2008. The character[s] listed will now appear in the new location and/or account selected and are immediately available for play!

- <character> - Level 70 Tauren Shaman - now on realm: Blade's Edge.

Read more →

Filed under: Odds and ends, Blizzard, Breakfast Topics

Oh Noes!!!1!1!1one: I've been hax0red!

On Saturday night I noticed a guildie acting strangely. He kept switching between characters and wouldn't respond to tells from even his closest friends in the guild. Concerned about him, we gave him a call... on the phone, to see what was up. You guessed it, he was nowhere near his computer at the time. He went to log in and found his password was changed. Unfortunately, he had also forgotten the correct response to his secret question "What is your favorite activity?"

The hacker kept running in and out of the Shadow Labyrinth. I checked the customer service forums and found that this was common behavior among hackers. Either there is an exploit in that instance, or hackers just really enjoy hanging out with Blackheart the Inciter. I'm leaning toward the latter.

Read more →

Filed under: Analysis / Opinion, Odds and ends, WoW Rookie, Forums

US Password Retrieval Service: Broken!

Ever forgotten your password? Changed it and forgotten what you changed it to? (I'm personally guilty of the latter.... well, either I forgot it or it didn't change properly, and which do you think is more likely?) Well, if so, you're familiar with Blizzard's password retrieval system which will cheerfully reset your password, generate a new (random) password, and e-mail it to the address registered with the account. Easy, huh?

However, if you're currently having password troubles, it's not recommended to use the retrieval service - as it appears to be skipping that crucial e-mailing part of the process. There's no ETA on getting this fixed, but when it is, an update will be provided in this thread.

Filed under: Bugs, News items

New Password Scams

Apparently there's a new set of password scams going around.  These e-mails, apparently from security@blizzard.com, will request your account and password information.  Community manager Drysc reminds us that Blizzard will never send ask for your account password via e-mail, and any messages you may receive requesting passwords information, no matter how legitimate looking, is most likely a scam to steal your account.  If you've gotten an e-mail that looks suspicious, you can write billing@blizzard.com to confirm its validity.  Additional information about scams and account security can be found on Blizzard's support page, as well.

Filed under: Blizzard, News items

WoW Insider Show 

Subscribe via  iTunes for our latest show.

Hot Topics


 

Upcoming Events


Around Azeroth

Around Azeroth

Featured Galleries

It came from the Blog: Occupy Orgrimmar
Midsummer Flamefest 2013
Running of the Orphans 2013
World of Warcraft Tattoos
HearthStone Sample Cards
HearthStone Concept Art
Yaks
It came from the Blog: Lunar Lunacy 2013
Art of Blizzard Gallery Opening

 

Categories