Tobold's Blog
Thursday, January 28, 2010
Core hounded

We just talked this week of bloggers changing their mind, and here is one thing where I changed mine: I bought and applied a Blizzard authenticator to my World of Warcraft account, netting me a cute core hound pup pet. But I didn't get the authenticator for the pet, but because of more and more people swearing that their account got hacked *without* them having been careless with their passwords. Now I still believe that a large percentage of that "hacking" is not due to high-tech methods, but to rather low-tech scams, like the scammers who set up a fake WoW armory site and managed to get on top of the Google search for "wow armory" by paying for the link. Nevertheless I can't totally exclude the possibility of various other vulnerabilities like the recently reported Flash vulnerability compromising the security of my account.

Note that this isn't simple loss aversion. Sure, I don't want to lose my carefully hoarded gold, nor see all my gear vendored by some hacker. But by all accounts I hear, getting all or at least most of your stuff back is actually the common outcome of being hacked. So what I am trying to avoid by using the authenticator is the hassle, and the feeling of vulnerability that automatically results from being hacked.

Buying the authenticator was easy, and now that the shipping costs for them are waived not overly expensive. *Applying* the authenticator to your account isn't quite that easy. The thing comes with a leaflet sending you to a site with all sorts of explanations, but the description on how to apply the authenticator are badly done, and the link given there leads you to the wrong page on the account management site. You're told to use the apply authenticator function under "Free Services", but the option simply isn't there. What you need to do is first press the "home" button on the upper left corner of the page, then find the "change security settings" link among lots of small print on the middle right side, and THERE you can apply the authenticator to your account. Not very user-friendly at the moment, if Blizzard really wants to make the thing mandatory, they'll have to streamline the process and put a big colorful button AUTHENTICATOR USE HERE on the first page.

Once the authenticator is applied to the account, things get easy again. You simply get a little popup window every time you try to login into World of Warcraft, and only need to press the single button on the authenticator to get a number to enter into that field. Really only takes a few seconds more per login, which unless you got disconnected in the middle of a fight, is unlikely to bother you. The main disadvantage is that you have to more carefully plan where and when you want to play WoW, and for example take your authenticator with you on trips if you want to play WoW on your laptop. I do not recommend the common practice of temporarily uninstalling the authenticator when wanting to play elsewhere, as I'd say you are more vulnerable when playing on somebody elses computer or unsecured WiFi network.

If you don't hear from me about the authenticator any more, it'll be because it is working just fine. I can assure you, the day the authenticator stops working and locks me out of my account, getting me into all the hassle with customer service I was trying to avoid by buying the thing in the first place, you'll be reading about that on my blog.
My solution to the problem of "playing away" was to also buy the mobile authenticator. It cost 50c plus some sms charges. Now, if I want to go home to the family and play, I detach the physical authenticator, and attach the mobile. When I get home, I reverse the process. I would not feel comfortable using the mobile authenticator permanently in case I lose my phone, but on short trips I hope the odds are with me. All it takes is to have a phone that supports the authenticator, and quite a lot of phones are. Just don't leave the mobile authenticator running on your phone all the time. As a Java app, it's running all the time, and will eat your battery :)
It's not only the hassle of getting your items back. Sometimes hackers attach their own authenticator to the hacked accounts. This means you cant change your password until you have convinced Blizzard to de-attach the authenticator.
Good idea to buy the authenticator I think. I am one of these victims that got hacked without knowing why because I never give my account to anybody and I am quite careful concerning scam and spam things, at least this is what I think. I could never understand how accounts could be hacked and always had the impression only people giving along their passwords ore sharing accounts etc. have these problems.
But in the end they got me and it was a nightmare to empty all the mailboxes of my chars (guildbank etc....)

I bought the authenticator app for my mobile phone and it works quite well. As I am carrying the phone with me wherever I go, there is no problem of planning where to play.

Indeed the only problem I have is a disconnect during raiding because I always close the program on my phone after being logged in , for WLAN is very energy-demanding. So every relog takes somewhat like a 30-50 seconds now, which is too much for healers in raidbossfights.
Granted bank are not flavour of the month... but my online banking account gets by without authenticators and has stronger security.

I'll use an authenticator if it comes bundled with the the expansion (if I but it at all).

Think I have seen it mentioned here, but have already seen one guild spamming for guild members, that must hast have a Core-Hound pup in order to join the guild.

I just attached my authenticator last night, and flailed around the same way trying to find the damned page where to link it.
Authenticator is wise, especially if you got access to guild bank. Keeping my gold <1k seems to work fine to.
Yeah last guildie who was hacked, the hackers had attached an authenticator within minutes of getting his password. It's been more than a week and he still doesn't have his account back.

I use the mobile authenticator and it kicks ass. Even through a phone change.
Tobold, does every character on the Authenticated account (even newly rolled ones) get a Core Hound Pup? Or is it a one-time deal for one-character only?
I got hacked two months ago. So I checked their authenticator. I passed when i saw the €6 + €8 transport costs.

I found that price to be a total ripoff considering that I've had books sent to me for €2.5. That includes the price of the book and posting costs from Great Britain to Belgium. So seriously, €8 transport costs?

They've lowered their price since then but I haven't bought one (yet).
Blizzard should really give out these authenticators for free. At least to people who have been hacked.

Buying an authenticator will cost me money. Letting Blizzard restore my account will cost them money. I heard of guildies who were hacked again only days later. So you'll have to an employee on it for 2x let's say thirty minutes. That'll easily cost Blizzard €20. Sending me an authenticator will only costs them €2.
Tobold, does every character on the Authenticated account (even newly rolled ones) get a Core Hound Pup? Or is it a one-time deal for one-character only?

Every one of my existing characters found a core hound pup in his mail. I didn't try rolling a new one, but I would expect that to be the case for those as well. My new characters all already start with a mail for the Collectors Edition pet.
I was recently "hacked", and can't for the life of me figure out how. They attached an authenticator to my account, so I had to go through H@ll to get it back, but when I did, I placed an authenticator on it immediately. I downloaded the authenticator for my phone, so no shipping charges.

I will always have an authenticator from now on.
What phones charges are you all talking about? It's not making a mobile connection every time you open the application on your phone, is it? The physical authenticator you can buy doesn't check a server for a new number, why would a mobile version do that? It's only generator a string of numbers that sync up with the serial number you entered on the site to start using it.

Also, on the iPhone the application is free. Which phone companies are charging for a mobile version and adding a charge each time you use it?
I picked up an authenticator about 2 weeks back. Yea the instructions were bad but a google search resulted in a helpful hint.

It's ironic that you would post this the same day I get a scam email asking me to confirm account info from someone at

The reassuring thing is now I know I can't be hacked. :)

What you fail to consider is that if authenticators were free, a ton of people would order them, because people like free stuff. So it would a net negative to Blizzard, since most people do not get hacked.

Paying for an authenticator works best, that way the people who are at highest risk bear the cost.
This comment has been removed by the author.

"WoW accounts are worth more than bank accounts. . ."

Say what?
As far as from a volume vs. loss potential for internet hackers. They are easier to access and each one is worth a mint.
I bought one before Wrath came out (didn't get a special pet though :( ) and it works just fine. I don't travel and play though.

I did get my account hacked just prior, which is what prompted me to buy one. I had never given my information out, and never found anything on my system but I suspect a key logger, as they kept getting in after I changed my password (They would log me off within minutes of changing the password. We just kept bumping each other off as the hacker took my character for a naked dive falling through the bottom of the world in shadow labs).

Unfortunately, even after repeated attempts to get all of my things restored, I still managed to lose a piece or two. I am a pack rat, and had many sentimental items, but the item they never restored was a pair of Season 4 boots (the BG boots that paired with the S4 arena gear). They restored the guild bank, and most of my gear, my banker alt and my languishing alt mage. They never restored my money though, and that is after several back and forth messages with Customer support trying to get my mage and my bank alt back. Therestoration took several attempts. I never really got a clear answer ont he gold and boots, they just seemed to kind of forget, and I pretty much got tired of pressing for it and was just glad I had most of my things restored.

Point being, the little fob thingy is worth it, because even if they can restore all of your stuff, doesn't mean they will restore ALL of it.
The mobile authenticator was pretty easy to install and connect to the account. The only problem, which isn't much of one, is that you need your ipod with you to play.
@Eaten by a Grue

Not everyone is an adult that plays this game. Consider high school kids or college kids who have lots of time to farm epics and gold. I know their accounts are worth more than their bank accounts because a few friends sold characters to pay for rent once.
Someone said: "WoW accounts are worth more than bank accounts. . ."

Which prompted the reply: "Say what?"

I would guess police are more likely to try to catch someone that pulled cash out of your bank account then someone that pulled all your virtual gold out of your WoW account. Even if the bank account happened to "only" have $300 in it, and the gold in the WoW account will sell for more then $300.

So a rational criminal will figure they can steal WoW accounts and turn them into cash with less chance of jail time then if they steal bank accounts. That makes WoW accounts more valuable targets then bank accounts.

Someone else: "but have already seen one guild spamming for guild members, that must hast have a Core-Hound pup in order to join the guild."

I wouldn't require an authenticator for someone to join my guild, but I would require it before I gave them significant bank access. (of corse I could be a softie, having hackable Bob in my guild increases the chances of a social attack from Bob to other guild members...)
When you consider the earning potential that a freshly stolen wow account can net your newly formed gold seller website...think about it. You create level 1 toons to stand in major cities and spam a macro advertising your site and cheap gold prices. The prices don't even need to be real, you just need to get some poor idiot to go there one time and either A) have a keylogger placed on their system or B) give you their account name or toon name, even so much as begin a transaction. They may spend 300 bucks on 1000 gold or something like that, and you give it to them. They buy the big item they wanted, and a week later you come back, steal the account and re-sell the gold to someone else. There's little to be lost here but time.
I dread the day that I actually loose my authenticator or it stops working (batteries dead). When that happens, you prob wont get into your account for several days and need to contact blizzard support for a removal of the authenticator. Or if batteries are dead, do you get new ones? is that going to take like 4 weeks to (that's how long it took until I got my authenticator).
Post a Comment

Links to this post:

Create a Link

<< Home
Newer›  ‹Older

  Powered by Blogger   Free Page Rank Tool