Sunday, January 03, 2010
WoW account security
I had a couple of reader e-mails on World of Warcraft account security. One reader reported scam e-mails telling you that your account has been hacked, giving you a link where to log in to fix that, which of course is a phishing website, and thus a self-fulfilling prophecy. Another reader tells of several guilds on his servers being hard hit by hackers emptying the guild bank, and the guild raid leader quitting over the stress involved.
Nevertheless account security at Blizzard appears to be better than at NCSoft, where Kill Ten Rats reports that logging into your master NCSoft account can through a bug log you into somebody elses account, where you are free to change the other player's password.
Nevertheless it has to be said that the top three reasons to get hacked are stupidity, stupidity, and stupidity. Sharing your account password with your little brother or guild mates is likely to get you hacked. Using a password like "password", "12345678", or "Patricia" will get you hacked too, especially if you are using a publicly known e-mail address as your Battle.net userID. And the third most common source of hacking is phishing sites, where you were tricked into revealing your password.
The famous Chinese hacker installing a keylogger on your computer to steal your WoW password is if not quite a myth then at least very rare. A decent modem will have a hardware firewall, you should turn on the Windows firewall as well, plus have a (preferably free) anti-virus software running. And with that your computer is safe from hacking by anyone except possibly the CIA, who are unlikely to be interested in your WoW password.
The reason so many people believe in this super-powerful keylogger software is simply shame. Nobody likes to admit that they were stupid choosing or handing out their password. I once talked to a guy complaining loudly about account security, and it turned out that his userID, password, and name of his main character had all been the same word. Duh! At one point, many years in the past, SOE got so fed up with people getting hacked by stupidity, that they declared *being* hacked in Everquest a bannable offence. Yeah, that's right, if you told EQ customer service that your account had been hacked, that account was permanently banned, not handed back to you.
Blizzard, being a little wiser and more politically correct, came up with a much better method, the Blizzard Authenticator. The trick is that the authenticator works *both* against keyloggers and stupidity. Thus you can promise your customers that they'll be safe from advanced keylogging technology, while in fact the main effect is protecting you from having used one of the 100 most common passwords, or your little brother wanting to delete your character out of spite. If you still get hacked, well, maybe you shouldn't have told your little brother where the authenticator was and how to use it. :)
Apart from anecdotal evidence, has anyone of you data on how widespread account hacking in World of Warcraft is?