06/05/2012 11:34 AMPosted by FalicBasically, Blizz records system stats/IP address location of the player. If a different computer or wildly different IP address connects to battle.net using the account credentials, the account becomes "locked" and can only be unlocked via a code sent to the persons email.
They already do this if I am not mistaken because it happen to me.
Home ISP was down needed to log in and at least let my guild know why connection was down and I might not make raid tonight. Whipped out my phone turned on my hotspot, connect my pc to my phone jumped on vent to let everyone know. Figured hey lets see how bad the latency is? Log into wow and the account locked!
Reason you ask? The phones IP was shown to be in Ohio even though I live in Florida makes sense right phone in Florida gets an IP listed in Ohio anyway. The only difference was my connection, IP and the location of the IP. Had to log into the Bnet site with username/password and prove who I was to unlock the account.
So to the best of my knowledge they already to lock the account if you log in from an abnormal place.
Yes they do lock your account if logged on from a different region or IP band. I've been as little as 90 miles away from my home computer and gotten the "account locked" error due to location, when trying to log into WoW via my laptop. Also, like you, I switched from wifi to phone hotspot and got the lock due to region/IP discrepancies. Furthermore, as stated by a Blue in another thread, they (Blizzard) can view the region/location of logins through their system. As for the subject of "Session Spoofing", I have yet to see any valid evidence to contradict what Blizzard has said. Like others, I've used Wire Shark and other programs to packet sniff and found nothing of importance. All I can say is, get an Authenticator for the added level of security, be mindful of root-kits and other nasty stuff, and watch out for those Vortex+Desecrator+Plauged+Electrified champion packs :)