Account security is of the utmost importance to Blizzard Entertainment. We want to equip our players with the knowledge they need to ensure their accounts remain safe, secure, and in the right hands. In this guide, you will find information that will help you secure both your account and your computer, as account security and computer security often go hand in hand.
The video below provides some useful tips for account security:
Computer Security
Account Security
Computer Updates
If you are using Windows, always install the most current security and service packs. These updates fix security risks and improve Windows' built-in security software (like the firewall).
- You can access the most current updates at any time by visiting the Microsoft Windows Update page.
You can also turn on Automatic Updates by completing the following steps:
- Click Start, and then click Control Panel
- Depending on which Control Panel you use, Classic or Category, click on System and then look for the Windows Update section or click on Performance and Maintenance, System, and then on the Automatic Updates tab.
- Select the option you prefer and click OK. Make sure that Automatic Updates are not turned off.
If you are a Mac user, you can check for system and security updates and Apple security updates.
Firewall Software
Firewall Software helps protect your computer and/or network against external users attempting to access from the internet.
- Most operating systems have a built-in firewall, such as Windows XP SP2 and newer editions of Windows. Search your operating system's documentation for "firewall" to learn more.
- While firewalls do provide added system security, they can also affect connections to our game servers. Review our Operating System Firewall Configuration page for important settings to use if you are playing through any kind of firewall.
Antivirus Software and Anti-Spyware Software
An important step in account and computer security is to ensure that your computer system is free of viruses, keyloggers, and Trojan software.
- These programs are usually 'invisible' to users, but they are capable of capturing anything you store or type on your computer -- ranging from passwords to personal information.
- Fortunately, there are many different software solutions designed to identify and remove these malicious programs from your system. We have listed a few useful options below.
Process Library
Process Library.com provides a free tool designed to review and identify the processes running on your computer. This application provides details to distinguish spyware and viruses from the system processes and 'normal' applications. We highly suggest you use this program to gain a better understanding of what is currently running on your system.
Antivirus Software
Antivirus software scans a computer's memory and storage to identify and eliminate viruses. Below you'll find a list of security programs that are currently considered to be "game friendly." Before you download one, please keep some pointers to keep in mind.
- Not every program detects every virus. For this reason, it's beneficial to have more than one program installed .
- To avoid complications with the software, you should never run multiple antivirus scans or cleanups at the same time.
- We recommend that you run your antivirus scan while the game launcher and the game are open, to help detect anything affecting the program.
Anti-Spyware
Spyware programs are designed to "spy" on you by monitoring your computer usage. These programs can cause crashing, minimizing of the game window, and connection issues.
Anti-Spyware software scans a computer's applications and storage space for these programs. As with anti-virus software, it can be good to have multiple spyware scanners installed, but you should never run more than one scan at a time. Here is a small list of some examples.
Web Browsing Safety
Simply browsing the Internet can put your computer at risk for viruses, keyloggers, and Trojans, not to mention phishing websites designed to steal your password.
By browsing safely and smartly, and using some helpful browser tools, you can reduce these risks significantly.
- Note: Although we may recommend specific web browsers or complementing software to assist with computer security, we cannot directly support non-Blizzard software. You must contact the web browser or software distributor for product support.
Web Browser Updates
Just like game patches, web browser updates will bring new features (like a built-in phishing filter) and address previous security issues.
To download the latest version of a new web browser or update your current web browser, visit the distributor's main website. Here are links to the most common web browsers:
Web Browser Phishing Filters
Phishing filters check the websites a user is visiting, against a database of legitimate and 'phishing' websites -- fake websites designed to trick you into entering your real password.
- Phishing filters will alert you if a website is a known phishing website, or poses a potential security risk.
- Most common web browsers have a phishing filter built in—Internet Explorer, FireFox, and Opera included.
- For most web browsers with a built-in phishing filter, the filter will be enabled by default. If you have disabled your web browser's phishing filter or do not know if your phishing filter is enabled, follow the below steps depending on your web browser type.
For Internet Explorer 7
- Open Internet Explorer.
- Click on the Tools button, click on Phishing Filter, and then click on Turn on Automatic Website Checking. (If the menu lists Turn off Automatic Website Checking instead, this means the phishing filter is already enabled).
- When the pop-up window appears, ensure that the Turn on Automatic Website Checking option is checked and click OK.
For Internet Explorer 8 & 9:
- Open Internet Explorer.
- Click on the Tools button, click on the Safety button, click on SmartScreen Filter, and then click on Turn on SmartScreen Filter. If the menu lists Turn off SmartScreen Filter instead, this means the filter is already enabled.
- When the pop-up window appears, ensure that the Turn on SmartScreen Filter option is checked and click OK.
For FireFox (version 2 and later):
- Open FireFox.
- Click on Tools, click on Options, and then click on Security.
- Ensure that Warn me when sites try to install add-ons, Block reported attack sites, and Block reported web forgeries are all checked.
For Opera (version 9.1 and later):
- Open Opera.
- Click on on Tools, click on Preferences, click on Advanced, and then click on Security.
- Ensure that Enable Fraud Detection is checked.
More information regarding built-in phishing filters may be found here:
- Internet Explorer Phishing Filter FAQ (Microsoft website)
- FireFox Phishing and Malware Protection (Mozilla website)
- Opera Fraud Protection (Opera website)
Adobe Flash Player and Adobe Reader Updates
Adobe Flash Player is a plugin available for most web browsers and mobile devices. This common plugin allows users to view animated and interactive content (including advertisements as well as popular games).
- Due to their popularity, Adobe Flash Player and Adobe Reader are frequent targets for malware and get updated often by their manufacturer. You should protect your system by using the most recent version of these plugins.
- Use these links to ensure you have installed the latest version of Adobe Flash Player, and the latest version of Adobe Reader.
NoScript and Flashblock
FireFox users may also download and install NoScript and Flashblock.
- NoScript is a free extension for FireFox and other Mozilla-based browsers, allowing the user to restrict plugin usage (JavaScript, Java, Flash, etc) to a list of trusted websites. NoScript also protects against cross-site scripting (XSS), which can be a serious vulnerability in web browsers. More information about NoScript is available on the NoScript site.
- Flashblock is another free extension for FireFox and other Mozilla-based browsers, which blocks Flash content from loading automatically. Users still have the ability to view any Flash content they want with a simple click. More information about Flashblock may be found on the Flashblock site.
Email Security
Ensuring that your registered email address is secure is a very important part of account security. Your registered email address not only serves as a primary point of contact with Blizzard Entertainment, but it also functions as your Battle.net account name. We encourage you to review the security of your registered email address and take the appropriate steps to make it as secure as possible.
Create a Unique Email Address
The most direct way to increase the security of your registered email address is to ensure that it is unique to your Battle.net account.
If you choose to create a unique email address for your Battle.net account, you should avoid including any parts of your name (first or last) or 'real-life numbers.'
- Whether you are using a unique email or your 'usual' email account: Never, ever use the same password for Battle.net that you use for your email address!
Once registered, keep this email address isolated by not using it for any other service besides Battle.net. In addition to increasing the security of your account, this will also help reduce phishing emails sent to your Battle.net email address.
Maintain Secure Filters and Rules
Whether you're using an email address that is unique to Battle.net or one shared with other online services, it's important to periodically check your email's filters and rules.
Mail Forwarding
Some malicious parties will attempt to compromise a registered email address and, if successful, enable this feature. Once set up and enabled, the mail forwarding feature will create a duplicate of every email sent to your registered email address and automatically forward it another email address. This means, for example, if Blizzard Entertainment sent you an email regarding a password reset or your Secret Question/Answer, it would be automatically forwarded to another location. To learn more about unauthorized mail forwarding and how to disable it, visit our article on Disabling Unauthorized Set-up of Mail Forwarding.
Mail Whitelist
The second thing to check is the "whitelist" (or "safe senders list") for your email address. The whitelist is a list of contacts, managed by the user, from which email is authorized. Emails sent by any contact on this list will not be filtered to Spam, Junk, or Trash folders. Ensure that both @blizzard.com and @battle.net are added to your email whitelist. For more information about this process, visit our article on Setting Up Email Filters.
Battle.net Authenticators and Mobile Authenticators
The Battle.net Authenticator and Mobile Authenticator offer account security above and beyond your password. There are three types available:
- The Battle.net Authenticator is a physical token, small enough to fit on a key ring.
- The Mobile Authenticator is an application which can be downloaded (often for free) on many mobile phones.
- There's also a Dial-In Authenticator service which allows you to link your phone number to an account and verify your identity with a PIN number that you create.
How Authenticators Protect You
After an account has been linked to an Authenticator, any detection of unusual login (such as a new location or computer) will prompt the user for a unique, temporary code that can only be generated by the Authenticator.
- This ensures that even if someone has somehow learned your password, they cannot fully access your account.
Where To Get Your Authenticator
Battle.net Authenticators are available for purchase on our Blizzard Store, and our Mobile Authenticator application can be downloaded from the website. More information about these devices may also be found in our Battle.net Authenticator FAQ.
End-User Security
Using a Battle.net Authenticator or the Mobile Authenticator application does not negate the importance of end-user system security. It is simply an added layer of protection and should complement (not replace) safe browsing habits and security practices.
