1. World of Warcraft
  2. Account Security and You (Yes, You)

Account Security and You (Yes, You)

by Lylirra Feb 16, 2011 11:52 AM PST
909
Account Security and You (Yes, You)

Some players are dedicated to collecting sets of epic gear while others prefer to make a few quick coins in the auction house.  No matter what style of play you prefer, we want to equip you with the tools and knowledge you need to protect yourself against account compromise. To help get you started, below you'll find a series of tips and suggestions aimed at improving your account and computer security. 

Since we’ve been encouraging account security awareness for quite a while now, you might have already run across some of this information on our Account Security Awareness page, in one of our support articles, or posted by your fellow players here on these forums. We want to make sure that as many players as possible have secure accounts, though, so we encourage you to take some time to read over this refresher, make sure your account is secure, and share these tips and resources with your friends and guildmates, too.


Security Basics

There are a few cardinal "rules" for maintaining a secure Battle.net account. They're simple and straightforward, but they can help ensure that your account information doesn't get into the wrong hands.

  • Never give out your account information. Sharing account information with a family member, friend, guildmate or, worse, a stranger who's promising you a chance to "beta test a new mount" is an easy way to lose control of your account security and experience the tragedy of account compromise. Even if your goal is just to be helpful, allowing someone else to access your account can definitely put it at risk because you can't control how that person will make use of your account information, or how secure their own system might be.

     
  • Be mindful of phishing scams. Phishing scams are designed to trick you into giving out your account information, and they'll usually come in the form of emails or in-game messages that appear to be sent by Blizzard employees. Sometimes these messages encourage you to visit a malicious website, which might contain a web form, or even software that can steal your login information.  In other cases, you may be asked to reply with your account name and password.

    While most of these types of scams are easy to identify -- they'll frequently use poor grammar and spelling, or make outrageous threats about banning your account -- some can be difficult to distinguish from legitimate Blizzard correspondence, so it's important to be cautious of what you click on and when. (Learn more about how to identify these kinds of scams here.)

     
  • Don't use gold selling or power-leveling services. Supporting these types of illicit services is not only against the Terms of Use, but it promotes botting, spamming, and other forms of exploitation -- as well as account theft. While the promise of gold stockpiles and effortless level-85s may be tempting, you could end up paying more than just cash for sharing your account information with these companies. (Also, that gold you're interested in buying? We've found that it's most commonly stolen from compromised accounts and turned around to be sold back to other players. Not cool.)



Going The Extra Mile

In addition to following the security basics, you'll also want to make sure your computer is protected against malicious programs known as "keyloggers." Keyloggers are pretty serious, and they're capable of gleaning information directly from your computer, either by monitoring your keystrokes or by gaining access to important applications like your Clipboard.

The advice listed below will help you combat this type of security risk and maximize your computer's security.
 

  • Grab an Authenticator. The Battle.net Authenticator and Mobile Authenticator are easy ways to add an additional level of security to your account. They work by providing a secure authentication code on command that's unique to your Battle.net account. After an Authenticator is associated with your Battle.net account, the authentication code will be necessary for each client and Account Management login, increasing your protection against account compromising attacks. (They also will provide your characters with an adorable Core Hound Pup companion.)

    The Battle.net Dial-In Authenticator is another handy option. It's a free opt-in service that will actively monitor an account and request additional authorization from you when a potentially unauthorized login attempt occurs.

     
  • Install antivirus and anti-spyware software. There are a number of programs that can help you identify and remove any viruses, Trojans, and/or keyloggers that may sneak onto your computer. If you're unsure of what software might be best for you, check out our support site for a list of recommendations.

    Keep in mind that most antivirus and anti-spyware programs will periodically issue software updates to ensure that they're able to identify the latest malware threats, so be sure to install those updates before beginning any new system scans.

     
  • Keep your operating system up-to-date. If you're using Windows, you can check for the most current updates at any time by visiting the Microsoft Windows Update page, or by clicking Windows Update in the Start menu. If you're a Mac user, you can check for software updates at Apple.com; Apple security updates are also available here.

     
  • Keep your browser and browser plug-ins up-to-date. As with your anti-malware software and computer operating system, you'll want to keep your web browser as up-to-date as possible. In addition to providing more tools and functionality, browser updates can also include new security definitions and a more comprehensive phishing filter (detailed further below).

    Using the most recent versions of your browser plug-ins and applications (like Adobe Flash Player and Adobe Reader) and regularly checking for security updates is also important, because they can sometimes become targets for certain types of malware. A lot of plug-ins and applications will prompt you to update automatically, but it's still a good idea to check the distributor websites on occasion to make sure you're running the latest versions.

     
  • Turn on your browser's phishing filter. Phishing filters work by comparing the websites you visit against a massive database of legitimate (secure) websites and websites that have been identified as potential security risks. If you happen to visit a website that's flagged by your browser's filter, you'll be alerted and given the opportunity to continue onto the page or -- in most cases -- navigate to another site completely. Most popular browsers have built-in phishing filters that are turned on by default, but you can always double-check filter settings/availability in the Tools menu. Additional information about popular phishing filters can also be found here:

Internet Explorer Phishing Filter FAQ
FireFox Phishing and Malware Protection
Opera Fraud Protection
Chrome Phishing and Malware Detection



What If...

While these steps will go a long way to keeping your account secure, if you are unfortunately affected by an account compromise, don't panic. Our in-game, billing, and technical support representatives will work with you to get your account and all associated data safely restored to you. Our Help! I got Hacked! guide goes into all the details, but rest assured that we've got your back (and your lewtz) should you need us.
 

Account security is incredibly important to us, and we hope that it's important to you, too. If you have any additional security recommendations to add to this list, please feel free to share them in the comments!

Tags: Account Security, Security Awareness, Compromise, Protect, Keyloggers, Malware, Scams, Phishing, Scan, Update
Report Post # written by
Reason
Explain (256 characters max)

Reported!

[Close]

Comments (909)

Add a reply
Add a reply
Login to rate
Whiskyjack
Caelestrasz
Profile
Whiskyjack
10/2/2011
@Shohan: 6 P's of success - Prior Planning Prevents Piss Poor Performance :D
Reply
Login to rate
Deathvolt
Deathwing
Profile
Deathvolt
3/13/2012
@Propstab: If that happens all you need is your Security Question answer and you can change it in minutes. The first time that happened to me it did take me 45 mins and a phone call but as long as you remember your question it takes 5 mins and isn't much of a hassle compared to losing your account
Reply
Login to rate
Alailtiaroot
Elune
Profile
Alailtiaroot
9/28/2011
I have to agree with others here, I want to have to enter my authenticator number each time I log in. It would be nice if Blizzard can make this an option for those of us who want this feature, or, if that isn't possible, explain how my account is just as secure when I am not asked for my authenticator number each time.

Also, please change the user ID to something other than our e-mail address.
Reply
Login to rate
Lekara
Tanaris
Profile
Lekara
9/28/2011
@Alailtiaroot: +1, please make this an option, Blizzard!
Reply
Login to rate
Kylär
Argent Dawn
Profile
Kylär
9/28/2011
@Alailtiaroot: Hey, a suggestion for your email issue is pretty simple. There are quite a few email services out there, like gmail and yahoo, that are totally free. i just went and made a free gmail account with a name specifically geared for WoW, and the only thing I use it for is WoW. That way I don't get any sort of spam, and the only communication I receive in that account is from Blizzard. hackers can't hack and spammers can't spam if you don't give them the email amiright?
Reply
Login to rate
Frankenfurtr
Darkspear
Profile
Frankenfurtr
9/28/2011
@Alailtiaroot: well this actually make sit more secure seeming as it addresses an issue they were having. they found out that people figured a way to intercept the package that was your code, and while you were sitting there scratching your head as to why you code didn't work some hacker was using an automated service to completely take your entire account. SO if you dont have to put in your code every time you log on, and only the computer you last authorized to log in can, then it solves the issue of hackers trying to steal your authenticator codes. you should realy do more research before you start demanding changes. they way they are doing things now is the most secure yet.
Reply
Login to rate
Sotheby
Windrunner
Profile
Sotheby
9/29/2011
@Alailtiaroot: There is a way to do what you want, all you have to do is copy the following text into a file:

---------------- Begin Text ----------------
REGEDIT4

[-HKEY_CURRENT_USER\Software\Blizzard Entertainment\Battle.net\Authenticator]
---------------- End Text ----------------

and save it on your desktop as authenicator.reg. Double clicking on this file will cause regedit to delete the registry key where WoW saves the authenticator hash codes. Do this every time you exit the game, and it'll always ask for an authenticator code.

The way this works is the '-' character between the '[' and the "HKEY..." on the last of the three lines. That means delete, and so this deletes the named key.

To see how the game changes things, navigate down to that key, and then manually delete the subkeys it contains. Next time you start the game, you'll be asked for a code by the game. Enter it, and then shut down the game. Navigate there again, and you'll see how it's added a new subkey, that's the hash code.
Reply
Login to rate
Palliwhacker
Darkspear
Profile
Palliwhacker
9/29/2011
@Sotheby: Yes but that'd only force his computer to put in the authenticator key every time, not other computer, which would be the issue.
Reply
Login to rate
Smokeybones
Kilrogg
Profile
Smokeybones
9/28/2011
I know people that have been hacked that indeed HAVE an authenticator. I think real ID is an awesome feat but I'm not comfortable with it displaying my real name. That in itself creates hassle. At least for those of us who want to maintain a little bit of mystery but still want to group with guildies. I do have toons that are in massive guilds and I'd like for them all to be real ID buddies but not all of them need to know what my real name is. That's my qq.
Reply
Login to rate
Frankenfurtr
Darkspear
Profile
Frankenfurtr
9/28/2011
@Smokeybones: if you dont like it then dont give out your real id. simple as that. dont !@#$% about something when they gave you an OPTION
Reply
Login to rate
Evertap
Proudmoore
Profile
Evertap
9/28/2011
@Smokeybones: I would 100% agree with this. I have a friend in-game who has maybe 10+ toons and instead of flooding my friends list I just asked him to real-ID. Well as much as I love this mechanic because how much it cuts down on my friends list, that person now knows my full name and if i decide to delete him... who says he didn't write it down?
Reply
Login to rate
Begginbits
Cairne
Profile
Begginbits
9/29/2011
@Evertap: Yeah except its not called "convenience Id" its called "Real-ID". The point of it is to add your real friends to it.
Reply
Login to rate
Victorialee
Vashj
Profile
Victorialee
9/27/2011
I just got a whisper....saying I was trading with the wrong people and that they were going to close my account.....I have no clue what they are talking about!!!!! and that I had to check my accout!!!!! well I did and I see nothing.
Reply
Login to rate
Lostchipmunk
Stonemaul
Profile
Lostchipmunk
9/27/2011
@Victorialee: They are most likely hackers, dont listen to them!
Reply
Login to rate
Anatole
Tanaris
Profile
Anatole
9/28/2011
@Lostchipmunk: Not so much "hackers" as just plain scammers, and stupid ones at that.
Reply
Login to rate
Deathicious
Drak'thul
Profile
Deathicious
9/27/2011
I remember back on my 4th day of wow (yes, 4th day, when i was a n00b) i was fooled by a fake blizz-whisper and got hacked, luckly, i submitted a ticket right away and got my account back in a hour. With everything the way it was (and, thankfully, having only a lvl25 mage at the time, there was almost nothing to lose, except account info). When it comes to hacks, Blizz acts IMMEDIATLY! thank you, again, blizzard, for helping me on that day
Reply
Login to rate
Deathicious
Drak'thul
Profile
Deathicious
9/27/2011
@Deathicious: Btw, they CLOSED my account 2 minutes after i submitted a ticket (which was about 2 minutes after the hack), they didnt wait a hour. thats how long my account was down to fix the problem. (all in all, the hacker had like 5 minutes only on my account)
Reply
Login to rate
Ariogog
Stonemaul
Profile
Ariogog
9/28/2011
@Deathicious: Unfortunate to say, but 5 minuts is just enough time to vendor all of yer gear and mail/trade away all yer gold to another person. Fortanate to say, blizz will return all lost items, but just for pure spite for someone trying to get there stinkey untrimmed hands on my acc, its still pretty annoying to get hacked
Reply
Login to rate
Catmondoo
Detheroc
Profile
Catmondoo
9/20/2011
Is my D3 paypal account going to be protected by my authenticator? plz say yes...
Reply
Login to rate
Kilshot
Frostmourne
Profile
Kilshot
9/12/2011
I myself have been hacked twice this year..i think a good suggestion to blizz to stop people QQing about the authenticator's is too make it an option in your battle.net account to either ask everytime u log in or ask only when u change comps or what ever
Reply
Login to rate
Lostchipmunk
Stonemaul
Profile
Lostchipmunk
9/27/2011
@Kilshot: Um actually.. They changed it to if you constantly log in from a different IP address they dont ask you for it.. If you change IP addresses it does....
Reply
Login to rate
Ariogog
Stonemaul
Profile
Ariogog
9/28/2011
@Lostchipmunk: you mean that if you log onto one IP over and over again, it dosnt ask, and if you change it, it will ask?
Reply
Login to rate
Shohan
Blackwater Raiders
Profile
Shohan
9/30/2011
@Ariogog:Bingo!
Reply
Login to rate
Dahkafgarm
Frostwolf
Profile
Dahkafgarm
9/11/2011
distory all of u u bean hack?....
Reply
Login to rate
Imabaadboyy
Boulderfist
Profile
Imabaadboyy
9/11/2011
ok...ok...ok...wtf is going on
Reply
Login to rate
Gladous
Darkspear
Profile
Gladous
9/11/2011
OMG.. FOR ME?!?!
Reply
Login to rate
Zxyz
Durotan
Profile
Zxyz
9/10/2011
i missed the cost, what is it?
Reply
Login to rate
Broskibro
Stormreaver
Profile
Broskibro
9/10/2011
!@#$ up all u nonbelivers
Reply
Login to rate
Elvyra
Khadgar
Profile
Elvyra
9/10/2011
I really hope people from Blizzard read these posts because i rarely post but the authinicator thing has really upset me. I had no idea at first that they canged it and i started freaking out thinking my account has been compromised because it didnt ask for my code every time i logged in. I paid the money to feel secure with the authinticator and now they changed "my security" after i paid for it to do a certain task. They need to change it back, its not appreciated by me and as i can see, from every one else too. I also agree with Fragl, since we use the real id and give out our emails now over WOW, even if its to "trusted" friends and family, we need to be able to change our log in from our email to something more secure.
Reply
Login to rate
Protocus
Sisters of Elune
Profile
Protocus
9/10/2011
@Elvyra: I agree with this strongly, but now since the Authenticator doesn't ask for a code ALL the time, you can tell that everything is going nice and secure with your account. A code is normally only asked to keep the location verified now. When a person using a different computer tries to get into your account, they will still have to enter an authenticator code. You will most likely have to enter a code upon your next login due to that.
Reply
Login to rate
Shohan
Blackwater Raiders
Profile
Shohan
9/30/2011
@Protocus: It is NOT based on computer/console differences!! It IS based on IP address! I use a Laptop at different places, I.E. Work, family houses, hotels what ever and i still have to enter it everytime! In fact I wish they can link the authenticator to my computer and the account or give me the option to or to change my lock out password/question combo because i cannot remember it after several years and only way to unlock it is to have my original game authentication code! I Just LOVE that!!
Reply
Login to rate
Jeannettë
Nazjatar
Profile
Jeannettë
9/10/2011
I agree Blizz ruined the game by making it too easy and fast to level/play. Even my blind friend has a level 85. He kicks !@# in pvp. This game is not worth the monthly price to play. Can i get a refund? You can have all my toons and boa's back. TY
Reply
Login to rate
Quisque
Caelestrasz
Profile
Quisque
9/29/2011
lol@Jeannettë: are you a troll or a tard?
Reply
Login to rate
Shohan
Blackwater Raiders
Profile
Shohan
9/30/2011
@Quisque: ROFLMFAO
Reply
Login to rate
Fragl
Greymane
Profile
Fragl
9/10/2011
This is all well and good, and I'm sure most players keep their computers up to date. But game security is Blizzard's responsibility since it's Blizzard's game. I have a few suggestions for Blizzard to increase security:

1. Stop using email addys as log-ins!! Let the user create his/her own username.
2. Increase the strength of passwords.
A. 8-12 characters minimum
B. Enforce a combination of letters, numbers and special characters. At least one capitol letter and one number and do not restrict special characters to punctuation.

I understand it is a joint responsibility, but Blizzard shares the bulk of it. The authenticator is a good idea (I have one), but making your customers pay for an "extra level" is a cop out, IMHO.
Reply
Login to rate
Pallyprot
Antonidas
Profile
Pallyprot
9/29/2011
@Fragl: Get a smartphone its a free app
Reply
Login to rate
Kektora
Mannoroth
Profile
Kektora
9/29/2011
@Fragl: http://xkcd.com/936/
Reply
Login to rate
Jaxom
Skywall
Profile
Jaxom
9/10/2011
Like many others here I also resent having paid for the extra level of security against someone logging in from my computer who may have been able to figure put my password (i.e. family member). Also having to change password just because I log in from a different location would be unnecessary if the authenticator has to be used every time for log in.
Reply
Login to rate
Frankenfurtr
Darkspear
Profile
Frankenfurtr
9/28/2011
@Jaxom: you dont want to have to use the authenticator to log in every time. hackers found a way to intercept the package that was your authenticator code. now its safer the less you have to put it in.
Reply
Login to rate
Årugal
Saurfang
Profile
Årugal
9/10/2011
The authenticator good 'n' all but new changes are bad I mean I can Remote desktop access account without needing authenticator code after I loged in on main pc I think blizz needs to think over authenticator and force code all time! BTW turn off your remote desktop access and firewall block it for extra security guys.
Reply