1. World of Warcraft
  2. Account Security and You (Yes, You)

Account Security and You (Yes, You)

by Lylirra Feb 16, 2011 11:52 AM PST
909
Account Security and You (Yes, You)

Some players are dedicated to collecting sets of epic gear while others prefer to make a few quick coins in the auction house.  No matter what style of play you prefer, we want to equip you with the tools and knowledge you need to protect yourself against account compromise. To help get you started, below you'll find a series of tips and suggestions aimed at improving your account and computer security. 

Since we’ve been encouraging account security awareness for quite a while now, you might have already run across some of this information on our Account Security Awareness page, in one of our support articles, or posted by your fellow players here on these forums. We want to make sure that as many players as possible have secure accounts, though, so we encourage you to take some time to read over this refresher, make sure your account is secure, and share these tips and resources with your friends and guildmates, too.


Security Basics

There are a few cardinal "rules" for maintaining a secure Battle.net account. They're simple and straightforward, but they can help ensure that your account information doesn't get into the wrong hands.

  • Never give out your account information. Sharing account information with a family member, friend, guildmate or, worse, a stranger who's promising you a chance to "beta test a new mount" is an easy way to lose control of your account security and experience the tragedy of account compromise. Even if your goal is just to be helpful, allowing someone else to access your account can definitely put it at risk because you can't control how that person will make use of your account information, or how secure their own system might be.

     
  • Be mindful of phishing scams. Phishing scams are designed to trick you into giving out your account information, and they'll usually come in the form of emails or in-game messages that appear to be sent by Blizzard employees. Sometimes these messages encourage you to visit a malicious website, which might contain a web form, or even software that can steal your login information.  In other cases, you may be asked to reply with your account name and password.

    While most of these types of scams are easy to identify -- they'll frequently use poor grammar and spelling, or make outrageous threats about banning your account -- some can be difficult to distinguish from legitimate Blizzard correspondence, so it's important to be cautious of what you click on and when. (Learn more about how to identify these kinds of scams here.)

     
  • Don't use gold selling or power-leveling services. Supporting these types of illicit services is not only against the Terms of Use, but it promotes botting, spamming, and other forms of exploitation -- as well as account theft. While the promise of gold stockpiles and effortless level-85s may be tempting, you could end up paying more than just cash for sharing your account information with these companies. (Also, that gold you're interested in buying? We've found that it's most commonly stolen from compromised accounts and turned around to be sold back to other players. Not cool.)



Going The Extra Mile

In addition to following the security basics, you'll also want to make sure your computer is protected against malicious programs known as "keyloggers." Keyloggers are pretty serious, and they're capable of gleaning information directly from your computer, either by monitoring your keystrokes or by gaining access to important applications like your Clipboard.

The advice listed below will help you combat this type of security risk and maximize your computer's security.
 

  • Grab an Authenticator. The Battle.net Authenticator and Mobile Authenticator are easy ways to add an additional level of security to your account. They work by providing a secure authentication code on command that's unique to your Battle.net account. After an Authenticator is associated with your Battle.net account, the authentication code will be necessary for each client and Account Management login, increasing your protection against account compromising attacks. (They also will provide your characters with an adorable Core Hound Pup companion.)

    The Battle.net Dial-In Authenticator is another handy option. It's a free opt-in service that will actively monitor an account and request additional authorization from you when a potentially unauthorized login attempt occurs.

     
  • Install antivirus and anti-spyware software. There are a number of programs that can help you identify and remove any viruses, Trojans, and/or keyloggers that may sneak onto your computer. If you're unsure of what software might be best for you, check out our support site for a list of recommendations.

    Keep in mind that most antivirus and anti-spyware programs will periodically issue software updates to ensure that they're able to identify the latest malware threats, so be sure to install those updates before beginning any new system scans.

     
  • Keep your operating system up-to-date. If you're using Windows, you can check for the most current updates at any time by visiting the Microsoft Windows Update page, or by clicking Windows Update in the Start menu. If you're a Mac user, you can check for software updates at Apple.com; Apple security updates are also available here.

     
  • Keep your browser and browser plug-ins up-to-date. As with your anti-malware software and computer operating system, you'll want to keep your web browser as up-to-date as possible. In addition to providing more tools and functionality, browser updates can also include new security definitions and a more comprehensive phishing filter (detailed further below).

    Using the most recent versions of your browser plug-ins and applications (like Adobe Flash Player and Adobe Reader) and regularly checking for security updates is also important, because they can sometimes become targets for certain types of malware. A lot of plug-ins and applications will prompt you to update automatically, but it's still a good idea to check the distributor websites on occasion to make sure you're running the latest versions.

     
  • Turn on your browser's phishing filter. Phishing filters work by comparing the websites you visit against a massive database of legitimate (secure) websites and websites that have been identified as potential security risks. If you happen to visit a website that's flagged by your browser's filter, you'll be alerted and given the opportunity to continue onto the page or -- in most cases -- navigate to another site completely. Most popular browsers have built-in phishing filters that are turned on by default, but you can always double-check filter settings/availability in the Tools menu. Additional information about popular phishing filters can also be found here:

Internet Explorer Phishing Filter FAQ
FireFox Phishing and Malware Protection
Opera Fraud Protection
Chrome Phishing and Malware Detection



What If...

While these steps will go a long way to keeping your account secure, if you are unfortunately affected by an account compromise, don't panic. Our in-game, billing, and technical support representatives will work with you to get your account and all associated data safely restored to you. Our Help! I got Hacked! guide goes into all the details, but rest assured that we've got your back (and your lewtz) should you need us.
 

Account security is incredibly important to us, and we hope that it's important to you, too. If you have any additional security recommendations to add to this list, please feel free to share them in the comments!

Tags: Account Security, Security Awareness, Compromise, Protect, Keyloggers, Malware, Scams, Phishing, Scan, Update
Report Post # written by
Reason
Explain (256 characters max)

Reported!

[Close]

Comments (909)

Add a reply
Add a reply
Login to rate
Adiana
Anub'arak
Profile
Adiana
2/16/2011
Ever since my account was hacked I get phishing emails alllll the time. It's true; they have very poor grammar/spelling and make absurd threats about closing my account permanently. Luckily, they make it pretty easy to spot them if you payed attention in English class.
Reply
Login to rate
Kamira
Kargath
Profile
Kamira
2/16/2011
@Adiana: I've never been hacked and I still get the emails. I've never registered at any website for anything WoW-related except Curse.com. But I also have an Authenticator, and have never had a problem anyway (good passwords are easy when you know what's necessary).
Reply
Login to rate
Vahlena
Shu'halo
Profile
Vahlena
2/17/2011
@Kamira: curse.com has soooo many key logers on there downloader. dont ever use it.
Reply
Login to rate
Ladormrath
Alleria
Profile
Ladormrath
2/16/2011
Get the mobile Authenticator its free and it comes with the core hound!
Reply
Login to rate
Incineratur
Elune
Profile
Incineratur
2/16/2011
Authenticator=Win.

Not only does it protect your account but also your battle.net account.

Just buy one....
Reply
Login to rate
Grius
Ysera
Profile
Grius
2/16/2011
How you know he was from china? lol.....I love how ingrained the populace is -- folks use the term "chinese farmers".....they honestly believe that 100% of the farming is done in china. And spare me the "yeah but most of it is"....yeah and water is wet...want to be more obvious since the largest group of players is in china isn't that kind of common sense?
Reply
Login to rate
Gwynmael
Magtheridon
Profile
Gwynmael
2/16/2011
Unfortunately, a truly strong password isn't possible for World of Warcraft, nor battle.net in general. Why you ask? Blizzard does not distinguish twixt upper and lower case in passwords - so if you really want to be safe, get that authenticator. And let us raise our glasses in hope that Blizzard will enable passwords to have that mix of upper and lower case in the future!
Reply
Login to rate
Rinxx
Sen'jin
Profile
Rinxx
2/16/2011
Grab a Battle.net Authenticator it will save your account it worked for me !!!!
Reply
Login to rate
Hitmán
Kil'jaeden
Profile
Hitmán
2/16/2011
@Rinxx: I got hacked twice, both times when i removed my authenticator lol
Reply
Login to rate
Raìnbowdash
Azjol-Nerub
Profile
Raìnbowdash
2/16/2011
To add to all this, maintaining a strong password is also vital should you decide not to buy an Authenticator. It seems like a no-brainer, but speaking as a former Information Security guy, you see it a lot, and it happens a lot more than you'd think.

Having a strong password doesn't guarantee that you won't get hacked of course, but it does drastically reduce the likelyhood of it. A strong password (in my definition) is one that's at minimum 8 characters long, has at minimum two capitalized letters, two numbers, and two special charaters. For example: !Y0uNoTakeC4nd13!

It might be somewhat of an inconvenience to have and type in a long and elaborate password, but the few extra seconds you take to type it in may save you days or even weeks of waiting to recover a compromised account. Not to mention any other personal information the hacker might obtain. Well worth the inconvenience if you ask me.

Best of luck everyone~
Reply
Login to rate
Ashling
Stormscale
Profile
Ashling
2/16/2011
@Cirno: In addition, do NOT use the same password for all of your different log-ins! I keep a note book on my desk with the different log-ins for my banking, bill pay, emails, etc. Each of them is *different* so if one is compromised, I don't lose my whole bloody life. Nor do I have to spend days helping technologically challenged family members fix their computers since they have been taught to do the same....
Reply
Login to rate
Gioldguy
Eitrigg
Profile
Gioldguy
2/16/2011
@Ashling: So lets just "Hypothetically" say i broke into your house...where would this notebook be held? :P
Reply
Login to rate
Owyn
Echo Isles
Profile
Owyn
2/16/2011
@Ashling: Indeed. I'm somewhat shocked that they didn't mention this. I assumed that most people know this, but every time someone I know gets hacked... it's because they use the same password and login everywhere.

For games like this, it's common for people to also register on fan sites. I had a friend that had his banking, game account, Steam account, and email account compromised because of the single password naivety. He never got back his Steam account, but managed to get back the others with a lot of time and hassle.
Reply
Login to rate
Leroyyrogers
Blackrock
Profile
Leroyyrogers
2/16/2011
The authenticator is the #1 tool, hands down, and is nearly 100% foolproof. Authenticators range in price from inexpensive to FREE. There is NO EXCUSE not to have one.
Reply
Login to rate
Faryl
Doomhammer
Profile
Faryl
2/16/2011
I got hacked about a year ago. Blizzard was very good about getting back all the things the hacker sold and got rid of. As a plus, the hacker was using my paladin to farm for ore. They didn't get a chance to sell it/send it to themselves and so, not only did I get all my stuff back, but I got hours worth of farming materials for free. Not too shabby.

I don't think that security for a game this huge will ever be perfect. There are a lot of stupid people out there who don't have common sense so it'll keep happening.

Having the authenticator come with Cataclysm would have been nice but I really don't blame them for not doing that. It's all a part of marketing. I'd do the same if I were Bliz.
Reply
Login to rate
Tekemay
Aggramar
Profile
Tekemay
2/16/2011
I bet someone will find this article offensive too.
Reply
Login to rate
Lorinall
Greymane
Profile
Lorinall
2/16/2011
@Tekemay: wat
Reply
Login to rate
Solder
Greymane
Profile
Solder
2/16/2011
@Ismashudie: She's referring to the fact that people whine about Ghostcrawler's "Heroics are hard!" post and claim that it's disrespectful.
Reply
Login to rate
Tacuachoiiad
Duskwood
Profile
Tacuachoiiad
2/16/2011
i love this game kime me on home lolz..:)
Reply
Login to rate
Darkgunnerds
Mok'Nathal
Profile
Darkgunnerds
2/16/2011
When I get a phishing e-mail I forward it right to the help I got hacked e-mail address. That helps Blizzard go after them. I also report in game spam i.e gold sellers and people asking for login or passwords. And I did buy a Authenticator.
Reply
Login to rate
Atillathepun
Detheroc
Profile
Atillathepun
2/16/2011
Free! BAH! Get out of that rut and take some responsibility upon yourselves. If you're not willing to buy and Iphone -or- pay for the Authenticator, then FRANKLY, you must not want it that much. Don't expect Blizzard to come to your home and hand deliver an Authenticator with a piece of cake and an apology about oh.."How they should have never considered charging for something that people want." Auugh.. I'm ranting again.
Sorry, security is a real touchy issue and the reason it's a problem is because individuals won't accept accountability for what they do and don't do. Work and/or home. <sigh>
One more point. Those websites that sell gold. If you use them, you encourage MORE spamming and MORE account theft. Even if these companies didn't steal it from accounts, they affect things like the AH to generate their gold. No matter how you slice it, it degrades the challenge and fun of the game. <auugh, I'm ranting again.> Good NIGHT!
Reply
Login to rate
Theluggage
Mal'Ganis
Profile
Theluggage
2/16/2011
@Atillathepun: You're missing the point with the authenticator. Nobody is saying that Blizzard is _obligated_ to provide people with an authenticator. I agree that if people don't care about account security then they shouldn't blame others.

However, it would have been nice and probably easy for blizzard to ship authenticators with Cataclysm, and it would have helped with account security, which blizzard obviously cares about.
Reply
Login to rate
Auroris
Runetotem
Profile
Auroris
2/16/2011
@Atillathepun: Soooo agree. And if people still need to complain, why don't they just get the Battle.net Dial-In Authenticator? It's better, I think. Easier to recover your account (and people act like getting hacked loses everything..Blizzard restores things), plus it's not an every-time-you-log-in thing.
Reply
Login to rate
Grius
Ysera
Profile
Grius
2/16/2011
@Auroris: Your attitude is a bad one....what am I referring to? Well the attitude of "yeah but blizz restores it so no biggie really".....Blizzard has said many times -- they do take note of how often an account gets hacked...and while they don't publish a "magic number" they have stated if an account is hacked an excessive amount of time they may refuse to restore the account.
Reply
Login to rate
Atillathepun
Detheroc
Profile
Atillathepun
2/16/2011
@Theluggage: I see your point, but your sidestepping the issue. The issue isn't the Authenticator, the issue is PEOPLE WANT IT FOR FREE. Do you think Blizzard sat down and produced some miracle while in the bathroom? No. It had to go through significant SW design and testing. Not to mention a severe reliability testing just to ensure that those who added the Authenticator wouldn't be affected by synchronization lost or other catastrophic events. The common excuse is "Blizzard makes enough money". Get a dose of reality. The small amount Blizzard charges for it and forgoes the shipping does little to cover the cost of all the development that goes into something like this.
While it sounds like a good idea on the surface, and it does really, it probably didn't fit Blizzard's support model at the time. Providing an authenticator in the box would have REALLY just raised the total price a tad (say 6 or 7 bucks) and people would have balked at having to PAY for the authenticator that way. Not to mention the option of getting the Cata via download, how do you handle them? No, the simple and short of it is, if you want it, buy it.
While Blizzard is in the Entertainment industry, they are a corporation. <auugh Starting to Rant again> **presses post, then goes stands in a corner**
Reply
Login to rate
Gioldguy
Eitrigg
Profile
Gioldguy
2/16/2011
@Atillathepun: OMG you are so right....you were ranting..
Reply
Login to rate
Zathael
Bloodscalp
Profile
Zathael
2/16/2011
I agree with Guthan.
Blizzard shouldn't be so cheap (no offence).
They make enough money already and adding an authenticator in the Cataclysm expansion box would've been really appreciated.
+ It would help prevent people from being hacked which would save time for there employee's.
Reply
Login to rate
Roseyy
Eonar
Profile
Roseyy
2/16/2011
@Zathael: that's bogus, then they would have to charge more for the boxed version, pay the $6.50 don't be so damned cheap, or buy an ipod touch/phone and quit complaining about it
Reply
Login to rate
Kutzak
Nesingwary
Profile
Kutzak
2/16/2011
@Zathael: Plus, if you get the authenticator and take a sweet screenshot with your awesome little core hound pup pet, you might win an iPad. I'd say thats worth $6.50. Aside from that, imagine if you made monthly investments of $15 into a bank account. If someone told you that you could safeguard that account that you have invested hundreds, maybe thousands, of dollars in for a mere $6.50. Thats a sweet deal in my book.
Reply
Login to rate
Gatorbait
Executus
Profile
Gatorbait
2/16/2011
@Roseyy: just about any smart phone will work.. i have a android phone and i use a authenticator on it... i love it
Reply
Login to rate
Howller
Draka
Profile
Howller
2/16/2011
@Zathael: actually I got hacked - my gmail was hacked via China and then sold to someone in the states and from there they accessed my WoW acct. This all happened over Thanksgiving while I was afk for 4 days.

I was new to WoW but not new to acct security as I have been in IT for 12 yrs. I hadn't heard of authenticators but I quickly downloaded one and had my wife do the same before she had an issue.

To the point though - Blizz was great and had me and all my alts (they all had items and gold missing as well as the guild vault that I was an officer of) restored and they mailed me a FREE authenticator. I keep it as a backup if I every lose my phone to activate.
They aren't cheap, they offer services via PDAs (yes not everyone has one but PDAs did OUTSELL PCs last yr) plus Dial-In, and in many cases they have shipped free Authenticators.
Reply
Login to rate
Jacksrage
The Scryers
Profile
Jacksrage
2/18/2011
@Howller: I mean yes it is "FREE" on a smart phone. . . but think about it, a smart phone isn't free . . . not everyone has one. Me personally. . . I have a Droid 2 and have the authenticator
Reply
Login to rate
Pursang
Gurubashi
Profile
Pursang
2/16/2011
How about Blizzard takes some responsibility for security? It doesn’t take a mesa to figure out that peer to peer networks are not safe. Stop showing my ip address to every hacker that connects to your patch download. A packet sniffer later and you have my email address. A little brute force work and you are logged into my account. Stop trying to force everyone to buy you authenticators and fix your security.

As another added bonus. How about make everyone verify password changes with an email before you give away the farm. At least then the thieves would have to break into my email and my blizzard account to get to my stuff.

Blizzard, stop passing the buck to the players. EVERYONE has to be mindful of security for this to work. How about you get on board and help your player base!
Reply
Login to rate
Morrigna
Perenolde
Profile
Morrigna
2/16/2011
Use common sense, if it sounds too good to be true then its a scam, get antivrius and antispyware software, use Microsoft's Security Essentials, its free and does a decent job. I resisted getting an authenticator for years, i never had my acct hacked or anything like that, its just the scams are getting out of hand, plus i like the little core hound that came with it.
Reply
Login to rate
Cramped
Tanaris
Profile
Cramped
2/16/2011
anyone think that hack victims should get the stuff they lost back including the stuff if the hacker sold all your armor, bags, and destroyed unsellable stuff if it all happened suspiciously like it all happening in just a few minutes - everyone knows where i'm going right?
Reply
Login to rate
Deltorae
Shadowsong
Profile
Deltorae
2/16/2011
@Cramped: you usually have to e-mail blizz to try and get your stuff back. I got hacked two years ago and got my stuff back by doing this.
Reply
Lylirra
View posts
Lylirra
2/16/2011
@Cramped: If an account is reported as compromised, our support representatives will work to restore as much as they can, in many cases, we're able to return everything that was maliciously taken, sold, or destroyed. It's just important that those who think they might be hacked contact us as soon as possible. The quickest way is through the Account Recovery web form:

https://us.battle.net/account/support/account-recovery.html
Reply
Login to rate
Pamarack
Blackwater Raiders
Profile
Pamarack
2/16/2011
Authenticator. easy.
Get an android/iphone. and their free.
Reply
Login to rate
Banken
Galakrond
Profile
Banken
2/16/2011
@Pamarack: since when were androids and iphones free? Please don't post misleading information. The only true free authenticator is the Telephone one. Also I wouldn't use the android or iphone as an authenticator if something would have happen to it and you need to reset it. you have to contact Blizzard to have it removed and then you readd it again. I suggest spending the $7 for the true Authenticator.
Reply
Login to rate
Guthan
Maelstrom
Profile
Guthan
2/16/2011
They should have given everyone a free authenticator in the cataclysm box...
Reply