gothamhunter
Diamond Member
- Apr 20, 2010
- 4,466
- 6
- 81
Nothing for you, just more people with a mob mentality fear mongering.
No need to be snarky. I want to know what he's referring to, since he doesn't mention it in his post.
Nothing for you, just more people with a mob mentality fear mongering.
I value my battle.net account so I do whatever is necessary to protect it. It's definitely not 'just a game' for me. I poured thousands of hours of my life over the past eight years for progressing my characters in WoW. I really don't want my account compromised, so I spent the $6.50 or so for an authenticator as soon as they were out a couple of years ago.
This is a very simple concept, no?
No need to be snarky. I want to know what he's referring to, since he doesn't mention it in his post.
I hate it when people say that.
NO, it's NOT just a game. It stops being "just" a game when someone dedicated many hours of their life to this, sometimes days... months.. years... Money, physical and mental effort, etc etc. People "pay" for this with their health and days of their life... Health and time that will never come back. IMO, that's a lot more valuable than any amount of money.
but it's friday. ;(
Was referring to this:
"Battle.net locks me out and disables my login, requiring me to change my password if it detected me logging in from a different IP address than usual, even with the correct password entered and authenticator attached. How's that?"
Mainly because Blizzard pretty much LOCKS your account if you try to login and authenticate using a different IP (happened to me when I tried to play SC2 at a lan party in a different city. Had to call support to get it unlocked), the only way the owner would NOT get notified is if this was a session hack.
Because in a normal account compromising scenario, you'd get an e-mail about your account being disabled due to "suspicious behavior", not to mention not just your main character, but all your mules and alts would have been cleared out as well. Referring to a few posts back, you can see "new" people in your recently played with list as well.
Again you can take all the hacking stories with a grain of salt, but you should protect your account regardless of what he-said-she-said. I always assume the worst and that the game is already compromised, but i have already applied the most security I could to my account and there's nothing else I can do to make it more secure (short of making a 20 character password that I can't remember).
My account password is longer than 10 characters, not sure where you're getting that from. But yeah the 2 recovery max thing sounds like BS, my WoW account was hacked once and they added an authenticater to it so I guess I only have one recovery left.
That's really bad. I hate the fact that these companies are REQUIRING "secret questions", which in truth, are simply another challenge-response pair, essentially a secondary password to gain access to your account. And unfortunately, they are generally less cryptographically secure than the primary password, and they are also essentially permanent, based on what you are saying about Blizzard's policies regarding changing the secret question.
Then there is the issue, of pre-made questions for the "secret" question, which ask real-life things, which could potentially be learned, with a little googling, or if you are friends with the person on their Facebook account, or know the person.
It's very troubling to me. It just seems like REALLY BAD password security.
Your post was good, except that I don't think a 10 character password is "ridiculous" - it's plenty secure (assuming they don't allow brute force password attacks).
So, I got "hacked" a few days ago. I just set up a brand new computer / fresh OS install, I just installed the game for the first time, I updated my account password (what is it, 10 characters maximum or something like that? ridiculous), I don't share my account with anyone, and I don't visit any unscrupulous websites or download anything questionable.
Anyway, I contacted Blizzard to see what could be done. The informed me that there are a LIMITED number of account recoveries that can be performed per account, per LIFETIME. Basically, two recoveries and you're SOL.
Furthermore, they can only recover to a state that was previously saved for recovery purposes, meaning that they may have to roll back significantly further than you want. In my case, I'd be losing several levels, items, etc., despite having played for several solid days before being hacked, and then waiting a couple of days after being compromised (I took a three-day break from the game, and came back to find everything gone).
Finally, they informed me that once you hit your account recovery limit, your account will be permanently banned from the cash auction house. That makes some sense to me - it stops people with poor security practices from constantly causing Blizzard and credit card companies recurring headaches - but it also means that if you just so happen to get hacked twice for no apparent reason, you're SOL once again.
I asked them NOT to roll back my account, given the strict policy, and instead asked them if they could update my secret question (figuring that this could be one avenue for compromises), since they don't allow you to change it yourself. They refused.
Overall, I'm pissed. I'm not pissed about the items and gold that I lost - no big deal. I'm pissed about Blizzard's ridiculous policies. Their games are popular, accounts are tied to other games like WoW, and there's even real life money involved (cash auction house - soon). That makes each and every account a tantalizing target for idiots out there.
Worst of all, I still have no idea how my account got compromised, so I don't even know what to do to prevent it in the future. I've changed my password again, but who's to say that will make a difference?
I guess the IP check is not in play for compromised accounts. If my account was 'hacked' because someone else obtained my username / password, why didn't the IP check kick in and notify me / lock them out?
Meh, people are complaining that the Internet is insecure.
Blizzard offers a solution, the authenticator, a 2-factor system. It's out of band since it requires a time-based code from your phone, making it much harder to a hacker to get both pieces of information.
People bitch that this is too hard.
The Internet is inherently insecure, and any site you use that only requires a password to login is also insecure to a determined and capable attacker. Blizzard is a big target and has real hacking problems, so they offer the next stage in security to deter those. There's not really much else they can do; security is hard. No software is free of bugs, most protocols are susceptible to a man in the middle attack with enough effort, and they certainly can't do anything about your passwords being compromised by other means (ie, flash exploit on a website, a database where you reused a password being compromised, etc).
Accept the realities of the world, because no one has figured out a better system of ease v security than what blizzard is offering, and even security companies frequently get it wrong.
1) Making players a target by monetising their virtual items.
2) Creating a system where all accounts (even singleplayer) are vulnerable to attack.
IMO they should have shipped a free authenticator with every copy of the game and made them mandatory, most banks will force this for online banking now for similar reasons.
Blizzard is really going down the toilet. Whether it is Activision's poor practices towards the consumer having a trickle down effect