Blizzard Offers Security Advice for Battlenet

Blizzard offers security advice for Battlenet and other internet accounts.

Just about all of us have either been hacked or know someone who has been hacked. It's a familiar story and, while Blizzard is very good about restoring someone's character, it's still very annoying and inconvenient.

What is somewhat more serious is that if your WoW account was hacked, there's a decent chance you could have other compromised accounts with more vital information, such as banks or credit card companies.

Blizzard recently released a bit of advice for people when making internet accounts. In short, don't use the same password for everything, because if someone breaks one account, they've broken them all.

A good strategy for someone who wants security but doesn't want to have to remember all these different passwords is to use a base and a salt. A salt is an extra part of a password that you tag onto the end. It will be different for every account you use.

A strong password will contain letters, both upper and lowercase as well as numbers and special characters. A good way to get a strong password you'll remember is to create a sentence, use the first letter of every word, mixing up letters and numbers and upper and lowercase. The result is a strong password that is still easy to remember. It should be at least eight characters long.  You can also just use random keys; it will be harder at first to remember, but it doesn't take too long and it'll be just as easy to type as your old password.

When you have your base password, simply add a salt to it. The salt should be something that you will remember for any given site, but is not super easily guessed. Remember that you're mainly defending against bots, who can't guess salts at all, so it doesn't have to be something really arcane.

We will have a follow up to this story with more advice to assist you in securing all your internet accounts and computer!

-Xsarus

Comments

Post Comment
What do you want them to do?
# Aug 16 2010 at 5:05 PM Rating: Good
Ghost in the Machine
Avatar
******
36,443 posts
The gold spammers are most likely using trial accounts and dynamic IPs, so when they block one IP, the gold spammers just renew it, log on another trial account and go to town.

The only option would be to ban entire IP ranges, but then they'd risk catching innocent players in their net as well.

As for keeping away hackers, the best protection is knowing your computer and knowing the internet. Blizzard makes it sound like it's the customer's fault, because usually it is. People using old browsers without plugins, no anti-virus or anti-spyware, clicking links in sinister emails and not giving it a second thought.

It's just like warning signs. Dig a hole in the ground and put up a warning sign. After a couple of weeks, remove the sign and watch people tumble in like they were blind. They're called windowlickers and they only exist because our civilization has reached a point where natural selection no longer applies. Where morons thrive, and when they feel threatened, they blame the rest of us for not holding their hands.

Edited, Aug 17th 2010 1:15am by Mazra
____________________________
Please "talk up" if your comprehension white-shifts. I will use simple-happy language-words to help you understand.
More Proactive on the Blizz Side
# Aug 14 2010 at 1:18 PM Rating: Good
44 posts
I've said this all along. No one has ever been give a sound reason why Blizzard doesn't have better security on their end, especially relating to IP addresses. Every login is tied to an IP address. Spammers and hackers are reported daily by thousands of players. Blizzard supposedly investigates hacked accounts. So why can't Blizzard do more in the way of a second tier of protection, as suggested, when a login is NOT from a familiar IP? Additionally, why aren't IP addresses that can be easily tied to gold sellers and hackers banned and/or blocked?
Excellent Suggestion!!!!
# Aug 12 2010 at 9:56 PM Rating: Good
That is an extremely excellent and insightful suggestion for Blizzard!! They have to be able to track the IP, no excuses. These "tips" to not have the same logins/passwords are "blah blah blah" junk. Most of the people I know... including myself... mix it up (letters numbers etc), and never have the same for all accounts and/or games, never use gold or leveling services or fall for "free stuff" scams... but still get hijacked.

Even though Blizz puts us back to rights fairly quickly (including myself and severl of my guild mates)... my money is placed on the bet that it is an inside (aka... company system hack)that swipes mass account details if it is outside of the normal IP boundries is completely reasonable. Tracking the logging IP and asking for security answers seems to be a much more logical approach that attempting to make those "hijacked" feel like they "must have done something wrong" if it happened to us.

More Proactive on the Blizz Side
# Aug 12 2010 at 8:45 AM Rating: Good
Yes, all good and very sound advice I would give anyone to follow up on.
What I really believe Blizzard should do on their own to relive their own issues of restoring accounts is as follows:

User signs on to their account AND their IP address is NOT from their regional block... ask for a secondary password key (like their pets name etc.). Why? Very simply that the accounts being hacked are NOT usually from the US, but from the gold hackers in China, Korea, etc., well outside your personal IP region. I'd say that would stop 80% of the hacked accounts. which in turn would save Blizzard a lot of time and effort and bad public relations trying to restore accounts.
Post Comment

Free account required to post

You must log in or create an account to post messages.