WoW Account Security and your Perfect Toon
Posted on November 22nd, 2009 by Bigtaker under General Tips, News, TipsJust because we publish cutting edge articles about new content, doesn’t mean we can forget about the basics. There is something within World of Warcraft that is more important to you than even the Sword of a Thousand Truths. That thing is your User Name and Password and more recently your email address and password. All of your weapons, armor and loot and all of your gold mean nothing if someone can steal it from you. That is why your account security should be the most absolutely important thing to you. I would like to stop seeing “I’ve been hacked” forever and I am sure you would like to stay safe as well.
The basic principle of account security is this: the ne’er do well individuals want what is inside of your account and they don’t want to go through all the trouble of getting it. Often times their plans are extremely transparent and its up to you to stop them in their tracks. With a few various added practices you can prevent most every form of account security problems. You can’t prevent them all though and this guide can’t act as a complete shield for them all but you can make the chance so small you cant see it.
Account security comes in three phases. Your primary line of defense is your Email and Password. Second is your security question and making sure your Email account and your WoW account passwords are not the same really helps. Third is your CD key and any other information that can be used to verify its your account.
If you do get hacked though Blizzard’s top notch customer service is there to help out. They can restore your account and give you a new password. They can even restore any goods stolen. ( see more on this later). Although, its best never to let someone up to no good get that far in the first place.
A secure email/password combo starts with having a unique email address and password.
The following is from Microsoft and can greatly benefit your password security.
6 steps to build a strong password
The strongest passwords look like a random string of characters to attackers. But random strings of characters are hard to remember.
Make a random string of characters based on a sentence that is memorable to you but is difficult for others to guess.
- Think of a sentence that you will remember
Example: “My son Aiden is three years old.” - Turn your sentence into a password
Use the first letter of each word of your memorable sentence to create a string, in this case: “msaityo”. - Add complexity to your password or pass phrase
Mix uppercase and lowercase letters and numbers. Introduce intentional misspellings.
For example, in the sentence above, you might substitute the number 3 for the word “three”, so a password might be “MsAi3yo”. - Substitute some special characters
Use symbols that look like letters, combine words, or replace letters with numbers to make the password complex.
Using these strategies, you might end up with the password “M$8ni3y0.” - Test your new password with Password Checker
Microsoft Password Checker evaluates your password’s strength as you type. - Keep your password a secret
Treat your passwords with as much care as the information that they protect.
Blizzard to the rescue: Blizzard Authenticator.
The Battle.net Authenticator is (but shouldn’t be) an optional tool that offers Battle.net account users an additional layer of security to help prevent unauthorized account access. This includes World of Warcraft players who log in to the game using a Battle.net account. The Authenticator application itself is a small program that you install and access on your cell phone or mobile device. For the complete Q&A go to the Official Blizzard Q&A.
Speaking from personal experience here, having this little thing on my accounts (yes, plural) I can certainly vouch for the security. As a matter of fact it’s a pain in the glutius maximus (anatomical body part) to have to re-type the randomly changing numbers whenever you get disconnected from the server. But if it’s that big of a pain for you, think of how much of a pain it’s going to be for the “hacker”
The concept is really sound, most companies actually force their users to go through some similar hoops, RSA security cards etc. The Blizzard (Mobile) Authenticator uses much the same technology.
Blizzard Authenticator
The Mobile Authenticator can be downloaded Here for your iPhone or other hand held device follow the link for the list of supported units. and is free (I am certain it’s free for iPhone and iPod touch, not sure about other versions)
The Key-chain Authenticator can be purchased from these Official Blizzard web sites:
Certainly a worth while investment if you’re still willing to pay a monthly fee to play the game, paying a fraction of that montly fee one-time to protect all you’ve acomplished sounds like a no-brainer to me
Another problem these days are the people who go to websites spammed in trade chat. These include gold buying sites and “your a winner of a new mount from Blizzard.” Don’t fall for these things as you can be hacked very easily by doing so. So if you want to protect your toons, like your 10k DPS specialist or the Tank that can’t be killed follow simple common sense practices and enjoy your new found security.
Currently Blizzard does not use case sensitive passwords.
i’m sorry…i don’t get it
i’ve been on WoW since release…never been hacked and i have 2 accounts
if you’ve been hacked then to me… you were going after something you shouldn’t have…things that in reality would have been considered cheating in the eyes of blizzard
and don’t say…no no, not me
i know a couple ppl pesonally that have been hacked and sure enough they were trying to get addons/hacks that would make the game easier…as if it needs to be any easier
all it takes is some common sense…it all comes down to the same old addage
“if it’s too good to be true…then it usually is”
Ornament, You’re gravely mistaken my friend. A lot of people get hacked who never ever cheat at the game or visit porn sites. Myself being included. I don’t download crap. I use mozilla, no script addon, antivirus, spyware programs and the whole nine yards. The fact of the matter is the gold farming slant eyes are determined to make money by stealing accounts and farming them to resell. It’s the fastest easiest way for those f*kers to make money. So they work 24/7 hacking into accts as opposed to farming now days.
Luckily Blizz restored everything within 3 days. I bought an authenticator the next day.
OMG, is that an arena vendor that sells the sword? I didn’t know that, I must have!
K anyways though, I was stupid way back when I was a noob, and fell for one of those “official” emails for blizzard entertainment stating that I needed to log in and change my password. Needless to say I got hacked, but the GMs worked and restored my account and all my items, ever since then I use the Authenticator and I feel alot safer about my account. But I agree totaly, account security should be every players number 1 priority, and just go buy the authenticator, its worth it, believe me.
World of Weirdcraft.net your source or all things WOW
Creating good passwords is one of my weaknesses, thank you for the info. Going to try it. And yes the authenticator is a pain but like Bigtaker says it is a very good investment. After my account was hacked recently I purchased one and it does make you feel safer.
just to let you know, entering your password into the wow login screen, it doesn’t even have to be case sensitive. Now THAT is a lack of security. Im not sure if this is fixed in authenticator accounts, but there have been numerous forumn posts and i have seen it on 4 different accounts, case sensitivity doesn’t matter lol.
I thought for sure you were just some lying scrub trying to stir civil unrest. I was incredibly disappointed. My passcode utilized both capital, lowercase, numbers and symbols. I popped open the WoW client and ignored the case on all the letters, and lo! It didn’t care. At least it knows the difference between numbers and symbols =/
its funny cause you guys did this.. when I started my account back up around a month ago, I started receiving emails from “blizzard” telling me to reply with my account name and password or to visit a site. The first one I fell for, but realized my mistake and changed my password immediately. now, i usually get them once or twice a day. IMHO, i would just create a rule that sends these things straight to the trashcan, saves a lot of hassle
Personally, I can vouch for the importance of having an authenticator bound to your account.
My account info has been stolen 3 times in the last 2 years, and all 3 times it cost me thousands of gold in gear and loot. Bliz is pretty good about getting things sorted back out to a certain degree, but there are things that even they can’t restore if they’re suddenly gone from your account.
Best to not get hacked in the first place. Great article!
Many phones on AT&T can use the authenticator – not just iphones! reallly simple and you keep your phone everywhere you go – check it out.
I don’t think Verizon phones are currently supported for that which is too bad
run Malware and AVG and u will find key loggers also, got hacked 2 time (once for each account) till i ran these, now i run them once a month and change my passwords each time.
Actually, if the Blizzard authenticator works like any others I’ve seen, keyloggers will not be able to capture your password, because it changes to a random string of numbers every minute or so.
I use an RSA token for my VPN acocunt (same idea) and it works with a PIN number that I establish + the 6-digit code from the toekn. This means that I ahve a new password each time the number changes on the token.
So, unless the hacker is ready to login to your account as soon as you login (because he would need your current password), having a keylogger on your PC shouldn’t compromise your WoW account’s password. Now if you bank online, you may be in trouble
Glad to know Verizon phones aren’t supported. I was about to get get an authenticator. I will however create a new password using the hints from Bigtaker. Thanks for a cool way to remember a complicated password.
According to the Blizzard site linked above, the iPhone is not supported with the authenticator even though you said it was. What’s up?
I downloaded the Mobile authenticator from the iPhone itself via the App store. I guarantee you that I did not pay for it and that I’ve been using it for the last 3 months without a hitch.
well, the PHONE itself doesn’t generate the numbers, bu there is an app that does. Don’t get the phone and the apps FOR the phone confused. The Blizz mobile authenticator program works just fine on both iphone and ipod touch, so that’s what’s up. And yes, I’ve used it on both.
Microsoft want me to type all my passwords into their web site, eh? Pull the other one, it’s got Je’tse’s Bell on.
I was hacked once. I have my password saved in a text file. So all I have to do is CTRL +A then CTRL + C. If there’s a key logger then that’s all they get. Plus now I have the authenticator as well.
If you want to make a really solid Password, you can go to Here and download the Password Utilities app. It is really nice and can generate very random passwords. Note though, you should save that password in a .txt file or something because they can be hard to remember.
Another thing to keep in mind is that length is far more important than complexity when creating a password. Passwords should never be a simple dictionary word.. But a 14 character, non complex password is FAR more secure than an 8 character complex password. There are tons of articles on this stuff out there for those who are interested. SecurityFocus is a good place to start.
Steps one and two in the example provided by Microsoft are totally valid. Steps 3 and 4 are much less so. While adding complexity will never hurt, it can provide a false sense of security. A 4 character complex password can be cracked in seconds. 8 characters in minutes or at worst hours depending on computing power. 14 characters.. complex or not would take literally millions of years with the current computing power and basic cryptoanalytic techniques available to the typical cracker today.
Making your Email address more secure.
Most internet providers let you have multiple email addresses on the 1 account.
So make a Email address just for WoW. And just use it for your your Battlenet account, nothing else, then it is not out in general circulation for anyone to find.
Also one other good trick to use besides a sentence is your favorite song. For example my favorite a few years ago was Wake Me Up When September Ends.
That became wmu1se. Substitute numbers for words that sound alike or even use leetspeak.(As much as it pains me to suggest that)
Suggested to Lawbringer to write this article just a few days ago. Coincedence? Maybe. Anyway, I was hacked and it was a pain trying to get the stuff back. PAIN!! Blizz hooked me up even tho my hunters gun is gone
But my password is long as hell and got the autheticator. Its pretty cool. Now if I could just get win 7 to quit (not responding) when I try to log out….