World of Warcraft gets hardware account authenticator

Posted by John Brownlee, June 27, 2008 4:19 AM |
431906956_e8d61744c6.jpgIt isn't uncommon for even relatively security-aware World of Warcraft players to log-on one day to find themselves naked paupers, stripped bare by canny Korean thieves. The overtaxed GMs are powerless to return your goods... the best they can do is take a report. And what then? For an effeminate elf dressed only in his underpants and whose only marketable skill is simulating Michael Jackson's signature dance moves. the world of Azeroth, as in the real world, is a gruesome and perverse place. Ask Joel.

The problem's certainly pretty bad, thanks to a combination of WoW's popularity, its players collective moronism and the sheer determination of hackers to steal items from an account and sell them for real world money. It's so bad, in fact, that Blizzard is taking a novel step to protect people's accounts: taking a cue from various office security IDs, Blizzard will debut the Blizzard Authenticator at the Worldwide Invitational... a small, electronic device that will generate a random six-digit code which must be entered along with your password every time you log-on.

The Blizzard Authenticator will only cost $6.95 when it's released. It's a smashing idea, but as it's optional, this will only help afford the users least likely already to have their accounts stolen with an extra level of protection, while the usual gaggle of rampaging doofuses will continue to log-on and find themselves laying in a snowbank in Winterspring with two stitched scars over vacant, oozing kidney cavities. Maybe Blizzard will make this mandatory and box it with the Lich King expansion.

Blizzard Authenticator to be Introduced [WoW Insider]

posted in: Games
Favorite this!
Digg!
Send this to a Friend
Older Yahoo! hikes domains to $34.95, sneaks notification into unrelated email
Newer Dot-matrix toaster

Discussion

Take a look at this
#1 posted by ZeroZephyr , June 27, 2008 5:29 AM

I was once unlucky enough to have my account "hacked" and all my things stolen. Logging into an account completely barren of gear is definitely a panicked feeling.

I have to say to Blizzard's credit that the GMs are not powerless in these situations. My case was reviewed and within a week I had my gear and gold restored.

That being said, I think it would be more in Blizzard's best interest to shore up it's account password policies before attempting to sell something like this. Passwords can't contain special characters (!@#$, etc) only alphanumeric characters, which of course makes dictionary attacks that much easier.

That being said, I'd probably shell out for this if only for the peace of mind.

Take a look at this
#2 posted by yasth , June 27, 2008 6:51 AM

#1 Alphanumeric should be fine to protect against attacks. Besides aren't most attacks on WoW accounts through compromised software, and phishing? Certainly that is the impression given.

Take a look at this
#3 posted by totorodoo , June 27, 2008 8:58 AM

I take offense to labeling the thieves as just Korean. And yes I am Korean American. If you labeled all offenders I would not have a problem. I.E. The Irish drug dealer or Saudi terrorist.

Yes, it sucks losing all your stuff. These are the same people spamming about Gold for sale.

Take a look at this
#4 posted by cnawan , June 27, 2008 6:32 PM

Last night I watched a few videos of last years Defcon 15 - one was a panel discussion that mentioned a phishing & virus combination that targeted WoW logins (1), another was on the ineffectiveness of online bank security (2) (conclusion: hardware tokens are good), and yet another on hacking & botting WoW (6/10 WoW players are bots? wtf?) (3).
So, yeah - it was interesting seeing them come together in this headline this morning. It makes sense that Blizzard would make this optional too, given that they can still get money from gold farmers, compulsory secure authentication would mean Blizzard would spend more money for more (presumably discounted) tokens, and the gold farmers would have to pay shipping for all their tokens when selling farming bots on ebay.

(1)T539 - Internet Wars 2007
(2)T164 - Greater Than 1
(3)T206 - Virtual World, Real Hacking
on http://www.roysac.com/blog/2007/09/all-defcon-15-sessions-and-panels.html

Take a look at this
#5 posted by Jerril , June 27, 2008 8:25 PM

Wow passwords take non alpha-numeric characters just fine. Period, pound sign at the very least are usable, and that suggests the usual set are available.

@ is not, but that's usual with databases.

Take a look at this
#6 posted by Mattz , June 28, 2008 4:29 PM

I'm currently awaiting the GMs to restore not only my gear, but in fact an entirely deleted character or three. Apparently my account was compromised by the Adobe Flash Player bug that appeared for a version. Thank God the thieving gits are stupid enough to log in on computers tainted with the software that Blizzards internal watcher program identified and suspended the account otherwise I could have seen the account entirely drained of everything I've ever worked for. I would be especially distressed to have all the indicators of my past adventures with friends to be erased.

Post a comment

Anonymous