It isn’t uncommon for even relatively security-aware World of Warcraft players to log-on one day to find themselves naked paupers, stripped bare by canny Korean thieves. The overtaxed GMs are powerless to return your goods… the best they can do is take a report. And what then? For an effeminate elf dressed only in his underpants and whose only marketable skill is simulating Michael Jackson’s signature dance moves. the world of Azeroth, as in the real world, is a gruesome and perverse place. Ask Joel.
The problem’s certainly pretty bad, thanks to a combination of WoW‘s popularity, its players collective moronism and the sheer determination of hackers to steal items from an account and sell them for real world money. It’s so bad, in fact, that Blizzard is taking a novel step to protect people’s accounts: taking a cue from various office security IDs, Blizzard will debut the Blizzard Authenticator at the Worldwide Invitational… a small, electronic device that will generate a random six-digit code which must be entered along with your password every time you log-on.
The Blizzard Authenticator will only cost $6.95 when it’s released. It’s a smashing idea, but as it’s optional, this will only help afford the users least likely already to have their accounts stolen with an extra level of protection, while the usual gaggle of rampaging doofuses will continue to log-on and find themselves laying in a snowbank in Winterspring with two stitched scars over vacant, oozing kidney cavities. Maybe Blizzard will make this mandatory and box it with the Lich King expansion.
Blizzard Authenticator to be Introduced [WoW Insider]
I was once unlucky enough to have my account “hacked” and all my things stolen. Logging into an account completely barren of gear is definitely a panicked feeling.
I have to say to Blizzard’s credit that the GMs are not powerless in these situations. My case was reviewed and within a week I had my gear and gold restored.
That being said, I think it would be more in Blizzard’s best interest to shore up it’s account password policies before attempting to sell something like this. Passwords can’t contain special characters (!@#$, etc) only alphanumeric characters, which of course makes dictionary attacks that much easier.
That being said, I’d probably shell out for this if only for the peace of mind.
#1 Alphanumeric should be fine to protect against attacks. Besides aren’t most attacks on WoW accounts through compromised software, and phishing? Certainly that is the impression given.
I take offense to labeling the thieves as just Korean. And yes I am Korean American. If you labeled all offenders I would not have a problem. I.E. The Irish drug dealer or Saudi terrorist.
Yes, it sucks losing all your stuff. These are the same people spamming about Gold for sale.
Last night I watched a few videos of last years Defcon 15 – one was a panel discussion that mentioned a phishing & virus combination that targeted WoW logins (1), another was on the ineffectiveness of online bank security (2) (conclusion: hardware tokens are good), and yet another on hacking & botting WoW (6/10 WoW players are bots? wtf?) (3).
So, yeah – it was interesting seeing them come together in this headline this morning. It makes sense that Blizzard would make this optional too, given that they can still get money from gold farmers, compulsory secure authentication would mean Blizzard would spend more money for more (presumably discounted) tokens, and the gold farmers would have to pay shipping for all their tokens when selling farming bots on ebay.
(1)T539 – Internet Wars 2007
(2)T164 – Greater Than 1
(3)T206 – Virtual World, Real Hacking
on http://www.roysac.com/blog/2007/09/all-defcon-15-sessions-and-panels.html
Wow passwords take non alpha-numeric characters just fine. Period, pound sign at the very least are usable, and that suggests the usual set are available.
@ is not, but that’s usual with databases.
I’m currently awaiting the GMs to restore not only my gear, but in fact an entirely deleted character or three. Apparently my account was compromised by the Adobe Flash Player bug that appeared for a version. Thank God the thieving gits are stupid enough to log in on computers tainted with the software that Blizzards internal watcher program identified and suspended the account otherwise I could have seen the account entirely drained of everything I’ve ever worked for. I would be especially distressed to have all the indicators of my past adventures with friends to be erased.