Recently we had one of our members' accounts get compromised, so
lets talk about how that could have happened and what we can do to
prevent it. If you have your game hints turned on, you'll see one that mentions that WoW or Blizzard employees will never ask you for your password. Aside from logging into the game or logging into the account web site on www.worldofwarcraft.com, you will never have to type your password in anywhere else. If another web page, a player in game, an email, or any kind of popup asks you for your password, don't enter it. Blizzard offers a low cost Authenticator to
secure your account, this is a physical "token" device that generates a
one time password to supplement your account password. It is designed
as a keychain device, so easy to carry if needed and will greatly
enhance the security of your WoW accounts. With this, your account
info is safe from someone else trying to use it. More info can be
found at http://us.blizzard.com/support/article.xml?articleId=24660.
It costs $6.50 ($7.04 with tax here in Dallas) and includes free ground
shipping. It can be used with more than 1 account, so a great buy.
Wife/Husband teams can just get one, as long as you play in the same
household. Many people think that addons can steal your password. Blizzard specifically wrote their addon application interface with security in mind, addons aren't loaded until after you enter your password. There is no way an addon can steal your password. What you have to be careful with is where you get your addons and what form they are in. If the addon advertises that it has a self installer, be very wary, executing (double clicking and running) any form of an application that you download is suspect. Most addons come in the form of a zip file, and should be safe. Addons are just text files, typically in the xml format and are just instructions sent to the WoW executable. Be wary of any addon managers. Two popular ones are the Curse.com client and wowmatrix.com application. It would be very easy for either of these to capture your username and password. The curse client has a large community and if they were stupid enough to do something like this, it would be known by everyone very quickly, so in my opinion, it's safe to use. I have personally used wowmatrix.com and the curse client and advocate either. Both are good applications that will keep your addons up to date, and makes it extremely easy to add new ones. Curse seems to be favored one with addon developers, it has a bigger selection and I'm now using it. The
account compromise was probably accomplished through a program called
Hotkeynet, this has not been proven, but it's the best guess we have
for what caused the attack. Browsing any website these
days can potentially cause problems, install software or trojans. Care
needs to be taken when going to websites and what you download. A
virus or trojan can easily install a key-logger on your computer to
capture your keystrokes. This wouldn't be limited to just your WoW
account info, they could steal your bank passwords too. Be careful
where you go, stick to mainstream sites and stay away from sites that
promote any type of WoW hacks, cheats, easy gold, or gold for sale. Speaking of WoW hacks, don't use any type of application that will play the game for you. Other than the fact that you are playing this game to have fun, why have your computer get all of the entertainment. This is against Blizzard's rules and your account can be banned for running these types of applications. Some people think its tempting to level up easily when you are away, but trust me, it's not worth loosing all of your toons this way. In summary, here are some Dos and Don'ts:
|
Are You Security Minded |