Project Lore

I've been sitting on an Authenticator for months.  Despite receiving a free one as part of my BlizzCon 2009 goodie bag I didn't enable it until two weeks ago.  My delay was partly because I feel that I am an incredibly secure computer user.  I don't head out to fishy sites, I have all sorts of security measures, and, here's the big one, I am the only person that uses the computers that I play on.  Friends and relatives that are not as careful as us, using our otherwise secure computers is a huge culprit in the account security world.  It wasn't until my equally paranoid and security-minded officer was hacked that made me enable my Limited Edition BlizzCon Authenticator.

It only took two weeks for something to go wrong with it.

Okay, that's a bit of a white lie.  Something didn't actually go wrong with the Authenticator per se.  It simply locked me out of my own account.  You'll notice that when I mentioned who used my computer it was actually plural.  That's because I play on multiple machines, two in my house, one at work, and one at my parents house (basically, wherever I spend most of my time has a WoW installation ready for me).  This was the second reason I was resistant to applying my littleRSA token, I knew I'd forget it somewhere eventually.  That's exactly what happened yesterday.

/me thanks C'Thun that it wasn't a raid night.

My mental lapse got me thinking 'What information do I need if something actually happens to my Authenticator.'  Luckily, there's an app FAQ for that. 

Blizzard simply tells you to call in (1-800-592-5499) to verify certain information about your account to resolve all Authenticator issues.  If you can do so, then it's all honky dory.  But what if you can't because that information is outdated, such as college students who move all the time (six times in five years for me).  Keeping the phones numbers, addresses and apartment variables all in order can be a bit difficult alongside a busy class load.

Here's what we need to do to expedite any claim:

• Write down the Authenticator's Serial Number somewhere, this is "the most important thing." Unlike passwords, Blizzard will actually ask for this.   According to the rep, the iPhone's or iPod Touch's Serial Number will change when the item is updated.  She suggests that you remove the Mobile Authenticator from your Battle.net account before the update, and re-apply it after with the new Serial Number.
• Make note of your WoW CD keys.  I have a file on paper and on my computer (encrypted) with CD keys to my most beloved games.  That way I can image the disc and reinstall whenever I need to without digging through boxes or worrying about busted game discs.
• Be sure your Battle.net information is up to date.  This means your phone number, physical address, e-mail address and billing information.  A Customer Service rep may also ask for your World of Warcraft information, which may or may not mirror your Battle.net stuff.  Unfortunately, WoW account information can no longer be changed as far as I can tell.
• Oh, and don't forget the answer to your Secret Question.

It's really not all that much, but it's something we can easily forget to do during our busy lives.  Especially since when we think of World of Warcraft, we think of playing it, not any other "frivolous" activity. 

Think of the maintenance like wearing a helmet when riding a bike.  You may never need it in your life, but if you do, the time spent putting it on every time makes it more than worth the trouble.

Look Activision-Blizzard, you can even pull in some extra ad revenue while raising security!

If there is one thing worse than scammers in World of Warcraft, it is the hackers.  I was just recently informed that one of the rogues I have played with for years lost his account in this fashion.  Generally you have a good shot at some sort of recovery from this predicament, but not for him.  The failure to recover rest entirely on his shoulders.   His Secret Question was apparently too secret - he forgot the answer - and his serial number was lost during a move.  With the decision made for him, he said he is quitting WoW unless he can find a cheap way to get back in.  A new Battlechest with Wrath in it would likely do the trick. I have seen a lot of buddies get hacked, and sadly most of them were taken advantage of by people they thought were friends.  Those personal hackers have it made, the trusting users actually gives them full access to their account and all its contents.  Half the time looting wasn't their intent, but the temptation is just too great.  The more traditional hacker has it a bit hardier. Blizzard has been combating keylogging, viruses and other computer security based hacking attempts since their MMORPG went live.  First, it was just reminders to not share your account data with anyone, including people claiming to be employees of Blizzard.  Then it was the addition of the "Remember Account Name" check box at the login screen.  Blizzard's latest attempt, the hardware-based Blizzard Authenticator, has been marred by their inability to keep it in stock.  Not to mention the facts that it isn't a flawless system, is optional and costs a few bucks more. I can't remember which MMORPG it was, but they had another anti-hacking measure that should be very easy for Blizzard to implement.  An on-screen keyboard for the password.  Teamed with a saved account name, any keylogger would have a hard time cracking our passwords if we entered the entire (or the same section) of our passwords via an on-screen keyboard.   Even if they did have half of the password, they would simply move on to the next sucker who didn't use the keyboard and yoink all his gold, potions and enchanting goodies. It is sad that we gamers have to go to these measures to stay safe, but the fact of the matter is with people willing to pay for gold, accounts and leveling services, the black market becomes inevitable.  Unlike my buddy, keep your computer clean of spyware and viruses (AVG Free), stay off the shady sites, keep your information to yourself, and for the love of the gods, remember to save your serial digitally and make the Secret Question easy enough that you can remember the answer! Security be with you.

Click to read more ...

Reading through the comments, it seems like a few of you got what I like to call the perfect gift: cash. The possibilities are endless when you get a gift like cash. Of course you can use it on whatever you like, be it video games, movies, comics, or silly things like food and rent. The choice is really yours, but my suggestion to anyone who has put any significant amount of time into WoW should spend just a few dollars to keep that investment safe. Most of you have met someone who's account has been compromised. A few months back I was without internet and needed to get my WoW fix, so I logged in at a public WiFi hotspot. Turns out that was a pretty bad decision, since the next day I woke up with emails concerning a character transfer that I didn't initiate. After I called Blizzard to get my password reset and got most of my equipment restored (I had most of my gear back within an hour), the first thing I did was purchase a Blizzard Authenticator for the low low price of $6.50. A couple of days later, I got a small manila envelope with the device, then learned that there were authenticators included in the BlizzCon swag bags. Well, now I have an extra that I'll be giving to a friend who recently had his account compromised. I hate to sound like an advertisement, but this is just some advice from me to you. Besides, demand is so high that authenticators aren't even in stock right now. There are other ways to keep your account safe while Blizzard gets authenticators back in stock, like following Blizzard's Account Security tips, but many people I know who have lost control of their accounts have said that they follow all of those. Of course, I made a critical mistake with my own account, but using the Authenticator gives another level of security, and to me the peace of mind is worth the $6.50. Now if only we could get other online services like banks to use Two-Factor Authentication

Click to read more ...