Light Brigade  

Go Back   Light Brigade > General Assembly > Light Brigade Inn
Connect with Facebook

Light Brigade Inn General Public Discussions

Reply
 
Thread Tools Display Modes
  #1  
Old 01-02-2008, 03:41 AM
Teneral's Avatar
Teneral Teneral is offline
Administrator
 
Join Date: Nov 2006
Location: Austin, TX
Posts: 1,668
Default Account Security and You!

Some of you are aware of this, but many may not be: I actually used to work for Blizzard. In particular, I spent the majority of my time working on fixing damage caused by account compromises (i.e. "hacked" accounts). As such, I learned a lot about how those compromises occur and ways you can help prevent them.


Blizzard released an entire website section devoted to account security with info on how to keep secure, types of theft, why/how they occur, what to do if you're compromised, etc.

Link: Battle.net Account Security


1. Get a Blizzard Authenticator
The Blizzard Authenticator is a security device you attach to your WoW account. When you then try to log into your account, you're asked for a random 6-digit code in addition to your regular username/password. You use the device to give you the code to enter. More information's available on the FAQ. You can also see a nice blog entry I found on the entire process of setting up an authenticator on your account.

You can buy the physical keychain authenticator via the Blizzard Store, which is quite inexpensive. Folks with an iPhone/iTouch or Android device can download the Mobile Authenticator for free. TONS of other phones also have them available for $0.99.

I cannot stress this enough, guildies: Using an authenticator is bar none the single best thing you can do to keep your account secure.


2. Use a Unique Password
While you should change your account password occasionally, it's most important to make sure you aren't using the same account name/password for anything else; it should be a unique password for WoW itself. After all, if the worst does happen and your WoW account gets compromised, you don't want that person to also have access to your bank accounts and such.


3. Keep your computer secure
This means having up-to-date anti-virus and spyware software installed. Not only does it need to be installed, but it needs to be run regularly. Most good security packages will allow you to set the programs to be run as scheduled tasks. DO THAT! Set them to run at a minimum of once a week. Oh, and be sure you set them to always check for new versions/definitions so your software stays current, too.

Quality Free Security Software:
Firewall: Zonealarm
Anti-Virus: Avira Anti-Virus
Anti-Malware: Malwarebytes, Ad-Aware, Spybot Search & Destroy (you can run multiple; I have all three)


4. Don't Share Your Account Access Information
Just don't. Don't share it with a guildie. Don't share it with your best friend. Don't share it with your little brother. Yeah, they may be totally trustworthy, but do you know everyone else who has access to their computer? Do you know where they may have written that access info down? Do you 100% trust that every computer they use to access your account is secure? No, I didn't think so.


5. Don't Access Your Account From Unsecured Computers
That campus computer lab? Your local internet cafe? The neighbor's unsecured WiFi connection you're pirating? Yeah, all possible ways to get your account access info stolen. "Communal" type computers are certainly the most likely to have keyloggers/trojans/whatever on them, but any computer where you haven't scanned and set up the security yourself is a possible compromise point.


6. Don't Run Mods/Addons From Executables
Generally speaking, there's nothing wrong with and nothing to worry about regarding running "mods/addons" with your WoW. The problem is installing those mods from an executable. When you do so, you never know if it's also installing a keylogger/trojan/etc. A while back, Wowace.com (a well-respected addon site) had a couple of their executable-based addons get versions with keyloggers embedded within them uploaded to their site, which were subsequently downloaded by many users. So, it can happen even with big, well-known sites.


7. Don't Visit Shady Gold-Seller Sites
Those sites will almost 100% try and install keyloggers or spyware on your computer when you visit them. Especially don't visit using Internet Explorer. And, seriously, gold is so easy to get now with daily quests and such that you shouldn't even need to buy gold. You can easily make enough gold with a few dailies to cover a night of repair bills.

Speaking of gold-selling sites... where do you think the gold you buy comes from? Think it still comes from hunters out bot-killing mobs somewhere? 'Fraid not. These days, that gold comes from them compromising your accounts, stripping the characters and guilds of gold and mats, and then selling it back to you. So when you buy gold, you just support that.

Oh, and last but certainly not least, think of this: when you buy gold, you're giving your credit card information to an unknown, shady (almost-certainly) foreign company. Do you really think they'll only use your card information to charge you for the gold purchase?!


8. Don't Fall for Phishing Attempts
Receive an email from "Account Admin" saying you're trying to sell your account and you need to verify all the infomation (including password!!) or you'll be banned? Yeah, it's fake. Get a whisper from some shady-looking character in-game saying they're from Blizzard and you've been chosen to participate in a "trial" for a new mount? Don't go to that website and give the scammers all your info.

If you hear about something that seems a little fishy (or phishy...) or you've never heard of before, don't jump right in. Search for some info on it on Google or similar to see if anyone else is talking about it. Use common sense. Blizzard doesn't do things like "secret betas" or such where they whisper you in game; they post info on their website and you opt-in for a chance. If you get some offer that you're just not sure about and can't find info, ask me or ask Aquagoddess/Waric - we'll almost certainly be able to tell you if it's something legit.

Oh, and I know you read it on the loading screen tips, but it's worth repeating because it's true: A Blizzard employee will NEVER ask you for your password. I mean, why would they need to since they can access your account info without it?


9. Enable the WoW Launcher
On your WoW login screen, make sure that you have the "Show Launcher" checkbox checked. The Launcher program for WoW does some basic security checks when you start the game up, so it's a good idea to have it enabled.


10. Don't Use Internet Explorer
While Internet Explorer has certainly gotten much, much better than it used to be, it's still the most targeted browser out there for exploit attacks. Instead, I recommend that you use Firefox as your browser.

Once you have Firefox installed, I'd recommend also installing the following addons for it:

Adblock Plus - Stop ads from displaying while you browse. Ads on websites are actually a common way to try and infect your computer.
Flashblock - With this on, flash apps (including Flash ads) will not automatically load when you visit a page. If you want to use the Flash item, simply click on it and you can use it normally.
__________________
Teneral, tankadin
Chris Curtis dot Org

Last edited by Teneral; 02-18-2011 at 09:27 AM.
Reply With Quote
  #2  
Old 01-31-2010, 04:01 PM
sharlla sharlla is offline
Guild Friend
 
Join Date: Nov 2006
Posts: 71
Default

You forgot #11. Don't let your kids play your account on their computer. They are not as careful what sites they go to.

But rule 11 does not apply if you follow rule #1.

So my choice seems to be get rid of kids or get an authenticator.... It should be here by Wednesday.

So if you find Sharlla is late to raid in the future it is most likely her you hear yelling in the background of Tigragons vent for the kids to find her authenticator!!!
Reply With Quote
  #3  
Old 01-31-2010, 04:51 PM
Korelana Korelana is offline
Guild Member
 
Join Date: Sep 2008
Location: Escanaba, MI
Posts: 71
Default

I bolted mine to my desk so I didn't lose it. Maybe that's an option :D
__________________
The only thing worse than getting MC'd, is getting MC'd when your heroism cooldown is up.
Reply With Quote
  #4  
Old 02-01-2010, 07:09 AM
Paribus's Avatar
Paribus Paribus is offline
Guild Member
 
Join Date: Nov 2006
Posts: 359
Send a message via AIM to Paribus
Default

Quote:
Originally Posted by sharlla View Post
So my choice seems to be get rid of kids or get an authenticator.... It should be here by Wednesday.
What should be there on Wednesday? The big burly guy you hired to take your kids away?
__________________
Characters:

Chillbeard, Frost/Blood Deathknight
Paribus, Disc/Shadow Priest
Reply With Quote
  #5  
Old 02-18-2011, 09:30 AM
Teneral's Avatar
Teneral Teneral is offline
Administrator
 
Join Date: Nov 2006
Location: Austin, TX
Posts: 1,668
Default

*bump* More folks need to be aware of this. The recent official post on the subject was a good motivation to remind all you guildies. Even if you read this post way-back-when, please read through it again as it's had updates.
__________________
Teneral, tankadin
Chris Curtis dot Org
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump


All times are GMT -7. The time now is 12:22 AM.


Powered by vBulletin® Version 3.8.2
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.