Tech Support > General Tech Support

Protecting Your WoW Account From Hacks

(1/2) > >>

In light of the recent uprising in account hacks we've seen in the guild, I would like to put together a bit of information that will help you from being hacked and save you the hassle of going through the restore process.

Internet Forum Accounts

We all use this forum, and some of us use forums elsewhere. One of the main problems with the new account system is it uses your email address for a user name. This makes it A LOT easier for would be crackers to get into your account as it removed the guessing game of what you used for a user name. The main problem now is bots are gathering the information from public forums that relate to WoW, places like Tankspot, MMO-Champion, WoWhead, even this forum. Anywhere you would use your email address in relation to WoW can be a potential leak point to those bots.

To protect yourself, there's 2 things you should do.

1) Keep your emails for forum use separate from the email you use for your account. Theres tons of free email services out there and GMail is now open to the public making it so you need not have an invite to use it, make use of them. Create yourself a separate internet discussion/forum registration/WoW Friend contact address. Something like this as simplistic and basic as it is will do wonders for making it extremely hard for a cracker to break into your WoW account. Guessing passwords is easy, guessing email addresses/user names is the hard part.

2) Keep your passwords different. Dont use the same password to log into WoW that you use to log into this forum, other forums, other places you use your email account, etc. I know its easier to keep all passwords the same, it cuts down on confusion, but for a WoW account which most of us use daily, remembering a different password in addition to our "usual" password(s) shouldnt be too hard to do. This also will cut down on the likelihood someone breaks into your account. If someone breaks into your email account on Yahoo, GMail, etc by guessing your password there and you use the same email and password for goodbye to your stuff for a few days.

Use an Anti-virus

Theres a ton of Anti-virus programs out there both paid for and free. The paid for ones arent always the best even though most would have you believe that. Theres a lot of freebies out there that do a fantastic job. Keep an active anti-virus program on your machine and keep it up to date to be effective. I suggest something thats effective but not intrusive like Norton or Macafee. Mac users dont really need to worry too much about this, though there are some Mac viruses out there and there are AV programs for Mac as well.

* ClamWin
* BitDefender
* Panda Security
Browser Security

Use a secure browser or make sure that the browser you use to visit websites is clean and secure. Browsers like Firefox, Google Chrome and Apple Safari for windows do a good job of keeping the malicious websites at bay and preventing unwanted software from being installed. Internet Exploiter....ahem....Internet Explorer on the other hand isnt so good with doing that. Its improved some over the last year, but it still has a lot of holes because of how it integrates so tightly with Windows. Running the latest version of IE with any security updates is suggested if thats the browser you like to use. If you arent attached to it, I would strongly suggest switching to one of the others I mentioned above and linked for you.

* Firefox
* Google Chrome
* Apple Safari
Patching & Updating Your Software

Keep your operating system up to date! Thats the key here, there are sooo many new holes and vulnerabilities being found on an almost daily rate and you can believe that these crackers out to break into your WoW account will know about them and try to use it to their advantage. The likelihood that someone is going to break into your machine directly over the internet is very very small, BUT....not having your OS patched to current means that you could potentially fall prey to a malicious virus, web exploit, etc making it more likely that they can eventually leech your information. Make it a habit to update at least once a week. It only takes a few minutes, and if you leave your machine on all day and night as I do, you can set it to download and install any updates on its own.

Not only does this update suggestion apply to your OS, but to any software you use regularly as well. Anti-virus programs, email clients like Thunderbird or Outlook, your web browser, etc. Keep it up to date, check to see if theres any major patches or even minor ones. You never can be too careful.

Malware Scanning

Scan your machine for Malware and Adware regularly, especially if you download things a lot. There are a lot of free programs available out there that will scan your PC for security risks and clean them, some are free to scan and charge to remove, some are free all around. One I suggest strongly for Windows users is Malwarebytes' Anti-Malware. Its free to use and will remove things for free. The paid aspect of it is a monitor system like an anti-virus that runs in the background scanning everything you download for potential risks. Thats an optional feature, but handy for some.

There are a few other utilities that will fix things like Browser Hijacking (IE issue), etc if you choose as well.

* Malwarebytes' Anti-Malware
* Trend Hijackthis
* CWShredder
Change Your Password and Password Security

You should make it a habit to change your WoW password, and really all of your passwords at the very LEAST once a month. Yes, yes, for some remembering a new password is a pain for some, and having to relearn it once a month is prob not any better. Some of you might be thinking "By the time I learn it again its time to change it, wth!". I know, I've heard it all, but the simple fact is that keeping your password changed regularly minimizes the risk that someone will learn it.

In addition to changing it, making it something not easily guessed is also important. The length, what it contains, all of that affects how easily someone can break it. Try not to use whole words, mix in some special characters, numbers and case sensitivity in there. The more complicated the password, the harder it will be for someone to guess at or break using a program. I try to suggest using made up words, things that arent in a dictionary somewhere. The reason for this is that most password breaking programs use a dictionary file, so real words, even foreign language words will eventually be guessed. Also, the shorter the word, the more quickly it will fail because most of those programs operate on a shortest word first plan working its way up to longer words. Even mixing 2 words together can be a good idea. You want your passwords to be a minimum of 8 characters in length. The longer the better, but 8 should be the minimum.

Blizzard Authenticator

I always hated these things because they go wrong a lot, but I have to admit that the technology has come a good way from what it was and the failure rate is really low if not almost completely removed now a days. The Blizz authenticator is used in addition to your username and password. What this means is even if someone gets those 2 things for your account, without the numbers on the authenticator, they arent getting into your WoW account. Im talking specifically about the keychain Authenticator. They are handy, and for folks who dont have or dont want an iPhone, its a nice solution for security. They are cheap, and easy to use ($7) and the added security it provides is HUGE. The one problem with it however is if you lose it, you arent getting into your account either  :(. Still, I would look at possibly using it if you are worried about being hacked.

* Blizz Authenticator (US)
* Blizz Authenticator (Canada, Australia, New Zealand and Latin America)
There is also the Mobile Authenticator for some cell phones which works on the same principle. It generates a random number to use in addition to your username and password which you need to log on. Right now its mainly for the iPhone and iPod Touch, but there are some apps for other phones as well. You can see if there is one for you here:

Thats basically it for now. If I come up with any more suggestions I'll post em. Hope this helps and I hope to see the number of hacked accounts drop =)

bumping this since we had another hack recently =(

Those authenticators are pretty cheap compared to the security they provide. Even if someone gets your username and password, without the number on that authenticator, they cant do anything.

- bump -

Yes, yes I just bumped a sticky!  :laugh:

Just an FYI, there is an email scam going around that looks really legit.

I attached a PDF with the example as I got one this evening. The link to log in is actually not what is displayed, its

If you follow the link, it looks somewhat like a legitimate Blizz site also:

 [ Invalid Attachment ]

Just be cautious if you get something like this. Visit the legitimate account management site manually and dont follow links within the email to check if its real or not.

fiere redfern:
One thing to keep in mind too is that the legitimate login site is not, it is actually since blizz merged all WoW accounts with their servers. So unless you see that in the heading, don't trust the link.


[0] Message Index

[#] Next page

Go to full version