Protecting Your WoW Account From Hacks

Started by Shadowwolf, September 05, 2009, 04:51:16 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Shadowwolf

In light of the recent uprising in account hacks we've seen in the guild, I would like to put together a bit of information that will help you from being hacked and save you the hassle of going through the restore process.

Internet Forum Accounts

We all use this forum, and some of us use forums elsewhere. One of the main problems with the new Battle.net account system is it uses your email address for a user name. This makes it A LOT easier for would be crackers to get into your account as it removed the guessing game of what you used for a user name. The main problem now is bots are gathering the information from public forums that relate to WoW, places like Tankspot, MMO-Champion, WoWhead, even this forum. Anywhere you would use your email address in relation to WoW can be a potential leak point to those bots.

To protect yourself, there's 2 things you should do.

1) Keep your emails for forum use separate from the email you use for your battle.net account. Theres tons of free email services out there and GMail is now open to the public making it so you need not have an invite to use it, make use of them. Create yourself a separate internet discussion/forum registration/WoW Friend contact address. Something like this as simplistic and basic as it is will do wonders for making it extremely hard for a cracker to break into your WoW account. Guessing passwords is easy, guessing email addresses/user names is the hard part.

2) Keep your passwords different. Dont use the same password to log into WoW that you use to log into this forum, other forums, other places you use your email account, etc. I know its easier to keep all passwords the same, it cuts down on confusion, but for a WoW account which most of us use daily, remembering a different password in addition to our "usual" password(s) shouldnt be too hard to do. This also will cut down on the likelihood someone breaks into your account. If someone breaks into your email account on Yahoo, GMail, etc by guessing your password there and you use the same email and password for Battle.net...well...say goodbye to your stuff for a few days.

Use an Anti-virus

Theres a ton of Anti-virus programs out there both paid for and free. The paid for ones arent always the best even though most would have you believe that. Theres a lot of freebies out there that do a fantastic job. Keep an active anti-virus program on your machine and keep it up to date to be effective. I suggest something thats effective but not intrusive like Norton or Macafee. Mac users dont really need to worry too much about this, though there are some Mac viruses out there and there are AV programs for Mac as well.


Browser Security

Use a secure browser or make sure that the browser you use to visit websites is clean and secure. Browsers like Firefox, Google Chrome and Apple Safari for windows do a good job of keeping the malicious websites at bay and preventing unwanted software from being installed. Internet Exploiter....ahem....Internet Explorer on the other hand isnt so good with doing that. Its improved some over the last year, but it still has a lot of holes because of how it integrates so tightly with Windows. Running the latest version of IE with any security updates is suggested if thats the browser you like to use. If you arent attached to it, I would strongly suggest switching to one of the others I mentioned above and linked for you.


Patching & Updating Your Software

Keep your operating system up to date! Thats the key here, there are sooo many new holes and vulnerabilities being found on an almost daily rate and you can believe that these crackers out to break into your WoW account will know about them and try to use it to their advantage. The likelihood that someone is going to break into your machine directly over the internet is very very small, BUT....not having your OS patched to current means that you could potentially fall prey to a malicious virus, web exploit, etc making it more likely that they can eventually leech your information. Make it a habit to update at least once a week. It only takes a few minutes, and if you leave your machine on all day and night as I do, you can set it to download and install any updates on its own.

Not only does this update suggestion apply to your OS, but to any software you use regularly as well. Anti-virus programs, email clients like Thunderbird or Outlook, your web browser, etc. Keep it up to date, check to see if theres any major patches or even minor ones. You never can be too careful.

Malware Scanning

Scan your machine for Malware and Adware regularly, especially if you download things a lot. There are a lot of free programs available out there that will scan your PC for security risks and clean them, some are free to scan and charge to remove, some are free all around. One I suggest strongly for Windows users is Malwarebytes' Anti-Malware. Its free to use and will remove things for free. The paid aspect of it is a monitor system like an anti-virus that runs in the background scanning everything you download for potential risks. Thats an optional feature, but handy for some.

There are a few other utilities that will fix things like Browser Hijacking (IE issue), etc if you choose as well.


Change Your Password and Password Security

You should make it a habit to change your WoW password, and really all of your passwords at the very LEAST once a month. Yes, yes, for some remembering a new password is a pain for some, and having to relearn it once a month is prob not any better. Some of you might be thinking "By the time I learn it again its time to change it, wth!". I know, I've heard it all, but the simple fact is that keeping your password changed regularly minimizes the risk that someone will learn it.

In addition to changing it, making it something not easily guessed is also important. The length, what it contains, all of that affects how easily someone can break it. Try not to use whole words, mix in some special characters, numbers and case sensitivity in there. The more complicated the password, the harder it will be for someone to guess at or break using a program. I try to suggest using made up words, things that arent in a dictionary somewhere. The reason for this is that most password breaking programs use a dictionary file, so real words, even foreign language words will eventually be guessed. Also, the shorter the word, the more quickly it will fail because most of those programs operate on a shortest word first plan working its way up to longer words. Even mixing 2 words together can be a good idea. You want your passwords to be a minimum of 8 characters in length. The longer the better, but 8 should be the minimum.

Blizzard Authenticator

I always hated these things because they go wrong a lot, but I have to admit that the technology has come a good way from what it was and the failure rate is really low if not almost completely removed now a days. The Blizz authenticator is used in addition to your username and password. What this means is even if someone gets those 2 things for your account, without the numbers on the authenticator, they arent getting into your WoW account. Im talking specifically about the keychain Authenticator. They are handy, and for folks who dont have or dont want an iPhone, its a nice solution for security. They are cheap, and easy to use ($7) and the added security it provides is HUGE. The one problem with it however is if you lose it, you arent getting into your account either  :(. Still, I would look at possibly using it if you are worried about being hacked.


There is also the Mobile Authenticator for some cell phones which works on the same principle. It generates a random number to use in addition to your username and password which you need to log on. Right now its mainly for the iPhone and iPod Touch, but there are some apps for other phones as well. You can see if there is one for you here:

https://us.battle.net/account/support/mobile-auth-download.xml


Thats basically it for now. If I come up with any more suggestions I'll post em. Hope this helps and I hope to see the number of hacked accounts drop =)
Come to the darkside, we have cookies.
"A flute with no holes is not a flute, and a donut with no hole is a danish" - Chevy Chase as Ty Webb in Caddyshack
"Be who you are and say what you feel, because those who mind don't matter, and those who matter don't mind."- Dr. Suess


Shadowwolf

#1
bumping this since we had another hack recently =(

Those authenticators are pretty cheap compared to the security they provide. Even if someone gets your username and password, without the number on that authenticator, they cant do anything.
Come to the darkside, we have cookies.
"A flute with no holes is not a flute, and a donut with no hole is a danish" - Chevy Chase as Ty Webb in Caddyshack
"Be who you are and say what you feel, because those who mind don't matter, and those who matter don't mind."- Dr. Suess


Fleecy

- bump -

Yes, yes I just bumped a sticky!  :laugh:

Shadowwolf

Just an FYI, there is an email scam going around that looks really legit.

I attached a PDF with the example as I got one this evening. The link to log in is actually not what is displayed, its worldofwarcraeft.com/account/

If you follow the link, it looks somewhat like a legitimate Blizz site also:

[attach=2]

Just be cautious if you get something like this. Visit the legitimate account management site manually and dont follow links within the email to check if its real or not.
Come to the darkside, we have cookies.
"A flute with no holes is not a flute, and a donut with no hole is a danish" - Chevy Chase as Ty Webb in Caddyshack
"Be who you are and say what you feel, because those who mind don't matter, and those who matter don't mind."- Dr. Suess


fiere redfern

One thing to keep in mind too is that the legitimate login site is not worldofwarcraft.com/anything, it is actually us.battle.net since blizz merged all WoW accounts with their battle.net servers. So unless you see that in the heading, don't trust the link.

Shadowwolf

Please take steps to protect your wow account guys. We've run into another rush of recent account cracks lately and it sucks to have to open tickets for the guild vault items taken.

Register your account to an email address not used for anything but wow, buy an authenticator, change your password regularly, etc.
Come to the darkside, we have cookies.
"A flute with no holes is not a flute, and a donut with no hole is a danish" - Chevy Chase as Ty Webb in Caddyshack
"Be who you are and say what you feel, because those who mind don't matter, and those who matter don't mind."- Dr. Suess


dharq

Also, if you've shared your account with anyone, realize that you don't just have to ensure your own machine(s) stay clear of malware/loggers, but you also have to make sure every machine they might possibly use stays clean as well.

I'm not saying don't trust your friends because I think they would do something intentionally, but if one of them falls for some phishing scheme, visits a site that "looks" like the official site, unintentionally gets infected with some keylogger, and then later logs into your account in-game, it won't really matter what their intentions were.


Trismus

Spybot - Search and Destroy


http://www.safer-networking.org/en/index.html


I love this program. It is a collaborative effort to produce an anti-spyware program which is completely free, and works better than almost anything else I've used.
Most people think Marv is crazy. He just had the rotten luck of being born in the wrong century. He'd be right at home on some ancient battlefield swinging an axe into somebody's face.


gossamer

Hello this is to everyone who has a computer ok .... Virus scanners there are hundreds maybee thousands out there some are very bad and actually give you bugs and infections.  I graduated college in 2001 at that time virus removing tools of all sorts were around some free some charge, they were not that great just ok. The school suggested to use McAfee or Norton so I did until about 2005 then the word around was "meh those 2 are not worth what we pay for them.  At that time I started searching for a better one I found a few ok ones AVG and other free ones all I can say is they are ok just ok still got bugs using them though..... About 2008 I found a awesome virus scanner I'd like to share with you all its called NOD32 stands for "no open doors" it is simply the best scanner out has not missed a single in the wild virus in 10 years!! CNET gave it #1.  Every other virus scanner out has missed some.

The reason for me sharing this info is I was surfing the tubes last night and bam it pops up "Trojan found"....I hate bugs/viruses I'm sure you all do to.

Then again you won't get viruses if you don't go online much so some might not need this much security. 

Goss.   O0