#8 - July 11, 2009, 10:09 p.m.
Q u o t e:
1. What is Blizzard going to do in order to increase security.
We approach account security from multiple fronts, Minisav, ranging from educational resources to security fobs to server-side programs which work to detect specific threats.
A) Security Awareness
As knowledge is our greatest weapon against compromise, we have made available to our players a number of resources which work to educate on the topic of account security. These resources range from online support articles, to forum sticky posts, to realm MOTDs, to front page postings on our web site, and even in-game mails and emails.
Here's just a few examples: Q u o t e:
*IMPORTANT* - Account Security
http://us.blizzard.com/support/article.xml?articleId=20572
Why is Blizzard asking for my account information in an e-mail?
http://us.blizzard.com/support/article.xml?articleId=25133
Computer Security Recommendations
http://forums.worldofwarcraft.com/thread.html?topicId=1778038509&sid=1
Account Security Awareness
http://forums.worldofwarcraft.com/thread.html?topicId=16019572088&sid=1
Fake E-mails from "Blizzard Entertainment"
http://forums.worldofwarcraft.com/thread.html?topicId=965511383&sid=1
B) Blizzard Authenticators and Mobile Authenticators
These devices work by providing a secure keycode upon command that will be unique to your account(s) and your account(s) alone. The keycode will be necessary for each client and Account Management log in once an Authenticator is attached, making your account(s) nigh-impenetrable to standard compromise attacks.
Blizzard Authenticators are presently available $6.50 USD (plus shipping) and our Mobile Authentication application is free for iPhone and iTouch users.
More information may be found here: http://us.blizzard.com/support/article.xml?locale=en_US&articleId=24986
C) Prevention programs
Within the last couple of years or so, we've developed two new systems which work to detect differing forms of unauthorized access and specific security threats (like malware) on computers from which WoW accounts are played. These systems are not exhaustive; they will not detect or react to all possible threats, so they're not an excuse to bypass at-home security. They can, however, work to prevent very select forms of compromise.
With that all said, as unsettling—and, perhaps, as humbling—as it may be, accepting that compromises occur client-side is the first and most important step to bolstering an account's security.
Please know that this assertion is not the blanket assignment of blame. To say that those who are compromised are always to
blame for their account compromise is to insinuate, semantically, that each and every affected owner willfully contributed to the dissemination of the account's log in and password. Neither you nor I believe this is the case for all account compromises. Some, yes. All, no.
I am simply asking you to realize that an account owner's network of security may be imperfect. As the old adage goes, "There's more than one way to skin a cat," and, regrettably, this sentiment also holds true in the case of compromise.
One's security may be compromised through malware, for example, or through the unknowing provision of account-specific information (through a phishing email or website). One's email address may be gleaned or Security Answer & Question guessed. Our goal, as end users, is to admit that these threats exist, understand that we have underestimated how secure our systems are, and take the appropriate steps to stengthen our defenses.
Q u o t e:
2. Why are authenticators not in stock........ ever.
We frequently restock our supply of Blizzard Authenticators. Unfortunately, due to this item's popularity, our supply often sells out within a few days, sometimes sooner.
It's important to note here that the rate of restock is dependent on the rate of production. Blizzard Entertainment does not manufacture Blizzard Authenticators and so does not possess direct purview over the speed at which they are produced and made available to our company for resale. We do our best to ensure that demands are being met, though, and are consistently working to make our Authenticator system more widely accessible (read: Mobile Authenticators).
If you are looking to purchase a Blizzard Authenticator from our Online Store, I would recommend checking in the early morning. Many players have noted greater success during these hours, so it may prove beneficial to follow suit. Also, if you've an iPhone or an iTouch, be sure to check out our Mobile Authenticator application (
http://us.blizzard.com/support/article.xml?locale=en_US&articleId=26109).
Please know that using a Blizzard Authenticator or our Mobile Authenticator app does not negate the importance of end-user system security. It is simply an added layer of protection and should
complement (not replace) safe browsing habits and security practices.
Q u o t e:
3. How much has the hacking increased over the last two years?
The popularity of compromise has likely paced the popularity of World of Warcraft. Based upon my experiences as a representative of the Game Master department, the number of compromises we see tend to go up marginally as more players create or play on World of Warcraft accounts. I wouldn't say that I've seen a drastic increase in the percentage of accounts that are compromised, though.
Q u o t e:
4. Why does it take up to a week to restore a persons items?
The amount of time a full account restoration requires can vary. This variance is largely due to the number restoration requests we receive within any given time frame. The more requests we receive, the longer the average wait time is going to be.
I can assure you that these extended wait times and their impact on our players do not escape us. We've staff working around the clock, 7 days a week to address these restoration types and are even observing overtime in effort to increase our response time.
If you've any other questions, Minisav, please let me know. :)