#0 - Oct. 12, 2010, 10:47 p.m.
Password case-sensitivity - Blizzard does NOT use case-sensitive passwords. This is the biggest and most glaring failure to protect users I've ever seen. Every other game I've ever played, website visited, or online service used, has case-sensitive password protection! Blizzard's failure to maintain this world-wide standard results in 26 potential variables being dropped from the password pool.
Password character limits - Blizzard only uses A-Z and 0-9 for passwords. That leaves up to another 32 potential special characters such as ? / # \ | * ^ & and the like that we cannot use in our passwords. Sure, a handful of those may not be usable because of technical limitations of the servers, but the vast majority could be used.
Real ID - Great idea as a tool, horribly flawed insecure design. The fact that you have to give others the ACTUAL EMAIL ACCOUNT you use for not just World of Warcraft, but Battle.net is unconscionable! By doing this, you've just given someone HALF your authentication pair (username and password). Good going! Combine that with the aforementioned password complexity limitations, and you have the perfect recipe for someone to hack not only WoW, but SC2, and whatever else you own from Blizzard.
Allowing gold-farmers to perpetuate their spam without addressing them. -- Yes, this is a big charge to make against Blizzard, but I've been playing the game for about five years, and I've seen when they were serious about gold spammers, and I've seen when they're not. And right now they're doing diddly about actually FIXING the problem.
About 3 1/2 years ago there were LOTS of spam whispers and chat about a site called **#!@@@#@!#*@##!%. Blizzard finally took action against them, and to this day, you can't whisper or talk publicly and use the word "Removed" without it being filtered out. It just won't let you say it.
But today there are dozens of websites who openly spam their webpage addresses, and none have been added to the filters since Removed.
And there's one site, whose name I can't remember, who uses a FIXED FORMULA to generate character names. They do 3 random characters, then a woman's name, then the letters DES, and maybe a few randoms after that.
So you might get Silmarydesmal. The key here is Mary, and DES. These are your clue that this is a gold spammer. I've reported this in great detail to Blizzard hoping their crack staff of coders might design a name filter that would detect this combination, and alert the GMs that a gold spammer toon was (or at least likely was) just created.
Have they acted upon this? No. They're content to reap the $15/mo. from each of these accounts spammers create on an hourly basis in their drive to get our real world money, hack our computers, hack our accounts, and further disrupt the economy.
And what is Blizzard's response to this? To SELL us an RSA security fob! That's right, rather than ratchet up their security internally, they'd rather create another revenue stream in order to "protect us", all the while lining their pockets with more profit.
Here's my advice to users from a professional who has never been hacked in 5 years of play:
1) Get MULTIPLE anti-spyware programs, including one that actively monitors. I recommend Malwarebytes, Ad-Aware, and Spybot Search & Destroy.
2) DON'T SHARE YOUR ACCOUNT WITH ANYONE! No matter how much you think you can trust a friend, there's always the chance you'll anger them and they'll do something stupid.
3) ONLY use your own computer(s). Using a friend's computer leaves configuration information about your account and each of your characters names behind on their computer. Information that can be used to possibly backtrace your account.
4) DO NOT use common free email systems like Gmail, Yahoo, or Hotmail. You have an internet service provider, they will let you create/destroy email accounts on their service at your choosing. Create an account on your ISP's service that no one but you knows about, and use that as your login.
5) DO NOT use other email accounts to check the "private" email account you make to log into WoW, nor have it forwarded. If your main mail account is hacked, then they'll know the address of your login account because it will be on forwarded mail. Check each account individually.
6) Change passwords on a regular basis. Weekly, monthly, whatever suits you. Just change it regularly and often.
7) If you keep a written ledger of all your passwords, keep it written on PAPER in the real world. If its on your computer, its just as easily compromised as your computer is. Keep it on paper, and keep the paper where only you will find it or have access, like a locked desk drawer or jewelery box.
8) Stay vigilant! Keep your antivirus, anti-spyware, Windows (or Apple OSX), Flash, drivers, and other software up to date. This will help patch any security flaws those vendors find. And don't get lax about the first 7 security tips I mentioned above.
Your vigilance is your own security, and its more effective than even an Authenticator when done properly.
I should know, I have 5 years of secure play time to show for it.
