WoW Rookie: Account Security Basics

Updated Mon, Mar 17, 2008, 1:00 PM·6 min read

Recently we've had several posts about being hacked, guild banks assaulted, and Blizzard's typical response. The Customer Service Forum is filled with threads started by desperate World of Warcraft players seeking the return of their accounts and belongings as a gesture of goodwill. It is our responsibility to keep our accounts safe from hackers.

I speak from experience when I say that being hacked is just dreadful. Although it is usually possible to have your account returned, there is usually significant damage done in the process. In the past, even Blizzard employees have had their accounts compromised. This post is designed to help you do the best you can to protect your World of Warcraft investment.

The key used to create your account is essential in the event of a compromised account. Blizzard will ask for this along with a copy of your photo ID. You must use your legal name for your World of Warcraft account. Keep your authentication key with other important documents, or some other safe place. Though it may seem that you're done with your account key once you enter Azeroth, you never know when you may need it.

Password Protection

First and foremost you should protect your password. Blizzard's Terms of Use state that accounts can only be shared by a parent and a single child under the age of 18. That means you are in violation of the terms of use if you share your account information with friends, family, or guild members. Don't give your password to anyone, even Blizzard employees will never ask you for it. You should not use your username and password combination for any other websites.

The strength of your password is also important. Blizzard offers the following password suggestions:

Make sure your password does not contain words from ANY dictionary (forwards or backwards)
Use letters, numbers, AND symbols - Simply adding a string of numbers at the end of the password is typically not enough to guarantee security.
Make your password at least 8 characters long - The longer the password, the more tries it takes to guess the password. Keeping your password over 8 characters will increase the difficulty in guessing your password.
Avoid common number/letter replacements. (i.e. 1 and I, 3 and e)
Do not use any keyboard sequences (i.e. qwerty
Do not use your own account name - Using your own account name in your password, even if it is followed by other words or numbers, increases the chance that a hacker can guess your password.
Avoid repeating small sequences of characters (i.e. abcabc)

Social engineering is when hackers gather information about someone in order to help narrow down their potential passwords. For this reason you should also avoid using your name or names of people close to you as part of your password. Using any information about you that is easily obtainable, such as your birth date or nickname, is like inviting a socially-engineering hacker to access your account. Remember to change your password often.

Blizzard blames power leveling and gold sellers for many hacking attacks. Not only are these actions in violation of the Terms of Use, but essentially you're giving a potential hacker easy access to your account. Blizzard has found that many compromised accounts are those who have paid for power leveling services. By buying gold for the game, you are indirectly funding activities. Merely clicking on these sites may cause a keylogger infection. Just say no to taking the easy way out.

Keyloggers

That being said, most WoW account attacks come from a special breed of hackers known as keyloggers. Keyloggers traditionally use spyware to record the strokes of your keyboard and store them for their own personal use. The spyware is often installed on your computer by clicking on links or visiting URLs that often appear to be WoW-related. Eyonix reminded us on the public forums to be particularly wary of URLs ending in ".jpg.html" and ".scr." Those are often linked to keylogging programs.

Keylogging programs generally operate as java scripts. A good way to avoid getting keyloggers is to run a Mozilla based browser with the NoScript plugin. NoScript adds extra security by allowing the user to select which scripts will be run. You may chose to run scripts from only trusted sites, just don't get in the habit of always accepting a script. For this measure to be successful, all users on your computer must remain diligent and use a secure browser when surfing the internet.

The bad news is that many believe that the keyloggers we face in WoW are non-traditional. Rather than collecting keystrokes, they gather your information as it is submitted to Blizzard for authentication. At this time I can find no reliable source for this theory. I will be happy to update this post if someone can find a good source for this information.

Good Habits

Blizzard recommends

that you keep your operating system up to date. You should perform regular Windows updates (or Software updates for Mac users). It is also imperative to maintain up-to-date anti-malware software on your computer. Malware is a general term for any program that harms a computer or its data. I will leave it to the comments to post their preferences for programs. Just pick a good one and use it.

There are some other ways to protect your account from intrusion. If you can, avoid logging into your WoW account or the World of Warcraft official site from foreign computers. You don't know where they've been. Be smart about spoof emails and phishing attempts. If it doesn't come from worldofwarcraft.com it is probably not legit.

Addons are frequently used in the game and many are accepted by Blizzard. Be sure to use reputable ones. Blizzard suggests that you always use the default launcher to start the program.

Many believe that Macs are more secure than PCs. My understanding is that fewer malware programs are created for Max OS's than for Windows, which makes them somewhat less vulnerable to attacks. Whichever the case, Mac users do get attacked, and there is no excuse to be lax with security.

What to do if you suspect you've been keylogged:

Don't panic and try your password again
Use official means to retrieve your password
Assess the damage, make a list of what you've lost
Make a copy of your account key and picture ID
Contact Blizzard's account services department
Scrub your computer for malware
Wait for a response
If you receive a negative response, don't give up hope, and contact account services again
Rest assured that there's a special place in Hell for keyloggers. I like to believe it's an eternal bubblegum-rock concert featuring four Goblins and Ashlee Simpson.

Engadget
Prison Architect 2 is denied release until September 3
Double Eleven and publisher Paradox Interactive have delayed Prison Architect 2 by four moths to work on technical issues.
36m ago
Engadget
Ryan Gosling and Miller/Lord’s Project Hail Mary could be the sci-fi event of 2026
Amazon MGM just set a March 20, 2026 release date for Project Hail Mary, an adaptation of the Andy Weir novel. The film stars Ryan Gosling and is directed by Phil Lord and Christopher Miller.
1h ago
Engadget
Some of our favorite Anker power banks are up to 30 percent off, plus the rest of this week's best tech deals
Engadget's weekly deals roundup includes sales on Sonos, Apple, iRobot, Google Nest and more.
3h ago
Engadget
Automate your vacuuming and mopping with $400 off the Roomba Combo J9+
If you’re looking to automate more of your home cleaning setup, iRobot’s flagship Roomba Combo J9+ is on sale for $400 off. The vacuum-mop hybrid robot, which only arrived last fall, has a redesigned dock that automatically empties debris and refills the device’s mopping liquid.
6h ago
Engadget
Tesla is recalling Cybertrucks because their accelerator pedals could get stuck
Tesla has issued a recall for around 3,878 Cybertruck vehicles, a National Highway Traffic Safety Administration notice has revealed.
6h ago
Engadget
Engadget Podcast: PlayStation 5 Pro rumors and a look back at the Playdate
This week, Engadget Senior Editor Jessica Conditt joins Cherlynn and Devindra to chat about the PS5 Pro, as well as her piece on the PlayDate two years after its release.
7h ago
Engadget
The Morning After: The bill to ban TikTok is barreling ahead.
The biggest news stories this morning include US vs China in the form of TikTok vs WhatsApp, and did you know Taylor Swift has a new album out?
8h ago
Engadget
Fallout has already scored a green light for a second season
Amazon has renewed the hit show for a second season.
8h ago
Engadget
Baldur's Gate 3 developer confirms it won't make the sequel
The developer behind the popular, award-winning and slightly bawdy Baldur's Gate 3 may not be doing a sequel, but it does have other irons in the fire.
10h ago
Engadget
The best PS5 games for 2024: Top PlayStation titles to play right now
Here are the best games you can get for the PlayStation 5 right now, as chosen by Engadget editors.
7 months ago
Engadget
The 6 best Mint alternatives to replace the budgeting app that shut down
Intuit has shut down the popular budgeting app Mint. Engadget tested a bunch of popular alternatives. Here are our favorites.
4 months ago
Engadget
Apple says it was ordered to remove WhatsApp and Threads from China App Store
China's Cyberspace Administration ordered Apple to pull Threads and WhatsApp from its App Store in the country, the company said.
13h ago
Engadget
Surprise: Taylor Swift is joining Threads at the exact same time as her new album drop
Taylor's Threads account, and her first post, are going live around midnight.
15h ago
Engadget
The bill that could ban TikTok is barreling ahead
The bill that could lead to a ban of TikTok in the United States appears to be much closer to becoming law.
20h ago
Engadget
Netflix is done telling us how many people use Netflix
Although subscriber metrics are an important signal to Wall Street that show how quickly a company is growing, Netflix isn't the first company to do this.
21h ago
Engadget
Blizzard takes aim at Overwatch 2 console cheaters
Blizzard is targeting Overwatch 2 cheaters who use a keyboard and mouse on consoles to gain an advantage over controller users.
22h ago
Engadget
It took 20 years for Children of the Sun to become an overnight success
Though it feels like Children of the Sun popped into existence over the span of two months, it took Rother a lifetime to get here.
23h ago
Engadget
Quicken Simplifi subscriptions are half off through April 21
Quicken Simplifi subscriptions are half off through April 21. This brings the price down to $2 per month, which is billed annually at $24.
1d ago
Engadget
Meta gives the Quest 2 its second permanent price cut in four months
Meta has given the base Quest 2 a permanent price cut for the second time this year. A headset with 128GB of storage is now $199.
1d ago
Engadget
The HD Chromecast with Google TV is on sale for only $20
If you watch movies and TV on a 1080p screen, the Chromecast with Google TV (HD) provides a rock-solid streaming experience on the cheap. Today, Amazon has it for $10 off, letting you pick up the HDR10-capable streaming stick for only $20.
1d ago

WoW Rookie: Account Security Basics

Latest Stories

Prison Architect 2 is denied release until September 3

Ryan Gosling and Miller/Lord’s Project Hail Mary could be the sci-fi event of 2026

Some of our favorite Anker power banks are up to 30 percent off, plus the rest of this week's best tech deals

Automate your vacuuming and mopping with $400 off the Roomba Combo J9+

Tesla is recalling Cybertrucks because their accelerator pedals could get stuck

Engadget Podcast: PlayStation 5 Pro rumors and a look back at the Playdate

The Morning After: The bill to ban TikTok is barreling ahead.

Fallout has already scored a green light for a second season

Baldur's Gate 3 developer confirms it won't make the sequel

The best PS5 games for 2024: Top PlayStation titles to play right now

The 6 best Mint alternatives to replace the budgeting app that shut down

Apple says it was ordered to remove WhatsApp and Threads from China App Store

Surprise: Taylor Swift is joining Threads at the exact same time as her new album drop

The bill that could ban TikTok is barreling ahead

Netflix is done telling us how many people use Netflix

Blizzard takes aim at Overwatch 2 console cheaters

It took 20 years for Children of the Sun to become an overnight success

Quicken Simplifi subscriptions are half off through April 21

Meta gives the Quest 2 its second permanent price cut in four months

The HD Chromecast with Google TV is on sale for only $20

About

Sections

Contribute

Buying Guides