Is it just us, or does it seem a little warm in here? The news was popping here at WoW.com at the tail end of the week, and the reactions in [1.Local] were explosive. In what turned out to be a freaky Friday indeed, WoW.com posted not one but three articles peering behind the scenes at account security concerns. Those of you who like to know how the movie ends before you even take your seat can cut right to the final scene -- but for those who prefer to savor the whole, winding saga over a bucketful of popcorn (with plenty of butter and salt), let's take it from the top.
|Blizzard giving serious consideration to mandatory authenticators
It all began on Friday with a post uncovering that Blizzard is giving serious consideration to requiring authenticators on all accounts: "According to our sources, while this policy has not been implemented yet and the details are not finalized, it is a virtually forgone conclusion that it will happen."
The comments floodgate opened. Many players didn't want to have to click one more button to log in; others were afraid they'd lose their authenticators. Players in Europe and other locations outside the United States, along with soldiers using APO addresses, reported desperately wanting to use an authenticator but finding that their locations were ineligible for shipping. Still other players were simply irascible.
devilsei: They want to make them mandatory? Fine. But they damn well better hand them out for free. Don't give me the iPhone/whatever bull either. I'm not interested in some hyped-up, useless piece of tech that will cost me 100+ to get a free authenticator program. I got hacked recently, and instead of completely restoring my items, they gave me back my gear, along with a good portion of my main's inventory. They gave me 2.5k gold, 70 badges of triumph and 14 frost badges as a way of saying "we're even." Nice, yeah, unless you take into account my bank alt had her entire bags emptied. ... Best part, though? My computer was abso-frackin-lutely clean of viruses and such. I double-, triple-, and quadruple-checked. ...
Call me crazy, but maybe Blizz fakes these hacks to try and make those who don't have authenticators get one. Hell, it was around Christmas. What better time to make someone completely paranoid about their account?
Agony: "Call me crazy, but maybe Blizz fakes these hacks to try and make those who don't have authenticators get one." ...you're joking, right? Right? No? Damn... lay off the meth.
Some guilds already require authenticators for all their members.
Radioted: Everyone in my guild is probably getting one soon, after our GM got hacked. Meanwhile, seems to me the best thing to do would be to include one in the Cataclysm box, if they feel they can wait that long. If not, they should deduct the credit you the cost in game time.
Allison Robert: My guild is considering the same policy. We've had two members hacked recently, and one of them was one of our two off-tanks with the highly specific +Block set needed for Heroic Anub-25 adds, which wound up being a a bit of a problem, as you might expect.
If you don't have an authenticator yet, what do you think about the prospect of having them become mandatory?
|Account restoration woes
Next up in the Friday account security trifecta was a story that took readers behind the scenes of Blizzard support. WoW.com learned that Blizzard managers have been instructing account administrators to urge hacking victims to accept "care packages" before bringing up account restoration options. (Jump ahead to our update on how the story was resolved -- or keep reading, and we'll keep the popcorn coming ...)
loug1016: That is ridiculous. While I can accept the gold (gladly!) what I want is my character with all of my stuff on it.
Mark: Then if you get hacked, decline the offer. They'll restore your stuff.
Netherscourge: Blizzard should give restored accounts a free authenticator and tell them that from now on, you will be responsible for your own account security and no further restorations will be provided.
Mark: It's a choice. Players can choose the package, or they can choose to wait in queue for a restoration. This isn't slowing down restorations -- if anything, it's speeding them up by getting people who feel like 2500g and some badges will get them back on their feet as well as a full restoration. You write about this like it's a scandal being perpetrated against the players.
Hyacin: I think you're missing an important part of this: "Instead, account administrators are being told to give people a "care package" and get them to accept the package in lieu of total account restoration." What that means in corporate terms is "get them to accept it by any means you can, including but not limited to hiding the fact that restoration is still an option if they flat out refuse this package." Similar to how when you call the cable or phone company to cancel, they have the "option" to offer you a term of free or discounted service, but this is an absolute last resort and if they think you are bluffing they won't even mention it, up to and past the point of you actually cancelling.
And the revelations continued ...
|Blizzard billing department flaws exploited
The final account security story to hit uncovered lax training in Blizzard's billing department that allows unscrupulous exploiters to game the system for gold and high-value game items. (Again, you may click ahead to the final resolution, or keep reading for more commentary.)
Chad: Wow, you guys are really taking the anti-fanboi stance today. Who pissed in your Grape-Nuts?
(cutaia): Haha ... When wow.com defends an action by Blizzard, someone always has something to say about that, too. You can't please all the people, all the time ... but you can sure as hell always piss off at least one of 'em. :)
Chad: You are correct, sir. Just seems like today they really have it out for Blizzard. I'm not a die-hard fanboi, so I don't really have an issue with it. Just WoW.com *usually* defends every one of Blizzard's decisions, right or wrong.
(cutaia): The only issue I see with that theory is that every time wow.com defends a Blizzard action, people come along to accuse them of being too chummy or butt-kissy with Ghostcrawler and friends. In those instances wow.com never fails to say, "Look ... We're obviously not biased. We report on negative things, too." Why then is it taken as Adam Holisky just having a bad day when they DO post about a Blizzard problem? ...
Adam Holisky: There's really nothing special about today. Today was just the day we decided to publish this material. It all fits together nicely, and makes a good series of post. We could have published it on Smarch 30th (damn that Smarch weather, for reals).
As far as everyone liking me ... Well, whatever I post is going to get 50% negative reaction and 50% positive reaction. Two years of writing here and I've learned that's one of the few truths.
Kylenne: You must not work in the corporate world if you think Blizzard management doesn't know this article exists and is not, as we speak, scrambling to have meetings on the subject. There will be a memo by the end of the day, mark my words. Especially considering how large a site wow.com is, and given that this is the third article in 24 hours about account security policy at Blizzard. ...
As it turns out, Kylenne had the right idea ...
|Blizzard reacts with policy changes
Like a quest with an unexpected cinematic waiting at the end, the day concluded with fresh developments and a resolution to the entire situation: "WoW.com has learned through sources close to the situation that after our series of posts describing some questionable internal policies at Blizzard concerning account administration and security, as well as the likely introduction of mandatory authenticators, a few of these policies have been changed this evening. First, the abilities of billing representatives to directly roll back characters to previous states has been more or less removed, preventing the onioning exploit we spoke about earlier. ... Second, the care package deal has been sweetened."
Briory: It is good to see that they responded so quickly. It really shows that they listen to the community -- and maybe not just the forums.
T: Holding Blizzard's feet to the fire through a series of critical blog posts that are, in some respects, embarrassing for the company is not the same as "listening to the customers." Blizzard should be given credit for their fast response, but how many of these changes would have occurred if you personally had complained, or if even you and a thousand other people had complained at the same time? And I'm not asking that rhetorically. We'll never know.
What we do know is that WoW.com laid out some very thorough posts that have probably been among the more informative things they've done in quite awhile. Credit is due to Adam Holisky and the staff of WoW.com, who have done a tremendous job.
Speaking of a tremendous job ...
We couldn't resist leaving you with this zinger of a random e-mail that left most of the WoW.com staff utterly speechless. We've been accused of a lot of things, but we weren't quite sure what to do with this particular missive.
Subject: enough with the Saronite!
Why do you just care about saronite huh? Its just armor. Didn't you guys play in the burning crusade? That place was full of fel influence. The stuff corrupted beasts and killed people. You fed fel glands to orcs to kill them and cought fel infected fish for making shark poison. Yet as soon as you got there herbalists began picking fel weed and mashing it into pots. I think all the noobs are just people brain damaged from fel weed abuse 60-70 in their potions. I mean any food ate in hellfire peninsula had to be some kind of radioactive.
Umm ... yeah. Radioactive. That's it.
Until next week!
Ha, caughtcha looking! Hey, don't scroll away -- come join the conversation on these and other posts around the WoW.com community. We'll see you around in [1.Local].