Today's Lawbringer deviates into account security, which I personally believe is vital to discuss. This week, I figured it would behoove us to revisit account security and why the grey market is such a nightmare for Blizzard. We'll talk about a few ways you can keep yourself safe, especially with hacking predictably on the rise. Account security begins with the player's habits, and the more you are informed, the easier it is to knock out one more account from the clutches of thieves.
Account security issues
Blizzard has its hands full dealing with security issues that crop up in and around World of Warcraft. Just as the aims and goals of computer hacking have changed in the past 20 years, so too have the reasons for hacking online game accounts. With so many hackers in many different nations attempting to steal account information, it is a daunting task to find and stop the attacks. Defense against these malicious attacks, therefore, is the only option.
A lot of people write in to me to ask about account security and hacking, but there is an interesting twist to the question. People want to know the "why" of it all, rather than the "how." Hackers like account information because it is an easy source of gold, items, and sellable items. The old days of hacking for hacking's sake and stealing for the sake of stealing are gone, and a new, profitable motive for account theft is in place. And it's been like this for years.
I enjoy talking about account security because every time my remarks hit new ears, I have potentially saved someone a great deal of heartache and trouble. So that's the aim of all this jazz -- let's save you some time, save Blizzard some phone calls, and make everyone feel a little safer.
It isn't personal, really. Getting hacked can feel like an incredibly personal and invasive thing -- kind of like your house getting robbed. Behind the password is your stuff, your things, and your characters.
So ... why you? You might not have done anything terribly wrong, to be honest. Just visiting a website with executables or Flash content that can run programs through your browser can make you vulnerable. You might have been downloaded an executable file that an addon updater ran without knowing it was malicious. You might have picked up a keylogger from somewhere you visited that was compromised.
Whatever the avenue, you got bitten. The best defense, sadly, is to not get bitten in the first place. Other than that, getting those bugs off of your system and out of your life is a pain in the butt.
How to secure yourself
The best defense, in the case of all these malicious attacks, isn't a good offense. Really, the best way to protect yourself is through knowledge and behavioral changes to the way you experience online content. First, you figure out the way hackers can get your information. Second, you do your best to keep away from those potentially dangerous behaviors. Third, you use the Blizzard-approved and provided account security measures.
We've already discussed some of the ways hackers can make off with your personal information -- malicious Flash content, addons with executables from an unknown source, and spyware keyloggers. The problem arises when you consider most of these issues are sometimes beyond your control. That's where behavior comes in.
Your behavior matters
Two behaviors you can change right now that will reduce your amount of exposure to hackers and thieves are very basic. I have a lot to say about auto updaters, but we'll leave that for a lengthier discussion. For now, I recommend installing and updating addons by hand.
Put down the pitchforks -- I know that most of the time auto-updaters work perfectly fine and are innocuous. However, they have been compromised before and occasionally still have files that sneak into their distributions. Usually, these files are removed after one or two complaints, but these types of auto-update exploits do exist.
Installing addons manually is more time-consuming but has fewer potential risks. You won't be running any programs to update your addons, so no executables will be going off without you knowing. Plus, you can run them through a virus scanner. I wrote about installing addons manually in Addons 101
Second, don't surf to gold selling or gold farming websites. These sites are notoriously full of potentially harmful Flash content and popups that are there to steal your account information, potentially for the very company that you are looking at. That gold you're looking to buy could have been stolen from someone who just didn't have the knowledge that you do.
In fact, don't buy gold
. That's a pretty safe way not to get hacked by going to gold sites and giving people your information.
Let's all be responsible
As a community, we can do a lot to help World of Warcraft
deal with the hacking problem. It's not all on our shoulders, though. Blizzard's involvement and responsibility is to assist you with information and means to protect your accounts. It is absolutely recommended to get some type of authenticator
-- either the key fob from the online store
or the authenticator program for the iPhone
Blizzard also recently announced an authenticator by phone
service, allowing for a different type of account security for those inconvenienced by authenticators. It's not as secure, but it's something, and something is a whole lot better than nothing.
If you're a new WoW
player coming in with Cataclysm
or an old-timer continuing your epic journey, account security is still a big deal. Don't be scared or feel like protecting your account is a daunting experience; taking a few precautions will allow you to play fearlessly and save you a lot of time on the phone with great customer service people who have heard the same stories far too many times. You're playing an insanely popular MMO -- sadly, this is one of the things we have to deal with.
Read all about Blizzard's account security options here
This column is for entertainment only; if you need legal advice, contact a lawyer. For comments or general questions about law or for The Lawbringer, contact Mat at firstname.lastname@example.org.