If you raid with a guild, you should have an authenticator.

Authenticators are a device that I have talked about before. They are awesome little things that protect your account from being compromised. It keeps hackers out of your account management page & it keeps them out of your game.

Raiding guilds are like teams of people. If one person gets hacked, it effects everyone. This is doubly true if you are a guild officer or you have access to the guild bank. When a core member of a raiding guild is hacked, it hurts not just you – but also your guild. You end up having to go through a lengthy (mutliple week) process to regain control of your account, sit through the bans, and finally get your stuff restored. It sucks worse than the 5 seconds you can spend every day to type in your authenticator number before login. It is worth the couple dollars (like $6.50) that it costs to get the authenticators. Don’t just do it for yourself – do it for your guild and the people who count on you to be there week after week.

One of my guild’s officers just got hacked on Monday. He feels terrible about it, and we all feel bad for his situation. No one should ever have to experience being hacked. It’s a horrible feeling. His character and our guild bank were  totally stripped. His main raiding character isn’t in the guild anymore – it was likely deleted by the hacker, but they managed to take everything valuable out of our bank without being caught (or without anyone around being able to demote him). One night he was logged in raiding with us, the next night he’s at home freaking out because he has no character to raid with us this week. It is going to take multiple weeks to deal with it all. His account is currently suspended for the bad things the hackers did to it, and it’s going to take a while to get it back and then to get everything restored.

So, don’t just get an authenticator for yourself – get it to benefit your guild. You spend time learning how to play your class the best. You should spend time securing your gear that you worked so hard to earn. Get an authenticator to protect your stuff.

I want to remind you that hackers also send out scam e-mails that can sometimes even look convincing.   There are more types of scams than I could describe in a post. Most of these scam e-mails have something in common: they want to trick you into giving them your account information (either by having you go to a fake link, or trying to get you to e-mail them your password).  You can ask about e-mails you receive by contacting the Billing department directly, or by asking on the customer service forum (most of the regular posters on the CSF are good at playing “spot the scam e-mail”).

Also, beware of fake scam websites. People like to spoof things like the armory, the battle.net login page, and things like that. Fake links in scam e-mails are also used to steal your account info. If people can trick you into typing in your password to their scam page, then they’ve got your login name & password.

Be careful & get an authenticator just to prevent the worst from happening, but also be careful with your internet practices.

This entry was posted in Uncategorized. Bookmark the permalink. Both comments and trackbacks are currently closed.

28 Comments

  1. Posted January 12, 2010 at 10:04 am | Permalink

    We previously had similar issues in my guild. We just had a bad week I think, but two members got hacked and all their characters stripped but it wasn’t so bad. We all had a bit of a laugh because the GM’s only took 2-3 days to restore all their characters and gear and officers were online at the time to kick them out of the guild before they could take anything from the gbank. We jokingly told them to stop surfing so much porn on the computer they were playing on, hehe. They weren’t very happy with that :)
    But then an officer got her account stolen.. Luckily we kicked her before “she” got her paws on too much stuff in the gbank, but we decided to lock down the bank completely. After that, another officer got his account stolen. Four stolen accounts in one week! I mean, this was just silly. Right there and then we had a officer meeting and decided that authenticators were mandatory for officers. Everyone (except our guildleader who already had one) demoted themselves until they could order one. Now our guildbank is set up so that while most of the tabs are free for all, there is a daily stack/gold withdrawal limit..

    The authenticator is also available for iPhone and other such smartphones if you’re lucky enough to own one of those. But as you say, they’re stinkin’ cheap. One guildmember with a credit card can buy 5-6 of them at once to save Post&Packaging, and they can just send them in a letter to the other officers, for example.

  2. Lissanna
    Posted January 12, 2010 at 10:16 am | Permalink

    They are offering free US shipping right now even.

  3. Treeboi
    Posted January 12, 2010 at 10:25 am | Permalink

    The very best anti-virus, anti-spyware trick I have ever found is this:

    Blocking Unwanted Parasites with a Hosts File
    http://www.mvps.org/winhelp2002/hosts.htm

    This website basically gives you a hosts file, which is already used by your system, that redirects all known spam sites, virus sites, phishing sites, and spyware sites to an invalid address.

    This is effectively like having a gps that purposefully ignores certain addresses. You don’t get into trouble, because you can’t even go to a problem website.

    Note that your computer system *already* uses a hosts file. All computer systems use it, from windows, to macs, to linux. But by default, that hosts file is empty, or nearly empty. This website just fills in the hosts file for problem sites.

    I know I’m evangelizing, but this hosts file blocking trick has done more to stop spyware and viruses on my computer than any else that I have ever done.

  4. Posted January 12, 2010 at 10:27 am | Permalink

    I’ve only had one problem ever with my authenticator: the battery died suddenly, and I had to get a replacement. They did offer for me to mail it back to them and they’d fix it, but I wanted my account back on protection ASAP, and figured them shipping me a new one was faster than having them mess with my old one.

    If yours ever does die on you and you don’t want to wait on the mail to have yours fixed/replaced, call up customer support and have them remove the authenticator from your account (until you’re able to get the new one). This requires having the actual authenticator fob with you and various identity-verification questions.

    Then go order a new one ASAP. Every moment without one, I was living in a world of paranoia. As soon as my new one arrived, I jumped on re-protecting my account.

    Dual-factor authentication ftw.

  5. Posted January 12, 2010 at 10:30 am | Permalink

    Yep yep. Authenticators are mandatory in my guild. We also don’t allow account sharing– not even with your immediate family. The latter policy sounds too strict, but we’ve seen/heard of incidents of “I didn’t ninja the sword from that Pug Ony; it was my son who didn’t know any better.”

  6. Posted January 12, 2010 at 10:35 am | Permalink

    The best antivirus does not help you. If you can post details into a web form (like the one you used to post your replies), then you are vulnerable unless you have an authenticator.

    You can say you are the most alert person in the world, that it won’t happen to you, all that. That’s what my Guildmaster said. Then she saw her Valanyr gone, and our guildbank emptied.

    In fact in the last few months, 5 or 6 players from my guild, all of whom know it can’t possibily happen to them, that they will never fall for a fake website, have seen their accounts comprimised.

    They are back ingame after a week or so, but in that week we were left without 4 of our core raiders. One of them even saw his second account gone too.

    The authenticator is cheap, even free if you have a compatable phone. Are you really so lazy and arrogant that you know that it can never happen to you? I used to be, but after this latest string of players that I know are not total idiots being hit I decided to stop relying on luck. I now use an authenticator on my iPhone.

    It adds maybe 5 or 10 seconds to my login. It saves maybe 6 or 7 days of having no raid character. Your choice.

  7. Posted January 12, 2010 at 10:39 am | Permalink

    Just putting a withdrawl limit on your bank isn’t really effective for members who can be hacked. Sometimes the hacker can trick the system into turning a “1 withdrawl perday” into 10.

    In our guild, officers have authenticators, and only officers can access the stuff in the last 3 tabs of the bank…the things can be viewed by non officers, however they have to have an officer remove them.

    The first 3 tabs are free for all, stuff that hackers apparently aren’t interested in considering we ahd about 4 people hacked over the Christmas weekend and nothing was removed from our bank.

    Its a bit of a hassle, yes, but way less of a hassle of having to have a guild bank restored.
    ~Kcihc

  8. Tinwhisker
    Posted January 12, 2010 at 11:02 am | Permalink

    A quick note about spoof web sites. Even those of you who do have authenticators are vulnerable to them.

    If you put in your name, password and the number that the authenticator gives you into a fake web site, that site can then use that info to log into account management, remove the authenticator, change your password and lock you out of it with their own authenticator.

    Having an authenticator does not prevent hacking due to stupidity, it’s just one more tool.

  9. Posted January 12, 2010 at 11:04 am | Permalink

    I’ve grown very tired of hearing people say that they practice good computer security and that they don’t need an authenticator because of that. So many of these people get their account information compromised and cost the guild a lot of currency/supplies.

    The authenticator is widely available in multiple formats. It’s cheap. It’s an extra layer of security. Save the drama, swallow the pride, and secure your account. Peace of mind is a nice thing to have.

  10. Posted January 12, 2010 at 11:19 am | Permalink

    To this day, I have no freakin idea how my account was hacked, but it sure was. We were fortunate that we got everything back, and that it wasn’t hubby’s account (he’s the GM and the hacker could have disbanded the guild from that account.)

    We got authenticators immediately – and encouraged guildies to get authenticators too.

    I’m a bit concerned now that Blizzard is offering “care packages” in lieu of full restoration. After all, the miscreants raid the gbank more often than not, and a care package would not cover those losses.

  11. Posted January 12, 2010 at 11:28 am | Permalink

    After playing for more than four years, it would be downright negligent for me to not protect my account with an authenticator. I hope Blizzard goes through with their supposed plans to make authenticators mandatory (source: http://www.wow.com/2010/01/08/blizzard-giving-serious-consideration-to-mandatory-authenticator/), although I don’t think they should be mandatory for everyone. I mean, is a hacker going to hack an account without any 80s on it? Still, I’m all for forcing people who are hacked to have authenticators, as long as Blizzard can get them to them.

  12. Posted January 12, 2010 at 11:37 am | Permalink

    If you have been hacked then I think that an authenticator should certainly be a requirement. I know one person in particular that has been hacked 3 times so far, and finally decided to get an authenticator.

    Regarding the gbank limits, limits do work to a degree. The problem was that there used to be a 1 stack withdraw limit on our guild bank. The first person to get hacked funnily enough withdrew that stack of Primordial Saronite that was put aside for a Shadow’s Edge.

    The worst line I’ve had is “I don’t need to worry about being hacked, I’m on a Mac”

    I almost wanted to track down the offending player and beat some sense into them with their damned mighty mouse

  13. Lissanna
    Posted January 12, 2010 at 11:51 am | Permalink

    I keep spare authenticators around so that if one breaks, I can just swap it out with another one.

    Also, while they offer the care package, you CAN just say “no” to it.

    I consider having an authenticator to be PART of good computer/internet security for any WoW player. If you don’t have the authenticator, you aren’t practicing good security.

  14. Galashin
    Posted January 12, 2010 at 12:37 pm | Permalink

    If you’re willing to do online banking on your computer, you clearly do not need an authenticator.

    Any sort of keylogging malware (or a direct hack into your system) would be able to steal the information for both. Any means of giving away your warcraft account info *only* requires an active effort, i.e., the fake login pages.

    Thus, if you’re willing to do online banking, which is for obvious reasons potentially much more damaging to you, you *must* trust your malware protection enough to protect something as relatively unimportant as your warcraft account–leaving only hacking methods very easy to spot and avoid.

    Of course, if you *don’t* trust your computer’s protection enough to do online banking or the like, then yes, it would make sense to get an authenticator.

  15. Lissanna
    Posted January 12, 2010 at 1:17 pm | Permalink

    If my online banking had authenticators, I would get them, too. A lot of keyloggers that WOW players are likely to download are targeting WOW account specifically (ie. doing things like only being active when the WoW login screen is open).

    I have no faith in malware protection, because anti-spam programs are always a step behind the spam programs. I still do online banking, mostly because I need to and the risk is low. However, there is ALWAYS risk.

    Just saying: because you put your banking info at risk, you should put your WOW account at risk, doesn’t make any sense.

  16. Galashin
    Posted January 12, 2010 at 1:23 pm | Permalink

    That’s the other side of it, and a reasonable point. I just look at it from the perspective of “if you view your banking info as sufficiently secure, then your warcraft info is at least as secure.” Glass half full vs half empty sort of thing, I suppose.

  17. Posted January 12, 2010 at 2:08 pm | Permalink

    I’m not sure if this was mentioned in the comments, Lissanna, but there is also a free authenticator app that will work on quite a few mobile phones.

    Authenticators are ridiculously cheap, and incredibly effective. The authenticator token I use for a silly game like WoW is identical to the one my fiance used for some very high security networking functions he did at his job. If the people concerned about major hackage and terrorists and stuff trust the little thingies… then I’m gonna guess theyre pretty solid!

  18. Posted January 12, 2010 at 3:59 pm | Permalink

    My guild locked down the important tabs to 3 stacks per tab per day after a bunch of our officers got hacked and wiped the bank. We started stacking important materials (cut gems, BoEs, enchant mats, etc.) in small stacks like 3. It doesn’t prevent a hacked officer taking from the guild bank, but it does lessen the impact by a bunch.

    When it comes to finding authenticators, sometimes you can look to your guild. Multiple members of my guild have gotten the key fob, but then later acquired the iPhone and the authenticator app. They then put up a thread in the guild forums saying if anyone wants an extra authenticator, they have a working keyfob available.

    I like to think of the authenticator as hand sanitizer for your WoW account. No, it’s not going to stop you from putting your hand in a pile of crap or a rabid raccoon biting you or a sick person from sneezing on you, but it’s one step of many to help protect you from germs. Would you refuse hand sanitizer? Then, really, why refuse an authenticator?

  19. aveiceae
    Posted January 12, 2010 at 6:04 pm | Permalink

    In response to the comment:
    “If you put in your name, password and the number that the authenticator gives you into a fake web site, that site can then use that info to log into account management, remove the authenticator, change your password and lock you out of it with their own authenticator.”

    Each authenticator code (upon button press) is only good for 30 seconds, so someone would have to log into your account within 30 seconds of you entering your auth number into a bogus form. the odds of that happening are slim. Also, you can only REMOVE an authenticator by speaking to Blizzard support, not through the account manager web portal, so an autoscript/hack form would not be able to automatically remove it.

  20. Posted January 12, 2010 at 9:36 pm | Permalink

    Poneria, if you have access to a tab, you can easily restack items into full stacks, seperating the stacks won’t help, unless the hacker isn’t very smart.

    It’s also been cropping up in the guild relations forum that there may be a way to circumvent the stack size limit and allowing hackers to take quite a bit more. So be careful ;)

  21. Posted January 13, 2010 at 12:23 am | Permalink

    @Poneria – “No, it’s not going to stop you from putting your hand in a pile of crap or a rabid raccoon biting you or a sick person from sneezing on you, but it’s one step of many to help protect you from germs.”

    Seriously…I el-oh-el’d at this!

    Anyhow –

    I think this authenticator thing wouldn’t have been an issue if Blizzard had offered them right from the start, or made them mandatory (and free!) as soon as they were available and said “as part of your monthly subscription fee, as well as keeping your account safety in mind, we are mailing you this complimentary authenticator that you will be required to use to continue being able to play the game”.

    The current issue is that people THEMSELVES have to do it and pay another six dollars. Why should they have to pay that? If it has to do with the security of the game, it should be included on top of the MYRIAD of fees you’ve already happily paid Blizzard (the game price, monthly fee, expansion prices, etc).

    I personally went with the mobile authenticator app on my iPhone because I can. But not everyone has this option.

    Blizz has already given a pet to people with one (where they are selling pets in the online store for ten dollars), so what I would suggest they do is include an authenticator in EVERY “Cataclysm” box and say if you don’t have one, here is one. Use it, because you can’t play otherwise. Period.” Let people suffering the growing pain, and then we can move on and go back to enjoying the game as it were.

  22. Posted January 13, 2010 at 6:47 am | Permalink

    @ Galashin, my online banking has authenticators similar to the Blizzard one

  23. Kayeri
    Posted January 13, 2010 at 2:07 pm | Permalink

    Yes, get authenticators! One of our officers, who used to work for Microsoft, has incredibly good equipment and the best software he can get and knows more about computing dead asleep than I do hyped on Red Bull was successfully hacked a few months ago. He took his entire system apart and analyzed the whole thing and never figured out quite HOW they got his info… if they can do it to him, they can do it to anyone.

    Entirely different issue, but I hope an authenticator is included in EVERY Cataclysm box and all players are required to use them! yes, you still cant be stupid while on the internet, but those little fobs give a lot of security for not much money.

  24. jball_2k
    Posted January 14, 2010 at 5:30 pm | Permalink

    I was hacked about 3 months ago, same situation. GBank was ransacked.

    They got a LOT of items. I actually logged in and changed my PW while the a**hole was still on my account.

    Turns out he was farming nodes in WG, I logged in to find at least 11 Stacks of Titanium Ore, 40 Stacks of Saronite and a crap load of blue/green gems. He also created a toon on my account where he I found some of the items he didn’t get the chance to mail out.

    It took Blizz about 4 days to recover it all and I got to keep all the extra stuff! lol

    The hacker didn’t touch my other servers though, had a 70 with a lot of Gold on him. In the 5 days I leveled it to 80 and it’s my main now…Kinda a blessing in disguise ;)

    Bought the authenticator and it works great. They accidentally sent me 2!

  25. R
    Posted January 15, 2010 at 1:05 pm | Permalink

    Never been hacked, never had a virus on my pc. 40 years old and have been a pc user since THEY CAME OUT.

    You cannot be externally hacked, despite people claiming this here. You are either tricked into entering your login information on a form or keylogged.

    That’s it, folks. Don’t be an idiot with your computer security and you are fine. (yes, I work in the computer security field). All the “require authenticator” crap is just that. CRAP.

    Don’t lower me to your ignorant level. What is this guild communism? LOL.

  26. Lissanna
    Posted January 15, 2010 at 1:42 pm | Permalink

    @R – so, no one you play with in the game has ever been compromised before? You trust your entire guild’s account & computer security without authenticators?

  27. Kelly
    Posted January 23, 2010 at 7:28 am | Permalink

    The sad fact is that preventing yourself from getting hacked is very easy.

    You need to keep a clean system and by clean I mean OS patches and updates + WoW, period.

    If you are a bit on the adventurous side, you could also install a decent web browser (this does not include the bug ridden IE), disable all scripting, cookies, java and plugins and use it to browse the internet without a serious risk of infection.

    BUT – and that’s a big but – I have never met anyone who would be willing to sacrifice all his little creature comforts in order to reach this level of security.

    This means that for quite a lot of people, the authenticator is probably a good compromise between security and the freedom to use their pc for other things than playing WoW.

    I actually do keep a clean gaming system like I described, because I have a spare Windows license lying around and don’t mind running with a dual boot setup.

    Where the rest of my guild is concerned though, I would be quite happy if they could agree on buying authenticators.

  28. Lissanna
    Posted January 23, 2010 at 10:42 am | Permalink

    The problem is that not everyone can afford to have a computer where the only thing on it is WOW. Most people aren’t that lucky. Having good security programs and authenticators is the highest level of WoW security that most people can attain. Good internet security practices is important since things like credit card info is also at risk from keyloggers and scammers. Authenticators don’t reduce the need for antivirus/antikeylogger protection programs.