And yet it's exactly these kind of gamers that SCREAM they have the perfect security on their computer and apply the best security practices, so that it only can be Blizzard's fault that they got hacked.
Rest my case.
A fair number of people have also given good reasons to question Blizzard's commitment to seriously dealing with this problem. Especially for those who have never had a problem with anyone else despite ample opportunity to have had it, the evidence is there that at some level, it is Blizzard's responsiblity to deal with it, even if it isn't directly their fault. A lot of people could do more, certainly, in the security aspect, but that does not absolve Blizzard when those users exist across the internet, and yet it always seems like Blizzard's name is at the forefront of these conversations when it comes to suspect gaming companies.
When a company has this serious of issues this consistently, it becomes much, much harder to simply blame the end user.
I am curious, what would you like Blizzard to do? They already have the best security practices listed on their website. It is up to the end user to follow them or not. Do you want them to implement something like NPS (Network Policy Server) that will check if updates are up to date, antivirus is installed, signature files are updated and do a quick virus scan before allowing them to login into the game?
Nowadays, there is no real excuse to be computer illiterate since the computers are an intergral part of our daily lives. If you don't spend even a little time to learn a bit about the tool you are using than you shouldn't be using it. It seems people don't realize that computer is a tool and if you don't take care of it, it will "rust" and will underpeform or do other unintended operations. If you leave your hand saw in the rain for two months, how good you think it will cut wood next time you use it?
If I was a hacker for gold selling sites, would I target an unpopular game or a game with a lot of potential market? The hackers are in this to make money and it doesn't make business sense to target small demographics game where profit margin is very small. Looks like Blizzard fell a victim to its own popularity.
Hehehehe, funny, but I think you are asking WAY too much of your average joe gamer / computer user.
Many of us on this forum are IT professionals of some kind or other and it's easy to get a bit of an elitist attitude because of that. You can act like it's easy for everyone to adhere to all these good security practices...but I think you vastly overestimate the computer savvy of many gamers.
I mean...some of my friends not in IT play computer games but they seriously don't even know how to use Windows Explorer. Do you expect these people to be able to install all these anti adware things and know what links are okay and which are bad?
The only people at fault for hacking attacks are the HACKERS. That's it. The victims aren't at fault. Maybe they could have done more to prevent an attack, but that doesn't make them guilty.
Just like in your "didn't lock the door" example...do you know who is at fault for stealing the guy's TV? I'm gonna say it was the thief...not the homeowner.
And yet it's exactly these kind of gamers that SCREAM they have the perfect security on their computer and apply the best security practices, so that it only can be Blizzard's fault that they got hacked.
Rest my case.
Well...like I said before. The only real argument here is that these hacks would have never been possible for single player folks if D3 wasn't online only.
Like it or not, but hacking is a reality of the internet. And once your character is shared on another server, you are exposed to it. It's really impossible to say how the hackers did their hacking, so I don't see the point in arguing about it...it's pointless. It could have been user error, it could have been an internal leak...it really could have been anything, or a combination of many things. There's really no reason to try to point fingers at the two victims of the hacking (Blizzard and the player) and call them both idiots.
Hehehehe, funny, but I think you are asking WAY too much of your average joe gamer / computer user.
Many of us on this forum are IT professionals of some kind or other and it's easy to get a bit of an elitist attitude because of that. You can act like it's easy for everyone to adhere to all these good security practices...but I think you vastly overestimate the computer savvy of many gamers.
I mean...some of my friends not in IT play computer games but they seriously don't even know how to use Windows Explorer. Do you expect these people to be able to install all these anti adware things and know what links are okay and which are bad?
The only people at fault for hacking attacks are the HACKERS. That's it. The victims aren't at fault. Maybe they could have done more to prevent an attack, but that doesn't make them guilty.
Just like in your "didn't lock the door" example...do you know who is at fault for stealing the guy's TV? I'm gonna say it was the thief...not the homeowner.
And yet it's exactly these kind of gamers that SCREAM they have the perfect security on their computer and apply the best security practices, so that it only can be Blizzard's fault that they got hacked.
Rest my case.
Well...like I said before. The only real argument here is that these hacks would have never been possible for single player folks if D3 wasn't online only.
Like it or not, but hacking is a reality of the internet. And once you're character is shared on another server, you are exposed to it. It's really impossible to say how the hackers did their hacking, so I don't see the point in arguing about it...it's pointless. It could have been user error, it could have been an internal leak...it really could have been anything, or a combination of many things. There's really no reason to try to point fingers and the two victims of the hacking (Blizzard and the player) and call them both idiots.
The part in red is what I find extremely amusing. So what do the people who were on here trying to defend online only with "it stops hackers and cheaters" have to say? See, if they had simply kept in the offline single player mode there would be people playing that who wouldnt have an account to have gotten hacked and had their stuff stolen. Now they have access to EVERY pleyers accounts/items because they are ALL online instead of having th eoption of locally stored characters on your own system for single player.
I am curious, what would you like Blizzard to do? They already have the best security practices listed on their website. It is up to the end user to follow them or not. Do you want them to implement something like NPS (Network Policy Server) that will check if updates are up to date, antivirus is installed, signature files are updated and do a quick virus scan before allowing them to login into the game?
Nowadays, there is no real excuse to be computer illiterate since the computers are an intergral part of our daily lives. If you don't spend even a little time to learn a bit about the tool you are using than you shouldn't be using it. It seems people don't realize that computer is a tool and if you don't take care of it, it will "rust" and will underpeform or do other unintended operations. If you leave your hand saw in the rain for two months, how good you think it will cut wood next time you use it?
If I was a hacker for gold selling sites, would I target an unpopular game or a game with a lot of potential market? The hackers are in this to make money and it doesn't make business sense to target small demographics game where profit margin is very small. Looks like Blizzard fell a victim to its own popularity.
And yet, with all of their measures, they still haven't figured out how to really protect their games. I understand that WoW and D3 are very popular, but they had this problem way back in D2, and probably before that, well before the gold farmers smelled profit in WoW or even D2. That is the part that bothers me; I can accept such measures if they are at least somewhat effective, but nothing about being online only seems to have helped D3 one bit, despite all claims that it would. If it was a minor issue that came up every now and then, like it does with most MMOs, I would have a much harder time ragging them, but at some point the "it's the end user's responsibility" doesn't work anymore by itself, and Blizzard reached that point a long time ago. I'm not trying to say that every instance is Blizzard's fault or preventable, but they can't even keep the problem contained a good chunk of the time. I don't expect perfection, but from a company that's had a lot more practice than most, I would expect a much higher success rate than what they have achieved with Battlenet.
Originally posted by jusomdude I haven't gotten hacked yet, but I'm getting paranoid with people saying they have been hacked even with authenticators. Just gotta wonder if these guys who have been hacked, saying they don't visit unknown websites and keep everything up to date are lying.
I read one thread on the US forums, which has been locked now, about how the OP got "hacked" while he has an authenticator. The blue who locked it apparantly looked into it for the OP and loo and behold, the OP did have an authenticator, but only got it after he was compromised.
Truth be told, I'm on Blizzard side with this. In most cases people are at fault, for clicking delicious links, in badly typed e-mails. It sounds so silly, but it happens way too often. Of course there is no excuse if it turns out to be Blizzard's fault. Time will tell. One thing I can say is that if it's Blizzard's fault, then they will fix it. If people get comprimised, I'm not suprised anymore when I hear that a month later they're comprimised again. For the same thing.
Off topic, something I noticed in these kind of threads, is that a lot of people agree that no system is perfect and that it's entirely possible that (for example, in this case) Blizzard get's hacked/comprimised. But when people point to the complainers and say that they should first look to their own systems, they'll get riled up, claiming that their system is impenetrable. I just find this funny
You're saying I shouldn't have gone to www.free-D3-gold-and-naked-pictures-of-every-celebrity-and-add-3-inches-today-and-get-a-million-dollars-from-a-Nigerian-prince.com? It seemed legit to me...
That site is bogus. It showed me a picture of a Naked Nigerian man with a full 3 inches dangling holding a copy of D3 in one hand and a $20 bill in the other.
The argument that someone has never been hacked in another game as evidence that Blizzard is somehow less secure is easily disputed.
Yes, you are far more likely to have a blizzard account hacked than anything else. That is true.
It is not, however, evidence of Blizzards incompetence.
Here is a simple comparison that will illustrate the issue.
People often make the claim that Macs are far more secure than windows machines. This couldn't be farther from the truth. In fact, I would say that windows is the more secure operating system.
It boils down to the fact that windows is a much bigger target for malicious attackers. It's all about the install base. Mac users are often far less secure than windows users because they have been lulled into a false sense of safety.
OS X has very few built in security features. Most Mac users don't run a firewall or antivirus. They have been convinced their OS is invincible. Apples safari web browser is arguably less secure than IE even. Every year there is a hacking competition and safari is always the first to fall.
If I was to write a virus (hypothetical I don't do this) it would be just as easy to write one for OS X. If I was looking for a new zero day exploit or something, either OS would have them. If I want maximum effect I am shooting for windows.
Most virus writers these days are interested in money. They are usually making botnets for this purpose. Windows is the obvious target because of the need for a large number of infected machines.
This applies to Blizzard in the sense that they are the most valuable target. Successful compromise of wow accounts has the potential to be much more profitable than other games. Again, it's the install base.
Blizzard employs more security features fortheir users than any other game dev out there. The tools are there for you. Is it really a surprise that your wow account gets hacked but your Wurm online account doesn't?
It's all about profit. There is more incentive to steal a wow account than a Lotro account or even a SWTOR account. They go where they know there is money to be made. Gold in wow is almost garunteed to sell.
As someone with high level knowledge of security, Blizzard has always impressed me with their security practices. More so than other companies. When they started using two factor authentication I thought "Holy crap, the business I work at (an major ISP at the time) doesn't even do this internally."
I remember thinking, geez this place is more secure than my ISP in some ways. Their newer features are excellent as well. The way thy handle account locking and Their SMS service are very good.
All that being said, D3 is going to be an even bigger target. The reason is not online only play but the RMAH. The RMAH provides hackers with a direct path to profit. The nature of gear in D3 (not being bound) is a tasty little snack for a hacker.
Believe me, if hackers wanted to target other games as much as they target Blizzard, those games will not stop them.
Think about it though, who has more security resources? The big multiple million dollar company or Average Joe Gamer at home? Te attackers target whatever is easier. They target you.
If you play blizzard games, especially at a high level, you have a big target on your back. Protect yourself.
Oh and Creslin I know it's not necessarily the users fault, but what I am saying is that users often do things that make them easy targets.
The web is an insecure place and you have to take care of yourself. Of course it's the attackers fault. They are doing something illegal and immoral.
As for my analogy, you are correct, but that doesn't stop is from putting locks on our doors. We know there are thiefs out there and we protect ourselves.
If we realize there are hackers our there with bad intentions, it IS the users responsibility to protect themselves.
Originally posted by dubyahite stfuff that is mostly irrelevant
Yet you are sorta missing the point. Yes, you get to rant a lot about security and flash what you know and studied. We are all very impressed. Yet that isn't what it really is about.
Again, Blizzard knows precisely what you know: most people aren't very smart when it comes to passwords. Putting in something as easy as a mandatory complexity (dubyahite as a pw becomes Duby@h!t3 or something like that) goes a long way towards ensuring account security.
Forcing you to play online to you can milk people for a bigger social network and RMAH probably wasn't a very wise idea either, but that's neither here nor there.
I understand people don't like the extra layers of security. Yet sometimes, you gotta do them. When you are playing with an RMAH, you should be using those authenticators for everytime. Simple fact is that an authenticator that only logs in every 5-7 days...... is pretty damn useless, and really only is there to generate more profit while making people feel "secure" when they really aren't. Chances are if you buy the authenticator, or take the time to download a video game app on your smartphone, you aren't the ordinary person who is going to be turned off by a slight inconvienence in return for a lot of extra security.
You only need one confirmed SNAFU with the RMAH to provide a PR nightmare.
And yet it's exactly these kind of gamers that SCREAM they have the perfect security on their computer and apply the best security practices, so that it only can be Blizzard's fault that they got hacked.
Rest my case.
A fair number of people have also given good reasons to question Blizzard's commitment to seriously dealing with this problem. Especially for those who have never had a problem with anyone else despite ample opportunity to have had it, the evidence is there that at some level, it is Blizzard's responsiblity to deal with it, even if it isn't directly their fault. A lot of people could do more, certainly, in the security aspect, but that does not absolve Blizzard when those users exist across the internet, and yet it always seems like Blizzard's name is at the forefront of these conversations when it comes to suspect gaming companies.
When a company has this serious of issues this consistently, it becomes much, much harder to simply blame the end user.
I am curious, what would you like Blizzard to do? They already have the best security practices listed on their website. It is up to the end user to follow them or not. Do you want them to implement something like NPS (Network Policy Server) that will check if updates are up to date, antivirus is installed, signature files are updated and do a quick virus scan before allowing them to login into the game?
Nowadays, there is no real excuse to be computer illiterate since the computers are an intergral part of our daily lives. If you don't spend even a little time to learn a bit about the tool you are using than you shouldn't be using it. It seems people don't realize that computer is a tool and if you don't take care of it, it will "rust" and will underpeform or do other unintended operations. If you leave your hand saw in the rain for two months, how good you think it will cut wood next time you use it?
If I was a hacker for gold selling sites, would I target an unpopular game or a game with a lot of potential market? The hackers are in this to make money and it doesn't make business sense to target small demographics game where profit margin is very small. Looks like Blizzard fell a victim to its own popularity.
1.) Mandatory texts/email if you login from a different IP address.
2.) If you have an authenticator, you gotta authenticate with every login. Don't wanna do that? Don't buy the authenticator.
3.) Increased complexity with passwords.
Really, number 3 alone goes a long way.
And really, you talk about how people "should" be computer literate. People should also be able to change their oil or a tire on their car. Yet the simple fact is a huge amount don't, and whining about how they should isn't going to fix the problem. In a perfect world, IT security wouldn't be neccessary. When dealing with the average end user, you have to operate with the assumption they really don't know a lot of what they are doing.
Regarding blizz security and authentificators. They sell games in certain countries, like mine, and don't deliver authentificators here. If you don't have a smart phone you can't don't have acces to one here. In a case like this it can be partly considered their fault since you can't aquire one even if you want to, thus having lower security than you could have.
I'm not here to flaunt my knowledge. I'm here to discuss an issue of particular interest to me.
I don't understand why my knowledge of the subject is an excuse to attack me. There are plenty of people in this thread with little to no understating of security who are posting random nonsense and trying to pass it off as fact.
Should you be quoting them and accusing them of missing the point? Because they most certainly are missing the point in a big way.
Again, I'm not here to "flaunt" my knowledge. I am here because this subject is interesting to me.
I am just here to discuss the topic of security which most people dont have a clue about.
Look I don't care that your average user doesn't know how to protect themselves. Not my problem. What I do care about is when those same people go around spouting off nonsense as if they know what they are talking about.
I mean, there was a guy in this very thread flipping out because Diablo opened port 80. Seriously. Then he tries to tell people that this is some huge security flaw.
That is the person that is missing the point, not me.
And yet it's exactly these kind of gamers that SCREAM they have the perfect security on their computer and apply the best security practices, so that it only can be Blizzard's fault that they got hacked.
Rest my case.
A fair number of people have also given good reasons to question Blizzard's commitment to seriously dealing with this problem. Especially for those who have never had a problem with anyone else despite ample opportunity to have had it, the evidence is there that at some level, it is Blizzard's responsiblity to deal with it, even if it isn't directly their fault. A lot of people could do more, certainly, in the security aspect, but that does not absolve Blizzard when those users exist across the internet, and yet it always seems like Blizzard's name is at the forefront of these conversations when it comes to suspect gaming companies.
When a company has this serious of issues this consistently, it becomes much, much harder to simply blame the end user.
I am curious, what would you like Blizzard to do? They already have the best security practices listed on their website. It is up to the end user to follow them or not. Do you want them to implement something like NPS (Network Policy Server) that will check if updates are up to date, antivirus is installed, signature files are updated and do a quick virus scan before allowing them to login into the game?
Nowadays, there is no real excuse to be computer illiterate since the computers are an intergral part of our daily lives. If you don't spend even a little time to learn a bit about the tool you are using than you shouldn't be using it. It seems people don't realize that computer is a tool and if you don't take care of it, it will "rust" and will underpeform or do other unintended operations. If you leave your hand saw in the rain for two months, how good you think it will cut wood next time you use it?
If I was a hacker for gold selling sites, would I target an unpopular game or a game with a lot of potential market? The hackers are in this to make money and it doesn't make business sense to target small demographics game where profit margin is very small. Looks like Blizzard fell a victim to its own popularity.
1.) Mandatory texts/email if you login from a different IP address.
2.) If you have an authenticator, you gotta authenticate with every login. Don't wanna do that? Don't buy the authenticator.
3.) Increased complexity with passwords.
Really, number 3 alone goes a long way.
And really, you talk about how people "should" be computer literate. People should also be able to change their oil or a tire on their car. Yet the simple fact is a huge amount don't, and whining about how they should isn't going to fix the problem. In a perfect world, IT security wouldn't be neccessary. When dealing with the average end user, you have to operate with the assumption they really don't know a lot of what they are doing.
I actually agree with your points here. The thing is, these're games we're talking about. Blizzard is for obvious reasons interested in getting as much players to buy and play the game. Implementing the points you listed as mandatory, no matter how good they're, is not going to help the userfriendliness of the game. When it's harder to get to play the game, more people are stop playing it. Same as with DRM, people are going to opt for pirating anyway, because when you implement DRM like in Assassin's Creed 2 for example, you've less frustration playing it without the DRM then with it. Concerning Diablo 3, just look at all those complaints around the internet about the mandatory 'always online'-resctriction. Couple that with mandatory use of the authenticator and people are just not going to bother with the game, which would be a shame really.
Point 3 is interesting at the moment concerning Blizzard policies. It seems that the passwords aren't forced to be case-sensitive. That's pretty bad of them. Aside from the increased complexity, I rather have that they would allow more characters to be used and that they would stimulate users to use passphrase, instead of passwords. Win - win for both sides.
It is so much more difficult to get hacked these days with Windows 7 and people are much more tech saavy now... At this point it really is the users fault.
It is so much more difficult to get hacked these days with Windows 7 and people are much more tech saavy now... At this point it really is the users fault.
Still, a lot of people don't use two accounts for windows 7 (admin and a normal user) and/or they disable the UAC. Windows 7 is more secure then it's predecessors, but if people don't use the options given to them, all hope is lost
I don't believe ignorance is an excuse anymore, people know by now what type of password is acceptable and what isn't. They know the gist of protecting a computer and what to avoid while on the net.
Most computer illiterates don't frequent game forums, so if you get hacked and you're reading this or posting here.. its 99% your fault. You know how to defend yourself, don't wait for someone to do it for you.
It more or less comes down to people are lazy.
I'm sorry but I don't agree with this. And no...I'm not one of those that has been hacked. I have been very fortunate in this area. Just because someone was though does not mean I'm going to assume they're ignorant or lazy.
1. For god's sake mmo gamers, enough with the analogies. They're unnecessary and your comparisons are terrible, dissimilar, and illogical.
2. To posters feeling the need to state how f2p really isn't f2p: Players understand the concept. You aren't privy to some secret the rest are missing. You're embarrassing yourself.
3. Yes, Cpt. Obvious, we're not industry experts. Now run along and let the big people use the forums for their purpose.
I don't believe ignorance is an excuse anymore, people know by now what type of password is acceptable and what isn't. They know the gist of protecting a computer and what to avoid while on the net.
Most computer illiterates don't frequent game forums, so if you get hacked and you're reading this or posting here.. its 99% your fault. You know how to defend yourself, don't wait for someone to do it for you.
It more or less comes down to people are lazy.
I'm sorry but I don't agree with this. And no...I'm not one of those that has been hacked. I have been very fortunate in this area. Just because someone was though does not mean I'm going to assume they're ignorant or lazy.
If you're aware of ways to prevent getting your account compromised and not use them, because you rather depend on luck, then I do find you ignorant and lazy. Blizzard has done a lot to increase awareness as how to protect yourself against these malicious practices, except for forcefeeding information and demanding people buy and use the authenticator. If users then decide not to use the measures, then they're lazy. I can't really call them ignorant anymore, because they're damn well aware of all the scamming/phising/compromising at recent Blizzard games.
I don't have a problem with the extra security in theory, but I have two caveats. One, it has to actually work as intended. Two, the game behind it better be worth it.
As for the first, if it's not checking the authenticator every time, there is no point to it. If I am going to go to the trouble of getting an authenicator, I dang well expect it to be used. Yes, it's a pain, but the whole point of getting the thing is for it to be used. If it's not being used, it's not actually increasing the security any, and I just wasted the time, money, and effort to acquire the thing. Also, if the company seems to only care about active accounts, and doesn't care what is being done with inactive accounts and the information they contain, that's a security breatch I can't do anything to fix on my end, and this very much seems to be the case with Blizzard. If it's not actively making them money, they don't care about it or what anybody, whether it be an employee or an outside hacker, is doing with it. All in all, while I understand that Blizzard is a big target, that's still no excuse for the level of problems they have. Again, I don't expect perfection, that would be foolish, but I do expect them to contain it a heck of a lot more than they currently are. They need to do something more than they currently are. It may not even be in the game itself, but rather a more aggressive stance on suspected hackers and gold farmers and making the penalties for doing so higher, but they need to do something. There's no excuse with the amount of money they make that the problems are as rampant as they are. Blizzard is just too lazy to properly deal with them, more concerned about the money they would lose if they did so than anything else.
As for the second, Diablo is a great game series, but I'm not going to all that trouble, when I can get essentially the same gameplay from any number of other games for a lot less hassle. Same goes for WoW. I may not quite get the same amount of polish, but for the amount of money and effort I have to put into them, the overall value is simply higher than any Blizzard game is at this point.
When all is said and done, I don't hate Blizzard or anything nearly that strong, but I do believe that they could at least contain the problem better if they were willing to put the effort into it. Not remove the problem, but at least contain it and make themselves a smaller target than they are now with their complacency in both preventing it and dealing with it after the fact. The fact is, part of the reason they are as big of a target as they are is that everyone knows that they really don't care about it as long as they still make their millions and could care less about how effected their customers are by it.
And yet it's exactly these kind of gamers that SCREAM they have the perfect security on their computer and apply the best security practices, so that it only can be Blizzard's fault that they got hacked.
Rest my case.
A fair number of people have also given good reasons to question Blizzard's commitment to seriously dealing with this problem. Especially for those who have never had a problem with anyone else despite ample opportunity to have had it, the evidence is there that at some level, it is Blizzard's responsiblity to deal with it, even if it isn't directly their fault. A lot of people could do more, certainly, in the security aspect, but that does not absolve Blizzard when those users exist across the internet, and yet it always seems like Blizzard's name is at the forefront of these conversations when it comes to suspect gaming companies.
When a company has this serious of issues this consistently, it becomes much, much harder to simply blame the end user.
I am curious, what would you like Blizzard to do? They already have the best security practices listed on their website. It is up to the end user to follow them or not. Do you want them to implement something like NPS (Network Policy Server) that will check if updates are up to date, antivirus is installed, signature files are updated and do a quick virus scan before allowing them to login into the game?
Nowadays, there is no real excuse to be computer illiterate since the computers are an intergral part of our daily lives. If you don't spend even a little time to learn a bit about the tool you are using than you shouldn't be using it. It seems people don't realize that computer is a tool and if you don't take care of it, it will "rust" and will underpeform or do other unintended operations. If you leave your hand saw in the rain for two months, how good you think it will cut wood next time you use it?
If I was a hacker for gold selling sites, would I target an unpopular game or a game with a lot of potential market? The hackers are in this to make money and it doesn't make business sense to target small demographics game where profit margin is very small. Looks like Blizzard fell a victim to its own popularity.
1.) Mandatory texts/email if you login from a different IP address.
2.) If you have an authenticator, you gotta authenticate with every login. Don't wanna do that? Don't buy the authenticator.
3.) Increased complexity with passwords.
Really, number 3 alone goes a long way.
And really, you talk about how people "should" be computer literate. People should also be able to change their oil or a tire on their car. Yet the simple fact is a huge amount don't, and whining about how they should isn't going to fix the problem. In a perfect world, IT security wouldn't be neccessary. When dealing with the average end user, you have to operate with the assumption they really don't know a lot of what they are doing.
I actually agree with your points here. The thing is, these're games we're talking about. Blizzard is for obvious reasons interested in getting as much players to buy and play the game. Implementing the points you listed as mandatory, no matter how good they're, is not going to help the userfriendliness of the game. When it's harder to get to play the game, more people are stop playing it. Same as with DRM, people are going to opt for pirating anyway, because when you implement DRM like in Assassin's Creed 2 for example, you've less frustration playing it without the DRM then with it. Concerning Diablo 3, just look at all those complaints around the internet about the mandatory 'always online'-resctriction. Couple that with mandatory use of the authenticator and people are just not going to bother with the game, which would be a shame really.
Point 3 is interesting at the moment concerning Blizzard policies. It seems that the passwords aren't forced to be case-sensitive. That's pretty bad of them. Aside from the increased complexity, I rather have that they would allow more characters to be used and that they would stimulate users to use passphrase, instead of passwords. Win - win for both sides.
This is a very important issue you raise.
Anyone who has worked in the IT industry can tell you that any company (not just game companies) has to weigh several factors when implementing security policies such as those suggested. This is especially true when you are enforcing these policies on customers as opposed to employees.
It would be great to add a little forced complexity to people's passwords, but it is a tougher decision than it seems at first glance. Personally I would be all for it, but I know for a fact that Blizzard (or any other company) would have to deal with a lot of issues this would cause their customers as well.
Not to many MMO companies actually enforce password complexity on their users. Bioware did a decent job by forcing one uppercase letter and one number in their password, but really that is a lot more innefective than you might think.
Here is an example, with Bioware's rules the password 'Tizftye7' would be an acceptable password. It's not particularly strong but at least it's not '123456'. There are no words in it, and it appears totally random. It's not going to be in a dictionary attack so a cracker would need to use a guessing attack on it, which implies more time to crack it.
What this level of password security protects against is relatively slow online brute force or guessing attacks. Repeated attempts to guess the password on the services website by attempting to log in would take months to complete all possible password guesses that would be required to guess that password. The exact search space of said password would be 5.46 x 1023 or 546,108,599,233,516,079,517,120 possible passwords with that password length and alphabet size (characters that a cracker must account for). Seems like a big enough number.
However, with current technology, your average cracker can make about one hundred billion guesses per second offline if they have acquired a password database. This would take less than an hour to complete the attack offline. If the attacker is running the database through a botnet or something, it would be a matter of seconds.
So that level of password complexity protects against one thing, online attacks made by repeated login attempts to a website or the actual game service. The thing is, you are already protected against these attacks in most cases. After a few logins the system wants additional verification or it might even lock your account. This level of password complexity adds no security at all.
To really enforce a system where users must make secure passwords would require very long lengths (at least over 12 characters), one symbol, one number, at least one uppercase letter, and lower case letters as well.
They would also need to prevent people from using common passwords and probably dictionary based passwords as well. Anything that can be found in a crackers dictionary immediately eliminates the need for a guessing attack and any and all complexity is then useless.
Like MikkelB said, from a business perspective they simply can't enforce password complexity of this level. It would piss off a large portion of their users as well as create extra costs for the company in having to support these users. A person who can't remember their password is going to generate extra cost for the company in customer service and technical support on a regular basis. For a video game, it's just not realistic. I believe that it seriously would drive people away from the game.
Now, the whole passwords not being case sensitive thing from Blizzard is absolutely bonkers. Out of all this stuff that has been talked about that actually pisses me off a great deal. I don't understand why they would actively undermine the security of those who choose to use a complex password. I think I might email their customer service about that and bitch today.
As far as enforcing password complexity on users, it's a hopeless battle for a company. If you only do a little (like Bioware) you are not really adding any security. To actually add security to passwords through complexity would have a large impact on your busines and the usability of your software, for something that (let's face it) is not that important. It's a video game account. Most companies have the capability to restore your account to a pre-hacked status for no charge.
I don't have a problem with the extra security in theory, but I have two caveats. One, it has to actually work as intended. Two, the game behind it better be worth it.
As for the first, if it's not checking the authenticator every time, there is no point to it. If I am going to go to the trouble of getting an authenicator, I dang well expect it to be used.
[snipped a bunch of stuff]
There is a setting in battle.net you can turn on to force it to ask for the authenticator every time you log in. I can only imagine that they did this because of customer complaints or something, which is pretty freaking stupid.
Anyways, the option is there to make the authenticator work as intended in a secure fashion.
There is a setting in battle.net you can turn on to force it to ask for the authenticator every time you log in. I can only imagine that they did this because of customer complaints or something, which is pretty freaking stupid.
Anyways, the option is there to make the authenticator work as intended in a secure fashion.
It shouldn't even be an option. Too many people will never see that optional checkmark, assume that Blizzard knows what they are doing, and complain when it fails. I understand that Blizzard wants to retain customers, but part of implementing security measures and penalties is having the balls to enforce them despite the inevitable losses you will take elsewhere.
There is a setting in battle.net you can turn on to force it to ask for the authenticator every time you log in. I can only imagine that they did this because of customer complaints or something, which is pretty freaking stupid.
Anyways, the option is there to make the authenticator work as intended in a secure fashion.
It shouldn't even be an option. Too many people will never see that optional checkmark, assume that Blizzard knows what they are doing, and complain when it fails. I understand that Blizzard wants to retain customers, but part of implementing security measures and penalties is having the balls to enforce them despite the inevitable losses you will take elsewhere.
I would agree with you except I just found the reason this happens. I kind of suspected this was the case but I didn't say anything because I didn't know for sure.
This actually makes sense. From the Blizzard authenticator FAQ
"Why don't I get an authenticator prompt every time I login to the game?
The authenticator system will now intelligently track your login locations. If you are logging in consistently from the same location, you may not be asked for an authenticator code. This process is designed to make logging in faster when you're at a secure location."
Now, I'm not sure how it verifies your location, but I imagine it is IP. A cookie or something would be incredibly insecure so I can only hope it's by some other means.
Hopefully this restores a little bit of faith in the Authenticator for you.
There is a setting in battle.net you can turn on to force it to ask for the authenticator every time you log in. I can only imagine that they did this because of customer complaints or something, which is pretty freaking stupid.
Anyways, the option is there to make the authenticator work as intended in a secure fashion.
It shouldn't even be an option. Too many people will never see that optional checkmark, assume that Blizzard knows what they are doing, and complain when it fails. I understand that Blizzard wants to retain customers, but part of implementing security measures and penalties is having the balls to enforce them despite the inevitable losses you will take elsewhere.
I would agree with you except I just found the reason this happens. I kind of suspected this was the case but I didn't say anything because I didn't know for sure.
This actually makes sense. From the Blizzard authenticator FAQ
"Why don't I get an authenticator prompt every time I login to the game?
The authenticator system will now intelligently track your login locations. If you are logging in consistently from the same location, you may not be asked for an authenticator code. This process is designed to make logging in faster when you're at a secure location."
Now, I'm not sure how it verifies your location, but I imagine it is IP. A cookie or something would be incredibly insecure so I can only hope it's by some other means.
Hopefully this restores a little bit of faith in the Authenticator for you.
It is so much more difficult to get hacked these days with Windows 7 and people are much more tech saavy now... At this point it really is the users fault.
Still, a lot of people don't use two accounts for windows 7 (admin and a normal user) and/or they disable the UAC. Windows 7 is more secure then it's predecessors, but if people don't use the options given to them, all hope is lost
I'm going to say something that will upset some people on this thread but...
I knowingly and willingly don't adhere to best security practices. I only use an admin account, and the first thing I do is disable UAC.
And why? Because that crap is annoying. I realize that I may leave myself more exposed to hackers by doing this, but honestly, that's a better alternative than having to deal with that annoying popup everytime I do something.
I also don't run anti-virus because it is also annoying, and likes to gobble up my processor ticks with its constant scans.
Despite all this though, I miraculously never really get viruses or get hacked. Maybe I'm lucky, maybe it's because I'm pretty good at recognizing phishing attempts...but whatever the reason, I have been safe thus far.
Sooo I dunno, I almost feel like having to constantly deal with self-imposed draconian security can be worse than getting hacked once or twice. As such, my approach is "mid-range" security. I have authenticator because I think Battle.NET is high risk, but I'm not going to set it so I have to authenticate every single time...because that's...well, annoying.
Comments
I am curious, what would you like Blizzard to do? They already have the best security practices listed on their website. It is up to the end user to follow them or not. Do you want them to implement something like NPS (Network Policy Server) that will check if updates are up to date, antivirus is installed, signature files are updated and do a quick virus scan before allowing them to login into the game?
Nowadays, there is no real excuse to be computer illiterate since the computers are an intergral part of our daily lives. If you don't spend even a little time to learn a bit about the tool you are using than you shouldn't be using it. It seems people don't realize that computer is a tool and if you don't take care of it, it will "rust" and will underpeform or do other unintended operations. If you leave your hand saw in the rain for two months, how good you think it will cut wood next time you use it?
If I was a hacker for gold selling sites, would I target an unpopular game or a game with a lot of potential market? The hackers are in this to make money and it doesn't make business sense to target small demographics game where profit margin is very small. Looks like Blizzard fell a victim to its own popularity.
Well...like I said before. The only real argument here is that these hacks would have never been possible for single player folks if D3 wasn't online only.
Like it or not, but hacking is a reality of the internet. And once your character is shared on another server, you are exposed to it. It's really impossible to say how the hackers did their hacking, so I don't see the point in arguing about it...it's pointless. It could have been user error, it could have been an internal leak...it really could have been anything, or a combination of many things. There's really no reason to try to point fingers at the two victims of the hacking (Blizzard and the player) and call them both idiots.
Are you team Azeroth, team Tyria, or team Jacob?
The part in red is what I find extremely amusing. So what do the people who were on here trying to defend online only with "it stops hackers and cheaters" have to say? See, if they had simply kept in the offline single player mode there would be people playing that who wouldnt have an account to have gotten hacked and had their stuff stolen. Now they have access to EVERY pleyers accounts/items because they are ALL online instead of having th eoption of locally stored characters on your own system for single player.
And yet, with all of their measures, they still haven't figured out how to really protect their games. I understand that WoW and D3 are very popular, but they had this problem way back in D2, and probably before that, well before the gold farmers smelled profit in WoW or even D2. That is the part that bothers me; I can accept such measures if they are at least somewhat effective, but nothing about being online only seems to have helped D3 one bit, despite all claims that it would. If it was a minor issue that came up every now and then, like it does with most MMOs, I would have a much harder time ragging them, but at some point the "it's the end user's responsibility" doesn't work anymore by itself, and Blizzard reached that point a long time ago. I'm not trying to say that every instance is Blizzard's fault or preventable, but they can't even keep the problem contained a good chunk of the time. I don't expect perfection, but from a company that's had a lot more practice than most, I would expect a much higher success rate than what they have achieved with Battlenet.
That site is bogus. It showed me a picture of a Naked Nigerian man with a full 3 inches dangling holding a copy of D3 in one hand and a $20 bill in the other.
Yes, you are far more likely to have a blizzard account hacked than anything else. That is true.
It is not, however, evidence of Blizzards incompetence.
Here is a simple comparison that will illustrate the issue.
People often make the claim that Macs are far more secure than windows machines. This couldn't be farther from the truth. In fact, I would say that windows is the more secure operating system.
It boils down to the fact that windows is a much bigger target for malicious attackers. It's all about the install base. Mac users are often far less secure than windows users because they have been lulled into a false sense of safety.
OS X has very few built in security features. Most Mac users don't run a firewall or antivirus. They have been convinced their OS is invincible. Apples safari web browser is arguably less secure than IE even. Every year there is a hacking competition and safari is always the first to fall.
If I was to write a virus (hypothetical I don't do this) it would be just as easy to write one for OS X. If I was looking for a new zero day exploit or something, either OS would have them. If I want maximum effect I am shooting for windows.
Most virus writers these days are interested in money. They are usually making botnets for this purpose. Windows is the obvious target because of the need for a large number of infected machines.
This applies to Blizzard in the sense that they are the most valuable target. Successful compromise of wow accounts has the potential to be much more profitable than other games. Again, it's the install base.
Blizzard employs more security features fortheir users than any other game dev out there. The tools are there for you. Is it really a surprise that your wow account gets hacked but your Wurm online account doesn't?
It's all about profit. There is more incentive to steal a wow account than a Lotro account or even a SWTOR account. They go where they know there is money to be made. Gold in wow is almost garunteed to sell.
As someone with high level knowledge of security, Blizzard has always impressed me with their security practices. More so than other companies. When they started using two factor authentication I thought "Holy crap, the business I work at (an major ISP at the time) doesn't even do this internally."
I remember thinking, geez this place is more secure than my ISP in some ways. Their newer features are excellent as well. The way thy handle account locking and Their SMS service are very good.
All that being said, D3 is going to be an even bigger target. The reason is not online only play but the RMAH. The RMAH provides hackers with a direct path to profit. The nature of gear in D3 (not being bound) is a tasty little snack for a hacker.
Believe me, if hackers wanted to target other games as much as they target Blizzard, those games will not stop them.
Think about it though, who has more security resources? The big multiple million dollar company or Average Joe Gamer at home? Te attackers target whatever is easier. They target you.
If you play blizzard games, especially at a high level, you have a big target on your back. Protect yourself.
Shadow's Hand Guild
Open recruitment for
The Secret World - Dragons
Planetside 2 - Terran Republic
Tera - Dragonfall Server
http://www.shadowshand.com
Blizzard should steal Trion's coin lock feature. It's a bit of a pain for users with ips that change all the time but the security benefit is huge.
The web is an insecure place and you have to take care of yourself. Of course it's the attackers fault. They are doing something illegal and immoral.
As for my analogy, you are correct, but that doesn't stop is from putting locks on our doors. We know there are thiefs out there and we protect ourselves.
If we realize there are hackers our there with bad intentions, it IS the users responsibility to protect themselves.
Shadow's Hand Guild
Open recruitment for
The Secret World - Dragons
Planetside 2 - Terran Republic
Tera - Dragonfall Server
http://www.shadowshand.com
Yet you are sorta missing the point. Yes, you get to rant a lot about security and flash what you know and studied. We are all very impressed. Yet that isn't what it really is about.
Again, Blizzard knows precisely what you know: most people aren't very smart when it comes to passwords. Putting in something as easy as a mandatory complexity (dubyahite as a pw becomes Duby@h!t3 or something like that) goes a long way towards ensuring account security.
Forcing you to play online to you can milk people for a bigger social network and RMAH probably wasn't a very wise idea either, but that's neither here nor there.
I understand people don't like the extra layers of security. Yet sometimes, you gotta do them. When you are playing with an RMAH, you should be using those authenticators for everytime. Simple fact is that an authenticator that only logs in every 5-7 days...... is pretty damn useless, and really only is there to generate more profit while making people feel "secure" when they really aren't. Chances are if you buy the authenticator, or take the time to download a video game app on your smartphone, you aren't the ordinary person who is going to be turned off by a slight inconvienence in return for a lot of extra security.
You only need one confirmed SNAFU with the RMAH to provide a PR nightmare.
1.) Mandatory texts/email if you login from a different IP address.
2.) If you have an authenticator, you gotta authenticate with every login. Don't wanna do that? Don't buy the authenticator.
3.) Increased complexity with passwords.
Really, number 3 alone goes a long way.
And really, you talk about how people "should" be computer literate. People should also be able to change their oil or a tire on their car. Yet the simple fact is a huge amount don't, and whining about how they should isn't going to fix the problem. In a perfect world, IT security wouldn't be neccessary. When dealing with the average end user, you have to operate with the assumption they really don't know a lot of what they are doing.
Regarding blizz security and authentificators. They sell games in certain countries, like mine, and don't deliver authentificators here. If you don't have a smart phone you can't don't have acces to one here. In a case like this it can be partly considered their fault since you can't aquire one even if you want to, thus having lower security than you could have.
I'm not here to flaunt my knowledge. I'm here to discuss an issue of particular interest to me.
I don't understand why my knowledge of the subject is an excuse to attack me. There are plenty of people in this thread with little to no understating of security who are posting random nonsense and trying to pass it off as fact.
Should you be quoting them and accusing them of missing the point? Because they most certainly are missing the point in a big way.
Again, I'm not here to "flaunt" my knowledge. I am here because this subject is interesting to me.
I am just here to discuss the topic of security which most people dont have a clue about.
Look I don't care that your average user doesn't know how to protect themselves. Not my problem. What I do care about is when those same people go around spouting off nonsense as if they know what they are talking about.
I mean, there was a guy in this very thread flipping out because Diablo opened port 80. Seriously. Then he tries to tell people that this is some huge security flaw.
That is the person that is missing the point, not me.
Shadow's Hand Guild
Open recruitment for
The Secret World - Dragons
Planetside 2 - Terran Republic
Tera - Dragonfall Server
http://www.shadowshand.com
RIP Orc Choppa
I actually agree with your points here. The thing is, these're games we're talking about. Blizzard is for obvious reasons interested in getting as much players to buy and play the game. Implementing the points you listed as mandatory, no matter how good they're, is not going to help the userfriendliness of the game. When it's harder to get to play the game, more people are stop playing it. Same as with DRM, people are going to opt for pirating anyway, because when you implement DRM like in Assassin's Creed 2 for example, you've less frustration playing it without the DRM then with it. Concerning Diablo 3, just look at all those complaints around the internet about the mandatory 'always online'-resctriction. Couple that with mandatory use of the authenticator and people are just not going to bother with the game, which would be a shame really.
Point 3 is interesting at the moment concerning Blizzard policies. It seems that the passwords aren't forced to be case-sensitive. That's pretty bad of them. Aside from the increased complexity, I rather have that they would allow more characters to be used and that they would stimulate users to use passphrase, instead of passwords. Win - win for both sides.
It is so much more difficult to get hacked these days with Windows 7 and people are much more tech saavy now... At this point it really is the users fault.
Play as your fav retro characters: cnd-online.net. My site: www.lysle.net. Blog: creatingaworld.blogspot.com.
Still, a lot of people don't use two accounts for windows 7 (admin and a normal user) and/or they disable the UAC. Windows 7 is more secure then it's predecessors, but if people don't use the options given to them, all hope is lost
I'm sorry but I don't agree with this. And no...I'm not one of those that has been hacked. I have been very fortunate in this area. Just because someone was though does not mean I'm going to assume they're ignorant or lazy.
1. For god's sake mmo gamers, enough with the analogies. They're unnecessary and your comparisons are terrible, dissimilar, and illogical.
2. To posters feeling the need to state how f2p really isn't f2p: Players understand the concept. You aren't privy to some secret the rest are missing. You're embarrassing yourself.
3. Yes, Cpt. Obvious, we're not industry experts. Now run along and let the big people use the forums for their purpose.
If you're aware of ways to prevent getting your account compromised and not use them, because you rather depend on luck, then I do find you ignorant and lazy. Blizzard has done a lot to increase awareness as how to protect yourself against these malicious practices, except for forcefeeding information and demanding people buy and use the authenticator. If users then decide not to use the measures, then they're lazy. I can't really call them ignorant anymore, because they're damn well aware of all the scamming/phising/compromising at recent Blizzard games.
I don't have a problem with the extra security in theory, but I have two caveats. One, it has to actually work as intended. Two, the game behind it better be worth it.
As for the first, if it's not checking the authenticator every time, there is no point to it. If I am going to go to the trouble of getting an authenicator, I dang well expect it to be used. Yes, it's a pain, but the whole point of getting the thing is for it to be used. If it's not being used, it's not actually increasing the security any, and I just wasted the time, money, and effort to acquire the thing. Also, if the company seems to only care about active accounts, and doesn't care what is being done with inactive accounts and the information they contain, that's a security breatch I can't do anything to fix on my end, and this very much seems to be the case with Blizzard. If it's not actively making them money, they don't care about it or what anybody, whether it be an employee or an outside hacker, is doing with it. All in all, while I understand that Blizzard is a big target, that's still no excuse for the level of problems they have. Again, I don't expect perfection, that would be foolish, but I do expect them to contain it a heck of a lot more than they currently are. They need to do something more than they currently are. It may not even be in the game itself, but rather a more aggressive stance on suspected hackers and gold farmers and making the penalties for doing so higher, but they need to do something. There's no excuse with the amount of money they make that the problems are as rampant as they are. Blizzard is just too lazy to properly deal with them, more concerned about the money they would lose if they did so than anything else.
As for the second, Diablo is a great game series, but I'm not going to all that trouble, when I can get essentially the same gameplay from any number of other games for a lot less hassle. Same goes for WoW. I may not quite get the same amount of polish, but for the amount of money and effort I have to put into them, the overall value is simply higher than any Blizzard game is at this point.
When all is said and done, I don't hate Blizzard or anything nearly that strong, but I do believe that they could at least contain the problem better if they were willing to put the effort into it. Not remove the problem, but at least contain it and make themselves a smaller target than they are now with their complacency in both preventing it and dealing with it after the fact. The fact is, part of the reason they are as big of a target as they are is that everyone knows that they really don't care about it as long as they still make their millions and could care less about how effected their customers are by it.
This is a very important issue you raise.
Anyone who has worked in the IT industry can tell you that any company (not just game companies) has to weigh several factors when implementing security policies such as those suggested. This is especially true when you are enforcing these policies on customers as opposed to employees.
It would be great to add a little forced complexity to people's passwords, but it is a tougher decision than it seems at first glance. Personally I would be all for it, but I know for a fact that Blizzard (or any other company) would have to deal with a lot of issues this would cause their customers as well.
Not to many MMO companies actually enforce password complexity on their users. Bioware did a decent job by forcing one uppercase letter and one number in their password, but really that is a lot more innefective than you might think.
Here is an example, with Bioware's rules the password 'Tizftye7' would be an acceptable password. It's not particularly strong but at least it's not '123456'. There are no words in it, and it appears totally random. It's not going to be in a dictionary attack so a cracker would need to use a guessing attack on it, which implies more time to crack it.
What this level of password security protects against is relatively slow online brute force or guessing attacks. Repeated attempts to guess the password on the services website by attempting to log in would take months to complete all possible password guesses that would be required to guess that password. The exact search space of said password would be 5.46 x 1023 or 546,108,599,233,516,079,517,120 possible passwords with that password length and alphabet size (characters that a cracker must account for). Seems like a big enough number.
However, with current technology, your average cracker can make about one hundred billion guesses per second offline if they have acquired a password database. This would take less than an hour to complete the attack offline. If the attacker is running the database through a botnet or something, it would be a matter of seconds.
So that level of password complexity protects against one thing, online attacks made by repeated login attempts to a website or the actual game service. The thing is, you are already protected against these attacks in most cases. After a few logins the system wants additional verification or it might even lock your account. This level of password complexity adds no security at all.
To really enforce a system where users must make secure passwords would require very long lengths (at least over 12 characters), one symbol, one number, at least one uppercase letter, and lower case letters as well.
They would also need to prevent people from using common passwords and probably dictionary based passwords as well. Anything that can be found in a crackers dictionary immediately eliminates the need for a guessing attack and any and all complexity is then useless.
Like MikkelB said, from a business perspective they simply can't enforce password complexity of this level. It would piss off a large portion of their users as well as create extra costs for the company in having to support these users. A person who can't remember their password is going to generate extra cost for the company in customer service and technical support on a regular basis. For a video game, it's just not realistic. I believe that it seriously would drive people away from the game.
Now, the whole passwords not being case sensitive thing from Blizzard is absolutely bonkers. Out of all this stuff that has been talked about that actually pisses me off a great deal. I don't understand why they would actively undermine the security of those who choose to use a complex password. I think I might email their customer service about that and bitch today.
As far as enforcing password complexity on users, it's a hopeless battle for a company. If you only do a little (like Bioware) you are not really adding any security. To actually add security to passwords through complexity would have a large impact on your busines and the usability of your software, for something that (let's face it) is not that important. It's a video game account. Most companies have the capability to restore your account to a pre-hacked status for no charge.
Shadow's Hand Guild
Open recruitment for
The Secret World - Dragons
Planetside 2 - Terran Republic
Tera - Dragonfall Server
http://www.shadowshand.com
There is a setting in battle.net you can turn on to force it to ask for the authenticator every time you log in. I can only imagine that they did this because of customer complaints or something, which is pretty freaking stupid.
Anyways, the option is there to make the authenticator work as intended in a secure fashion.
Shadow's Hand Guild
Open recruitment for
The Secret World - Dragons
Planetside 2 - Terran Republic
Tera - Dragonfall Server
http://www.shadowshand.com
It shouldn't even be an option. Too many people will never see that optional checkmark, assume that Blizzard knows what they are doing, and complain when it fails. I understand that Blizzard wants to retain customers, but part of implementing security measures and penalties is having the balls to enforce them despite the inevitable losses you will take elsewhere.
I would agree with you except I just found the reason this happens. I kind of suspected this was the case but I didn't say anything because I didn't know for sure.
This actually makes sense. From the Blizzard authenticator FAQ
http://us.battle.net/support/en/article/battle-net-authenticator-faq#q6
"Why don't I get an authenticator prompt every time I login to the game?
The authenticator system will now intelligently track your login locations. If you are logging in consistently from the same location, you may not be asked for an authenticator code. This process is designed to make logging in faster when you're at a secure location."
Now, I'm not sure how it verifies your location, but I imagine it is IP. A cookie or something would be incredibly insecure so I can only hope it's by some other means.
Hopefully this restores a little bit of faith in the Authenticator for you.
Shadow's Hand Guild
Open recruitment for
The Secret World - Dragons
Planetside 2 - Terran Republic
Tera - Dragonfall Server
http://www.shadowshand.com
It's a step in the right direction.
I'm going to say something that will upset some people on this thread but...
I knowingly and willingly don't adhere to best security practices. I only use an admin account, and the first thing I do is disable UAC.
And why? Because that crap is annoying. I realize that I may leave myself more exposed to hackers by doing this, but honestly, that's a better alternative than having to deal with that annoying popup everytime I do something.
I also don't run anti-virus because it is also annoying, and likes to gobble up my processor ticks with its constant scans.
Despite all this though, I miraculously never really get viruses or get hacked. Maybe I'm lucky, maybe it's because I'm pretty good at recognizing phishing attempts...but whatever the reason, I have been safe thus far.
Sooo I dunno, I almost feel like having to constantly deal with self-imposed draconian security can be worse than getting hacked once or twice. As such, my approach is "mid-range" security. I have authenticator because I think Battle.NET is high risk, but I'm not going to set it so I have to authenticate every single time...because that's...well, annoying.
Are you team Azeroth, team Tyria, or team Jacob?