Through a few contacts in security firms. These are guys I know and trust, so I don’t think they are steering me wrong. They’re seeing a lot of activity in various groups that indicate that they are gearing up to take on the RMAH and step up Battle.net account stealing. Of course, they can’t be definitive about any of it, but better safe than sorry when it comes to your online accounts.
Besides, as stusser points out, WoW accounts are already high on the target list for these dudes. Logically, the opportunity to directly access money through D3 accounts will make them even more high-value targets.
The authenticator is free for iOS and Android users. Shipping is free if you buy the physical device from Blizzard. I can’t think of a reason to not have one.
Unless things have changed, the most common way wow accounts get hacked is via keyloggers. If you’ve got a keylogger on your system, you’ve got much bigger problems than someone stealing your battle.net account.
You are much better off putting your efforts into running some virus scanning software and more importantly, using something like lastpass or 1password to ensure the passwords for all your accounts are different/random.
While i agree that it is true that the vast majority of “hacking” cases are from keyloggers, what about the people who haven’t played wow for years and come back only to find their account cleaned out?
Having a wow account or a battle.net account these days is certainly not something you do without worrying about potentially losing it, even if you take steps to make sure you system is (reasonably) secure (anti virus, firewall, firefox with noscript/adblock, not going to any obvious trap site linked to from official forums).
Also, I haven’t tried it, but i don’t think you can login to a game using 1password. Maybe if you copy and paste each time, but that would be a huge pain. I am a huge fan of 1password though and use the random password thing for the vast majority of my website accounts.
Sometimes it’s by hacking your email, in which case (if you don’t have an authenticator) they can presumably change your password.
Sometimes, they just have the PW but lay dormant until you no longer are active so they can hack it without being noticed for a long time.
Because either the “Battle.net Mobile Services & Alerts” or the “Dial-In Authenticator”, which gets you to SMS a code or call in and enter a code when important changes are made to the account is just as good for all practical purposes?
Hmm, thanks for the heads up. I’ve never bothered with the authenticator since i don’t play WoW, but i’d hate to deal with the hassle of losing my Diablo/Starcraft access and accounts.
Well, i had to order the CE from Best Buy as Amazon and Gamestop had sold out (i had it in the shopping cart at Amazon several months ago but forgot to finalize the order :/). And according to BB it shipped yesterday. Should be here by Tuesday!
Thanks for some unforseen luck at the casino (which is probably third time my wife and I have ever gone there in the last decade) I had enough to pick up not only a few cigars, but the collector’s edition strategy guide from Gamestop - they had a few left and I reserved one (they weren’t selling them yet, which is fine with me, I like the idea of getting that big hardcover book and the CE box at the same time).
C’mon, Monday (well, midnight Tuesday, I suppose)!
Midnight CST is when my local gamestop is selling them (midnights sales with GS are always midnight local time), though it will be 2 hours later (2am CST) when I can play. I’ll be in bed though (in theory) but I do want to get it installed and ready before I call it a night, so I can play fresh Tuesday when I wake up (after I get the kids off to school, I suppose).
After all of my crying about not getting it until 5/17, Amazon just upgraded me unexpectedly to release-day shipping, so at some point on 5/15, I will be playing. Yippeee!
The strat guide arrived yesterday. I’m doing my best to avoid the section on the acts, focusing mainly on the class skills and equipment lists. I did, however, glance through act 1 a bit to see how much content was cut in the beta, and it was a good bit. Which I was glad to see.
I didn’t know there were passing skills up to level 60 for the classes. All other categories end by 30, but there are quite a few more passives for each class as an additional incentive to play the higher difficulty levels (as if players needed more reason).
You get new rune unlocks at 30-60 too.
You can actually go to Diablo3.com under game guide, they have a nice layout of the progression for all the classes by level. Lots of unlocks every level past 30, sometimes as many as four “things” unlock.
Budvar
4416
Yeah, “better safe than sorry” is the catch phrase of security theatre. In the absence of facts, hand-waving often suffices.
Besides, as stusser points out, WoW accounts are already high on the target list for these dudes. Logically, the opportunity to directly access money through D3 accounts will make them even more high-value targets.
In which case, the contention that it is a target because of the RMAH is misguided, since WoW doesn’t have a RMAH. A more correct claim would be that hackers are targeting the game because it’s going to be huge and insanely popular.
KevinC
4417
By that logic, they should be hacking Call of Duty accounts like no other.
Budvar
4418
Ummm, they do…trawl through the Xbox Live forums and you can see all the people banned for hacking (and they’re pitiful attempts to escape such action).
Of course, CoD doesn’t really have gold or rare items that can be traded, so the goal and outcome of the hacking is obviously different
FIFA (probably one of the most popular games on Xbox) is also a huge hacking target as well, for the tradable/purchasable player cards.
Are you saying people shouldn’t have authentication?
Budvar
4420
No I’m saying that you shouldn’t be spooked into obscure rumours by security companies. Especially since by their nature these companies rely on the hype surrounding the threat for their very existence. I take the “Bruce Schneier approach” to security that favours facts and clarity to vagueness and obscurity.
Two-factor authentication is certainly useful and you should probably use it, but it also has it’s limitations. “Better safe than sorry” to me suggests a type of vague and uncritical approach that I just disagree with.
