Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Blizzard Introduces One-Time Password Devices For WoW

Posted by timothy on Sun Jun 29, 2008 05:57 AM
from the status-symbols dept.
PC Games (Games) Security Entertainment Games
An anonymous reader writes "Two days ago Blizzard announced that they will be selling keychain tokens to add one-time password support (FAQ) to World of Warcraft. Have compromised World of Warcraft accounts become such a serious problem, that OTPs are already neccesary for games?"
+ -
story

Related Stories

Firehose:World of Warcraft introduces One Time Passwords by Anonymous Coward
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Blizzard Introduces One-Time Password Devices For WoW 25 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Have compromised World of Warcraft accounts become such a serious problem, that OTPs are already neccesary for games?


    Probably more like Blizzard has decided that people paranoid about having their accounts compromised have become such a serious market segment that it can eke out a few more pennies selling these dongles for 6 euros a pop.

    If it was a huge problem, Blizzard would begin requiring them. The fact that they're optional means they're probably just a new way to sap a few more bucks from players who have invested so much of their time and being into this game that six euros seems a very reasonable security blanket.

    • It's both (Score:5, Informative)

      by dreamchaser (49529) on Sunday June 29 2008, @06:09AM (#23988837) Homepage Journal

      It's both. Password stealing via phishing and other means has hit quite a few MMO's. It boils down to dumb users mainly, and Blizzard surely sees a profit opportunity in their stupidity.

    • Re:Not a problem... an opportunity (Score:5, Informative)

      by Manip (656104) on Sunday June 29 2008, @06:52AM (#23989047)

      Thank you Mr. Conspiracy theory. But the truth is that:
      - There is a serious problem in WoW
      - It is extremely common for accounts to get compromised
      - Sometimes people quit the game after a breakin (-$13/month)
      - A 30 second google search found similar devices for between $17 and $23 a go

      If I had to guess I would imagine Blizzard breaks even roughly on these devices. I can't imagine there being a huge profit margin on $6 and that they justify it by keeping people playing.

      • Re:Not a problem... an opportunity (Score:5, Insightful)

        by ZorbaTHut (126196) on Sunday June 29 2008, @06:24AM (#23988913) Homepage

        A cancelled account of mine got hacked somehow, and I only discovered it months later when I went to reactivate it. Blizzard basically said "sucks to be you, we won't do anything". My first level 60 character is gone forever, which makes me kind of sad.

        Blizzard will, apparently, not fix all problems.

        • Re:Not a problem... an opportunity (Score:5, Informative)

          by ShadowDrgn (114114) <jbentley&charter,net> on Sunday June 29 2008, @06:44AM (#23989003)

          My account got compromised a year after I quit, and I only discovered it because I got an IM from someone who saw my character log in and wanted to know if I was playing again. My password was good enough that no one was going to randomly guess it, and I certainly never gave it out.

          My best theory on how it happened is that I used the same account and password on lots of web forums, many of which have terrible security. Someone probably hacked into one of them and tried all the user/pass combos to see if they were also WoW accounts. I took a look at my old characters on armory and noticed that my lowbie alts had been stripped and my main moved to another server. I figure whoever got access probably sold the account to a clueless buyer because I can't imagine someone paying for a character transfer otherwise. I also wouldn't be surprised if people made a lot of money doing this. Lesson learned: use unique passwords (or usernames) on any accounts you actually care about.

          Blizzard reset my password, but refused to transfer my character back to his original server because I "willingly gave out my password." I didn't intend to ever play again anyway, but service like that certainly sealed it. They didn't care one bit about catching the person who did it either, despite having IP addresses and even credit card numbers.

          • Re:Not a problem... an opportunity (Score:5, Insightful)

            by vertinox (846076) on Sunday June 29 2008, @09:07AM (#23989631)

            My best theory on how it happened is that I used the same account and password on lots of web forums, many of which have terrible security.

            There is your problem.

            I know we are all lazy when it comes to passwords, but you really need to keep different passwords for different things. It doesn't mean you have to keep completely different passwords for everyone forums so my personal rule is to have levels on how much I care about it being breached.

            Level 1: Random forums I don't trust or places I don't care if hacked.
            Level 2: Places I frequent that I trust and have a reputation, but its not going to kill me if my account is breached.
            Level 3: Stuff I pay money for. Like Online Games, Steam, utility bills, and cell phone plans.
            Level 4: Money. Banks. Credit cards. And/or anything that is serious business. This also includes email accounts attached to them which I keep completely separate passwords between accounts since it would be dumb to have the same password for your bank as your email. Also I tend to keep different passwords between financial institutions because I don't trust competency of employees and their laptops.

            The goal is to never use the same password between the levels so if one is breached the others are not.

            So if it is that important to you, then don't use the same passwords on untrusted sites or forums that use unpatched vBulletin or PHPbb. I mean... I don't even trust Slashdot.

            And it never hurts to paranoid and change your passwords every 6 months or if you just suspect something. Its not going to cost you anything other than mental exercise if your wrong, but it saves you a whole lot of grief if you are right.

  • can't beat stupidity (Score:5, Insightful)

    by rewben (202225) on Sunday June 29 2008, @06:09AM (#23988839) Homepage

    Its not the system that has a flaw, its the stupidity of people for giving away their usernames/passwords for powerlvling etc.

      • Re:can't beat stupidity (Score:5, Insightful)

        by Akaihiryuu (786040) on Sunday June 29 2008, @10:35AM (#23990195)
        Wrong. The WOW servers have never once been compromised. It's not WOW that's being compromised, it's the *player's computers* that are getting trojan'd/keylogged. And the "lag spikes" and "random disconnects" are usually happening to people with wireless-N, which is *not a standard*...it's basically beta and has a ton of problems. And blaming Blizzard for WOW "causing" people's routers to reset? I don't care what kind of data you're sending out, if it causes your modem or router to reset, then the problem is in the device, not the game.

  • Wowzers, now I can have more security for my account on some computer game than my online banking (I'm looking at you, Citibank).

  • The first thing that comes to my mind is... (Score:5, Insightful)

    by Null Nihils (965047) on Sunday June 29 2008, @06:22AM (#23988901) Journal

    Why can I get this feature for a MMORPG account, but not from my bank, or any other banks I know of?

    I value my real money far more than imaginary swords, shields and armor that exist as bits in an entertainment company's database.

    Maybe some people's priorities are different...

  • Cheap (Score:4, Insightful)

    by Anonymous Coward on Sunday June 29 2008, @06:36AM (#23988959)

    6 euro protecting 1000s of hours of time spent, it's a no brainer.

  • Other Authentication (Score:4, Interesting)

    by Anonymous Coward on Sunday June 29 2008, @06:36AM (#23988969)

    I was listening to The Instance, which is a WoW podcast and one of their topics concerned Taiwanese WoW players. They had the option to sign up for a different type of secondary authentication which required them to register 3 different phone numbers. You couldn't completely log in unless Blizzard received a call from one of said phone numbers.

    Considering the amount of time people have devoted into these accounts, I don't see this being that big of a deal. As a player, I'm not too sure I'd get one, as I try to avoid random websites, certain browsers and suspiscious addons. The current belief now, however, is that people cracking into wow accounts are using more brute force methods instead of trojan/spyware etc etc (but it's not like those have completely disappeared.)

    There's nothing wrong with a little extra security, especially when you've played for 3 years.

  • Also (Score:5, Interesting)

    by Konster (252488) on Sunday June 29 2008, @06:56AM (#23989059)

    I can imagine that the problem of hacked accounts is *huge* and primarily a problem on the user's end. I'd wager a guess that Blizzard's largest demographic sometimes also engages in P2P/Warez in conjunction with poor security habits. Trojan-laden warez, account sharing, piss-poor passwords and wide-open PC's; users leave themselves wide open to getting their virtual goodies ransacked and run off with.

    I played WoW for 4 months a few years ago and was surprised at the number of trojans packed in the executable installers of some popular UI mods.It wasn't a very clever(but it was effective)way of farming usernames and passwords. Considering the global reach and sheer numbers of people playing WoW, and the virtual goods for real life cash trade, I wouldn't be surprised to learn about WoW-specific trojans running around in the wild. Some people make it easy for the bad guys; using the same login details on WoW related forums as their actual wow account, to purchasing gold and other items from shady websites (good way of farming cc numbers, shady websites also use cc info to pay for their own account time, leading to charge backs and other hassles)to just flat out sharing their details willy-nilly with anyone half trusting.

    And there's no evil in Blizzard charging two cups of coffee for an extra layer of protection. I'm sure they've spent oodles and oodles of cash in the past dealing with these issues, so there's nothing wrong with recouping past costs and helping to avoid a portion of future expenditures.

    I would appreciate separate user names and passwords for account management and character login, too.

    • Re:Also (Score:5, Insightful)

      by jamesh (87723) on Sunday June 29 2008, @07:41AM (#23989269)

      And there's no evil in Blizzard charging two cups of coffee for an extra layer of protection. I'm sure they've spent oodles and oodles of cash in the past dealing with these issues, so there's nothing wrong with recouping past costs and helping to avoid a portion of future expenditures.


      I don't even think they are trying to recoup costs, it's just a token amount so that every single user doesn't click the 'give me a free token' button. People love getting free stuff, even if they don't need it (or is it just my wife that does that? Hi wife, if you are reading this :)

  • Long Term evolution... (Score:5, Insightful)

    by Vapula (14703) on Sunday June 29 2008, @07:05AM (#23989113)

    Phase 1 : OTP is a plus that you may buy
    Phase 2 : A free OTPtoken with each WoLK extension sold
    Phase 3 : A collector edition with WoW+BC+WoLK+token
    Phase 4 : Mandatory token for all accounts

    That way, they cut the grass under the feet of the chinese farmers who sell ready to play accounts and to the reselling of accounts on E-Bay and such...

    • Re:Bilzzard? (Score:5, Funny)

      by plasmacutter (901737) on Sunday June 29 2008, @06:17AM (#23988879) Journal

      I believe they wanted to spell it "Bill-zard"

      base client: 25 bucks
      bc client: 25 bucks
      name changes: 10 bucks
      realm chances: 25 bucks (per character, that's 250 bucks if you are transferring off a realm on which you were established)
      wrath of the lich king: (unknown, but be prepared to chop up your first born son)

      • Re:Bilzzard? (Score:5, Funny)

        by Opportunist (166417) on Sunday June 29 2008, @06:42AM (#23988993)

        wrath of the lich king: (unknown, but be prepared to chop up your first born son)

        I'm sure there are a few WoW addicts who wouldn't consider that an unfair deal to be in the WotLK beta...

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.