I’d like to take a moment and talk about account security with you. Recently instances of key loggers, dictionary hacks and the like related to WoW account jacking have been popping up more and more (my guild felt the bite of this a bit ago but has since recovered the pilfered goods). I work for a major ISP so account security is a topic I deal with daily. I posted something for my guild regarding this topic and would like to share it with you guys as well.
Lodur’s Tips to avoiding compromising your account
- Always make sure your anti-virus is up-to-date. Often, anti-virus programs will only update on specific days (Norton, for example, updates on Sundays). However, throughout the week, there may be updates it’s not grabbing by default. One suggestion would be to go into your anti-virus’ Preferences and have it check for updates daily. It will normally let you specify a time, so pick one when you aren’t likely to be raiding
- Make sure that anti-virus autoprotect is enabled. A commonly seen problem is that users have an anti-virus that’s up-to-date, but don’t have autoprotect or real time protection enabled. This setting can normally be found under the Preferences for the program. Enabling it allows it to scan downloaded files, files being transferred and data transmissions in real-time.
- Passwords, Passwords, Passwords. The most common way into someone’s information, e-mail, accounts, and even computers. A good password follows a few simple rules. DO NOT use the following passwords.
- (username)
- (username)123
- 123456
- password
- 1234
- 12345
- passwd
- 123
- test
- 1
- Monkey
- letmein
- qwerty
- password1
These are the most commonly used passwords, poled from a sample of several thousand people worldwide. Don’t use any of them. Also, try not to use just a word. Dictionary hacks run your password against a database of all words it can possibly find. This is called a ‘brute force’ attack. For example, if your password is “bananas”, chances are that someone with a dictionary hack will rip right through it. It’s best to include special characters and numbers; here is where “leet speak” comes in handy. For example, “S1mpl3” is better then “simple”. A recent rule of thumb is to make it 8 characters long or more. The longer it is, the more likely someone will get bored of trying to force it and move on. Overall, pick something difficult to guess, avoid choosing from the top 14 list, and add in some numbers throughout the password and not just at the end of it. While brute force attacks usually work, given enough time, using these tips can change the time it takes to discover your password from a few hours to a few YEARS.
- Be careful with your addons. When downloading addons for WoW, check the folders after they’re unzipped. They should never have any files with a .exe suffix on the end. If they do, delete the mod immediately. It’s important to be aware that many mod sites have had issues with corrupted files being uploaded to their servers, infecting people that download those mods. Also, scan for viruses and spyware after installing new mods to make sure that they are clean.
- If you have a Battle.net account or have recently upgraded to said account type, do not use the same password as the email address you chose as your user name. You may laugh but a lot of people do this!
- If you can get an Authenticator! Get a FOB from the Blizzard Store ($6.50 US) of if you have an iPhone or iPod get the mobile authenticator from the App store (It’s Free!!). It works wonderfully. It’s incredibly easy to set up under your account management. The FOB generates a 6 digit code, the mobile authenticator generates an 8 digit one. The code is hosted on a server utilizing base-line encryption and various other methods to keep the masses out so you don’t have to worry about someone “guessing the next number” by far this is one of the absolute best things you can do to help keep your account secure.
Till next time, Happy Healing.
~Lodur
As always feel free to follow on twitter http://twitter.com/LodurZJ And don’t be afraid to ask questions using direct message there or the contact form here on the site!
@Karthis: Sadly yes. In my RL job, we get lists of commonly used passwords every quarter. Monkey has been on the list for the last 3 quarters. It replaced “secret”
“Monkey” made the list?!? Seriously???
Karthiss last blog post..Add-on debate: Rawrcast mention
Monkey has me laughing. I wonder how many people use “dumbass”…tee hee.
Anyway, good tips. For me personally, my mind is much more at ease now that I have an authenticator.
There is also the iPhone authenticator now too. Great for those who travel! I love mine.
http://www.wowinsider.com/2009/03/27/iphone-authenticator-now-in-app-store/
Derevkas last blog post..3.1 Priest Specs – What are You Doing?
No ‘swordfish’?
pro tip: don’t use the same password between the game and anything else, especially random wow websites.
Be careful of L337 speak too. A lot of brute-force/dictionary scripts now take that into account, and will joyfully try changing all the E’s to 3’s and so on.
Likewise with keyboard patterns. (Of which qwerty is the most egregious.)
i have a very simplistic password for websites etc i dont mind getting hacked, a slightly more complicated one for hotmail/skype and for things i keep under high security i have a complete nosense password that i dont even know and copy and paste from an encrypted document. Also means that i dont have access to my account with the exception of the couple of computers i have my password stored on. It’s even more inportant for me to keep my account safe as i’m GL and have full access to the guild bank etc.