backtop

Print E-mail del.icio.us 58 comment(s) - last by eye smite.. on Jul 7 at 4:12 AM
Blizzard introduces new device for WoW gamers

Seemingly tired of having accounts hijacked from customers, Blizzard Entertainment over the weekend introduced a new authenticator token able to generate a six-digit security code that must be entered each time a WoW player logs into their account.


"It's important to us that World of Warcraft offers a safe and enjoyable game environment," Blizzard CEO and cofounder Mike Morhaime said in a press release.  "One aspect of that is helping players avoid account compromise, so we're pleased to make this additional layer of security available to them."

Once activated with Blizzard, the authenticator offers a onetime six-digit code that must be used within 60 seconds on a gamer's WoW account.  It is meant to be used alongside an account name and password.

The added layer of protection will help lower the risk of having their account hacked by an overzealous thief.  Hackers steal gaming accounts so they can pillage the account for items that can be sold online to other WoW players.  

Several incidents since the game's release highlight security issues that faced WoW gamers recently.  The first incident involved a Trojan that was attached to e-mails and sent to WoW players who had high level accounts that could be hijacked.  With a similar goal in mind, hackers sent web site URLs to gamers that would download keylogging software onto the computers through a loophole available in Microsoft Internet Explorer.  Each time the user entered their WoW password it was recorded, allowing hackers to access accounts and steal items.

PayPal, banks, and other financial institutions use similar keys to help protect data, with PayPal charging customers $5 for the PayPal Security Key.  

Blizzard plans to charge $6.50 for the device and did not announce when it will be available.

Comments     Threshold


This article is over a month old, voting and posting comments is disabled
Eh?
By Spivonious on 7/2/2008 4:49:01 PM , Rating: 3
How does this work? How does Blizzard know what key was generated?




RE: Eh?
By masher2 (blog) on 7/2/2008 4:55:15 PM , Rating: 5
It uses a seeded pseudo-random sequence which is likewise generated and compared at the server.

I have one of these in my pocket as I type this, though not for WoW. My own firm has used this technology for remote access for over 15 years...it essentially results in a password for your account that changes every 60 seconds.


RE: Eh?
By walk2k on 7/2/2008 5:26:13 PM , Rating: 4
Yes this type of device is typically used for VPN access.

Never thought I'd see the day that people needed this level of security for a freekin online game. Sad really.


RE: Eh?
By sweetsauce on 7/2/2008 5:47:17 PM , Rating: 3
... or progress!!! When you invest that much time in to something, doesn't hurt to make sure its secure.


RE: Eh?
By bodar on 7/2/2008 8:43:02 PM , Rating: 2
Well, tell the gorram gold farmers to stop hacking user accounts, selling off all their stuff and shipping off the gold to some mule. Or just get everyone to stop buying gold.

Good luck on that one.


RE: Eh?
By masher2 (blog) on 7/3/2008 12:06:31 AM , Rating: 2
> Or just get everyone to stop buying gold. Good luck on that one. "

It doesn't seem to be that difficult, assuming Blizzard actually had the will to do it. A virtual world isn't real, after all...every single transaction has the capacity to be logged and recorded.


RE: Eh?
By Digimonkey on 7/3/2008 8:42:49 AM , Rating: 2
That would cause way too much stress on the servers to make it justifiable.

Plus I don't want big brother watching over my shoulder as I'm purchasing my Helm of Disintegration that does 1d4 damage, while my half elf mage wields his +5 Holy Avenger.


RE: Eh?
By nunya on 7/4/2008 3:09:50 AM , Rating: 3
Paladins can't use the Helm of Disintegration...


RE: Eh?
By Entropy42 on 7/3/2008 10:26:14 AM , Rating: 2
Blizzard records a very large number of the transactions that go on in the game, and have already canceled thousands of accounts for botting and gold-selling.


RE: Eh?
By Mitch101 on 7/3/2008 10:26:55 AM , Rating: 2
I will state I have never bought or sold gold however the cost of a mount being so high to get to the next level that is just a bit faster then my existing one makes me think about buying gold for the first time since it takes my charachter a very long time to make 500 gold.

It wouldn't be so difficult if nearly every decent item I picked up is bound to me but worthless to my character.

I would also like to see some automated characters that I can get to open a lockbox. Finding a lockpicker is next to impossible most of the time. I know have 10 lockboxes that I cannot find a lockpicker to open for me when I am online.


RE: Eh?
By Reclaimer77 on 7/3/2008 11:19:52 AM , Rating: 1
What level are you ? The new cash cow daily questing makes getting gold a joke. Kudos to Bliz for allowing casual gamers to easily farm gold and NOT patronize the gold sellers.


RE: Eh?
By Jynx980 on 7/6/2008 7:30:00 PM , Rating: 2
I think they take a more active role against these things since it's a subscription based service. Diablo 2 having free online play was, and is, hacked up the ying yang. They have your money and don't expect to get anything more out of you. Since were talking about millions of users for each game, there will always be things compromised. Paying a monthly fee you expect more. Hopefully Diablo 3 will be much more secure than it's predecessors, but I'm not holding my breath.


RE: Eh?
By cane on 7/3/2008 3:16:13 AM , Rating: 2
Secure? I have something a lot safer for my bank account. Just wish it would become more common.
It is a small device that looks like a calculator. This is how it works:

#. Each unit is unique and linked to it's specific costumer.
1. The user logs in with his/hers national identification number.
2. An 8 digit number is generated and you type it in to the device (but first you have to use a PIN number to activate the device).
3. The device generates an 8 digit answer that you type in the browser.
4. If the device generated code was the predicted (remember each unit is unique and generates codes according to a predefined pattern) then you are who you claim to be and you get access.

It may seem cumbersome, but it only takes a few seconds.


RE: Eh?
By cane on 7/3/2008 3:19:43 AM , Rating: 2
Oh, and I forgot... you only have 3 tries both at breaking the PIN for he device and for the 8 digit access code. Then the system locks up and you have to go to the bank in person and identify yourself with your ID/drivers license to get it unlocked.


RE: Eh?
By jtesoro on 7/5/2008 10:55:10 PM , Rating: 2
Yup the device you're referring to is more secure but it's only for those who think they are at risk from those who may have physical access to the device, like your spouse, siblings, co-workers or friends who come over to your place. Blizzard is trying to address the problem of hackers/phishers who hijack your account online. For this problem, the much simpler device they are offering is more than adequate (and more economical too).


RE: Eh?
By Reclaimer77 on 7/3/2008 11:17:13 AM , Rating: 3
Its sad that the connection between the WOW Launcher and Blizzard is STILL not encrypted !!

My account was even hacked and I can tell you 100% that there was no keylogger or trojan used on this system to get it. It was either sniffed en-route or gotten from a brute force attack ( highly unlikely ).

Thank god my best friend called me and asked " Why did you log in and off without saying hi " and I had time to change my password. Or the next time I came back I would have been a broke, naked, Dwarf :P

But hey, why take five minutes to code in an encryption module when you can charge 7 bucks for this handy device ? Lets see, 7 bucks multiplied by 7 MILLION subscribers....


RE: Eh?
By eye smite on 7/7/2008 4:12:28 AM , Rating: 2
Hmm, well..........it's a game that generates millions of dollars every month. It's nice to see a company trying to do something logical when addressing it's problems........


RE: Eh?
By SexyK on 7/2/2008 7:25:29 PM , Rating: 3
RE: Eh?
By EricMartello on 7/2/08, Rating: -1