Comments on: Account security!

By: feralgilneas

feralgilneas — Mon, 26 Jul 2010 02:44:17 +0000

One other thing worth mentioning about the authenticator. My wife lost hers and to get it removed, they wanted all the things you mentioned, but the also wanted her original WoW CD key. Now that is a tad more difficult to hack.

P.S. I made her find the damn authenticator! ;)

By: Euripides

Euripides — Wed, 26 May 2010 16:03:53 +0000

The keylogger must have come from an infected web page- there’s no lua code you can write that would install anything outside the wow client. It’s not executable code in the real world, and addons have no visibility to the hard drive.

I absolutely agree that we should all be careful about the sites we visit, though.

By: kattrinsaa

kattrinsaa — Wed, 26 May 2010 15:29:05 +0000

Be wary of the addons you download, even from curse or wowmatrix.

on my old computer, I got hit by a keylogger built into a sphere like addon for mages, which i didn’t even really like.

Regardless of the measures one takes to protect themselves, a sufficiently determined attacker will eventually succeed. The purpose of authenticators, and hard passwords is to keep the script kiddies busy longer than their safety threshold. If they know they have to hack multiple systems, the lazier ones will move on to a less protected system.

By: One Ring to Rule Them All: Password Security « Syd on Literature, Information, News & Technology

Tue, 20 Apr 2010 17:32:19 +0000

[...] OutDPS: Account Security! [...]

By: Dirtyhippy

Dirtyhippy — Mon, 18 Jan 2010 15:54:48 +0000

There would be one other thing I would recommend not to do : playing in a cyber coffee.

The only time I got hacked was when I had to play in a cyber coffee waiting for my internet to work at home ^^

By: euripidesoutdps

euripidesoutdps — Wed, 06 Jan 2010 14:36:47 +0000

Yes, paying with a credit card certainly does add a level of security, however getting credit card info is no harder than stealing a wow password. Neither of which should be trivial, yet we know both happen.

By: Ben

Ben — Wed, 06 Jan 2010 14:15:06 +0000

“that’s all Blizzard needs over the phone” – I would be very surprised if Blizzard didn’t ask for the credit card details you payed for the account with, and if a hacker did have that information, you have a lot more to worry about than your WoW account ;).

By: euripidesoutdps

euripidesoutdps — Thu, 30 Jul 2009 13:48:50 +0000

Yeah, I also included the method I use- take two words and a number, interleave digits. Makes it immune to dictionary attacks.

By: RFairney

RFairney — Wed, 29 Jul 2009 21:16:20 +0000

“First off, memorizing multiple hard passwords is something only autistic savants can do.”

Go take an alphanumeric string thats around you and use it.
computer serial numbers, rarely guessable, almost always alphanumeric.
Car number plates, Use a pair of old ones together, already memorised
Use every second letter of the title of a book on your shelf.

There are no limits on it, and most of them you can look at your shelf, or the back of your desk, and check it :)

By: euripidesoutdps

euripidesoutdps — Wed, 08 Apr 2009 16:10:18 +0000

Awesome tips! Thanks!

By: Dominicon

Dominicon — Wed, 08 Apr 2009 15:36:43 +0000

I also have done a lot of computer security and one of the tips I have given my users is to pick a phrase you will not forget and base passwords on that. Making it an easily remembered phrase helps prevent that sticky note with a password written on it under the keyboard (the bane of security staff everywhere).

So a simple example would be: WoW has taken over my life and I will never be free!

Take that phrase and pull out words and first characters: WoWhtomlaiwnbf! (Uses WoW and the first character of each word plus the punctuation. For short phrases you can use all the words – see examples below.).

Then take that series of characters and do some simple substitutions (btw, substitution should NEVER be used on dictionary words alone, password crackers use it too! A random phrase like above is pretty safe though.)

So for this example I am using the following (simple) substitions, feel free to create ones that you will remember.
o=0 (zero)
i=1
a=@

I always suggest using the same ones for all your passwords, so if you substitute the > (greater than) for a g in a password try to do it in all of your passwords so it is easier to remember. Keep in mind as stated in the article that some systems will have restrictions so be prepared with alternatives.

So now our easy to remember phrase becomes: W0Wht0ml@1wnbf!

That is a password any security staff would be proud of and all you have to remember is your phrase and substitutions. Always try to include one upper case character and one punctuation and you will be better off than the guy who uses only lower case. Hackers will go for the quickest and easiest accounts to crack, so make it hard for them.

Some other examples (and don’t ever let me catch you using these) are:
The quick brown fox jumped over the lazy dog.
Tqbfj0tld.

I like ice cream?
1Lik31c3cr3@m?

Elf babes are hot!
31fB@be$@r3h0t!

By: Phyllixia

Phyllixia — Wed, 08 Apr 2009 00:05:54 +0000

Nice post, very informative :)

By: euripidesoutdps

euripidesoutdps — Tue, 07 Apr 2009 16:12:33 +0000

Thanks :)

By: Lodur

Lodur — Tue, 07 Apr 2009 15:52:26 +0000

Nice response! =D