What I really don't like about Blizzard is that passwords are not case sensitive.
Password, password, PASSWORD, PaSSwoRD etc.. all work fine, if your account password was password.
Pretty stupid system for passwords in that regard.
Printable View
What I really don't like about Blizzard is that passwords are not case sensitive.
Password, password, PASSWORD, PaSSwoRD etc.. all work fine, if your account password was password.
Pretty stupid system for passwords in that regard.
I'm a Mac user, have been since the Mac II. (I also use Windows, so no PC vs. Mac nonsense, please, been there done that 10 years ago).Quote:
Originally Posted by 'Vyndree',index.php?page=Thread&postID=153154#post 153154
Macs right now are for the most part safe from the majority of keyloggers, as they simply will not work, or they would require you to enter your admin password, and you'd have to be pretty dumb to allow software to be installed requiring that level of security, without checking what is being installed.
However:
Despite our invulnerability, the Flash exploit earlier this year could have opened up the door to ALL platforms being compromised, and it points out the gold sellers and exploiters are getting creative. Stealing accounts is now a billion dollar industry, and you know they're all trying to figure out how to get all those Mac accounts they can't touch right now.
There's also an issue right now with a fake copy of QuestHelper leading to a massive wave of account thefts, read up on it in the CSF. Windows only, as it's believed the installer throws an EXE onto the hard drive, which won't run on a Mac, but they could make a break-through with the Mac, eventually. Lots of legit apps need an admin password, and it's only a matter of time before they figure out how to sneak one in with a legit program.
The most worrisome issue I have is, the Mac virus/trojan software industry is asleep at the wheel - if the exploiters do manage to crack the Mac OS, we will have to wait for them to play catch up, before our systems are safe again.
So, it makes 1000% sense to practice account security and computer security, even though we are for the most part safe right now from keyloggers and such. Change your passwords often, make sure you keep all your e-mail accounts current, make sure you know your secret answer, and keep an eye on Mac security software and sites. An Authenticator is simply a no-brainer for *anyone*, Mac or Windows. I'm ordering one for my accounts (it figures, now that they're available, I'm short on cash, lol). It's better to have one, in case that day comes when the Mac OS is exploited - it's your best bet to protect your accounts, period.
I don't see it as an "if" situation, I see it as a "when". The more Macs are sold (and they are gaining market share), the more the hacker/exploiter crowd will apply effort to break in.
Another issue I've been looking at is the WEP issue - now that it's seen as basically unsecure, I would urge anyone using it with a machine that plays wow to replace their router with a secure one. I know in my apartment complex, my router gets pinged constantly from attempted log-ins.
I love my authenticator, and I can't believe I survived without it! Lucky for me tho Blizzcon gave them away and now both my boyfriend and I are happily using them :)
Even tho I got mine for free, I would have spent the $7 as soon as I had the extra cash because the peace of mind is worth so much more.
How does the authenticator show up anyways? After you login does an extra window come up with the 30/60 second "code" or it is a seperate field in the main login screen? I wouldn't mind using one, except I would want to be able to log in to all 5 of my accounts once instead of typing 5 different numbers in 5 windows.
With all the costs Blizzard must have with hacked accounts (it must be at least $20 per account in time spent on customer service, phones, GMs, etc) I am really suprised it wasn't included free in WOTLK. would have been a smart move.
As I read the info you just put the number it generates at the end of your password.Quote:
Originally Posted by 'puppychow',index.php?page=Thread&postID=153309#po st153309
You log in just like normal, once it knows your account name the client prompts you for a PIN which you type in. In my case I broadcast keystrokes to all 5 to password it up, then I do the same with the PIN... rarely do I hit a conflict where one won't log in, it does happen but very rare. I just relog that client.Quote:
Originally Posted by 'puppychow',index.php?page=Thread&postID=153309#po st153309
The only thing it's caused issues with for me is rarely I have a desire to check account data at work, and since I'm a big fan of a small keychain I don't have my FOB on the keys... it sits at home on my desk... so I can't squander working hours worrying about a game... hrm, thats probably a plus ;).
After 4 years of playing my main account was hacked last night. Well I guess you can call it that. It must have been brute force or at least I suppose it was. I do not browse the web with my gaming computer. Either way I logged on last night and low and behold I had a level 60 something Death Knight on my account. Strangely they created the DK on the server I play on. If they would have created it on another server I might not have noticed it.
I log into said DK, at the same time I am logging into my accounts from another computer and changing passwords.
The DK had about 40G on it and some blue items. No money is missing from my Guild Bank and no items from any of my toons so I must have caught them just in time. In time for what I am not sure because after I reported it to Blizzard they left the DK on my account with the 40G and the blues.
[quote='Gadzooks',index.php?page=Thread&postID=1532 97#post153297]Macs right now are for the most part safe from the majority of keyloggers, as they simply will not work, or they would require you to enter your admin password, and you'd have to be pretty dumb to allow software to be installed requiring that level of security, without checking what is being installed.[/quote]
[url='http://en.wikipedia.org/wiki/User_Account_Control']So does Vista[/url]. However, the "majority of users" either just get impatient and click "yes, whatever" or specifically turn the feature off because "it's annoying".
;)
http://en.wikipedia.org/wiki/Compari...ation_features
The thing is, by assuming that the administrator prompt (for both mac and windows) PREVENTS these sort of hacks from taking place is assuming that the USER themselves knows NOT to click "OK, yes, install this". And that's a VERY, VERY big assumption. If Mac were the primary OS for the average user, you're assuming the AVERAGE USER knows what's good and what's not good to install on their computer -- and if people are still falling for phishing email scams I think you can see the logical fallacy.
You can only protect a person from themselves for so long. These sort of people probably don't use macs for the same laziness. However, if they DID use macs, rest assured they'd complain about, just click through, or find some way to turn off the admin elevation features of the Mac just like they do Windows.
What I'm saying is -- yes, there are less viruses developed for Mac because there's less users USING Mac. The security is in the hands of a user, and additional devices/measures to protect a user from themselves is exactly what an authenticator is (and so is strong passwords, smart users, antivirus software and firewalls).
What I'm NOT saying is that Mac is INsecure. I'm also not saying Windows is INsecure. I'm just saying NOTHING is 100% foolproof -- not Windows, not Mac, not Firewalls, not Antivirus, not strong passwords, not smart users, not authenticators. Given enough incentive, there's always a way to get in. What you want to do as a user who holds the keys to something that is SUPPOSED to not have real-money value but, in reality, does -- make it hard enough to get into your accounts that it's not WORTH the potential monetary gain to do so.
You can remove the authenticator on the website BTW, as long as you haven't lost it. It's only if you no longer have access to your authenticator do you need to call billing.
I have one, and I consider it well worth the investment.