So I'm convinced Blizzard has security issues

[Knytestorme]

The thing people forget is that you aren't asked for an auth code when you try to log into the wow forums, passwords are case-insensetive and there is no limit to the number of login attempts you can make.

All the hackers need to do is get a list of email addresses, feed them into a bruteforce password generator and throw each attempt at the wow forums until they find accounts that log in. They take that list and try to log into the account management and if there is no auth attatched then your account is now theirs.

To an extent Blizzard is at fault for their design decisions on passwords and forum log-in (eg limit it to 5 login attempts before blocking the account until user action, making passwords case-sensetive would increase time to crack etc) but there is almost no excuse for anyone to not have an auth attached to their accounts by now given they can be gotten either as phsyical or phone/ipod apps

[edit]
TBH, if I were in charge there I'd make having an auth mandatory along the lines of the change to battle.net logins

[jimbobobb]

All the hackers need to do is get a list of email addresses, feed them into a bruteforce password generator and throw each attempt at the wow forums until they find accounts that log in. They take that list and try to log into the account management and if there is no auth attatched then your account is now theirs.

THIS

I recently had my account compromised, and it occurred to me after I swept my computer 50 times, finally reformatted it, and started it all up again - that battlenet is the dumbest thing on the planet, and that the way I use that computer, the chance of it being compromised through my actions were approaching zero.

Why in the hell, is my EMAIL ADDRESS my login name? Does that just not seem like an absolutely awful idea to anyone else? I mean, half of my login information is almost compromised by default - if you have your email visible to people on ANY wow forums, make it invisible now.