WoW accounts getting hacked

[JasonB87]

Nope never shared my password, which led me to think key logger. Nothing else really adds up. I'm pretty sure this was a kid because after my account was compromised I had my friend talking to him trying to get information in which he spoke English well but seemed to be under the impression that he had gotten a hold of an account that he was going to keep and have payed for by somebody else. This tells me either kid or very ignorant person.

I should straighten this out, my account was not directly hacked but my email was. According to the person they had come across my email and password on a warez site in which they started to go through my email seeing I had a WoW account logged into my account and changed the password. They never changed my email password and they had deleted the pages that are sent when you change password and/or account info. Once again kinda leads me to think kid who got lucky on warez site. With this I literally spent the next week changing dozens upon dozens of passwords and creating a new email account unlinked to my old one.

[Bigfish]

If someone put a key logger into your computer wouldn't they steal bank passwords and credit card numbers before wow log in infos?

Simply having access to a bank account or credit card doesn't mean they will pay off. Banks and CC companies have entire departments dedicated to fraud protection, and you leave a very obvious electronic trail if you try and utilize those sources fraudulently.

WoW accounts on the other hand, are a real store of value (no matter how much Blizzard or anyone else tries to say they are not), and there is very little Blizzard can do to stop some kid in the philipenes from logging in to an account that doesn't belong to him and slashing and burning his way through it. Thing is, foreign police aren't likely to take charges of fraudulently logging in to someone else's computer account seriously. Its entirely unenforcable on several levels.

[Basilikos]

The really scary thing is too that in a couple years PCs will be powerful enough to even brute force through stuff like the blizz authenticator, we really do need to move to some sort of universal, world-wide DNA fingerprint authenticator for all web sites. But then someone will come and chop off your fingers to hack in

I disagree. Mostly because there are too many variables involved the be brute-forced. Also note that many other security methods involved random large prime numbers that would have to be guessed, which has proven never to work.

[zanthor]

The really scary thing is too that in a couple years PCs will be powerful enough to even brute force through stuff like the blizz authenticator, we really do need to move to some sort of universal, world-wide DNA fingerprint authenticator for all web sites. But then someone will come and chop off your fingers to hack in

I disagree. Mostly because there are too many variables involved the be brute-forced. Also note that many other security methods involved random large prime numbers that would have to be guessed, which has proven never to work.

PC's can already brute force 6 digit passcodes like the blizzard authenticator.

But can they present 1 million attempts to the server in 60 seconds? That would be one attempted login per 0.00006 seconds, and I can tell you that blizzards servers would simply puke at that. Every time a battle group goes down they get a few thousand logins in a minute and the servers choke...

[Hachoo]

Brute forcing anything assumes you can even ATTEMPT that many logins...

To brute force the authenticator you'd first have to brute force the user's password (or find it some other way). Only if you get the password right does it even allow you to type in the authenticator code.

I have not tested what happens if you fail typing in the authenticator code however, but the smart thing to do would be lock the account out until the authenticator switches to a new code.

All of this is moot anyway since Theres no way to even send that many "attempts" to the server in that amount of time at all, thats assuming Blizzard even allowed it but I'm sure if you attempt it more than X number of times in X seconds it slows you down or prevents you from doing it again for a period of time - almost every authentication system ever has done that for upwards of a decade.

[Rin]

Authenticator FTW

[Gaffy]

I have not tested what happens if you fail typing in the authenticator code however, but the smart thing to do would be lock the account out until the authenticator switches to a new code.

I've done that a couple of time, dyslexia + fat fingers does that to you :cursing: . it just sends you back to the log in page where you have to start over with the username/password.

[Meeo]

Think current brute forcing methods on a standard pc is bad,

http://www.codinghorror.com/blog/archives/000986.html

the above link shows a report on a company in russia using a $800 recoded Graphics card to do the job that a standard pc will take several months to crack they could achieve in 3 days, using this new method they filed a patent on. some 8 letter passwords they were able to crack in 3 days.

sum of the story, long password, or RSA key ftw!

[Multibocks]

Some people use the FTL system which means when I press 1 on my keyboard the main window hits 1, but the slaves hit "x", for example. This makes passwords a bitch, however keyclone tells me there is a keymap suspend setup (like the DNP suspend), I just havent checked for it yet. I changed my password to something that doesnt use my FTL setup instead, lol. Of course this won't work for the authenticator since I have keys 1 to 6 passing different keys.

[Multibocks]

Think current brute forcing methods on a standard pc is bad,

http://www.codinghorror.com/blog/archives/000986.html

the above link shows a report on a company in russia using a $800 recoded Graphics card to do the job that a standard pc will take several months to crack they could achieve in 3 days, using this new method they filed a patent on. some 8 letter passwords they were able to crack in 3 days.

sum of the story, long password, or RSA key ftw!

If you read the full article they point out the smartest passwords are actually passphrases. Choose a saying that only you would know, example "imasturbatetwiceaday" it was pointing out that anything above 12 characters would take 62000years to brute force crack. I guess a combo brute and dictionary would be faster, but I really doubt someone will crack that before you are either a. done playing the game forever or b. dead.