Account Security

There is something within World of Warcraft that is more important to you then even the Sword of a Thousand Truths. That something is your username and password. All the swords, armor, loot, and money in the game mean nothing if it someone else can steal it away from you. That is why account security should be the absolute most important thing to you in-game. That’s also why we’ve compiled a in-depth list of easy things to remember to keep yourself safe.

The basic principle of account security is this: various ne’er-do-well individuals want what is inside of your account and they don’t want to go through all the trouble of getting it. Often times their plans are extremely transparent and it’s up to you to stop them in their tracks. With a few various added practices you can prevent most every form of account security problems. You can’t prevent them all though (and this guide can’t act as a complete shield for them all) but you can make the chance so small you can’t see it.

Account security comes in three phases, kind of like if your account as a castle. Your primary line of defense would be your username and password. The secondary wall would be your secret question and an email address that has a different password then your WoW account. The inner keep would be your CD-Key and any other information that can verify you as the owner of the account. If someone breaks through the outer walls and gets into the main village then they’ll take your loot and gold. If someone breaks through the secondary wall then well then it’s time ton rely on your sturdy keep which is Blizzard and your ability to verify you are the original owner of the account.

See, if you do get hacked Blizzard’s top-notch customer service is there to help out. They can restore your account, give you a new password, and even restore any stolen goods (see more on this later). Although, it’s best never to let someone up to no good get THAT far in the first place.

A secure username/password combo starts with having a unique username. This is the simplest part of all but many do make this mistake. You should always make your username something unrelated to your online persona. It should be different from your email alias or your in-game names. If no one knows your account name then they can’t have a jab at guessing your password (which is already near impossible to do). With a secure username you can also bypass some of the simpler keyloggers by using the “Remember my Username” function within the game client.

The combo isn’t complete of course without a secure password. A strong password is the best defense you have so be sure that it is really good. It should be something that no one who knows you could easily type in and it shouldn’t be something that someone would pick up looking over your shoulder. Here are a few tips on building a strong password:

The longer a password is the more impossible it is to guess. Make sure it’s as long as you can possibly handle to remember.

Symbols and numbers will make your password as solid as titanium. There is no way to guess a password in the given attempts if there is numbers, symbols, and upper case words randomly sprinkled through your password.

Random passwords may be hard to remember but are the absolute best. A random combination of letters, symbols, and numbers is the best way to go but you may find yourself having to write it down.

If you write down your password be sure that it’s somewhere very secure and doesn’t have your account name with it. When you remember your password, destroy the piece of paper with it on there. It’s really best NEVER to write down your password, but sometimes you may have to.

With those tips you should have a pretty solid Account Name/Password set-up. The only other major thing you can do for security is to keep your password constantly updated. Change it on a regular but random schedule. For instance, every time you get a haircut you may want to change it around then.

That isn’t all there is to keeping your username/password safe though. There are various keyloggers, viruses, and spyware floating about in emails and disguised programs set to steal your WoW account information. This is an extremely easy to handle but important step in staying safe.

The reason why it’s easy is that all you need is two things: a good anti-virus program and some common sense. A good anti-virus program is easy to get, you can pick one up at any computer software retailer or you can seek out a free one (such as AVG). You will of course want to research which one is right for you and make sure that the program is solid. That’s just something you should have anyway.

The next thing is the common sense. Let’s avoid game ethics for a minute and talk plain rational common sense. Alright, ready? Here we go: DO NOT DOWNLOAD ANY FORM OF HACK FOR WORLD OF WARCRAFT!!!! THEY DO NOT WORK AND YOU PUT YOUR COMPUTER AND ACCOUNT INFO AT RISK! I put this in capital letters to let you understand the importance of this. Every hack so far for World of Warcraft hasn’t worked (or been verified to work at least) and most of these hacks contain viruses. So, it’s best to play the game fairly and avoid the risk. That’s not to say that if you find a real working one that Blizzard wouldn’t catch and ban you, making account security pointless.

There is one last major thing that you should be aware of. That is social engineering. Social engineering is this neat term someone with a lab coat came up with to describe someone scamming you out of your account information. The easiest way to avoid any form of social engineering (scams) is to always follow these three tips:

Never give anyone your username and password no matter how cool they are or what they promise you. If you give your username and password out to someone then it becomes two people with access to your info. If that other person uses it for evil purposes or gives it someone else then you can see where this is going.

Never enter your username/password into any website that isn’t Blizzard’s official website. Look at the address bar on your browser before you enter your information. Be sure the site you are on is the one you want to be at. Always go to Blizzard’s website by typing in the URL and never follow anyone’s links to it.

Everyone’s favorite: Blizzard doesn’t want your password. They have it already, in a sense. They don’t need it for any purpose and anyone messaging you that they are from Blizzard (even with the blue text) and need your password is liars.

With all of this in mind (or at least some of it) you should be more secure with your account. A brief summary would be:

Use a good password and attempt keep your username and online handle separate.

Don’t download hacks and keep an up-to-date anti-viral program going.

Don’t tell anyone your account information.

The only other thing you may want to do is use Window’s Update (or Macintosh’s Equivalent) to keep your computer up-to-date on security patches. Consult your operating system manufacture for more information on keeping your OS secure.

Keep going for more helpful information!

Appendix A: What do if I get hacked?

Visit Blizzard’s official website for WoW (www.worldofwarcraft.com) and find their current customer support phone number. Call their office up and tell them what happened. Be prepared to fax them proof of I.D. if it’s that severe (although not all cases are). If they can verify that the account was indeed hacked then they’ll restore your items to a degree. Enchants, jewels, and gold aren’t restored. You only get what you were wearing back.

It’s also good to note that Blizzard often takes awhile to get around to restoring an account. That’s why it’s ALWAYS best not to get to the point of needing their help to get your account and your stuff back.

Appendix B: Is it true that clicking on links can have my account stolen?

Yes and no. Some sites can use exploits within your browser to install keyloggers. Keeping your OS/Browser up-to-date and having some form of anti-virus program going can keep you safe from most of this. It's really best to avoid strange sites or sites with really odd URLs.

Appendix C: What is phishing? I did not order any fish....

Phising is when someone sends you an email saying CHANGE YOUR PASSWORD CLICK HERE. You click that link and are taken to something that looks like the official site. If you enter your username/password then they can get it. This is why earlier on I said always check the URL of the site you are on and be sure you typed the URL in yourself.

An example of a phishing site would be something that was like:

http://www.worldofwarcraft.lolololol.corn/

Notice how when you first look at it, it looks like WorldofWarcraft.com? Then you see the “lolololol.corn” (corn used to protect any innocent lol sites). Your eyes fool you during a quick glance into think you’re at the WoW mainsite when really you’re at a fake one. So always type in the WoW site when you want to log into your account on the web.

Quick Tip Guide

For those of you looking for more good security advice, here you go! Some of it can be a tad “tin foil hat zone”, but it’s all advice towards keeping your account secure.

Cyber cafés are good to play WoW at, but you can’t really trust them. It’s best to have a notebook which you can log on to the Internet over wifi. Then you risk no chances of keyloggers and get to play on the go. Kinda costly though. Someone looking over your shoulder as you type out your password? Say, at a cyber café or a friend’s house? Make them look away. It isn’t rude or impolite or anything to ask someone not to watch as you type in a password. You can also cover up your hand and insert “fake” key presses where you move your hand over a key but don’t actually press it to throw people off. Don’t use unsecured wireless Internet unless you know where it’s coming from. Always use secured wireless when possible. Don’t write your password down and if you have to put it in a simple code that’s easy to remember. For instance, move every letter or number up by two. 3497d could become 56118f. Writing the password down backwards works. The best thing to do is keep the username and password separate. Username should be different then character name. This can be really helpful. Check “Remember User Name” and just type in your password every time you log into WoW. Benefit? If you are keylogged they only get your password and not your username. This goes well with the above example. Never share accounts. If your account IS stolen and you have to get it back, if they notice two people in two locations (say one in California and one in New York) playing at the same time then it’s ban time. Don’t let paranoia over your account get you, instead focus on casual good habits to keep safe. Don’t install strange software, don’t listen to any emails from Blizzard that involve your username and password, don’t give your password away, and just be alert anytime “username” and “password” come up in some scenario.

Comments or questions? Email us (Xerin@TenTonHammer.com) or post on our forums! As a special note, Ten Ton Hammer isn't responsible if by changing your password you invoke the wrath of the massive Blogosphere version of the Loch Ness monster who devours your ram or anything else.