While it may add up over 10M players, take note: Somebody there is going to court for 7 bucks.
While it may add up over 10M players, take note: Somebody there is going to court for 7 bucks.
Total bullshit. I started playing just after cataclysm release, I had not used an authenticator and within 1 month of playing, someone had managed to hack my account. Wasn't a key logger on my pc, seemed to be a brute force attack and my bad with a weak password. Blizzard restored my stuff and told me I should use an authenticatior.
Blizzard should be doing more to secure accounts, I have played a game which implements a 2 password system. 1 is a password you set normally and another is similar to an authenticator but is set via a 4 digit code, bit like a pin code for your debit/credit card. Even an attempt checker to block your account after 5 tryies, would be 100 times better then what they currently have.
I'm not saying the lawsuit was justified, but hopefully this will be a wake up call to blizzard and now maybe we will get some better security features on our accounts, by default.
If your password can be brute-forced, there's nop hope for you.
Could Blizz make unbreakable accounts? Of course. Why don't they do it? Same reason users pick weak passwords to begin with. They want fast access and don't feel like jumping through half a dozen hoops every time they log into the game. The moment they implemented a bigger lock, people would start complaining about the time it takes them to get the key out of their pants.
Blizzard is one the best companies when it comes to people being hacked. They never give you a problem getting your stuff back. Many other companies just say "too bad" and don't even offer authenticators.
It isn't their fault that people visit websites that steal their information and or use passwords for more than one thing.
Any password can be brute forced, depending on the time limit and the amount of loops per minute. Also yes, people don't want bigger loops to jump through, i still get annoyed when my IP resets and it asked for my authenticator code, but what is stopping blizzard giving the famous 5 tries = lock method? Any normal user will not notice a difference. I mean even if you forget your password, after the 3rd attempt you would normally just resort into resetting it anyway. I honestly do not see a reason why Blizzard has not added this, seems like common sense imo.
Standard brute-force methods usually take a dictionary and don't go AAAAAA, AAAAAB, AAAAAC... An easily memorized password such as [yourmomsmaidenname][yourdadsbirthday][dog/cat/horse] would likely already have enough permutations to outlast humanity, even at one attempt per second, unless her maiden name was pretty short, in which case you substitute your favourite dinosaur.
This is hilarious, the article purports that the people suing them say that Blizzard hasn't taken necessary steps to inform players how important authenticators are. There is a tooltip in-game, and they have a bloody quote they paste on any account security posts. Anything *remotely* related to account security has this thing on the end.
And they don't sell the authenticators, they are free. the $5.00 *barely* covers shipping. Also, what the hell? Use one of the free options. There is no reason in hell not to have an authenticator.
Sometimes I wish every thread would be monitored against naive posters. Could also have stopped one of my drunk threadsThat is a possibility. There are even people that offer their services to do this for free.
They do nothing against them? Yeah, that's easy to say since once a bot is banned, you don't notice them, do ya? We don't know how Blizzard handles the reports, or how they combat how bots exploit the games codes, but yeah, I am confident that I can speak for Blizzard and say that they are doing what they can.
Although I'll be frank and say that a huge banwave is loooong overdue.
Active WoW player Jan 2006 - Aug 2020
Occasional WoW Classic Andy since.
Nothing lasts forever, as they say.
But at least I can casually play Classic and remember when MMORPGs were good.
Funny thing about nusiance lawsuits, the one that bring them have to pay for them, just because you CLAIM Blizzard isn't doing anything about bots, all they have to do is ban just a single person to shoot your claim full of holes. As far as the lawsuit you are referencing, it isn't and wont be going anywhere because they dont FORCE YOU to buy the damn authenticator. Those folks are gonna get tossed out of court pretty fast
--- Want any of my Constitutional rights?, ΜΟΛΩΝ ΛΑΒΕ
I come from a time and a place where I judge people by the content of their character; I don't give a damn if you are tall or short; gay or straight; Jew or Gentile; White, Black, Brown or Green; Conservative or Liberal. -- Note to mods: if you are going to infract me have the decency to post the reason, and expect to hold everyone else to the same standard.
--- Want any of my Constitutional rights?, ΜΟΛΩΝ ΛΑΒΕ
I come from a time and a place where I judge people by the content of their character; I don't give a damn if you are tall or short; gay or straight; Jew or Gentile; White, Black, Brown or Green; Conservative or Liberal. -- Note to mods: if you are going to infract me have the decency to post the reason, and expect to hold everyone else to the same standard.
That's patently ridiculous. They're suing Blizzard because Blizzard is trying to provide protection for player accounts from malicious users? A device that costs $6 to buy, or is free on a smart phone? That is incredibly stupid.
That's like suing the police when someone steals from you for providing you with a security system . . .
Putin khuliyo
I guess you need to read up on brute force attacks a little more. What you described was a dictionary attack, brute force is where it will take, as you said, AAAAAA, AAAAAB, AAAAAC and go through the list.
Brute Force Attack: A Brute Force attack is a type of password guessing attack and it consists of trying every possible code, combination, or password until you find the correct one. This type of attack may take long time to complete. A complex password can make the time for identifying the password by brute force long.
Dictionary Attack: A dictionary attack is another type of password guessing attack which uses a dictionary of common words to identify the user’s password.
Your point being? Any decent password worth its salt cannot be brute-forced in a human lifetime. And every brute-force attack will naturally eventually go through dictionary words. A dictionary attack is quite simply more focused on most likely solutions and can still have a systematic or randomized generator attached to it, trying non-sensical variants as soon as real words have failed. And even then the energy source powering it will have already stopped working unless coincidence struck first, in which case it'd be just as likely to have struck within the 5 'free' attempts you are suggesting.
Wake up call for who? The guy who couldn't be arsed to download an app?
http://samaramon.co/
My transmog & misc. blog!
Yes, Yes, and its possible that a great big space rock falls in front of your house and out jump the Swedish Bikini Team... as far as people offering their 'services'... what makes them or YOU qualfied for something like that?
Sure, they could hire a GM for every single battleground... and then they'd have to pass that cost along to the subscribers... Are you really and truly prepared to see your subscription feel increased by 20-30x... not 20-30$... but 20 or 30 times... as in instead of 15$ a month you'd pay 300$ a month.. think you can handle that kind of fee for the kind of special attention you are demanding?
---------- Post added 2012-11-12 at 08:34 AM ----------
Just because you dont SEE any action means they aren't doing anything? is that it? Tell me something else... why should we believe YOUR claims over that of what Blizzard says?
---------- Post added 2012-11-12 at 08:36 AM ----------
I am pretty sure that there is a section in the EULA about causing a disruption in service... perhaps they'll use that clause to BAN those bringing or participating in the nuisance lawsuits.
---------- Post added 2012-11-12 at 08:42 AM ----------
here is a list of things you can do to safeguard your Wow account.
1. Stay the FUCK off the gold buying websites.
2. Dont use the email address on your Battle.net account for anything BUT that.
3. Dont use the same damn password for your Battle.net account that you use for the gold buying website you use. Use a completely different password.
and that right there is ALL THE DAMN SECURITY YOU NEED.
in 15 years of online gaming with dozens of games I've never been hacked, not a single damn time.
--- Want any of my Constitutional rights?, ΜΟΛΩΝ ΛΑΒΕ
I come from a time and a place where I judge people by the content of their character; I don't give a damn if you are tall or short; gay or straight; Jew or Gentile; White, Black, Brown or Green; Conservative or Liberal. -- Note to mods: if you are going to infract me have the decency to post the reason, and expect to hold everyone else to the same standard.