Who here is in "No Authenticator Never been hacked club?"

[shaw0050]

Honestly, I'd probably have gotten an authenticator if it weren't for one thing.. I account share with a couple of close friends. I use their level 80s to run alts through stuff, etc. They do the same with my account, and an authenticator would make that process hard to do. Never been hacked though.

[varus]

Never been hacked - but I know there is an element of luck to that. Legit sites can become compromised and expose your system to a new threat that is just ahead of your security (it has happened to this site) - the window might be only a few hours but if the hacker makes use of it you're screwed.

I do use an authenticator now - mainly because my guildmates feel more comfortable about storing valuables in Gbank if the GM has some guarantee of security.
While the secureID token costs a few bucks it is worth noting that the smart phone app is free.

[tigojones]

Of course my system can be broken. Everything can. The whole point is how hard it will be and will it worth the effort. The "wow hackers" definitely can't do it. The people who can don't care about me.
All of these hacked wow accounts aren't targeted manually. The script kiddies send the link to 1000 people, and if 100 get infected it's a win for them. They don't care about the other 900.

No crap...I don't think anyone believes that wow accounts are directly targeted like "Mr Cracker, your mission is to get access to Mr Haxartus' World of Warcraft account." It's not cost effective.

Pretty much every one of the stories of people getting hosed here have been as a result of downloading some program or clicking on a link.

They don't have to be suspicious, and the program could normally be a legit and safe program that happened to get compromised. Theoretically, someone could infect Chrome, enough people would download it and become infected, and if done right, they wouldn't know it till it was too late. Would you expect Chrome to be compromised?

too much trouble and not worth the effort

I don't get that. Push a button and punch in the 6 numbers it gives you. Hell, I take longer typing in my password.

[haxartus]

That's why you download Chrome only from the official Google web page. Also infecting an application will broke it's digital signature, so it's very easy to check if there is something wrong with it. And it's not very good idea to download software from torrents and untrusted sites.
NoScript blocks most of the java/flash on the sites that i don't trust or i see no point of turning the scripts on with them, and it blocks XSS on vulnerable pages too. So the flash vulnerabilities aren't really a problem if you use NoScript. And they can't steal your cookies too.