I known lots of people who have been hacked, even had one friend, who quit the game, had her account got hacked 3 months later and they reactivated it. How does it Happen? I don't know since I never been hacked, and I have been playing since Beta. If you're like me and don't want to have to bother with an authenticator, here are some tips I know that works.
Email Scams
Legit emails will usually come with @blizzard.com but they can be spoofed, you can't get hacked sending an email, unless you provide your user name and password, NEVER DO THIS. Most mail scams outside of game and inside of game will have you go to a link that is usually a shady address, if in doubt never go to these links, always log in your account directly from www.worldofwarcraft.com or www.battle.net
Internet Browsing
There has been people hacked by going to wrong addresses, or getting exposed to things like adobe flash vulnerability. When internet browser I highly recommend using anything but internet explorer, it is the most used and therefore the most hacked browser out there. I personally use firefox with the add-on called no script. No script is a godsend, it blocks a lot of stupid things on sites you don't want anyway, like java advertisements. You will have to tell it to allow scripts from trusted web sites such as this one but once you do it you can have it saved that setting permanently. You can find no script here. https://addons.mozilla.org/en-US/firefox/addon/722/ Make sure adobe flash is up to date since there are always security holes being exploited, firefox is pretty good at letting me know when I have add ons such as Flash that needs to be updated.
Passwords
Make sure you mix your password with alpha and numeric, it's a lot harder to crack, you will be surprised how many people have passwords like "blue" and they wonder why get hacked. I use to play a game called Utopia and hacked accounts all the time, because people would have user names like buggs with password bunny. Another thing I never do is, I never use the password on my WoW account anywhere else on any othere site, especially WoW driven sights like this one, and especially not on guild web sites that require me to register, after all web sites do get hacked.
Remember Account Name
This is a theory of mine, I could be wrong but at the log in screen I have it "remember account name" checked. The theory is, even if I did get a key logger, how can they key log my account if they have my password but not my user name? Now maybe they can get it from a settings file I do not know, but if they can go that far then I would think having it saved or not saved wouldn't matter at that point anyway.
Friends Computers
If you log in at friends houses the you probably want to get a authenticator, because even if you're smart enough not to get hacked, maybe your friends aren't.
Sharing your accounts
Yeah you let your BFF log in your toon to use but the moment you tick him or her off, they will be DEing all your gear while dancing naked in IF shouting stupid things like "The Jonas Brothers RULE!" in trade chat and spamming ASCII art of ROFL copters while shouting SOI SOI SOI!
So why are you being a cheap bastage and spending $5 for an authenticator?
Because I am lazy and don't want the hassle of having to input something every time I log in, I don't want the hassle if I lose my authenticator, I don't like feeding blizzard money on a service they should be giving you for free. I like the fact I can log in and see a message from blizzard saying "we apologize the authentication server is down and know thank God I didn't have it. I look at it this way, if I ever do get hacked, worst case scenario I get locked out of my account while they restore it, at that point I will get an authenticator, and I can live without WOW for a week or two.
Anyone have any corrections, thoughts, advice? Let me know
EDIT - This post is about General tips and how to avoid getting hacked, nothing is 100% fool proof, even following this advice there is always a chance of getting hacked, but I guarantee doing this will make it much more remote that you will.
Even authenticators are not 100% fool proof, people who have Authenticators have been hacked!