[Suggestion] Hack Prevention

[huilun02]

One serious issue concerning the game is the problem of account theft (hacking). I have been considering an idea for some time and decided that it would be great if Blizzard could implement it, as it could effectively prevent account theft for all players.

An option could be added to the Battle.net account settings which allows the account owner to 'bind' access to the account based on multiple options:

Country/Countries (Account can only be accessed from within the specified countries)
Internet Service Provider (Account only accessible to persons using specified provider)
Computer IP (Account only accessible from specified computer terminals)

This measure would effectively prevent account theft as hackers usually access stolen accounts from a physical location different from the rightful owner.

I understand that this measure might seem overkill or overzealous, but would be very effective in concept and would not require account owners to possess a degree of IT knowledge to protect themselves from account theft. I believe it is in the best interest of Blizzard to protect its customers' accounts. It has done a good job with the Account Authenticator, let's take this one step further and 'finish the fight'.

[Naus]

What if I am traviling to Europe and I want to play WoW on my laptop in a Hotel?
What if I want to play at my friends?
see above

~Edit~
And no its not blizzards job to make sure that accounts are unhackable. Sure going and doing that is going above and beond what is really excepted to them.

Really if you want to keep your account safe:
1) learn what is a phishing attempt
2)Scan your computer for viruses often.
3)go to porn sites that you know dont have said viruses.
4)use a diffrent password for your diffrent games, and emails.

[Zulandia]

They already give you tons of options to protect your account (one of which the dial in authenticator is more or less exactly what you're asking for only with more user interaction required) and yet you want more? Blizzard can only go so far to stop account theft at this point it's time for the user to take responsibility for their own stuff imo.

Oh ya and it''s not account hacking it's phishing and/or social engineering which gets accounts stolen, the time and effort required to physically hack an account [not to mention it being illegal unlike the other two which are just frowned upon] no one would bother for something so mundane.

[Deleted]

You *do* realize that the official forums are not the same as these fan forums, right?

Also, get an authenticator. All the protection you need. Easy.

[Martinussen]

i'll bet you 100 bucks, that they'll find a way to "Pretend" that they are in the country, are the IP and are on the internet provider.

[Enigmax]

Also, get an authenticator. All the protection you need. Easy.

This ^^ in a nut shell

[Scottishpaladin]

What happens when I want to go to a different country for a weekend and happen to take my laptop, I cant log on--

Lots of hassle when I change ISP and have to phone blizzard up and tell them.

IP's change alot?

[Anetheros]

i'll bet you 100 bucks, that they'll find a way to "Pretend" that they are in the country, are the IP and are on the internet provider.

no wai!! (unless they manage to install a trojan on your pc which acts as a proxy, and no one would ever do that)

[nalle]

An authenticator together with common sense is already all you need.

If you don't have any of these then that's your own fault.

In most cases it's just enough with an authenticator (common sense not needed woho!).

[huilun02]

What if I am traviling to Europe and I want to play WoW on my laptop in a Hotel?
What if I want to play at my friends?
see above

It would be an optional feature, and of course the account owner would have to unbind it in order to play from another location or PC. People who travel a lot would choose to be better off not binding the account, or he could just bind it to his country if hes not going abroad.

I understand from most of your replies that players should take some responsibility in protecting their own account, and that the Authenticator would already provide more than sufficient protection. But I am not suggesting that Blizzard has not given us enough options to protect our accounts, nor am I making a complain because I got hacked.

I just want to deal a killing blow to organised account theft operations, IE the gold and item sellers who hack and rob innocent players' accounts.
As I said, not every player possess a level of knowledge in order to protect themselves from falling prey to phising mail and keyloggers. This method of binding the account would be simpler yet effective, especially for those who want every last bit of protection.

[Emane]

Just learn how to secure your computer, and get an authenticator and you are pretty much set.
As TobiasX said, 100% security can only be achieved without any input ports. Meening, no keyboard, no mouse, no internet, no usb. But you wouldn't be able to do much now would you? So the best thing is, authenticator and fix your security. Blizzard can't hold your hand all the time.

[dfarrall]

Awful idea -

1. They would just run from a proxy in your country, plus blizzard already have this implimented.
2. No real way to do this at all.
3. People running with dynamic IP's cant use it.

You just said authenticator provides more than enough security, so why would they need to do this..

[Nyfaria]

Yeah, just no, this is not necessary, at all, Something that prevents you from leaving your house and play wow, yeah yeah yeah, its optional it can be undone, but thats just too much work to just play wow somewhere else for one day. Get an Authenticator, dont visit bad website, get virus protection. dont be an idiot. BAMN your account wont get hacked, ive played wow since Beta, and not once has my account even been attempted to be hacked. Be Smart, dont get hacked.

[Elim Garak]

Why is there a country/provider option? your IP is your country/provider signature

These additional layers of protection can be easily dismissed and then used AGAINST you. Because these measures require an option to ADD new IP (playing from another computer, and an option for dynamic IP, i.e. IP range) - so you can continue playing without any hassle if any of those are changed. Like provider assigns you new IP or even new IP domain.

So hacker has your account information, logs in - he sees this protection system that asks him to verify his identity cause his IP is not on the white-list. IP is hard to bypass but IP can change without legitimate user's notice - so there would be an option to add new IP if you are logged in already with correct login information or maybe you would be required to make a call. I think hacker can handle a call if he has your account information already. So now he's in - he removes YOUR IP from white list and adds his. Hurray!

But most systems that use IP filters require you to link a correct mobile phone number to your account so they could send you an activation SMS (or email - but email is not a problem for a hacker) to prevent THAT from happening.

Enter the Authentificator!

[Lightstrike]

Firstly, by the looks of it without meaning to cause too much offence, you don't know much about internetworking. The things you have listed are much too variable to nail down, and will just cause grief to anyone who is using their account from multiple places causing many false positives which each may need to be looked into.

If you are going to bind anything, bind it to a list of MAC addresses, certainly not IPs or ISPs.

However this system is flawed anyway, because it assumes the user knows what their mac address is in order to add it to a list. And if you're going to add them dynamically to a list upon login, what is the point in the first place?

As much as I like the idea of everyone knowing what their main MAC address is and how to find it, the average WoW player doesn't know this. If they did, they would probably know enough about how to secure their computer that these measures wouldn't be needed in the first place.

[Elim Garak]

If you are going to bind anything, bind it to a list of MAC addresses, certainly not IPs or ISPs.

The funny thing about MAC addresses. You can change it easily in your network card or router. Hacker can retrieve it along with the account information.

[Deleted]

Just stay smart and you won't have problem with hacking and etc. Played for 3 years never have had any problems, just to be careful and smart.

[Deleted]

What if someone who wasn't too clued up on their own set up set the IP lock without realising their address isn't static, thus losing B.net access if they ever reset their router? The authenticator is cheap and effective.

[Lightstrike]

The funny thing about MAC addresses. You can change it easily in your network card or router. Hacker can retrieve it along with the account information.

Everything can be spoofed, there's no doubt about it. But it would at least slow the hackers down.

[Elim Garak]

Everything can be spoofed, there's no doubt about it. But it would at least slow the hackers down.

Yeah, for 1 minute. And I didn't know hackers do it in a hurry.