- Joined
- Aug 31, 2008
- Messages
- 1,779
First off, I think this should be stickied. It's extremely important for those of us who play or will play WoW, and very in-depth.
1. Keep your secret password a SECRET
Do not tell anyone else your password. Ever! Not your best friend, not your wife, not your girl friend, not anyone.
You may think you can trust your friend, but many reports of deleted characters are, "omg my friend deleted all my toons". Trust NO ONE with your password.
It is also a good idea to keep your account name secret too. Don't create a character in WoW that has the same "name" as your account. If someone knows your account name, then they have half the puzzle - all they need now is the password.
2. Use a "strong" password
Don't make easy passwords, like "blue" or "password" or "secret". Try to avoid passwords that are a single word easily found in the dictionary.
A good example of strong passwords are two unrealated words separated by a digit or symbol. Also, try to spell the words "wrong" a bit. Examples are, "byte52smoooth", "sillie$wandour", "noobly-spellz", etc. Such passwords are VERY difficult to guess and are not prone to dictionary attacks.
3. Always run a virus scanner
Get a virus scanner. Did I say, get a virus scanner? Yes, I DID say get a virus scanner! I cannot stress enough how important it is that your system is protected from viruses.
There are many good choices like, McAfee, Norton, AVG, etc. I use AVG because of the price: FREE! Install it, run it, KEEP IT RUNNING. Always make sure your AV software is running up-to-date virus definition files. If you can, you should setup your AV software to do DAILY updates.
Periodically, say once a week, run a full system scan to make sure all your files are virus-free.
4. Consider running a "malware" scanner
Get something like AdAware or Spybot Search and Destroy. These programs look for software on your system that is not classified as a virus, but still may comprimise your privacy.
Running a combination of a virus scanner and a malware scanner helps to make your system much more secure.
5. Enable your firewall
It's a good idea to have your inbound firewall enabled, so your system is not "exposed" raw to the internet. Many attacks are directed randomly at systems, so having your system firewalled will help protect it from unsolicited inbound traffic.
6. World of Warcraft AddOns/Mods
In my opinion, there are two kinds of WoW mods, safe and unsafe.
The safe addons are typically .ZIP files with only .TOC, .XML, .LUA, and artwork files. These addons do NOT require any form of executable (.EXE) file whatsoever. Such addons are installed by simply copying the files to your Interface/AddOns folder.
Unsafe addons/mods may contain "safe" components, but typically require that you RUN (execute) something, be it an installer or package manager. These are unsafe because YOU'RE RUNNING SOMETHING. Once you execute code, you have NO IDEA what it might be doing.
I have heard that Cosmos has a runtime component to it. Now, the REAL cosmos installer is probably safe, but the design allows hackers to make "fake" distributions of Cosmos that actually do work correctly, but the "fake" installers can be malicious. It is for reasons like this that I refuse to use ANY addon/mod that has any form of executable file whatsoever.
7. Only login to WoW on trusted systems
Make sure that the computers you use to login to WoW can be trusted. Does anyone else share your computer? Are you sure the computer you're using is uncomprimised when you login to WoW?
If at all possible, avoid "public" systems such as Net Cafes. You simply don't know what's on other computers, and you are risking your account, password, and all your characters by logging in on any system you cannot fully trust.
If you play WoW at a friend's house, make sure that they are following "safe computing" practices. How much can you trust your friend? They might think it's funny to grab your password and mess with your characters as a practical joke.
8. Properly manage your account
When you created your account, you registered an official email address with it. Make sure you always have access this this email account, and do NOT let others use that email account. If you need to change your email account, make sure to call Blizzard to keep your email account up-to-date. Blizzard will use your email account for all correspondence with you - if you can't access it then Blizzard cannot contact you properly.
Also, when you created your account, you had to make a secret question and answer. REMEMBER IT! Also, it's secret too so do NOT tell anyone else your secret question/answer - EVER!
Make sure to keep your original CD-KEY (that is registered to your account) in a safe place. If you ever need to prove you are the owner of your account, you may need to provide your CD-KEY to Blizzard. So again, consider your CD-KEY secret and don't let anyone else have access to it.
9. Only use your account/password for WoW
You should only ever need your account/password combination to:
- Login to the game
- Access account management
- To login to the forums
Do not be fooled by "fake" web pages that might try to steal your account/password by pretending to be an official login page. Also, Blizzard will NEVER ask you for your password. So don't be tricked by fake email claiming that Blizzard needs your password for such-and-such.
10. Read Blizzard's official Account Security page
Here: http://www.blizzard.com/support/wowb.../?id=abl01897p. Read it. Know it. Love it. BE THE ACCOUNT SECURITY PAGE.
11. Don't give out your account name.
There is no way to find out another person's account name unless they tell you, so keep yours secret. Blizzard lets someone guess your password as much as they want, so they could simply program a hack to brute-force your account if you let it slip. It's your baby, right? You're not paying $15 a month to lose all your items and gold.
12. Only download trusted mods/addons.
If you download a keylogged addon, there's no way to know until your characters' items and gold are gone, and your characters are deleted. Only download addons from trusted sites, with multiple downloads. Curse is a good, safe site to download from. Also, scan every mod/addon/UI you get before doing ANYTHING with it. Use Jotti's VirusScan if you don't have an antivirus program on your computer.
TLDR! Ok if you got this far, feel free to add ideas and suggestions to my big list, and I'll update it. Let's try to stop account hacking by educating players to take simple steps to secure their account.
1. Keep your secret password a SECRET
Do not tell anyone else your password. Ever! Not your best friend, not your wife, not your girl friend, not anyone.
You may think you can trust your friend, but many reports of deleted characters are, "omg my friend deleted all my toons". Trust NO ONE with your password.
It is also a good idea to keep your account name secret too. Don't create a character in WoW that has the same "name" as your account. If someone knows your account name, then they have half the puzzle - all they need now is the password.
2. Use a "strong" password
Don't make easy passwords, like "blue" or "password" or "secret". Try to avoid passwords that are a single word easily found in the dictionary.
A good example of strong passwords are two unrealated words separated by a digit or symbol. Also, try to spell the words "wrong" a bit. Examples are, "byte52smoooth", "sillie$wandour", "noobly-spellz", etc. Such passwords are VERY difficult to guess and are not prone to dictionary attacks.
3. Always run a virus scanner
Get a virus scanner. Did I say, get a virus scanner? Yes, I DID say get a virus scanner! I cannot stress enough how important it is that your system is protected from viruses.
There are many good choices like, McAfee, Norton, AVG, etc. I use AVG because of the price: FREE! Install it, run it, KEEP IT RUNNING. Always make sure your AV software is running up-to-date virus definition files. If you can, you should setup your AV software to do DAILY updates.
Periodically, say once a week, run a full system scan to make sure all your files are virus-free.
4. Consider running a "malware" scanner
Get something like AdAware or Spybot Search and Destroy. These programs look for software on your system that is not classified as a virus, but still may comprimise your privacy.
Running a combination of a virus scanner and a malware scanner helps to make your system much more secure.
5. Enable your firewall
It's a good idea to have your inbound firewall enabled, so your system is not "exposed" raw to the internet. Many attacks are directed randomly at systems, so having your system firewalled will help protect it from unsolicited inbound traffic.
6. World of Warcraft AddOns/Mods
In my opinion, there are two kinds of WoW mods, safe and unsafe.
The safe addons are typically .ZIP files with only .TOC, .XML, .LUA, and artwork files. These addons do NOT require any form of executable (.EXE) file whatsoever. Such addons are installed by simply copying the files to your Interface/AddOns folder.
Unsafe addons/mods may contain "safe" components, but typically require that you RUN (execute) something, be it an installer or package manager. These are unsafe because YOU'RE RUNNING SOMETHING. Once you execute code, you have NO IDEA what it might be doing.
I have heard that Cosmos has a runtime component to it. Now, the REAL cosmos installer is probably safe, but the design allows hackers to make "fake" distributions of Cosmos that actually do work correctly, but the "fake" installers can be malicious. It is for reasons like this that I refuse to use ANY addon/mod that has any form of executable file whatsoever.
7. Only login to WoW on trusted systems
Make sure that the computers you use to login to WoW can be trusted. Does anyone else share your computer? Are you sure the computer you're using is uncomprimised when you login to WoW?
If at all possible, avoid "public" systems such as Net Cafes. You simply don't know what's on other computers, and you are risking your account, password, and all your characters by logging in on any system you cannot fully trust.
If you play WoW at a friend's house, make sure that they are following "safe computing" practices. How much can you trust your friend? They might think it's funny to grab your password and mess with your characters as a practical joke.
8. Properly manage your account
When you created your account, you registered an official email address with it. Make sure you always have access this this email account, and do NOT let others use that email account. If you need to change your email account, make sure to call Blizzard to keep your email account up-to-date. Blizzard will use your email account for all correspondence with you - if you can't access it then Blizzard cannot contact you properly.
Also, when you created your account, you had to make a secret question and answer. REMEMBER IT! Also, it's secret too so do NOT tell anyone else your secret question/answer - EVER!
Make sure to keep your original CD-KEY (that is registered to your account) in a safe place. If you ever need to prove you are the owner of your account, you may need to provide your CD-KEY to Blizzard. So again, consider your CD-KEY secret and don't let anyone else have access to it.
9. Only use your account/password for WoW
You should only ever need your account/password combination to:
- Login to the game
- Access account management
- To login to the forums
Do not be fooled by "fake" web pages that might try to steal your account/password by pretending to be an official login page. Also, Blizzard will NEVER ask you for your password. So don't be tricked by fake email claiming that Blizzard needs your password for such-and-such.
10. Read Blizzard's official Account Security page
Here: http://www.blizzard.com/support/wowb.../?id=abl01897p. Read it. Know it. Love it. BE THE ACCOUNT SECURITY PAGE.
11. Don't give out your account name.
There is no way to find out another person's account name unless they tell you, so keep yours secret. Blizzard lets someone guess your password as much as they want, so they could simply program a hack to brute-force your account if you let it slip. It's your baby, right? You're not paying $15 a month to lose all your items and gold.
12. Only download trusted mods/addons.
If you download a keylogged addon, there's no way to know until your characters' items and gold are gone, and your characters are deleted. Only download addons from trusted sites, with multiple downloads. Curse is a good, safe site to download from. Also, scan every mod/addon/UI you get before doing ANYTHING with it. Use Jotti's VirusScan if you don't have an antivirus program on your computer.
TLDR! Ok if you got this far, feel free to add ideas and suggestions to my big list, and I'll update it. Let's try to stop account hacking by educating players to take simple steps to secure their account.
