1. Money doesn't grow on trees
2. Learning about security measures has far more impact on security than that additional layer of protection. The weakest link on the chain lies between monitor and chair.
Not gonna discuss or anything, but the question that came to my mind is more like : Why do people need to get an authenticator ?
In my 15 years "online gaming career" my only account that got hacked (and it got hacked numerous times) is my Bnet account, and I have a shitload of gaming account, almost all with the same email and password.
They don't, That's why people are getting hacked, because they are not obliged to have an authenticator.
If they don't have contact to malicious software they won't get hacked.
But one thing that you should remember when you say you have never been hacked before is that you have never played Diablo III before and there haven't been any online-only game with that much orders in so little time before. Hackers focus on the most played games, and that's the time to focus on Diablo III.
Blizzard said that the number of hack reports is not bigger than any WoW launch, so there's nothing new here, just hackers developing new specific ways to get passwords and people falling for them.
When I said "why do people need to get an authenticator", i was thinking of "is blizzard doing their job concerning their account security ?"
My concern is not only about Diablo 3, but about Bnet accounts in general. Sure as you said, the popularity of Blizzard games is part of the problem. Yet in my experience, everytime i heard about a recurrent hacking problem, it was on Bnet accounts. I've played almost any "big" mmo/online game from EQ1/Counterstrike to SWTOR/Battlefield 3, and neither me nor my friends had so much hacking problem. It's common knowledge that Bnet accounts always had security issues. So maybe (i ask myself, not trying to argue anything) part of the problem comes from Blizzard, and maybe they don't take care, as much as other companies, of their account security ?
That's a little bit tin foil hat, but I'll engage it anyway. Perfect security requires perfect code. Perfect code is not feasible. You might make the case that Battle.net is old and they should have been able to fix any security issues by now. But how old is Microsoft, and why haven't they made windows perfectly secure, why do I still have to download security patches every second tuesday?
You could make the claim they're not doing enough, but even if you had proof they're not doing enough (which no one does), what IS enough? Is enough to where no hacker anywhere is able to gain access to any system? Sometimes hackers don't even need exploits, many times they can trick someone into installing something on their machine that takes it over for them.
Sure you've listed other MMOs you've played that didn't have security issues. Is that because their coders are better and have somehow made perfect code, or is that because they're less of a target than Blizzard so hackers don't bother with them?
Not gonna discuss or anything, but the question that came to my mind is more like : Why do people need to get an authenticator ?
In my 15 years "online gaming career" my only account that got hacked (and it got hacked numerous times) is my Bnet account, and I have a shitload of gaming account, almost all with the same email and password.
They don't, That's why people are getting hacked, because they are not obliged to have an authenticator.
If they don't have contact to malicious software they won't get hacked.
But one thing that you should remember when you say you have never been hacked before is that you have never played Diablo III before and there haven't been any online-only game with that much orders in so little time before. Hackers focus on the most played games, and that's the time to focus on Diablo III.
Blizzard said that the number of hack reports is not bigger than any WoW launch, so there's nothing new here, just hackers developing new specific ways to get passwords and people falling for them.
When I said "why do people need to get an authenticator", i was thinking of "is blizzard doing their job concerning their account security ?"
My concern is not only about Diablo 3, but about Bnet accounts in general. Sure as you said, the popularity of Blizzard games is part of the problem. Yet in my experience, everytime i heard about a recurrent hacking problem, it was on Bnet accounts. I've played almost any "big" mmo/online game from EQ1/Counterstrike to SWTOR/Battlefield 3, and neither me nor my friends had so much hacking problem. It's common knowledge that Bnet accounts always had security issues. So maybe (i ask myself, not trying to argue anything) part of the problem comes from Blizzard, and maybe they don't take care, as much as other companies, of their account security ?
That's a little bit tin foil hat, but I'll engage it anyway. Perfect security requires perfect code. Perfect code is not feasible. You might make the case that Battle.net is old and they should have been able to fix any security issues by now. But how old is Microsoft, and why haven't they made windows perfectly secure, why do I still have to download security patches every second tuesday?
You could make the claim they're not doing enough, but even if you had proof they're not doing enough (which no one does), what IS enough? Is enough to where no hacker anywhere is able to gain access to any system? Sometimes hackers don't even need exploits, many times they can trick someone into installing something on their machine that takes it over for them.
Sure you've listed other MMOs you've played that didn't have security issues. Is that because their coders are better and have somehow made perfect code, or is that because they're less of a target than Blizzard so hackers don't bother with them?
It's missing the point to say Blizzard should have better security. The "hackers" aren't hacking into Blizzard's end. They're stealing peoples account information through other means, probably keyloggers shared pw/account login combinations from other websites that WERE hacked. There really isn't anything they can do, short of a two factor authentication method. This is what people are missing - it doesn't help how many locks or how good a car alarm Ford puts on a car, if you lose the keys, someone can get into your account.
"This is bullshit! Blizzard should protect my account without making me spend 5 dollars for extra security!! If I'm forced to buy an authenticator to make sure my account is not hacked then I demand a refund! If a refund is not provided, then Blizzard will be hearing from my lawyers."
That might be the attitude of a lot of people....
lulz just sayin'
And that is why Blizzard never includes authenticators with their collector's editions or regular games; because you are willing to pay more for security that should be added within their product. The LEAST they could do is give an auth. in a CE.
I have a feeling that even if Blizz were to give away authenticators with their games and eat the cost for them there would be a huge outrage of people whining about how "it takes too much time to put in the code." "this is dumb" "why should I have to use this? Blizz your security sucks." etc.
"This is bullshit! Blizzard should protect my account without making me spend 5 dollars for extra security!! If I'm forced to buy an authenticator to make sure my account is not hacked then I demand a refund! If a refund is not provided, then Blizzard will be hearing from my lawyers."
That might be the attitude of a lot of people....
lulz just sayin'
And that is why Blizzard never includes authenticators with their collector's editions or regular games; because you are willing to pay more for security that should be added within their product. The LEAST they could do is give an auth. in a CE.
No, Blizzard doesn't need to pay out money for authenticators in every box to help *your* end-user security. That's your job as it is for anyone who uses the Internet.
Their job is to keep their own servers secure, and not lose your user info to hackers on their end. They have done so, and not lost any info. They last reported a compromise of their systems in 2001, iirc. All the compromises have occurred on the user's end, on computers not owned, nor maintained, by Blizzard. Yet some of you think it's Blizzard's job to secure those? They're already going above and beyond to offer the authenticators at cost for physical, and free if you have a smartphone or IPod Touch type device to put it on.
I have a feeling that even if Blizz were to give away authenticators with their games and eat the cost for them there would be a huge outrage of people whining about how "it takes too much time to put in the code." "this is dumb" "why should I have to use this? Blizz your security sucks." etc.
No you're absolutely right. When I made my guild all have authenticators, even after I posted a way they could get one free without needing a smart phone or any financial investment of any kind, I still had a hunter that steadfastly refused to get one under any circumstances. "I don't care how easy it is, I'm never going to get one." I also had people outright turn my guild down because I required them, saying that they would just go find anther group that didn't care. It doesn't matter how good the security solution is, or whether its free, or anything. Some people are just going to refuse to have any added security, but want to hold Blizzard responsible if their account gets compromised.
Each time i read an post "HALP, ive been hacked" im 100% sure they dont had authenticator and i laugh at em for being cheap and not spending 7euro or the free one for smartphones
I bought mine few weeks after it was released, had plenty of friends being "hacked" and non had authenticator
That's a little bit tin foil hat, but I'll engage it anyway. Perfect security requires perfect code. Perfect code is not feasible. You might make the case that Battle.net is old and they should have been able to fix any security issues by now. But how old is Microsoft, and why haven't they made windows perfectly secure, why do I still have to download security patches every second tuesday?
You could make the claim they're not doing enough, but even if you had proof they're not doing enough (which no one does), what IS enough? Is enough to where no hacker anywhere is able to gain access to any system? Sometimes hackers don't even need exploits, many times they can trick someone into installing something on their machine that takes it over for them.
Sure you've listed other MMOs you've played that didn't have security issues. Is that because their coders are better and have somehow made perfect code, or is that because they're less of a target than Blizzard so hackers don't bother with them?
Actually, that's not the case here.
If you have a perfectly secure system that requires only a username and a password and they get stolen, you will be hacked in a perfectly secure system.
There's NOTHING Blizzard can do if you manage to lose your password and don't have any other means of security available. It's simple as that. There are tons of ways of keyloggin a computer and while the vast majority of hacked people will say that they use 100% secure computers, the vast majority of them have already installed cracked games, downloaded pirated movies and/or songs in the internet or visited porn sites. All of these include a risk for hackers include their exploits.
And you should also not stop in the Blizzard Authenticator. At least enabling Google Gmail 2-step verification is a must, as your e-mail may be used to enter all your social networks. Of course hackers are not interested in stealing your facebook account as they are in stealing your gold and selling elsewhere.
I got mine a while ago and it was the best think I could do. Authenticators are awesome and always working BUT, make sure you always keep it on you and not in your bag, as soon as it's cold it's not working anymore.
Well the question I pose to those who in this conversation don't agree that it's a good investment must not feel that their accounts are worth the investment of protection and thus shouldn't feel compelled to bemoan having their accounts hacked.
I go back to assuming that those here or on the public forums that are adults, pay for insurance to protect important investments. So how could a free-$7-(apparently much more overseas like $20+) not make perfect sense? I guess the options are, have one or risk getting hacked and dealing with that consequence.
Of course I think we know the answer even if a few people won't assume personal responsibility for the things in their life.
If you can afford Diablo 3, you can afford to the extra $6 for a physical authenticator. And as others said, you can emulate Android on a PC and run the free mobile authenticator that way. There are no excuses for being hacked except for your own stupidity and laziness. I have never felt bad for someone who was 'hacked' and that will not change any time soon.
"This is bullshit! Blizzard should protect my account without making me spend 5 dollars for extra security!! If I'm forced to buy an authenticator to make sure my account is not hacked then I demand a refund! If a refund is not provided, then Blizzard will be hearing from my lawyers."
That might be the attitude of a lot of people....
lulz just sayin'
And that is why Blizzard never includes authenticators with their collector's editions or regular games; because you are willing to pay more for security that should be added within their product. The LEAST they could do is give an auth. in a CE.
No, Blizzard doesn't need to pay out money for authenticators in every box to help *your* end-user security. That's your job as it is for anyone who uses the Internet.
Their job is to keep their own servers secure, and not lose your user info to hackers on their end. They have done so, and not lost any info. They last reported a compromise of their systems in 2001, iirc. All the compromises have occurred on the user's end, on computers not owned, nor maintained, by Blizzard. Yet some of you think it's Blizzard's job to secure those? They're already going above and beyond to offer the authenticators at cost for physical, and free if you have a smartphone or IPod Touch type device to put it on.
If a person pays $100 for Collector's Edition (original is $60 obviously) you don't think they should be entitled to extra security? What are you, a spawn of Kotick?
That's a little bit tin foil hat, but I'll engage it anyway. Perfect security requires perfect code. Perfect code is not feasible. You might make the case that Battle.net is old and they should have been able to fix any security issues by now. But how old is Microsoft, and why haven't they made windows perfectly secure, why do I still have to download security patches every second tuesday?
You could make the claim they're not doing enough, but even if you had proof they're not doing enough (which no one does), what IS enough? Is enough to where no hacker anywhere is able to gain access to any system? Sometimes hackers don't even need exploits, many times they can trick someone into installing something on their machine that takes it over for them.
Sure you've listed other MMOs you've played that didn't have security issues. Is that because their coders are better and have somehow made perfect code, or is that because they're less of a target than Blizzard so hackers don't bother with them?
I really don't know man Your point is right, maybe a good solution is to make a system (on the game itself) so the hackers won't find anything worth the effort. And about that, I'm pretty sure RMAH isn't a good idea to keep hackers outside of a game, but anyway.
I really don't know, I'm far from being able to even think about a solution. I use myself an authenticator, because I have a smartphone, which allow me to get it for free, but if I had to buy it, I would be pissed honestly, like : "I've bought a game, and now I have to buy something for 10 euros so I don't get hacked, why ?"
Two really close IRL friends have been hacked in 3 days, and I know for sure, they didn't clicked on anything they should worry about, they don't have an "easy" password, etc, shortly, they shouldn't have to worry about their account security, and they never did before because there wasn't any reason to do so. That's why now, I ask myself, why ? Why so much hack ? And why are they able to succeed so much ? And one of the answers that come to my mind is, could it be Blizzard fault for not caring enough about it ?
Something people forgot - sometimes it has nothing to do with what you did. Maybe it was a shared password with a different site (PS+, Gawker, etc). Maybe it's a weakness in a legit program already on your computer (the recent Mac botnet, awhile back there was a bunch of stolen accounts due to an issue with Flash). Maybe it's a legit website that has issues with it's own security that you downloaded a keylogger from.
Sometimes, when people get hacked, it's just not there fault someone got their account information. It's not Blizzard's fault either that people can make so much money from stealing account information
"This is bullshit! Blizzard should protect my account without making me spend 5 dollars for extra security!! If I'm forced to buy an authenticator to make sure my account is not hacked then I demand a refund! If a refund is not provided, then Blizzard will be hearing from my lawyers."
That might be the attitude of a lot of people....
lulz just sayin'
And that is why Blizzard never includes authenticators with their collector's editions or regular games; because you are willing to pay more for security that should be added within their product. The LEAST they could do is give an auth. in a CE.
No, Blizzard doesn't need to pay out money for authenticators in every box to help *your* end-user security. That's your job as it is for anyone who uses the Internet.
Their job is to keep their own servers secure, and not lose your user info to hackers on their end. They have done so, and not lost any info. They last reported a compromise of their systems in 2001, iirc. All the compromises have occurred on the user's end, on computers not owned, nor maintained, by Blizzard. Yet some of you think it's Blizzard's job to secure those? They're already going above and beyond to offer the authenticators at cost for physical, and free if you have a smartphone or IPod Touch type device to put it on.
If a person pays $100 for Collector's Edition (original is $60 obviously) you don't think they should be entitled to extra security? What are you, a spawn of Kotick?
See. Things like this are part of the problem. Entitled? Yes. if you buy the CE, Blizz should come to your house and ensure that you're smart enough to keep your computer safe. I mean, it's not like the extra money is actually paying for anything else that comes in the CE that doesn't come with the regular/digital version of the game, right?
Account security is the user's responsibility. Server security is Blizzard's. If your account gets hacked, odds are it's your fault. If the servers get hacked, that's a completely different story.
I got my authenticator when I got a smart phone. I think a lot of people don't use it because they think that...."oh it won't happen to me". By now, I really think players should know better. A little extra security can go a long way. Is it perfect? No, but it helps.
Can't afford $6? Then next time at the movies don't buy a large drink and there is your authenticator money. It is a bit silly that people will invest hundreds of hours into a game and think they shouldn't need to protect it. I know when I put the time into the game I don't want it to disappear.
Like what was stated earlier in this thread, don't use the same passwords for several different sites. Change it up. That is probably the best tip I can think of. Hackers don't need to hack Blizzard...they hack other websites and then try to use the same email/passwords in the Blizzard games.
Blizzard should just pay a guy with a baseball bat to make housecalls to everyone without an authenticator and beat them over the head while yelling "HEY STUPID GET AN AUTHENTICATOR!!!".
P.S. I bought the CE and I already had an authenticator, so they would've been wasting money on it for me. And anyone with a smartphone. And don't think that cost wouldn't get passed on to you.
All they care about is profit. Blizzard should deliver acount security as standard, not optional thing, that's just nonsense. If they would really care about players security, the would attach this kind of device to their products, as free gift. You pay for something, that you are ought to get. And don't compare it to innsurance, we're talking about 50$ games compared to 20 000$ car.
ZZZZ
It IS free if you have a smartphone. If not they'd have to mail you an authenticator, or put one in every box and hope everyone actually attaches it. Both of those options have postage/packaging implications so that $5 would get baked into the box price (additional cost for all those people with smartphones). And despite all sense and reason some people actually do not want an authenticator.
There is no such thing as a free lunch. An authenticator is NOT the same as normal account security, it requires an independent device in the event your PC is compromised and therefore has additional cost, which unless you have a smartphone you will be paying regardless.
Exactly.
Having an unsecured computer then using a 8$ (?) product to only secure one or 2 games does not make a whole lot of sense.
Using a good firewall and antivirus does on the other hand. Never had a problem in 5 years of wow whereas friends did.
Yeah i have a hard time having respect for people using and promoting this stuff. I see it as one more scam...
I bet people using an authenticator have never cared about security, or worst: they stopped to care once they started using one.
Well to each his own I suppose.
Except people who really care about security are more likely to have one because they realize no matter how secure they think they are there is always a way for a clever person out there to get around it if they really want to. Wow you have a firewall and antivirus. Great! Too bad new viruses and exploits can take days or weeks or months or years or never found at all. By the time your antivirus is updated to know about said virus, you may have been infected for long enough for your information to be stolen. In a case like that, they still can't access your account with an authenticator...Well they CAN,but they would have to sit there and wait for you to log in, so they can access your code and log in with it,but that is a waste of time and effort when they can go after the moron without an authenticator.
Golly, maybe when people shell out almost seventy bucks for entertainment, from a company that has entertainment in its name, they are a little annoyed to find that they need to approach it like online banking. And not just regular online banking - banking with a bank that, like soviet russia, makes you insecure.
When will we see the RMAH with this epic boondoggle, anyhow... 2013?
Rollback Post to RevisionRollBack
To post a comment, please login or register a new account.
It's like... 6 damn dollars.
That's a little bit tin foil hat, but I'll engage it anyway. Perfect security requires perfect code. Perfect code is not feasible. You might make the case that Battle.net is old and they should have been able to fix any security issues by now. But how old is Microsoft, and why haven't they made windows perfectly secure, why do I still have to download security patches every second tuesday?
You could make the claim they're not doing enough, but even if you had proof they're not doing enough (which no one does), what IS enough? Is enough to where no hacker anywhere is able to gain access to any system? Sometimes hackers don't even need exploits, many times they can trick someone into installing something on their machine that takes it over for them.
Sure you've listed other MMOs you've played that didn't have security issues. Is that because their coders are better and have somehow made perfect code, or is that because they're less of a target than Blizzard so hackers don't bother with them?
It's missing the point to say Blizzard should have better security. The "hackers" aren't hacking into Blizzard's end. They're stealing peoples account information through other means, probably keyloggers shared pw/account login combinations from other websites that WERE hacked. There really isn't anything they can do, short of a two factor authentication method. This is what people are missing - it doesn't help how many locks or how good a car alarm Ford puts on a car, if you lose the keys, someone can get into your account.
And that is why Blizzard never includes authenticators with their collector's editions or regular games; because you are willing to pay more for security that should be added within their product. The LEAST they could do is give an auth. in a CE.
No, Blizzard doesn't need to pay out money for authenticators in every box to help *your* end-user security. That's your job as it is for anyone who uses the Internet.
Their job is to keep their own servers secure, and not lose your user info to hackers on their end. They have done so, and not lost any info. They last reported a compromise of their systems in 2001, iirc. All the compromises have occurred on the user's end, on computers not owned, nor maintained, by Blizzard. Yet some of you think it's Blizzard's job to secure those? They're already going above and beyond to offer the authenticators at cost for physical, and free if you have a smartphone or IPod Touch type device to put it on.
No you're absolutely right. When I made my guild all have authenticators, even after I posted a way they could get one free without needing a smart phone or any financial investment of any kind, I still had a hunter that steadfastly refused to get one under any circumstances. "I don't care how easy it is, I'm never going to get one." I also had people outright turn my guild down because I required them, saying that they would just go find anther group that didn't care. It doesn't matter how good the security solution is, or whether its free, or anything. Some people are just going to refuse to have any added security, but want to hold Blizzard responsible if their account gets compromised.
I bought mine few weeks after it was released, had plenty of friends being "hacked" and non had authenticator
Actually, that's not the case here.
If you have a perfectly secure system that requires only a username and a password and they get stolen, you will be hacked in a perfectly secure system.
There's NOTHING Blizzard can do if you manage to lose your password and don't have any other means of security available. It's simple as that. There are tons of ways of keyloggin a computer and while the vast majority of hacked people will say that they use 100% secure computers, the vast majority of them have already installed cracked games, downloaded pirated movies and/or songs in the internet or visited porn sites. All of these include a risk for hackers include their exploits.
And you should also not stop in the Blizzard Authenticator. At least enabling Google Gmail 2-step verification is a must, as your e-mail may be used to enter all your social networks. Of course hackers are not interested in stealing your facebook account as they are in stealing your gold and selling elsewhere.
I go back to assuming that those here or on the public forums that are adults, pay for insurance to protect important investments. So how could a free-$7-(apparently much more overseas like $20+) not make perfect sense? I guess the options are, have one or risk getting hacked and dealing with that consequence.
Of course I think we know the answer even if a few people won't assume personal responsibility for the things in their life.
If a person pays $100 for Collector's Edition (original is $60 obviously) you don't think they should be entitled to extra security? What are you, a spawn of Kotick?
Something people forgot - sometimes it has nothing to do with what you did. Maybe it was a shared password with a different site (PS+, Gawker, etc). Maybe it's a weakness in a legit program already on your computer (the recent Mac botnet, awhile back there was a bunch of stolen accounts due to an issue with Flash). Maybe it's a legit website that has issues with it's own security that you downloaded a keylogger from.
Sometimes, when people get hacked, it's just not there fault someone got their account information. It's not Blizzard's fault either that people can make so much money from stealing account information
See. Things like this are part of the problem. Entitled? Yes. if you buy the CE, Blizz should come to your house and ensure that you're smart enough to keep your computer safe. I mean, it's not like the extra money is actually paying for anything else that comes in the CE that doesn't come with the regular/digital version of the game, right?
Account security is the user's responsibility. Server security is Blizzard's. If your account gets hacked, odds are it's your fault. If the servers get hacked, that's a completely different story.
Can't afford $6? Then next time at the movies don't buy a large drink and there is your authenticator money. It is a bit silly that people will invest hundreds of hours into a game and think they shouldn't need to protect it. I know when I put the time into the game I don't want it to disappear.
Like what was stated earlier in this thread, don't use the same passwords for several different sites. Change it up. That is probably the best tip I can think of. Hackers don't need to hack Blizzard...they hack other websites and then try to use the same email/passwords in the Blizzard games.
My BNet Profile
P.S. I bought the CE and I already had an authenticator, so they would've been wasting money on it for me. And anyone with a smartphone. And don't think that cost wouldn't get passed on to you.
ZZZZ
It IS free if you have a smartphone. If not they'd have to mail you an authenticator, or put one in every box and hope everyone actually attaches it. Both of those options have postage/packaging implications so that $5 would get baked into the box price (additional cost for all those people with smartphones). And despite all sense and reason some people actually do not want an authenticator.
There is no such thing as a free lunch. An authenticator is NOT the same as normal account security, it requires an independent device in the event your PC is compromised and therefore has additional cost, which unless you have a smartphone you will be paying regardless.
Except people who really care about security are more likely to have one because they realize no matter how secure they think they are there is always a way for a clever person out there to get around it if they really want to. Wow you have a firewall and antivirus. Great! Too bad new viruses and exploits can take days or weeks or months or years or never found at all. By the time your antivirus is updated to know about said virus, you may have been infected for long enough for your information to be stolen. In a case like that, they still can't access your account with an authenticator...Well they CAN,but they would have to sit there and wait for you to log in, so they can access your code and log in with it,but that is a waste of time and effort when they can go after the moron without an authenticator.
When will we see the RMAH with this epic boondoggle, anyhow... 2013?