Login:
Password:
Lost Password?
Print this article  |  E-mail this article  |  Comment on this article

A real-world security keychain to protect WoW characters' identity

By Michael Hatamoto, BetaNews

July 1, 2008, 5:33 PM

Blizzard introduces a physical security token to help give gamers added peace of mind when playing World of Warcraft online.

To help keep gamers safe from possible account hijackings in World of Warcraft, Blizzard Entertainment has introduced a small electronic authenticator that will produce a six-digit security code that can be entered before a WoW player logs on.

Users who purchase the authenticator can register it with their WoW account. Each time they try to log into their account, they'll need to provide their user name, password, and randomly generated code from the authenticator. The only way to have it removed from an account is to call Blizzard and have them manually remove the feature. The randomly generated code is good for one login, and will refresh if not used within 60 seconds.

If lost, owners must provide personal information to Blizzard to have a new authenticator activated and mailed out.

The authenticator can be purchased online for $6.50. Blizzard did not say when the new keys will be released, though did say it will initially be available only for US gamers.

Authenticators have been rolled out for online financial institutions, including PayPal, but have not seen demand for online gaming accounts. But an increased level of account hijackings has led Blizzard to try and create a cost-effective solution to protect its customers, without presenting additional hassles. Today, real-world WoW thieves hijack an account and sell off its holder's valuable possessions over eBay and similar auction sites.

Specifically, WoW gamers have been targeted by hackers who redirect gamers to Internet sites that unknowingly installed keylogging software onto their computer to get their account information. In separate incidents, malicious players have sent e-mails to WoW account holders with Trojan horse files attached.

HSBC, Wachovia, and several other banks use similar tokens to help protect customers' financial information and data.

Add a Comment (19 Comments)

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

Name (required):

E-mail (required):

Enter Your Comment:

By jeffreybt

posted Jul 3, 2008 - 7:19 AM

hopefully this will also fix the problem of blizzard banning people who play while on the road.

they tend ban people who play from multiple locations.

Score: 0

By Galway

posted Jul 2, 2008 - 4:01 PM

It seams a rather extravagant measure to cure the problem. Why not checksum the hardware running the game and make is so that only that computer can authenticate the password for the account?

Its a cool idea, and I think it is a test to see how popular/successful it is for future games.

I like to see what happens when the hackers rip the code and produce a keygen.

Score: 0

By PC_Tool

posted Jul 2, 2008 - 4:22 PM

What about the folks who play from their desktop, laptop, friends computers, LAN parties, internet cafe's...

Score: 0

By Galway

posted Jul 2, 2008 - 4:59 PM

"What about the folks who play from their desktop"

You mean the vast majority, well ... as I said.

"laptop,"

Well ... same applies.

"friends computers,"

Hmmm, maybe a roaming adaptation that allows you to add a limited number of allowed computers, maybe based on a email/USB stored token perhaps, generated from the registered computer ?

"LAN parties, internet cafe's..."

If you are worried about account hijacking then this is a risky place anyway, but the above could be allowed for a limited period, using a token (USB ?) defaulting back to the registered computer after a pre defined period or a user initiated command ?

Point is you have paid for the game, and pay monthly to play online ... and now you are expected to pay to keep your account from being hijacked. This is a hardware solution for a problem that could be solved without the further burden to your consumers. It still doesn't help the people who don't buy the dongle, and it still could be hacked anyway.

Score: 0

By PC_Tool

edited Jul 2, 2008 - 5:12 PM

Heh...

The hardware...you carry with you. The checksum....you can't.

The hardware allows you to play on *any* system without having to create a new "allowed" config.

No tokens, no messy invasion of privacy issues (they are transferring information about your PC after all, at least as much as MSFT does)...

A one time fee of 6.50 instead of a mess like that?

you have paid for the game, and pay monthly to play online

...exactly. A small one time fee to add some protection to that investment is going to be nothing to these folks. :)

Score: 0

By Galway

edited Jul 2, 2008 - 6:20 PM

Its just an idea.

Everyone who buys the game installs it on their gaming machine, once installed it could match the computer to the account and allow the user to generate a key for other locations.

"The hardware...you carry with you. The checksum....you can't"

Really ? You dismiss it so quickly.

"No tokens, no messy invasion of privacy issues (they are transferring information about your PC after all, at least as much as MSFT does)..."

Transferring information to a token or file, not to a 3rd party, the resulting checksum would be verified by the account, not any actual data or identifiable information.

I didn't say it was perfect, but it saves the user from shelling out again and again. You can lose your "authenticator", at least with this would allow the user to generate another.

"A one time fee of 6.50 instead of a mess like that?"

Mess ? You don't need it if you play on the computer it was installed on. The "authenticator" requires use regardless. And if you lose it you would be in a mess.

Score: 0

By PC_Tool

posted Jul 7, 2008 - 9:02 AM

And if you lose it...

A WoW gamer...lose the one thing he needs to access the game...

Haven't met any WoW players, have you? (It's understandable...they rarely come out of hiding...) ;)

///that was a joke, at my expense (as a WoW player).

Score: 0

By Avion Airplane

posted Jul 2, 2008 - 1:49 PM

you can also have a 666 chip imbeded in your forehead ! Then all you have to do is scan your forehead before you log in !!!

:=0 lol

Score: 0

By Ramhound

posted Jul 2, 2008 - 10:34 AM

All this means is Blizzard will start NOT restoring your character if it was "stolen" and you don't have one of these devices.

Of course by the same token you won't be "hacked" if you have this device. You might need to have your account information reset, but thats easy enough and would need to be done for people who forget their information.

Its really easy to protect yourself from being hacked, don't go to viral websites.

Score: 0

By kappen

edited Jul 2, 2008 - 8:04 AM

I have the paypal one works as advertised

Score: 0

By uberfly

posted Jul 2, 2008 - 12:24 AM

Nice idea. If anything it'll be a good test of the concept. Blizzard should just give these away to anyone who's had an account for more than two years.

Score: 0

By bakura

posted Jul 1, 2008 - 10:31 PM

I think it's a good idea. I know at least one bank that offers a device like this to safeguard your account.

I'd like to see this type of security adopted by more companies, but I wouldn't want to have to have a separate password generator device for each company.

Score: 0

By gawd21

posted Jul 1, 2008 - 7:41 PM

This is about stupid! I play WoW and do not want any more crap like this. I wish that it would save your password.

Score: 0

By kappen

posted Jul 2, 2008 - 8:03 AM

Yes that's really secure a device that stores your password so you didn't have to enter it again. Pure genius.......

Score: 0

By gawd21

edited Jul 3, 2008 - 1:39 AM

Don't download a virus, dumb ass.

Score: 0

By uberfly

posted Jul 2, 2008 - 12:21 AM

Angry, angry, angry!!!!! Sheesh. Don't order one then.

Score: 0

By lvthunder

posted Jul 1, 2008 - 8:45 PM

That's why it's optional. If you don't want it don't use it. It's that simple.

Score: 0

By TheNewGuy

posted Jul 1, 2008 - 5:46 PM

These sound like the RSA SecurID tokens. And while I don't play WoW, a lot of people do and consider their time invested in it very valuable. I see this as a good security step.

Score: 0

By Setian^Stalker

posted Jul 1, 2008 - 9:22 PM

I agree its a good security step. The amount of accounts that have been hacked recently seems to be increasing largly.
It's not normally that much of a issue, you raise a ticket and blizzard investigates and restores almost everything that was lost BUT obviously it costs them a lot of manpower which is frustrating to the user while the investigation is going on.

Score: 0

Oct 11 - 11:16 AM ET Things left unsaid, in a recent interview with Sony's CEO

Oct 11 - 11:03 AM ET EU regulations block Italian ISPs from blocking Pirate Bay

Oct 11 - 10:55 AM ET Making it to Apple's App Store by staying out of court

Oct 10 - 7:43 PM ET Wal-Mart changes its mind, leaves existing DRM servers up

Oct 10 - 7:05 PM ET Hands on: An amateur photographer tests out Adobe's latest Lightroom

Oct 10 - 6:52 PM ET Mobile service providers brace for the economic storm

Oct 10 - 6:24 PM ET Apple warns users about bad Nvidia graphics chips

Oct 10 - 4:21 PM ET New Norton Vista tool trades UAC for online feedback

Oct 10 - 3:23 PM ET Verizon Wireless to raise fees for service-related texts

Oct 10 - 3:04 PM ET BlackBerry Bold sales halted in UK