Zlander

A few months back one of my officers clicked on something he shouldn't have and got hacked. The hacker logged him on in the evening, sold all our of three tabs of guild bank, and then transferred him off to another server. He had two geared characters that got stripped of anything that was worth gold. All his PvP stuff remained so he had partial gear on both toons. We as a guild lost mats, food, flasks, around 1K gold I would imagine. I had set the guilds gold to me only from the beginning, so our gold remained (thankfully). Lucky for us another one of my guid membes irl works for a company that I can't say, but he was able to get our officers gear back fully and our guild bank.


The only change I have done since then is add an additional 4th tab which is set to me solely. We put all epic gems, hearts, pattern etc in this tab. After our Hyjal or BT clear if I do not have the gems on me people go through the ritual of meeting me at the scryer bank for gems. Seems to work fine for us now.

 

ZeroWashu

The improvements I would like see added to guild banks are...

security by column group. Right now the visual is paired columns. Why not security at that level as well?

another option would be assign point based on column/tab an item is in and allow withdrawal on a point system

 

Kesh

See a theme here? Security is a lifestyle, people. I've been playing WoW for 3 years, and I don't click on stuff that I shouldn't. Ergo, I don't get hacked. If someone is dumb enough to get hacked twice, they're no longer in the guild, or, if they are, they have no guild bank access. It's not rocket science. It's just common sense.

Xi said that you had to be smart enough in raiding to get out of the fire. I say in security that you have to be smart enough not to click on stuff you shouldn't. Also, anyone who isn't careful what they click on, or shares their access information, shouldn't have access to your guild bank. Period.

 

dakalro

Have to agree with Kesh, it's common sense. You don't go to unknown (porn, torrents, cracks) sites without a half secure browser, you don't click any link that isn't at least backed up by site's name/friend/known source. It just gets into your system, or should after a while and after messing up a couple times.
Ideally you use antivirus/firewall all the time or at least start it up if you're visiting something suspicious or at the very least scan after you've done some of that (plenty of online scanners).
Of course, knowing what should appear in your process list helps eliminate all but some more we done kits.

 

Whitebushido

That's what Runescape did a long time ago, helped alot with hackers considering it's impossible to actually crack that without a stream of them doing it, there's no recognition on your side.

 

Asteria

What really puzzles me is the lack of security in WoW US. Due to the level of trojans, keyloggers in WoW China, there are multiple security features, from online keypads, account locking, and password grids (u get an unique password grid and logins prompt for specific password coordinates)

Just don't understand why Blizzard cannot implement the system on the US servers.

 

Jebraltar

People don't take security seriously unless they've been compromised, for the most part, especially in a game. I know a lot of people who get angry when they aren't allowed to use their account name or "password" as their passwords.

 

• Chicken

It's most likely implemented there and not in Europe and the US for two reasons:

- The first reason is simply that there is practically no concept of playing WoW at home in China. Most everyone plays WoW there on publicly available computers; this basically means that the keylogger threat is a lot higher. One unsavory person just needs to install a keylogger on a computer, and they can probably get their hands on a very large amount of accounts before it's found out. This really means that in China it's a far larger part of the developer's responsibility to add security to their game.
- The second reason is that if these kind of systems are introduced while a large amount of the playerbase deems them unneeded it'll probably annoy a whole lot of them. I know the merits of extra security, but that doesn't mean that I'd enjoy having to punch in my password on a keyboard that randomly jumps around on my screen after every character I put in.

buff /bʌf/ Pronunciation[buhf]
–verb (used with object)
- to reduce or deaden the force of

 

ZeroWashu

I think there is actually good security in WOW. I know that on the Mac they lock out the keyboard from other programs while WOW is the forefront application until you get past the login screen. I am under the impression they do the same in Windows. Basically the only thing that has access to the keyboard is the game and the OS.

What people do under estimate are the number of stupid people who use their account names and passwords for WOW related sites! Let alone people who have their main and account name the same. Then we can add in the number of people who share accounts, by the guild chat I listen in on its more than most imagine, and suddenly you have all sorts of ways for people to be hacked. Hell half the time I see people claim they were hacked I wonder if its someone they knew.

We have one person in my guild who levels fishing for her boyfriend and OTHER players. She logs on their accounts and levels it. Usually in exchange for running her through BGs to get gear (she is not the worlds greatest player but like is so damn kitted out to look awesome standing there)

 

Zurgat

Wow's passwords are case insensitive.
It'd help a good bit if they enabled the use of caps in passwords. And of course a minimal length.

-= Random Ravings =- Why pay for something, if you can get it for free? Rants and ravings, guides, theorycraft, wotlk alpha info and more. No goldsellers, no levelling services, no bots, no hacks, only ingame knowledge.

 

• Kruthal

That's pretty... impressive. I've been typing in my password with proper capitalization for two and a half years now, and I just typed it in all caps, no problems. Sigh.

I guess it wouldn't technically help if you have a keylogger on your computer, but some of us do actually prefer being able to make decent passwords... (Yes yes, you can do that without caps, but another dimension never hurts)

 

Grizzly

The worst case scenario seems to be Guild Masters getting hacked and losing everything. To get around the "eggs in one basket" problem you could split your most valuble items across the accounts of multiple officers. Of course this increases the potential chance of ANY guild property being stolen but should at least protect against losing everything. The other big downside is of course the lack of immediate access to the items that would be available with a guild bank.

A suggestion for Blizzard to help prevent hacked GM's taking everything would be to give an option for the GM to have the same restrictions as other ranks. If the GM wished to revert to full access they would have to wait a day (or preselected time period) with a popup message alerting them that the bank settings are being changed each time they log in. The GM would of course be able to stop the change to unrestricted access at any time.

 

Zurgat

Heh, yeah it took me quite by surprise as well when i found out.
I don't really see the logic behind it though, why wouldn't blizzard allow capitalization in passwords?

-= Random Ravings =- Why pay for something, if you can get it for free? Rants and ravings, guides, theorycraft, wotlk alpha info and more. No goldsellers, no levelling services, no bots, no hacks, only ingame knowledge.

 

Kesh

If you don't do anything insecure to allow a keylogger on your machine, and don't share your password with anyone, whether your password is case-sensitive or not isn't relevant. People getting accounts taken because their passwords suck aren't using even what you can do without case sensitivity, and the ones who lose accounts with special characters in the password are losing it to a keylogger or account sharing, and case sensitivity won't help you if you give your password to a 'friend' or a keylogger reads it while you type it.

It still comes down to your own security practices with your machine and your password/account name. Don't share, don't click on stuff you shouldn't. Keep virus protection up, and be smart. If you can't do those things, no amount of password security on Blizzard's part will help you. If you do your part, they'll do theirs. (or at least they have so far)

 

Talgog

Absent keylogging or loss of login information via real world stupidity, it is almost impossible to random crack a WoW account, and not remotely worth the effort you would need to do it.

You have a username and a password that are non-confirming and independent, both of which can be quite long, and you also have a non-instant transmission to Blizzard. This last one is a real PITA for anyone because it means that every attempt will take some measureable amount of real time.

Oh, and you need a computer with WoW installed to access an account so random zombie machines are useless.

This password structure is really pretty tough. I don't recall there ever being a single documented incident of a WoW player with "real" usernames and passwords (i.e. not "bob"/"lol") being hacked without keylogging software or some personal security issue unrelated to Blizzard's structure of the WoW username and password.