Kastang Ramblings of a Geek


World of Warcraft Account Security

Recently there has been discussions in my Guild regarding World of Warcraft account security. I believe this is a perfect opportunity to give my opinion on measures that I believe must be taken to ensure increased general security of your computer along with your World of Warcraft account.

One thing I must make clear is there is no such thing as a completely secure networked computer. The suggestions listed below are simply extra precautions that must be taken to minimize the chance of your computer being compromised.

* - Applies to World of Warcraft only.

Get an Authenticator*
Having an Authenticator will virtually eliminate the chance of your account being compromised. The Blizzard Authenticator costs $6.50 from the Blizzard Store. If you are an iPhone/iTouch user, you can download the Mobile Authenticator for free. Having an Authenticator is no excuse not to do the remaining suggestions.

Web Browser
Use a secure browser. For the sake of speaking, that pretty much means anything besides Internet Explorer. My personal recommendation is Google Chrome or Firefox. For each, I highly recommend the WOT plugin.

WOT’s safe browsing tool warns you about risky sites that can’t be trusted: Online shops that cheat customers; download sites that deliver malware; sites that send spam; and those with inappropriate content for kids.

Web of Trust provides an additional layer of security when visiting websites. WOT is community managed, meaning if someone spots a phishing website, they can report it. The report is upload to WOT servers, if you try to access the website that has received a poor rating, WOT will block you from going to the website without your express permission. If you use Firefox, in addition to WOT, I also highly suggest NoScript. Currently, Google Chrome does not have a  NoScript extension available.

Your World of Warcraft password should be entirely different from any other service you use. Generally speaking, a password should be at least 8 characters long with upper/lower case letters, numbers, and symbols. Your World of Warcraft password (along with other sensitive passwords) should be changed at least once a month. It takes 2 minutes to do, don't be lazy. An example of a good password would be 'I3n&$VW49*'.

Anti-Virus, etc.
Windows users - Having AV software is not full proof. Consider it just another way to decrease the chances of having malicious software installed on your computer (for a long period of time). I personally recommend Avira or NOD32. Along with AV software, I also recommend Spybot and Malwarebytes (Free Edition is fine). Malwarebytes is specifically targeted to Malware, harmful software that is generally not picked up by AV software. AV software should be set to automatically update and run daily (Both NOD32 and Avira provide this option, as do many other AV's such as AVG and Avast).  I would recommend running anti-malware software at minimum once a week.

For Mac(OSX)/Linux users, The options for security software is rather slim. I can recommend ClamXav(Mac) and Clamav(Linux) for virus scanning. I also recommend rkhunter for OSX/Linux systems. Generally speaking, there is not much more that can be done for OSX systems in terms of AV software. Sadly, Apple has spread false information on commercials by suggesting OSX is immune to viruses, until OSX suffers a mass attack, it is unlikely much further production of AV software will occur. As for Linux systems, there are other precautions that can be taken, but I will assume if you use Linux, you should know how to properly secure your system.

Note: Debian based distrobutions can run the follow command to download rkhunter and clamav:

sudo apt-get install clamav rkhunter
#rkhunter -c to run
#clamscan -r in '/' directory to run

Windows users - Automatic Updates should be turned on. Keep your system updated at all times. Microsoft is constantly releasing security patches to fix potential vulnerabilities in your system. If you are still using XP (or anything older) update to Windows 7 as soon as possible. When updates for your system become available, do not postpone restarting your computer to take effect, do it immediately when it asks.

OSX users - By Default, OSX will check for System Updates once a week (This setting can be changed in System Preferences -> Software Update). Install updates whenever they are available.

Linux users - If you are using a Debian based system, the following commands can be executed from a Terminal:

sudo apt-get update
sudo apt-get upgrade

Other non-Debian based Distributions should consult the proper documentation.

Common Sense
Be smart when you use your computer.

  • One precaution that should be taken is when reading email. Never click on links masked by anchor tags (HTML), especially World of Warcraft related emails. If you receive an email from Blizzard asking you to log in to your account, or a beta key, it is most likely a scam.
  • When using your laptop on a public network, be very careful to use SSL connections while logging in/reading email or any other services. If you are on a public network, you should always assume that someone is watching and logging everything you do (this includes cleartext logins). For maximum security, I recommend always using hardwired connection wherever possible (this includes on a home network also).
  • If at any point you find your computer acting strange, immediately stop what you are doing, update and run your protection software.
  • If your World of Warcraft account is compromised, and virus scans show up nothing on your computer. Do not assume one is not there. Change the password for your email and WoW account on a different computer, then work on finding out what caused the security breach on your WoW computer.

Everything above may seem like a lot to take in at first, especially if you have little to no protection on your computer to begin with. The hour or two it will take to setup will be well worth it if your World of Warcraft account becomes compromised. Not only will following my suggestions increase the overall security of your system, it will also save you from possible embarrassment if your account becomes compromised. Once you get everything setup, it should not take more then a half hour of manual work per week to keep your system up to date and secure. I will repeat again, having this security software in place will not make your computer full proof against attack. The above software will only minimize the chances of your system becoming compromised.