I really think that having case sensitive passwords is something that should be done... but to be honest, I really doubt it's the main cause of stolen accounts, or even a significant one to take into account.
Simply it's the law of less effort... yes, having non case sensitive passwords make it easier to brute force a password, but it can still take days to do, and we have no idea what other resources they have in place to protect against it (maybe the system lets you try as much as you can, but if an account is being tried to be accessed with different passwords for over an hour or so it might cause a red flag on their system or something).
So... for someone that wants to steal as many user accounts as they can, not someone's specific account, what makes more sense... to spend a day or so brute forcing the password for each and every account, or just mass send fake blizzard emails and have lots of people willingly send their data over, not to mention all the lists they might already have with passwords for facebook, gmail and the like where people put the same info everywhere.
BTW, I do believe that we could do more for password security by forwarding this xkcd comic than by wanting case sensitive passwords..
Well first of all, EA has nothing to do with Blizzard.
Secondly, I agree that perhaps Blizzard allows passwords that are too simplistic. But at the end of the day, they are a game company, not a bank or something else of greater importance. I think it is on the user to create secure passwords and to make sure that they don't fall for phishing scams, keyloggers, etc.
Blizzard already does FAR more than most gaming companies to enhance security by offering things like the mobile authenticator and the apps for all major cell phones.
I disagree entirely.
A LOT of personal information is stored in a "Game Company's" account information for a user that the user can readily get to from their account information page once logging in. Nothing like credit cards, but your name, address, etc are all there. Not something I want just anyone looking at.
Additionally, I've found Blizzard's account security to be the worst out of ANY game company i've had interactions with. If you worked in the IT field you'd understand just how absolutely absurd it is that their passwords are not only NOT case sensitive, but that you have unlimited tries to login with said case-less passwords.
Lastly, simply blaming the user for falling for "phishing scams" or keyloggers is also reasonably absurd. Someone brought up the point that when EA had accounts hacked it was a "Bad Company", but when it's Activision-Blizzard (sorry about that, I get EA & Activision mixed up in terms of company aquirements) Activision-Blizzard can do no wrong and the attention focuses on customers with keyloggers or phishing attempts.
From an IT point of view, I blame Blizzard for their piss poor account security. You'd be surprised how easy it is to hack an account once you know the account name with these kind of password standards. I'm not susprised AT ALL at the number of Diablo 3 accounts being compromised.
Wow. I never even realized that the passwords weren't case sensetive. I am a fan of most Blizz games, but that is kinda lame. I didn't believe it until I tried logging in to D3 and used all caps instead of the usual mix I use of lower and upper case, and couldn't believe it when it let me log on. What can the possible argument in support of this be? Why wouldn't you make a password case sensetive? Hell my bank asks me security questions every time I log in from a different browser, not just computer, and even the security questions they ask are case sensetive. Now I don't think that blizz should really be responsible for people using crappy passwords. They shouldn't really need to force people to be smart about passwords. But making it caps sensetive is such an easy thing to make it harder to brute force your way into someone elses account.
Edit: I do like the above comic, and while it may not add much additional time to hack, there still isn't really a good reason not to have it.
Wow. I never even realized that the passwords weren't case sensetive. I am a fan of most Blizz games, but that is kinda lame. I didn't believe it until I tried logging in to D3 and used all caps instead of the usual mix I use of lower and upper case, and couldn't believe it when it let me log on. What can the possible argument in support of this be? Why wouldn't you make a password case sensetive?
Tbh, this didn't work for my actual account. Nor do I recall it working when I played WoW. It feels like a bug.
Edit: I do like the above comic
I will repeat again that most password fields do not let you have passwords that long, nor are you forced to use leetspeak. I'm not sure what you can appreciate about that comic, tbh... Furthermore, it's not like they couldn't adapt to doing a word pick instead of a weapon pick. It's just Word A, B, C, D. Get a dictionary and that gets cracked in seconds. Thing is, most passwords are <10 char.
People failing to secure their computer system is not the developers fault. (we already have the government nannying us take some personal responsibility).
I saw someone complaining about havign to use their email to log in with battle.net
Use a different email address for your MMO's, Forum logins, Personal and banking. (yes thats more than 1 email address). Why?
Blizzard didnt get you hacked, your own ignorance did, lots of resources and tools (authenticator, phone verification) exist to keep you secure.
People failing to secure their computer system is not the developers fault. (we already have the government nannying us take some personal responsibility).
I saw someone complaining about havign to use their email to log in with battle.net
Use a different email address for your MMO's, Forum logins, Personal and banking. (yes thats more than 1 email address). Why?
Blizzard didnt get you hacked, your own ignorance did, lots of resources and tools (authenticator, phone verification) exist to keep you secure.
The problem here is that Blizzard isn't giving players the possibility to secure their accounts as well as they'd want, especially when case sensitivity is usually a given in passwords. If people choose a weak password, of course it's not the developer's fault. But when the player chooses a rather strong password, and the developer's coding reduces its strength significantly against the will of the player, players have every right to demand the developer to fix this issue, and they have every right to call out the developer on this.
Sure Blizzard could do a better job. But case sensitivity is mainly important in brute force hacks. With so many dummies getting keylogged, I don't see why they would need to brute force, which will attract Blizzards attention. An authenticator is 1000x better than case sensitive passwords.
It would be nice to be able to use an authenticator AND be able to lock your logins to a specific IP.
Most people don't realize their IP changes every time their dsl modem resets.
It takes a minute to get the new IP and update it with battlenet. Certainly a worthwhile "option" to have turned on for those wanting more security.
Originally posted by Irus I am much more bothered by the fact that Blizzard uses your email as the login. That is pure idiocy. It means if you use your email anywhere else there's potential it gets out (since most companies aren't careful with them) and then hackers have a list of account names they can use. For that reason, I have an email just for battle.net alone. Using an internal ID would be so much better...
Indeed. I have my own domain name so I was able to create a new email address which is used for battle.net and nothing else, but if you're not in a position to do that, then this is a definite security issue.
Originally posted by zevian I saw someone complaining about havign to use their email to log in with battle.net. Use a different email address for your MMO's, Forum logins, Personal and banking.
..although I see some people are happy to blame the victim.
Originally posted by Irus I will repeat again that most password fields do not let you have passwords that long, nor are you forced to use leetspeak.
Most password fields ARE that long. Passwords should always be stored hashed so there is absolutely no reason not to allow long ones. For websites, I use a little app I wrote to generate seeded passwords, it spits out a 44-character random code, and it is very rare for me to encounter a website that restricts password lengths below that. Although some of the ones that do are a bit worrying - e.g. Paypal.
Originally posted by zymurgeist Battle.net passwords can be from eight to sixteen characters in length.
That I also find scary. I'm not too worried about my battle.net security since I do use an authenticator. But if they didn't provide that option, the combination of email address for username + short limit on password length + incredibly desirable target for hacking (I heard once that WoW accounts sold for more than credit card numbers, in bulk) would be a surefire disaster.
Apparently, Blizzard's stance on account security is horribly amateurish & lackluster allowing for even some of THE MOST basic account compromising attempts to be used.
So how again is it Blizzards fault if someone uses Money as a password agian? Do they really HAVE TO hold everyones hand?
Did you ever think that the reason things like this happen often is due to a persons STUPIDITY? You cannot regulate stupid, stupid will always find more ways to be stupid and find a way around whatever is there to make them seem less stupid because stupid is what stupid does...and what they do...is stupid.
Stop asking for companies to make up for other peoples shortcomings...and ask stupid people to start learning how to use their puters or GTFO off of them. If anything, ask the government to require people to get a computer license...so they have to take a damn test showing they have basic knowledge of it.
I hope we shall crush...in its birth the aristocracy of our moneyed corporations, which dare already to challenge our government to a trial of strength and bid defiance to the laws of our country." ~Thomes Jefferson
The concept of entropy may be beyond the average joe but: Average Joe just want "things that works" and with that, he is perfectly (unknowingly) ok with not only bending over but also pulling his pants down in the process.
We dont need casuals in our games!!! Errm... Well we DO need casuals to fund and populate our games - But the games should be all about "hardcore" because: We dont need casuals in our games!!! (repeat ad infinitum)
The concept of entropy may be beyond the average joe but: Average Joe just want "things that works" and with that, he is perfectly (unknowingly) ok with not only bending over but also pulling his pants down in the process.
American Journal of NPA in 1953, Peter the Hermit, 13th century. Plato quoting Socrates, 5th century BC....Hesiod in the 8th century BC...
All stated that we are in a state of decline socially...so are we? or are people just not changing at all...because I highly doubt we have been in a state of decline since the 8th century BC.
I hope we shall crush...in its birth the aristocracy of our moneyed corporations, which dare already to challenge our government to a trial of strength and bid defiance to the laws of our country." ~Thomes Jefferson
Well...gotta love Blizzard on their proactive business model! First, they charge you full price for their games, then require you to pay a monthly rental on some of their games to be able to play, provide a real cash auction house, THEN provide poor security, then charge for a dongle to increase your security.
Oh and did I mention that they VERIFIED their poor security in their own technical support forum...with ways to verify that 'yes of course we've been doing this for years, check here and here and here'!
I am so glad I paid for D3! I can't wait to be burgled! Thanks Blizzard for supporting your old customers that knew you when!
Can anyone not understand why the MMO landscape is dieing? Oh yeah...I did buy the game didn't I? At least I'm not planning on playing more than a few months....
Originally posted by Roybe ..then charge for a dongle to increase your security.
You can bitch about a lot of things regarding battle.net security, but they give you those dongles for less than cost price. And they provide a free mobile app (even for the unpopular Windows Phone!) if you don't want to spend even a few bucks.
Originally posted by Roybe ..then charge for a dongle to increase your security.
You can bitch about a lot of things regarding battle.net security, but they give you those dongles for less than cost price. And they provide a free mobile app (even for the unpopular Windows Phone!) if you don't want to spend even a few bucks.
When my bank requires me to provide this level of security, I might buy one for a stupid game. It's a game. With real money transactions...oh wait..maybe Blizzard needs to rethink their security a LITTLE bit?
BTW...I am a D3 fanboy...but I find this security issue to be more than a little disturbing because..hey...Minecraft Alpha had better security than this...at least passwords were case sensitive for that game.
Btw if you can show me the wholesale cost of one of those authenticators..I'll believe Blizzard is losing money. As far as the phone apps...I don't have a cell phone, don't need a cell phone, and live in an area where a cell phone doesn't work. Guess what I don't have.
Well I'm not aware of Blizzards password policys but if passwords aren't case sensitive and you can try the password an unlimited amount of times then it makes it quite easy to hack accounts.
If someone gets your account name all they have to do is set up a computer to run a rainbow table(list of letter/number combinations) and run it until it finds your password. If your password is under 10 characters and it's not case sensitive then it doesn't take very long to break
Kyleran: "Now there's the real trick, learning to accept and enjoy a game for what
it offers rather than pass on what might be a great playing experience
because it lacks a few features you prefer."
John Henry Newman: "A man would do nothing if he waited until he could do it so well that no one could find fault."
FreddyNoNose: "A good game needs no defense; a bad game has no defense." "Easily digested content is just as easily forgotten."
LacedOpium: "So the question that begs to be asked is, if you are not interested in
the game mechanics that define the MMORPG genre, then why are you
playing an MMORPG?"
Ok I didnt read this entire thread but is the OP saying D3 passwords are not case sensitive? Seriously? That is like basic security practices when it comes to passwords... disgraceful.
My brother in law told me to change my password since his account got hacked, didn't know i had an authenticator from my wow days. He said blizzard indicated it was the choice of passwords that caused his issue.
His password was the serial number off one of his les pauls...so
Part of the reason people are getting hacked more often is that gaming companies, not just Blizzard, are requiring you to use an email as your user name. If people were allowed to use their own unique user name plus a password, hacking accounts would be less common imo.
And authenticators aren't some sort of scam. You can dowload them as free aps for your cell phones. I also imagine sorting out hacked accounts is both time consuming and expensive for the companies.
Is a man not entitled to the herp of his derp?
Remember, I live in a world where juggalos and yugioh players are real things.
Yes, people get hacked because they use incredibly easy to guess/crack passwords, but that is as much Blizzards fault as it is the users.
Blizz should REQUIRE people to have a password which is:
1) Minimum 8 characters long
2) Contains Upper AND Lower case Characters
3) Contains at least one number
4) Allowed to have special characters such as !"£$ etc
People should also be able to use whatever username they want, as the poster above suggested as this means there are 2 unique things that hackers have to crack, rather than just farming peoples email addresses.
Finally accounts should be locked out after 3 failed login attempts.
These things are STANDARD PRACTICE for network / computer security worldwide, so why isnt Blizzard doing it? Ill tell you why - because it would increase the amount of customer service calls/emails they get and they dont want to spend money on staff to handle it. Its not all Blizzards fault though. They also dont want to get the bad press from dumb WOW users complaining their account is locked out because they cant type their password. These same people would also complain like hell if their account got locked out because someone tried to hack it when they should be thanking Blizz for protecting their account.
Cluck Cluck, Gibber Gibber, My Old Mans A Mushroom
Yes, people get hacked because they use incredibly easy to guess/crack passwords, but that is as much Blizzards fault as it is the users.
Actually I highly doubt it. Frankly I seriously doubt there has ever been a successful brute force attack on a Bnet account. Anyone who thinks Blizz can't easily detect and stop a brute-force password attack is seriously delusional.
The sophistication of your password is wholly irrelevant when the bad guys already have it, and frankly it's so depressingly easy to get people to give you their password that there's no real incentive to come up with anything more sophisticated. About the only way they didn't already have your password (and they probably did even then) is if it was a man-in-the-middle attack, and either way it's you and/or your system that's the problem, not Blizz.
Dont realy get why ppl always say account got hacked in wow for example most are being keylogged from some fishy mail or website etc. If you are being keylogged it doesnt realy matter how strong your password is since they can see it anyway , best thing to do is get a authenticator than it will be very hard to loose your acc. Also it may seem that this happens more with blizzard tho i think its just because its more popular and accounts are more worth than other games, also when they keylog somebody they get acces to all battlenet related games.
Yes, people get hacked because they use incredibly easy to guess/crack passwords, but that is as much Blizzards fault as it is the users.
Blizz should REQUIRE people to have a password which is:
1) Minimum 8 characters long
2) Contains Upper AND Lower case Characters
3) Contains at least one number
4) Allowed to have special characters such as !"£$ etc
People should also be able to use whatever username they want, as the poster above suggested as this means there are 2 unique things that hackers have to crack, rather than just farming peoples email addresses.
Finally accounts should be locked out after 3 failed login attempts.
These things are STANDARD PRACTICE for network / computer security worldwide, so why isnt Blizzard doing it? Ill tell you why - because it would increase the amount of customer service calls/emails they get and they dont want to spend money on staff to handle it. Its not all Blizzards fault though. They also dont want to get the bad press from dumb WOW users complaining their account is locked out because they cant type their password. These same people would also complain like hell if their account got locked out because someone tried to hack it when they should be thanking Blizz for protecting their account.
Except it turns out almost no one is getting password hacked. Of the relatively few who do get hacked the password was obtained by other means and known to the hacker before they ever attempted to log in. Which is bizarre to say the least.
That suggests that blizzards servers have been compromised then, rather than hackers cracking individual users account passwords. Either that or they are being sold.
Cluck Cluck, Gibber Gibber, My Old Mans A Mushroom
I have two words for blizzard and their account security.
Coin Lock
This is a Trion invention. If your account is compromised, say you live in NYC and you account is accesed from China, that person who hacked you will not be able to sell,delete, or talk. Once you log back in you hit the coin button and an email is sent to you with a code to unlock your toon.
I would point out that I do not think that password integrity/complexity is the issue here..although it can be. I believe that there is no incentive, no percieved incentive, to Blizzard to provide a secure play environment for it's player base. It could be they just have so many customers that they don't care about the few % that might get hacked OR horrifically, don't care if large %'s of the playerbase are hacked since they already got your $$$! What do they care if you get hacked. It's not their problem!
Now I have 2 D2 accounts from the '90's, and neither of them have ever been hacked, one has characters that are from that time period, with loot that isn't so bad, etc. etc. I've used common sense when setting up passwords, etc. and that might be helpful. However, 90's level security on a single player game with multi player options, compared to a multiplayered online game, with single user capabilities ALSO providing banking services with real money...would make one consider that the provider SHOULD be thinking a little differently about their security services than...'you've screwed up, you didn't install your 'real' security'.
I have seen game putting some keyboard inside the game at the logging screen so u dont type with ur keyboard to enter ur password but have to click with ur Mouse, . or when they are inside game and want o accet to your bank or inventory you need to enter a code. so even if u get hack people dont have acces to ur inventory (character table) or bank. So until u logout or get diconnect u have acces to ur bank and stuff without retyping ur code ,
similar to Runescape. i think stuff like that should be added in most of the game now , because hacking is now a sport play by alot of people lol,
~The only opinion that matters is your own.Everything else is just advice,~
Comments
I really think that having case sensitive passwords is something that should be done... but to be honest, I really doubt it's the main cause of stolen accounts, or even a significant one to take into account.
Simply it's the law of less effort... yes, having non case sensitive passwords make it easier to brute force a password, but it can still take days to do, and we have no idea what other resources they have in place to protect against it (maybe the system lets you try as much as you can, but if an account is being tried to be accessed with different passwords for over an hour or so it might cause a red flag on their system or something).
So... for someone that wants to steal as many user accounts as they can, not someone's specific account, what makes more sense... to spend a day or so brute forcing the password for each and every account, or just mass send fake blizzard emails and have lots of people willingly send their data over, not to mention all the lists they might already have with passwords for facebook, gmail and the like where people put the same info everywhere.
BTW, I do believe that we could do more for password security by forwarding this xkcd comic than by wanting case sensitive passwords..
EDIT: was beaten to the comic by 2 posts..
What can men do against such reckless hate?
Was about to rant hard, thank you saving my time
stylin'
Wow. I never even realized that the passwords weren't case sensetive. I am a fan of most Blizz games, but that is kinda lame. I didn't believe it until I tried logging in to D3 and used all caps instead of the usual mix I use of lower and upper case, and couldn't believe it when it let me log on. What can the possible argument in support of this be? Why wouldn't you make a password case sensetive? Hell my bank asks me security questions every time I log in from a different browser, not just computer, and even the security questions they ask are case sensetive. Now I don't think that blizz should really be responsible for people using crappy passwords. They shouldn't really need to force people to be smart about passwords. But making it caps sensetive is such an easy thing to make it harder to brute force your way into someone elses account.
Edit: I do like the above comic, and while it may not add much additional time to hack, there still isn't really a good reason not to have it.
People failing to secure their computer system is not the developers fault. (we already have the government nannying us take some personal responsibility).
I saw someone complaining about havign to use their email to log in with battle.net
Use a different email address for your MMO's, Forum logins, Personal and banking. (yes thats more than 1 email address). Why?
Blizzard didnt get you hacked, your own ignorance did, lots of resources and tools (authenticator, phone verification) exist to keep you secure.
The problem here is that Blizzard isn't giving players the possibility to secure their accounts as well as they'd want, especially when case sensitivity is usually a given in passwords. If people choose a weak password, of course it's not the developer's fault. But when the player chooses a rather strong password, and the developer's coding reduces its strength significantly against the will of the player, players have every right to demand the developer to fix this issue, and they have every right to call out the developer on this.
It takes a minute to get the new IP and update it with battlenet. Certainly a worthwhile "option" to have turned on for those wanting more security.
..although I see some people are happy to blame the victim.
Most password fields ARE that long. Passwords should always be stored hashed so there is absolutely no reason not to allow long ones. For websites, I use a little app I wrote to generate seeded passwords, it spits out a 44-character random code, and it is very rare for me to encounter a website that restricts password lengths below that. Although some of the ones that do are a bit worrying - e.g. Paypal.
That I also find scary. I'm not too worried about my battle.net security since I do use an authenticator. But if they didn't provide that option, the combination of email address for username + short limit on password length + incredibly desirable target for hacking (I heard once that WoW accounts sold for more than credit card numbers, in bulk) would be a surefire disaster.So how again is it Blizzards fault if someone uses Money as a password agian? Do they really HAVE TO hold everyones hand?
Did you ever think that the reason things like this happen often is due to a persons STUPIDITY? You cannot regulate stupid, stupid will always find more ways to be stupid and find a way around whatever is there to make them seem less stupid because stupid is what stupid does...and what they do...is stupid.
Stop asking for companies to make up for other peoples shortcomings...and ask stupid people to start learning how to use their puters or GTFO off of them. If anything, ask the government to require people to get a computer license...so they have to take a damn test showing they have basic knowledge of it.
I hope we shall crush...in its birth the aristocracy of our moneyed corporations, which dare already to challenge our government to a trial of strength and bid defiance to the laws of our country." ~Thomes Jefferson
+2!
The concept of entropy may be beyond the average joe but: Average Joe just want "things that works" and with that, he is perfectly (unknowingly) ok with not only bending over but also pulling his pants down in the process.
We dont need casuals in our games!!! Errm... Well we DO need casuals to fund and populate our games - But the games should be all about "hardcore" because: We dont need casuals in our games!!!
(repeat ad infinitum)
American Journal of NPA in 1953, Peter the Hermit, 13th century. Plato quoting Socrates, 5th century BC....Hesiod in the 8th century BC...
All stated that we are in a state of decline socially...so are we? or are people just not changing at all...because I highly doubt we have been in a state of decline since the 8th century BC.
I hope we shall crush...in its birth the aristocracy of our moneyed corporations, which dare already to challenge our government to a trial of strength and bid defiance to the laws of our country." ~Thomes Jefferson
Well...gotta love Blizzard on their proactive business model! First, they charge you full price for their games, then require you to pay a monthly rental on some of their games to be able to play, provide a real cash auction house, THEN provide poor security, then charge for a dongle to increase your security.
Oh and did I mention that they VERIFIED their poor security in their own technical support forum...with ways to verify that 'yes of course we've been doing this for years, check here and here and here'!
I am so glad I paid for D3! I can't wait to be burgled! Thanks Blizzard for supporting your old customers that knew you when!
Can anyone not understand why the MMO landscape is dieing? Oh yeah...I did buy the game didn't I? At least I'm not planning on playing more than a few months....
When my bank requires me to provide this level of security, I might buy one for a stupid game. It's a game. With real money transactions...oh wait..maybe Blizzard needs to rethink their security a LITTLE bit?
BTW...I am a D3 fanboy...but I find this security issue to be more than a little disturbing because..hey...Minecraft Alpha had better security than this...at least passwords were case sensitive for that game.
Btw if you can show me the wholesale cost of one of those authenticators..I'll believe Blizzard is losing money. As far as the phone apps...I don't have a cell phone, don't need a cell phone, and live in an area where a cell phone doesn't work. Guess what I don't have.
salting takes care of the rainbow table problem.
Epic Music: https://www.youtube.com/watch?v=vAigCvelkhQ&list=PLo9FRw1AkDuQLEz7Gvvaz3ideB2NpFtT1
https://archive.org/details/softwarelibrary_msdos?&sort=-downloads&page=1
Kyleran: "Now there's the real trick, learning to accept and enjoy a game for what it offers rather than pass on what might be a great playing experience because it lacks a few features you prefer."
John Henry Newman: "A man would do nothing if he waited until he could do it so well that no one could find fault."
FreddyNoNose: "A good game needs no defense; a bad game has no defense." "Easily digested content is just as easily forgotten."
LacedOpium: "So the question that begs to be asked is, if you are not interested in the game mechanics that define the MMORPG genre, then why are you playing an MMORPG?"
Ok I didnt read this entire thread but is the OP saying D3 passwords are not case sensitive? Seriously? That is like basic security practices when it comes to passwords... disgraceful.
My gaming blog
My brother in law told me to change my password since his account got hacked, didn't know i had an authenticator from my wow days. He said blizzard indicated it was the choice of passwords that caused his issue.
His password was the serial number off one of his les pauls...so
Part of the reason people are getting hacked more often is that gaming companies, not just Blizzard, are requiring you to use an email as your user name. If people were allowed to use their own unique user name plus a password, hacking accounts would be less common imo.
And authenticators aren't some sort of scam. You can dowload them as free aps for your cell phones. I also imagine sorting out hacked accounts is both time consuming and expensive for the companies.
Is a man not entitled to the herp of his derp?
Remember, I live in a world where juggalos and yugioh players are real things.
OP is completely correct.
Yes, people get hacked because they use incredibly easy to guess/crack passwords, but that is as much Blizzards fault as it is the users.
Blizz should REQUIRE people to have a password which is:
1) Minimum 8 characters long
2) Contains Upper AND Lower case Characters
3) Contains at least one number
4) Allowed to have special characters such as !"£$ etc
People should also be able to use whatever username they want, as the poster above suggested as this means there are 2 unique things that hackers have to crack, rather than just farming peoples email addresses.
Finally accounts should be locked out after 3 failed login attempts.
These things are STANDARD PRACTICE for network / computer security worldwide, so why isnt Blizzard doing it? Ill tell you why - because it would increase the amount of customer service calls/emails they get and they dont want to spend money on staff to handle it. Its not all Blizzards fault though. They also dont want to get the bad press from dumb WOW users complaining their account is locked out because they cant type their password. These same people would also complain like hell if their account got locked out because someone tried to hack it when they should be thanking Blizz for protecting their account.
Cluck Cluck, Gibber Gibber, My Old Mans A Mushroom
Actually I highly doubt it. Frankly I seriously doubt there has ever been a successful brute force attack on a Bnet account. Anyone who thinks Blizz can't easily detect and stop a brute-force password attack is seriously delusional.
The sophistication of your password is wholly irrelevant when the bad guys already have it, and frankly it's so depressingly easy to get people to give you their password that there's no real incentive to come up with anything more sophisticated. About the only way they didn't already have your password (and they probably did even then) is if it was a man-in-the-middle attack, and either way it's you and/or your system that's the problem, not Blizz.
Dont realy get why ppl always say account got hacked in wow for example most are being keylogged from some fishy mail or website etc. If you are being keylogged it doesnt realy matter how strong your password is since they can see it anyway , best thing to do is get a authenticator than it will be very hard to loose your acc. Also it may seem that this happens more with blizzard tho i think its just because its more popular and accounts are more worth than other games, also when they keylog somebody they get acces to all battlenet related games.
That suggests that blizzards servers have been compromised then, rather than hackers cracking individual users account passwords. Either that or they are being sold.
Cluck Cluck, Gibber Gibber, My Old Mans A Mushroom
I have two words for blizzard and their account security.
Coin Lock
This is a Trion invention. If your account is compromised, say you live in NYC and you account is accesed from China, that person who hacked you will not be able to sell,delete, or talk. Once you log back in you hit the coin button and an email is sent to you with a code to unlock your toon.
I would point out that I do not think that password integrity/complexity is the issue here..although it can be. I believe that there is no incentive, no percieved incentive, to Blizzard to provide a secure play environment for it's player base. It could be they just have so many customers that they don't care about the few % that might get hacked OR horrifically, don't care if large %'s of the playerbase are hacked since they already got your $$$! What do they care if you get hacked. It's not their problem!
Now I have 2 D2 accounts from the '90's, and neither of them have ever been hacked, one has characters that are from that time period, with loot that isn't so bad, etc. etc. I've used common sense when setting up passwords, etc. and that might be helpful. However, 90's level security on a single player game with multi player options, compared to a multiplayered online game, with single user capabilities ALSO providing banking services with real money...would make one consider that the provider SHOULD be thinking a little differently about their security services than...'you've screwed up, you didn't install your 'real' security'.
I have seen game putting some keyboard inside the game at the logging screen so u dont type with ur keyboard to enter ur password but have to click with ur Mouse, . or when they are inside game and want o accet to your bank or inventory you need to enter a code. so even if u get hack people dont have acces to ur inventory (character table) or bank. So until u logout or get diconnect u have acces to ur bank and stuff without retyping ur code ,
similar to Runescape. i think stuff like that should be added in most of the game now , because hacking is now a sport play by alot of people lol,
~The only opinion that matters is your own.Everything else is just advice,~