No offense but, there is a ton of information in that post that is just not accurate.
Having worked in computer security for 12 years now, the number one issue to account security is phishing and unpatched software.
And with the authenticator, phishing is (almost) a completely moot point.
However, to deal with phishing for a brief moment, there is one basic rule when it comes to WoW specifically.
CALL Blizzard. Dont email, dont use their IM service, do NOT talk to a gm in-game about it, etc. Pick up the phone and talk to someone. They have very good customer service (once you can actually get past the usual 30 minute hold time).
The bigger issue is unpatched software. This includes the top 5 vulnerabilities right now, Windows updates, Adobe Flash, Adobe PDF Reader, Java, and Browser updates (and this includes EVERY browser you have installed on your system, REGARDLESS of whether you are using it).
If you have something installed, it is YOUR responsibility to update it. Check your OS updates, browsers (and plugins), Java (uninstall it if you dont need it and by the way, chances are you do NOT need Java installed), Flash (see my message about Java 15 words ago in bold), etc.
The general rule of thumb in the industry is, if you dont use it, UNINSTALL it. Check your plugins for your browsers, if you dont use them, UNINSTALL them.
When it comes to software, if you didnt go looking for it, DO NOT install it!
The last point of contention is the notion of authenticators and whether hardware authenticators are better than software authenticators.
There is NO difference between the two. They both function exactly the same way on the back end. Numbers statistically have a VERY low chance of repeating (as in, you wont see the same number in the same 5 years of use). People making claims otherwise are likely not remembering the numbers they have previously typed in.
Remember that authenticators do NOT make you 100% safe! They are an additional step in the authentication process. A good security policy requires authentication via something you KNOW (a password for example) and something you HAVE (an authenticator, biometrics, etc).
If you dont have an authenticator, get one. But remember, it is not foolproof as we saw last week with the Blizzard Armory hack.
Id add more to this but I need to skip out the door to run some errands before it gets any later. Perhaps later today.
Having worked in computer security for 12 years now, the number one issue to account security is phishing and unpatched software.
And with the authenticator, phishing is (almost) a completely moot point.
However, to deal with phishing for a brief moment, there is one basic rule when it comes to WoW specifically.
CALL Blizzard. Dont email, dont use their IM service, do NOT talk to a gm in-game about it, etc. Pick up the phone and talk to someone. They have very good customer service (once you can actually get past the usual 30 minute hold time).
The bigger issue is unpatched software. This includes the top 5 vulnerabilities right now, Windows updates, Adobe Flash, Adobe PDF Reader, Java, and Browser updates (and this includes EVERY browser you have installed on your system, REGARDLESS of whether you are using it).
If you have something installed, it is YOUR responsibility to update it. Check your OS updates, browsers (and plugins), Java (uninstall it if you dont need it and by the way, chances are you do NOT need Java installed), Flash (see my message about Java 15 words ago in bold), etc.
The general rule of thumb in the industry is, if you dont use it, UNINSTALL it. Check your plugins for your browsers, if you dont use them, UNINSTALL them.
When it comes to software, if you didnt go looking for it, DO NOT install it!
The last point of contention is the notion of authenticators and whether hardware authenticators are better than software authenticators.
There is NO difference between the two. They both function exactly the same way on the back end. Numbers statistically have a VERY low chance of repeating (as in, you wont see the same number in the same 5 years of use). People making claims otherwise are likely not remembering the numbers they have previously typed in.
Remember that authenticators do NOT make you 100% safe! They are an additional step in the authentication process. A good security policy requires authentication via something you KNOW (a password for example) and something you HAVE (an authenticator, biometrics, etc).
If you dont have an authenticator, get one. But remember, it is not foolproof as we saw last week with the Blizzard Armory hack.
Id add more to this but I need to skip out the door to run some errands before it gets any later. Perhaps later today.
Comment