Log in to ZYGOR
Log in with social media
OR
Log in with Zygor account
Forgot your password?
  • If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Announcement

Collapse
No announcement yet.

Keeping your account secure!

Collapse
This topic is closed.
X
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Keeping your account secure!

    I agree the Blizzard authenticators are the best thing Blizzard has come up with since creating WOW. There are a few other things you can do to increase account security, authenticator added or not, to help you sleep a little better at night.

    1. Use Long passwords that alternate between letter and number (1a2b3c4d) and change it often (I change it once a week). That is the one of the hardest passwords to crack.

    2. To get around key loggers, open your typing program (MS Word, Word Perfect, etc) and type your password only, save the file to your desktop and just Copy/Paste the password on the login screen. Most key loggers record what letters are typed when a certain program is loaded (WOW, Everquest, etc).

    3. Don't get sloppy even if you have an authenticator. There have been a lot of people on the servers that I play on that have had there accounts hacked and they all had authenticators attached. The authenticators (in hand, not Ipod apps) have a fixed number of codes that are on a fixed loop. I have seen the same numbers pop up on mine several times and I'm betting the key loggers can keep track of that too, all you have to do is enter the next number in the sequence and your in.

    4. If the address doesn't have blizzard.com or Battle.net, IGNORE IT!
    Most people see something like that and think its real. Ask yourself one thing, would a blizzard employee send me a message from a yahoo.com or hotmail.com account? Would Blizzard send me a message in game telling me to go to any other site other than Blizzard.com? Everything WOW is on worldofwarcraft.com and everything Blizzard is on Blizzard.com or Battle.net.

    Hope this helps, I have been hacked and know how painful it is to find everything you worked long and hard for be destroyed by a greedy little... (insert expletive here). Good luck to all.
    Its not an addiction if you ignore paying for 9 accounts every month.....

  • #2
    KAPT Guide [Know your account protection tips]

    =====================
    | KAPT Guide version 1.21 |
    =====================


    First off I will have to say that the state in which people have been getting hacked is in and of itself inadvertently the cause of their own lack of knowledge. Its like an adult stealing money from a little kid by shorting him by using his own superior knowledge of math. I personally for one am not a trusting individual and I have yet to have been hacked by anyone but my own friend a few years ago.


    First off, bring protection. Have your laughs at that but really, what virus protections are you using? Is it that hard to do research and find the one that's right for you? There are free virus protection programs like Avast, and Avg. Even Comodo for a firewall, that one is amazing. Every computer I've had has had a combination of the 3 [obviously switching avast or avg to avoid conflict].


    Secondly, do not trust strangers. Know your official notices and know your scammers blizzard will never just whisper you in game about anything without proof of their identity. In many cases You can tell by the grammar! You should know by now that phishers are trying harder than ever to get your own hard earned gold and your very account and they wont care how much time you've spent on your glorious toons to get it. They are out for one thing, business.


    If 'blizzard' is sending you emails, check the email out. Does it have blizzards official header, footer? Does it state that your account has been compromised and urges you to click their link? Well, that is a obvious tactic, they want to make it seem like your in danger. After all, if you've put your heart and soul into something you would do just about anything to protect it... right? So they assume you will click their link.


    Never, never click a link within a email stating something like this. Do yourself a favor, and delete it. For good measure, manually type the link to the official blizzard website in your web browser manually and change your password.

    The more you use a password the more compromised it becomes, If you sign up within even your trusted guilds website its still a risk. Its even more a risk seeing as you have to use your email to go along with it in most cases. For all occasions, Keep your passwords unique. You can only blame yourself. For added measure, use a separate email address for things like that.
    [This tip courtesy of "Kordd" from the server Vashj.]

    The whispers you get in-game that will denounce your account as suspended or has been compromised is 9 out of 10 times wrong, add another 1 point to that 9 if you get a message from someone that does not have the blatantly obvious 'blizzard' crown next to their name even in whispers, secondly why would blizzard whisper you in game on an account that is compromised or suspended? Think about that for a second.

    Most browsers like firefox and internet explorer show you where the link sends you, if you hover it over the link itself. Is it a link that does not exactly match the WoW official website? Then that will clue you in to how valid this email from 'blizzard' is.

    Whilst I stick to my habit of never clicking links in emails. If you are concerned that any of that is true it is a very good thing to know the validity of the sender by checking the accuracy of the link(s) in the email itself.
    [This tip curtosy of moderator Kamchak of the forums of zygorguides.]


    Methods of protection You do need to arm yourself just like you do in game. You arent gonna do a end game raid with shoddy green quest gear right? Here are methods listed simply below.

    1.) Get Virus Protection and a Fire Wall.
    2.) Put an authenticator on it! These things do work or they wouldn't be selling that much
    2a.)Download the authenticator software onto your Iphone or Ipod if you can, this is cheaper in the long run and more variant of codes apparently. [Tip curtsy of trevo66 of the Zygor guides forum]
    3.) Don't share your account info with your friend, because you are placing your account safety in his hands.
    4.) Don't Click Links in emails stating that your account is dire jeopardy of any sort, don't be lazy and type it out.
    5.) Get the badboy addon from the official curse website. It will weed out false whispers if you have trouble deciphering which one is an official message and which one is fake.
    6.) Use a Unique password everywhere you go.
    7.) Check for the blizzard crown in whispers ingame.
    8.) Check the validity of the links you get in emails, by moving your mouse over it.


    [I will be adding more suggestions as I see good ones within the post to this one. If you want you can add your own short suggestions I will get around to adding them when I can.]

    Comment


    • #3
      Great post, thanks! :-)
      Become a Fan of Zygor Guides on Facebook:
      http://www.facebook.com/zygorguides

      Follow Zygor Guides on Twitter:
      http://twitter.com/zygorguides

      Comment


      • #4
        First of all, excellent post.

        I will add one important check you can perform on these "links" that are sent out to you in an email.

        Mouse over the link and check the bottom of your browser window. Most browsers will show where the link will take you, or the address the link sends you to.

        Further, if you are ingame and get a whisper that your account is suspended, consider this question..... how the heck are you playing in a game to get a whisper that the account you are playing on has been suspended?
        "The voices in my head may not be real, but they have some good ideas."

        Comment


        • #5
          I will amend it with that tip right away.

          Comment


          • #6
            Great post with great advise

            One thing, I advise gamers with iphones and itouches to get the downloaded version of Authenticator. The Keyring type is not as secure. The keyring type (although it has a large rotation of codes) can over time be predictable. The downloaded version is far more random in its codes.

            I would like to ask one question....

            Do other players get random "hello, how are you" from people in game? Pretty much everytime Im online I get these from people I dont know.....always level 1 toons, which I find odd as all my toons are 80....so we are no where near each other for some one to say hi.
            My question is.....who are these people and what are they trying to achieve?

            Thanks

            Comment


            • #7
              Gold sellers, just ignore them.

              Comment


              • #8
                I've recently noticed a large influx of email messages directed to the email address that I use for Curse. This address is not associated with my WOW account in any way. When I mouse over the link that has the blizzard.com address, I see a completely different address listed. These thieves are getting better everyday. None of my other email addresses get these hacker messages. I am really starting to wonder what the heck is going on over at Curse. Are they releasing their database of subscribers to anyone that writes an AddOn?? Every hacker email message has had my full name and my Curse email address.
                Very strange. Regarding protection, I have always used anti-virus, anti-spyware and a hardware firewall that checks the IP address of every Internet connection both incoming and outgoing. I also never open any ports that game manufacturers insist that you open. The hackers know these ports too. I was shocked the last time that I read my firewall log. So many port scans. It looks like I'm going to have to change my name to an alias over at Curse.

                Comment


                • #9
                  There are companies (most of them in fact) that sell, rent, or lease your information to 'sales listing' companies.
                  This is where most of your information is going, on a list available to everyone that has the $$ to buy it.

                  It is for this reason alone I place a different name and email on everything. This way, when I get something in an email addressed to 'john doe III' I know its crap and can toss it away.

                  IMPORTANT NOTE: anytime... anytime you get any message to log into this that or another and are offered a web address to go to, do not use it.
                  Yesterday, ingame, I was given a message from user "blizznotices" that told me I had a mount I had not collected, and a web address to go to. However, when I go into the "manage account" tab from the wow launcher, there is no such mount waiting for me. Also, there was no email sent to me to my main account.
                  Yes, the slimballs are getting very creative. If only they worked half as hard to make an honest dollar.
                  "The voices in my head may not be real, but they have some good ideas."

                  Comment


                  • #10
                    Of course if you do get an ingame message from a 'gm' ask them to appear in front of you in game, most are quite happy to do this.

                    Comment


                    • #11
                      Just run a Mac and you'll be much happier being relatively hack proof (unless you're one of these retards that DO click on links in game, emails from "blizzard" etc).

                      A good piece of advice that a bliz GM gave me is to make a fresh gmail account and have it forward to your normal account (in case Blizzard sends you the occasional email update) and use ONLY this email address for WoW. The premise behind this is that even if you've used your real email on facebook and with various websites that scammers/hackers dont know your battle.net login. Aside from that just use common sense, dont click on any offers in game, dont buy gold, dont get power leveled 3rd party, dont fall for Cataclysm invites via email asking to login using the link provided.

                      Comment


                      • #12
                        Macs are far from hackproof, Safari is the probably one of the worst web browsers from a security standpoint.

                        Over the years Apple has either ignored or been very slow to respond to security threats, much like Microsoft did during the 90's. The only thing that has kept Macs relatively safe over the years is their low ownership numbers, unfortunately increased popularity makes you a bigger target, especially when the idiots at an Apple store are telling people that anti-virus and malware software is not needed on a Mac. (This actually happened to me Saturday afternoon.)

                        Any computer that is not a standalone is vulnerable to being hacked regardless of architecture or operating system, it's just a matter of it being profitable for the hacker to exploit the vulnerability.
                        My tanks:
                        Losfer 110 Tauren Protection Paladin Area 52
                        Prassan 110 Tauren Guardian Druid Area 52
                        Theomach 102Tauren Protection Warrior Hyjal
                        Paschendale 100 Night Elf Brewmaster Monk Sargeras
                        Shangol 100 Troll Blood Death Knight Area 52
                        Nassic 100 Blood Elf Vengeance Demon Hunter

                        My DPS:
                        Kastenessen 100 Human Fire Mage Sargeras
                        Thoraynayla 110 Orc Marksmanship Hunter Arear 52
                        Findail 101 Forsaken Destruction Warlock Area 52

                        Comment


                        • #13
                          Originally posted by Sibarian View Post
                          =====================
                          | KAPT Guide version 1.21 |
                          =====================

                          Most browsers like firefox and internet explorer show you where the link sends you, if you hover it over the link itself. Is it a link that does not exactly match the WoW official website? Then that will clue you in to how valid this email from 'blizzard' is.
                          Maybe explain that to see the real link when you hover over the link, you should check in the left-down corner (right above the Start button).
                          And make an example: http://www.this-is-a-fake-link.com/
                          What you think is the link, is actually the "name" of the link.

                          Never register with your real name on e-mails that you shall use for forums, blog sites and so forth.

                          Before open an e-mail, right-click on it and click 'View source code'.
                          A new window will appear; press Ctrl + F and search for '@' to find an e-mail adress that's not yours.
                          If you use Hotmail, then click 'View message source' in the context menu.
                          Check the e-mail adress if it's the same as Blizzard's, but you should also add all Blizzard's e-mail adresses to your whitelist or contact list.
                          It will make it more convenient to check if the e-mail adresses are the same.
                          This goes for any emails that claim to be a well-known company.

                          Recommended e-mail providers to use: Hushmail, Gmail or Yahoo (but it's filled with ads).
                          Remember to always at least login once before 30 days have passed, or else your e-mail will get deleted or inactive, and have to pay for premium to get it active again.

                          How to make easy rememberable passwords, but will reduce the security at some points.
                          Never, ever use words, some hacking programs can detect a word almost as easy as one letter (i.g. magicbananadog is just as safe as using only the letter A).
                          Use numbers and symbols in your passwords.
                          F.ex. instead of using 1234, use Shift + 1234, or Alt Gr.
                          Note that 1 does not have a symbol with Alt Gr.
                          And maybe also use backwards, 4321.
                          You can also use the 1337 language with words to make your password easier to remember.
                          And if you like, a capital letter on each word.
                          F.ex. $@M4g1cB4n4n4D0g!"#
                          Wich would be Alt Gr + 432 in the beginning, magicbananadog in 1337 language and Shift + 1234.

                          Use CCleaner to remove logs and traces in Windows.
                          And remember to tick "IIS log files" in the Windows fan.
                          Download: www.piriform.com/ccleaner

                          When you shall delete files, use Eraser to overwrite them.
                          Remember to not use this application for uninstalling other softwares.
                          Download: http://eraser.heidi.ie/

                          This will completely wipe everything on your hard disk, if you ever shall reformat your hard disk.
                          Download: http://www.dban.org/

                          Scans your computer for security holes.
                          Download: http://secunia.com/

                          Scans your network for security holes.
                          Download: http://www.nessus.org/nessus/

                          Test your security on your wireless network.
                          Download: http://www.kismetwireless.net/

                          Online scanners to scan individual files with several anti-virus programs.
                          Jotti: http://virusscan.jotti.org/en
                          VirusTotal: http://www.virustotal.com/

                          Recommended Firefox Addons.
                          TACO: https://addons.mozilla.org/en-US/firefox/addon/11073/
                          Adblock Plus: https://addons.mozilla.org/en-US/firefox/addon/1865/
                          CustomizeGoogle: https://addons.mozilla.org/en-US/firefox/addon/743/
                          Web of Trust: https://addons.mozilla.org/en-US/firefox/addon/3456/
                          NoScript: https://addons.mozilla.org/en-US/firefox/addon/722/
                          Tor: https://www.torproject.org/easy-download.html.en

                          Comment


                          • #14
                            Originally posted by xzec View Post
                            Could I add links from torrent sites for antiviruses, anti-spywares and firewalls, and explanations on how to install and use it?
                            I would prefer those not be added. While they are out there and being used, it is still hacked and/or just plain stolen use of software.
                            I would like to keep Zygor et al away from appearing to condone such activity.
                            "The voices in my head may not be real, but they have some good ideas."

                            Comment


                            • #15
                              Easy tip to do is to change the email address for your battle.net account to a unique one which you only use for warcraft.

                              Comment

                              Working...
                              X