Account Security Warning
This morning, as is my usual habit, I tried to log into WoW from the computer in our library at home. Instead of the normal “Authentication Successful” message, a larger splash screen popped up, telling me that my account had been locked due to a detected “change in play pattern.” Now, my pattern is highly predictable. I normally play on the computer in my home library mornings and evenings, on my office work computer at lunchtime, and on my home office computer weekends, with rare forays on my laptop. That’s it; four computers, three of which never go anywhere. What could have changed?
Well, here’s the thing: on Tuesday evening, I was having problems staying connected. I didn’t think anything of it; rolling restarts on the servers frequently indicate server-side patches, and those frequently mean new bugs. Wednesday, one of my co-workers mentioned he had the same problem, but the third member of our lunch crowd said he hadn’t noticed anything.
What if those connection problems were caused by some account thief attempting to log into my (and my co-worker’s) account? Failing, of course, as he doesn’t have our authenticators, but still trying? Attempted logins from an unusual location (like, for example, China) qualify as a “change in play pattern.”
So this morning, I carefully typed the URL shown in the “account locked” popup (in Google Chrome, because Internet Explorer is about as secure as a tissue-paper bank vault), went through the rigamarole to change my password (this time using a more-secure randomized string), and logged in to play. The whole thing wasted about half of my normal early-morning play time (and prevented me from testing a particular add-on for the Emporium), but none of my Horde toons have been robbed. I should have checked the Alliance, too, I guess. I’ll do that later today.
Bottom line: If you don’t have an Authenticator, for your own sake, get one! I am certain that’s the only thing that kept my account from being stolen. And after you get it, if it’s the keyfob style, photocopy the serial number on the back and store that copy someplace safe, away from the computer and the Authenticator.
Use a “secure” password, one that you never use for anything else, at least eight characters long, mixed letters and numbers. Make it random if you can do that and still remember it. Write it down (yes, I know you’re always told “don’t write it down”) and put the slip of paper in your wallet. If you lose your wallet, your WoW password is a very minor problem, trust me.
And if you aren’t using Gmail for your main email address, open an account there now (it’s still free), and change your Battle.net information to point there. Gmail is very, very good at detecting “phishing” spam. I get around six spams every day that pretend to be from Blizzard. They never are. Gmail properly identifies them as phishing every time, with a large red banner across the top of the email. Granted, it also flagged the legitimate email from Blizzard this morning as “spam,” but it did NOT call it phishing. If anyone is interested, I can tell you how to identify the real source of an email; it’s pretty easy.
Be paranoid; this is the Internet, and they really are out to get you.
Oh, and have you ever been curious where those “we heard you like to sell your Wow Account, Dawg” emails that pretend to be from Blizzard would take you if you followed the link? If you’re using OpenDNS, this is what you’d get (and even if you are, DO NOT TRY THIS AT HOME! I am a computer professional; I have years of experience to help me stay safe.):