Quantcast WoWInterface - View Single Post - How to secure your World of Warcraft / Battle.net Password
View Single Post
12-21-09, 04:28 AM   #4
Phantom
A Fallenroot Satyr
Join Date: Aug 2007
Posts: 27
I feel really...really bad.

I didn't actually read your entire post so I sort of missed the part where you told people to backup the database. Although it cannot be said enough I suppose, I wish I thought about it, almost lost my Google mail account because I didn't.

Online hosted backups are a good idea. I was going to write about them but felt it was a little off-topic. There's a really neat cross-platform solution called CrashPlan that I use with my friends. It's 128-bit encryption with the free, Java-based client. Backing up to their server is only $3.75/month (3-year contract) for up to 4TB volumes at a time (at like 500KB/s at most, so it'll still a while).
In my example Roboform has a free "online service" that lets you upload your accounts to an account. Which of course means you have to remember the password to that account. When you make a change to the database it uploads the file, which can be encrypted if you wanted it to.

Yes, the token method is good in practice but not in theory. In theory, a WoW-specific keylogger could grab the key, send it off to a nearby botted computer with low latency, and change key information in your account before the key changes. It's impracticable, but theoretically possible.
Most internet traffic takes several seconds and in the case of a token generated number that is only valid for once and for only 30 seconds every second counts. I don't disagree we might get to that point in the future. At this time there has never in 2 years been a single confirmed case. I don't disagree in theory its possible, I think your giving these people to much credit, they can't overcome normal internet traffic delays.

I should add I didn't save the database to a flash drive when I found Roboform. In my case it was saved to a hdd on a computer to this day, have never figured out what happen, although the only suspect is a bad controller bus. I did have a backup it just was not current, it worked out though, and I learned my lesson.

In other words I couldn't praise your suggestion more. Besides the fact of not having to remember account names, although that could be a bad thing at the same time.

Last edited by Phantom : 12-21-09 at 04:32 AM.
  Reply With Quote