How to protect your Diablo 3 Account!

N

NastyNative

Gawd
Joined
Jan 28, 2009
Messages
522
This was brought to my attention by - Breath_of_the_Dying

Thank him for this.

Log into your battlenet account.

On the top click on Account
Look at the bottom left

Account Security

Battle.net Mobile Authenticator - click on the link follow instructions.
TO BE 100% SAFE MAKE SURE YOU CLICK ON
Require an authenticator code every time you log in to the game

For an Android phone this is a FREE APP!
You must create a Google Play account and down load the FREE APP!
Make sure to writte down the Restore Code as you will need it in the
event you phone craps out or you lose it or whatever!

Battle.net SMS Protect

Basically put in your Celly # and you will get a txt message everytime
there is any movement on your account.

Anyone owns a blackberry or Iphone please post your experience!

DONT WAIT TILL YOUR ACCOUNT GETS HACKED TO DO THIS!
 
NastyNative said:
This was brought to my attention by - Breath_of_the_Dying

Thank him for this.

Log into your battlenet account.

On the top click on Account
Look at the bottom left

Account Security

Battle.net Mobile Authenticator - click on the link follow instructions.
TO BE 100% SAFE MAKE SURE YOU CLICK ON
Require an authenticator code every time you log in to the game

For an Android phone this is a FREE APP!
You must create a Google Play account and down load the FREE APP!
Make sure to writte down the Restore Code as you will need it in the
event you phone craps out or you lose it or whatever!

Battle.net SMS Protect

Basically put in your Celly # and you will get a txt message everytime
there is any movement on your account.

Anyone owns a blackberry or Iphone please post your experience!

DONT WAIT TILL YOUR ACCOUNT GETS HACKED TO DO THIS!
Click to expand...

Depending on how they handle the authenticator it could actually be less secure for you to continually input your authentication code. Man in the middle attack is basically one of the only ways that can get through authenticators and it makes it easier for them to get a code if you're inputting them all the time. If they decide to do IP address checking to remember you, well thats a bad way to do it anyway and there should be an encrypted file+IP address that they use etc. The only way for them to use IP address against you would be a proxy through your computer to connect as well. Basically if you have a virus you're screwed anyway but inputting codes everytime might not be the most secure way to do things.

The SMS thing is also meh because by the time that you get the sms they are already in your account and the deed is done. It would be nice to get it over with I guess to call support but as for security, its really just an after its already done. (this is assuming its what you say it is, a notification of account usage that is unusual and not an authenticator over sms).

Really the only thing that should be in this list is that you should have an authenticator and that you should be using a firewall/antivirus combo regardless of your tech savyness rating. Regardless of how good you think you are on the internet, all browsers have been hacked and will continue to be hacked. A lot of hacking comes through ads and other means from reputable sites.
 
The point of this thread is just to inform people of the option.
I feel alot safe now that I have done this!

If my account gets hacked and I dont have any of these protections in place..
I will feel like an A-Hole for not setting up an extra layer of protection.

So I feel much safer than not having used free means to protect my self!

Now I can be the judge if this AUTH stuff doesnt work!
 
pewter77 said:
Depending on how they handle the authenticator it could actually be less secure for you to continually input your authentication code. Man in the middle attack is basically one of the only ways that can get through authenticators and it makes it easier for them to get a code if you're inputting them all the time. If they decide to do IP address checking to remember you, well thats a bad way to do it anyway and there should be an encrypted file+IP address that they use etc. The only way for them to use IP address against you would be a proxy through your computer to connect as well. Basically if you have a virus you're screwed anyway but inputting codes everytime might not be the most secure way to do things.

The SMS thing is also meh because by the time that you get the sms they are already in your account and the deed is done. It would be nice to get it over with I guess to call support but as for security, its really just an after its already done. (this is assuming its what you say it is, a notification of account usage that is unusual and not an authenticator over sms).

Really the only thing that should be in this list is that you should have an authenticator and that you should be using a firewall/antivirus combo regardless of your tech savyness rating. Regardless of how good you think you are on the internet, all browsers have been hacked and will continue to be hacked. A lot of hacking comes through ads and other means from reputable sites.
Click to expand...


I'm not sure you understand how rsa's tech works... there is absolutely no possible way for a 'hacker' to get the codes off of your token without them having it in their possession, physically. Additionally, once a passcode is used, it cannot be reused a second time to login.

hence blizzard stating that anyone with an authenticator hasn't been hacked. I, too, call mulligans for all the outcries of people claiming they've been hacked whilst having a token in their possession--especially if they require it every time on login.
 
If you dont own a phone that supports the APP.

check out this link - https://us.battle.net/d3/en/forum/topic/5150110667
You can install an android emulator!

Dont be afraid to protect your self.
I think everyone is afraid about installing anything or typing in their
user name and passwords. Just let it go and get that extra layer of
protection. It can only benifit you!
 
It occurs to me that a cool option would be an SMS notification and an enforced 5 minute delay (at player option) before you can trade or alter the account.
 
I think I'll protect myself by just not playing.

Sorry I want to play a game, not spend my time protecting my own account and then listen to blizzard saying its my fault.
 
Shit I feel you guys, but this isnt just Diablo its the entire
Gaming Industry!

This is the 1st Diablo I ever play and this game is simply amazing.
Dont miss out on a great experience.

The App takes less time to install than installing and registering your Anti-Virus!
 
Llama[Style];1038776102 said:
I'm not sure you understand how rsa's tech works... there is absolutely no possible way for a 'hacker' to get the codes off of your token without them having it in their possession, physically. Additionally, once a passcode is used, it cannot be reused a second time to login.

hence blizzard stating that anyone with an authenticator hasn't been hacked. I, too, call mulligans for all the outcries of people claiming they've been hacked whilst having a token in their possession--especially if they require it every time on login.
Click to expand...

Man in the middle attack. You can hack accounts with authenticators. You just have to be waiting for the login and be fast about it.

After you enter your username/password and authenticator code it stalls your login and sends that info to the person waiting for it and that code is still valid for a few more seconds. They can then log right in. It doesn't happen often. But it has happened.
 
pewter77 said:
Depending on how they handle the authenticator it could actually be less secure for you to continually input your authentication code. Man in the middle attack is basically one of the only ways that can get through authenticators and it makes it easier for them to get a code if you're inputting them all the time. If they decide to do IP address checking to remember you, well thats a bad way to do it anyway and there should be an encrypted file+IP address that they use etc. The only way for them to use IP address against you would be a proxy through your computer to connect as well. Basically if you have a virus you're screwed anyway but inputting codes everytime might not be the most secure way to do things.

The SMS thing is also meh because by the time that you get the sms they are already in your account and the deed is done. It would be nice to get it over with I guess to call support but as for security, its really just an after its already done. (this is assuming its what you say it is, a notification of account usage that is unusual and not an authenticator over sms).

Really the only thing that should be in this list is that you should have an authenticator and that you should be using a firewall/antivirus combo regardless of your tech savyness rating. Regardless of how good you think you are on the internet, all browsers have been hacked and will continue to be hacked. A lot of hacking comes through ads and other means from reputable sites.
Click to expand...

They should be a one time password that expires every 60 seconds. As soon as the person logs in the password shouldnt work anymore. If blizzard doesn't have it setup this way they are fools.
 
You forgot to include not using the same email/password combo on every swinging site/forum out there. Sounds like a no brainer, but part of me wonders if some Diablo 3 fan site got hacked and instead of reporting it, they kept quiet.
 
NastyNative said:
Shit I feel you guys, but this isnt just Diablo its the entire
Gaming Industry!

This is the 1st Diablo I ever play and this game is simply amazing.
Dont miss out on a great experience.

The App takes less time to install than installing and registering your Anti-Virus!
Click to expand...

Who registers antivirus? :p
 
How to protect your battle.net account:

DON'T HAVE A RETARDED PASSWORD

Profit
 
I dont know but yesterday the new patch was installed.
I had to type in my password like 10 times since the servers
Were busy. I changed my battlenet pass n my email address
Pass.
 
Oomps said:
You think they brute force the blizzard servers for each account? :rolleyes:
Click to expand...

A vast majority of people having their account 'hacked' can be attributed to them using the same password across various websites. When you do that, say goodbye to your security.
 
Security is only as strong as the weakest link

Even if Blizzard is perfectly secure (which I'm not saying they are), someone who uses PASSWORD as their password can easily get compromised.

Some tips that are good for security
-Run AV and anti-malware. You can choose your flavor, I use Spybot Search and Destroy and AVG AV (both free)
-Change your passwords (after cleaning your computer of malware) to complex passwords at least 8 characters in length. A combination of letters, numbers, and characters. Dont ever use words or symbol representation of words (@tomb0mb even isnt that secure). Some passwords dont allow special symbols, just make the alpha numeric password longer.
-Use a password manager program like keepass (also free). It can also generate very complex passwords for you.
-Never ever ever ever ever use real answers for forgot my password questions. Use keepass so you never forget your password, and even store the fake answers you give.
 
Snowknight26 said:
A vast majority of people having their account 'hacked' can be attributed to them using the same password across various websites. When you do that, say goodbye to your security.
Click to expand...

Sure, but that has nothing to do with brute force attacks and everything to do with stupidity.
 
Archer75 said:
Sure, but that has nothing to do with brute force attacks and everything to do with stupidity.
Click to expand...

It's extremely unlikely that Blizzard allows login requests to be continually sent without silently failing after hitting a certain threshold. So yes, it's generally user error.
 
If someone is actively montoring a compromised system its probable they can snarf the password and zing in to swipe the auhenticator code before the code expires, but it would have to be fast. I only got hacked once because I got snookered on a phisihing email while I was 5 beers deep in a bar.

I put on the authenticator and Gmail is getting better at routing those phishing mails directly to the Spam folder. haven't had the problem once since. My computer is rarely used for anything not game related so there's less chance of me getting compromised from Pr0n Ware, unlike the monkey spankers crying they got hacked even with the authentiicator...
 
You must log in or register to reply here.
Back
Top