Less WoW Account Security Flaws

So WoW’s account security got a shot in the arm today, with the forums requiring the authenticator.

Isn’t this more of a “sorry it took so long” situation? This was so bloody obvious that it surprises me that it has taken till now. Maybe there were technical reasons why this could not be done, and as a consumer I do not appreciate the work involved. Maybe.

But maybe it is also not unreasonable to expect this level of forethought when a feature like the authenticator is introduced, and expect a change to the systems we use within a good timeframe. Say less than two years after the press release.

I think the change was implemented to help slow down account hacking. If you think about it the forums are the perfect place to brute force attack a username/password combination; as its a web based delivery system that has to be tollerant to many different interfaces, and has been around a very long time. That means it was probably installed to be a basic solution, and became the juggernaut before anyone really saw what was happening.

The follow-up question is why now rather than later or much earlier; and only Activision-Blizzard could tell you that; the cynics will say its because hacks cost too much (meh), but it could also be that it will be a legitimate and substantial improvement to the forums systems, that has been planned for a while. If the changes for RealID were being planned, it stands to reason that this was part of it.

So yes, it is a very good move, and something that has been asked for a long time.

Upper or lower case characters? Irrelevant.Update 8 Aug 2010:

Further to the account security, the WoW login screen now recommends some security measures, like letter and numbers – but still fails on the upper or lower case for those characters.

Continue reading