Slashdot Mirror
Blizzard Introduces One-Time Password Devices For WoW
An anonymous reader writes "Two days ago Blizzard announced that they will be selling keychain tokens to add one-time password support (FAQ) to World of Warcraft. Have compromised World of Warcraft accounts become such a serious problem, that OTPs are already neccesary for games?"
It's both. Password stealing via phishing and other means has hit quite a few MMO's. It boils down to dumb users mainly, and Blizzard surely sees a profit opportunity in their stupidity.
A lot of banks in the UK now require card reading devices for use with online banking. It's been rolled out across the last couple of years, not sure what the situation is elsewhere in the world though
Depends on who is making them.
http://www.entrust.com/strong-authentication/identityguard/calculator.cfm
Entrust here likes to advertise they're 1/7th as expensive as the ones RSA sells, and those are still $4/year.
So at $6 until the token dies, Blizzard isn't exactly making a mint on these things. The profit for them comes in reduced account restorations.
Unless you'd care to source me someone who sells them so cheap that Blizzard is making a fortune at these prices, since there's probably also costs for the server end of the setup?
-- "So they told me that using the download page to download something was not something they anticipated." - Bill Gates
My account got compromised a year after I quit, and I only discovered it because I got an IM from someone who saw my character log in and wanted to know if I was playing again. My password was good enough that no one was going to randomly guess it, and I certainly never gave it out.
My best theory on how it happened is that I used the same account and password on lots of web forums, many of which have terrible security. Someone probably hacked into one of them and tried all the user/pass combos to see if they were also WoW accounts. I took a look at my old characters on armory and noticed that my lowbie alts had been stripped and my main moved to another server. I figure whoever got access probably sold the account to a clueless buyer because I can't imagine someone paying for a character transfer otherwise. I also wouldn't be surprised if people made a lot of money doing this. Lesson learned: use unique passwords (or usernames) on any accounts you actually care about.
Blizzard reset my password, but refused to transfer my character back to his original server because I "willingly gave out my password." I didn't intend to ever play again anyway, but service like that certainly sealed it. They didn't care one bit about catching the person who did it either, despite having IP addresses and even credit card numbers.
Thank you Mr. Conspiracy theory. But the truth is that:
- There is a serious problem in WoW
- It is extremely common for accounts to get compromised
- Sometimes people quit the game after a breakin (-$13/month)
- A 30 second google search found similar devices for between $17 and $23 a go
If I had to guess I would imagine Blizzard breaks even roughly on these devices. I can't imagine there being a huge profit margin on $6 and that they justify it by keeping people playing.
Barclays have been providing a device they call PIN Sentry since early 2007:
http://www.barclays.co.uk/pinsentry/
NatWest introduced their offering summer 2007:
http://www.natwest.com/microsites/general/card-reader-user-guide/index.asp?cmp=reader
I believe you're right about Lloyds not having followed suit just yet.
OMG!!! Ponies!!!