Change Your Battle.net Password

I'm really hating hackers more than ever. 

Y'know, I'm starting to wonder now: is this a scenario where having multiple logins for every different publisher's service is a good thing, instead of (let's say) the Sony Hack where your PSNID and portals to multiple games/credit card are not secure?

At least they're cryptographically scrambled...though I bet that isn't much of a deterrent.

@Bell_End said:

@Winternet said:

Man, my e-mail address was going through such a good phase right now. I was getting around 10 spam e-mails a week, tops. Guess that will change now. Thanks Blizzard.

why is it blizzards fault. blame the fucking hackers

I blame whoever I want. So, sir, I'll blame you. Burn in hell, you dirty philistine.

Man, this getting hacked thing is starting to get out of hand.

This is a good reminder to use a password manager like LastPass. Generate different passwords for every site so when one gets stolen you don't have to change them all. Sure, they didn't steal plaintext passwords or anything, but you're still going to change yours, right?

Of course that doesn't help you keep your mother's maiden name or first pet secure because every damn site wants the same questions answered which is useless. At least any site worth anything will just send a reset email to my inbox if someone has access to that.

@MrKlorox said:

Fuck you Blizzard. For many many annoyances regarding the password change process on your website. And for requiring to put myself at risk just to play your SINGLEPLAYER game. FUCK YOU!

Yup, pretty much.

Thanks for the update. Password changed. And here I thought the 'authenticator' was suppose to prevent theft such as email addresses from occurring. Hackers will prevail I suppose.

@JoeyRavn:

Followed for Face Off reference xD

I don't care and won't change my password. I DON'T CARE.

@Wurmbollie said:

Will Blizz make the passwords case sensitive now?

In my experience they already are.

Even if they weren't, such an addition wouldn't change much. :\

Anyone wanna buy some credit card numbers? PM me for details.

@Gamer_152 said:

Hackers suck, glad my account wasn't caught up in this. This is also why your secret question should be something only you know. It could be worse though, I'm sure there are a lot of important databases full of our details that are far worse protected than Blizzard's.

My secret question answers are always something entirely un-related to the question. IE: Your favourite food? - The Louisiana Purchase

That's it! I'm printing off all my e-mails and hiding them under my mattress, along with my passwords, where they're safe. Who's with me?!

My WoW and Aion accounts have both been hacked, and it's come to Blizzards attention that I'm trying to sell my WoW account. Damn I've hit some bad luck. I better login and change my passwords for both my WoW and Aion accounts...wait a minute, I don't have a WoW or Aion account; insert Futurama Fry meme.

@WarlockEngineerMoreDakka said:

@Wurmbollie said:

Will Blizz make the passwords case sensitive now?

In my experience they already are.

Even if they weren't, such an addition wouldn't change much. :\

They were back in 2005 so I don't see why they'd go back on that. (:

What if any kind of recourse does the modern consumer have against companies that fail to protect our data? (That is a serious question.) \/ That also \/

@Undeadpool said:

UUUUUUUUUUUUUU-you know what? I can't even muster up being shocked or angry anymore.

Edit: Ya know what? Maybe a LITTLE angry over the whole "Use an authenticator for EXTRA PROTE-they stole the authenticator...SORRY!

UUUUUUUUUUGH!!!

@GunslingerPanda said:

So EU users are safe? Cool.

Supposedly. But then I remembered I participated in the Diablo 3 open beta weekend, and that was using an American server, and that when I originally installed I downloaded a binary that somehow was for America only, so who knows where my login info is stored?

While I hate this kind of things I can also feel a bit better that companies will learn from their mistakes and come up with new security protocols... Which most likely will be hacked again. An ongoing battle, and we the consumers are right in the middle. Stay safe.

Fuck you Blizzard, I´m happy to say I´m not buying another one of your FUCKING games. I got fucking hacked and I lost all my progress thanks to the roll back. Fuck you Blizzard, fuck you! Fuck.... FFFFFFF....

sigh... i guess this might explain some things.

Where do I actually see the security question used on battle.net?

@Xymox said:

Answers to the secret questions you say? That makes one of us.

ugh. Can't copy paste a new password in their password box. Screw this, enjoy my lvl 60. Not worth the effort.

I had the same problem, oddly I found you can copy and paste in the box if you are in the "I have forgotten my password" screen where you only put in a new password.

@Deusx said:

Fuck you Blizzard, I´m happy to say I´m not buying another one of your FUCKING games. I got fucking hacked and I lost all my progress thanks to the roll back. Fuck you Blizzard, fuck you! Fuck.... FFFFFFF....

yeah you got hacked because of you not cause of blizz hope this helps

Considering this is their first BNet hack pretty much ever, that's pretty damn impressive. I noticed the physical authenticators aren't affected, so that's just another reason to get one if you're a perennial Blizzard games kinda person.

@louiedog said:

This is a good reminder to use a password manager like LastPass. Generate different passwords for every site so when one gets stolen you don't have to change them all. Sure, they didn't steal plaintext passwords or anything, but you're still going to change yours, right?

Indeed. Everyone should be using this.

I forgot the password to my own account, so maybe someone will get some use out of it at least.

@Brackynews said:

Using a canned security question is less of a thing than choosing an irrelevant security answer you can always remember. What was the first street I lived on? Waffles. First pet? Waffles. Favourite teacher? Waffles. Mother's maiden name? Waffles. One of those might be true, but you see the point. Cracking secret questions are about social engineering, not dictionary attacks.

That's the way to do it. Using an incorrect answer for a security question is like having an easy password without having an easy password. That is, if you don't mind having to reset your password often for not actually remembering your password.

My password is changed, but for the life of me I can't figure out how to change the actual thing that wasn't encrypted and is dumb and insecure on every website: the security question.

That's just great.

Fuck everyone that uses such an absurdly dumb system.

@Pazy said:

@Xymox said:

Answers to the secret questions you say? That makes one of us.

ugh. Can't copy paste a new password in their password box. Screw this, enjoy my lvl 60. Not worth the effort.

I had the same problem, oddly I found you can copy and paste in the box if you are in the "I have forgotten my password" screen where you only put in a new password.

Huh. Seems kinda weird? Also, there's apparently no way to change your secret question as of yet, which is a bummer because I never pay attention to that stuff.

God Damn It.

@Splodge said:

@Gamer_152 said:

Hackers suck, glad my account wasn't caught up in this. This is also why your secret question should be something only you know. It could be worse though, I'm sure there are a lot of important databases full of our details that are far worse protected than Blizzard's.

My secret question answers are always something entirely un-related to the question. IE: Your favourite food? - The Louisiana Purchase

I used to eat at a great Cajun restaurant called The Louisiana Purchase. Perhaps your answer is not as unrelated as you thought! Here come the hackers!!! *insert sinister music cue here*

@Xymox: weird. The beginning of "A Day" by Clan of Xymox started up when I came across your post.

I have so many damn passwords for so many different accounts that I created a password storing application that keeps everything encrypted with AES. Guess more people than I might want to use it...

I don't remember ever using a security question and it's great Blizzard gives us no way to change it and we have to wait for them to update the authenticator. You would think these companies full of some of the most tech savvy people on the planet would be good at securing this stuff and being vigilant. There's only so much the consumer can do to keep themselves secure when the companies we trust fail us completely.

Also, fuck hackers who do this shit. Seriously, fuck them and what ever bullshit reasons they use to justify what they do. Everything we do is on the internet these days and its nearly impossible to avoid this stuff. The internet should be a useful tool for everyone. Instead it causes fear and paranoia because of nonsense like this. It's so frustrating following every security step in the book and still being completely helpless when stuff like this happens.

Where do I actually see the security question used on battle.net?

@Brackynews said:

Using a canned security question is less of a thing than choosing an irrelevant security answer you can always remember. What was the first street I lived on? Waffles. First pet? Waffles. Favourite teacher? Waffles. Mother's maiden name? Waffles. One of those might be true, but you see the point. Cracking secret questions are about social engineering, not dictionary attacks.

This is a really great tip. Truthful answers are easy to crack

Battle.net does not allow you to change security questions, you actually need to call customer support and hope they allow it. So even if you change passwords you are still screwed because they can just use the security question.

@SortedeVaras: I actually just tried to call customer support to find out what security questions were used. The queue is full so you can't even wait to talk to a representative, the call just ends.

Anyone that doesn't let you create your own custom secret question is a Bad Person.

Not to offend anyone who's trying to do a decent job securing websites (secret questions have become a staple of account security systems), but any site that uses 'secret questions' is a Bad Site. It basically comes down to:

1. Come up with a complicated password nobody can guess. Some sites will even force you to make it more complicated by requiring certain types of characters, while other sites limit your ability to create safe passwords by limiting the type and/or number of characters you can use. Both of which are Bad Things.

2. You're going to forget your super secret password sooner or later, so now you get to create a much less secure password that anyone who knows you fairly well can guess. Hopefully people who know you fairly well won't **** you over by hijacking accounts, but they all form potential weak points for social engineering. Additionally, some sites will limit your secret questions to standard questions, the answers to which are often available through a simple Google search (or you could 'Bing it'... >_>).

3. You (or someone pretending to be you) forgot your password. You dope! Now go through this password recovery process, which either relies on the secret question or relies on the secret question AND some ACTUAL means of... you know... security. In the former case, the 'strength' of your actual password is irrelevant. In the latter case, the secret question doesn't really add any significant measure of security, it's just an annoyance which could potentially cause you to lose access to an account because you forgot the answer, made a typo or something like that.

In the case of this Blizzard hack, we see the real problem of online security today. Your accounts and your passwords aren't the problem. The problem is that hackers get into servers and gain access to information about your account. If they just got your email address and a salted hashed password, there wouldn't really be any problem. You might get some more spam when they sell their list of addresses to spammers, but most people's email address is out there on so many lists, this one hack won't make much of a difference. Besides, Gmail is pretty awesome at blocking spam and only spam, so I've stopped caring. But because Blizzard just had to have security questions and answers, hackers have access to combinations of email addresses (which were likely used to make accounts on dozens of other websites) combined with answers to security questions (which are likely to match accounts on other sites for at least some percentage of affected people).

This, combined with the recent story about the tech journalist who had a bazillion accounts hacked through no fault of his own, has me seriously considering making some extra addresses for online accounts. One for Amazon, one for other important stuff, one of unimportant stuff, one for stuff I expect to get spammed by, one for correspondence, etc. I went through the trouble of setting up relatively safe passwords (and impossible 'secret question' answers) on pretty much all my accounts, and it's all for nought because security at the server side isn't up to scratch.

/rant

This is now the second time my account has been hacked so fuck you Blizzard, I'm done. You've shown me that you're incapable of protecting my account so I won't buy anymore of your shit.

@NAQ said:

@Deusx said:

Fuck you Blizzard, I´m happy to say I´m not buying another one of your FUCKING games. I got fucking hacked and I lost all my progress thanks to the roll back. Fuck you Blizzard, fuck you! Fuck.... FFFFFFF....

yeah you got hacked because of you not cause of blizz hope this helps

W-w-what? W-what?! Fuck you man. Because of me? Sure, keep sucking the blizzdrones dick. There are hackers out there, blizzard knows about this. With that much money they could at least learn from Sony´s mistakes and hire a good security service. I hope you´re kidding because if you are then I´m a fool and fell for it.

@Sauson: Wait, you got hacked twice and it was blizzards fault both times? I wanna hear that story.

so p@55w0rd isn't that secure anymore?

Password changed. It sucks the max length is 16 characters.

@Bell_End said:

this is why we need biometrics as security pronto. nobody would be able to hack my face

@Bell_End: You think that, but I bet that a team of hackers with no lives and nothing better to do would find a way.

@Forcen said:

@Sauson: Wait, you got hacked twice and it was blizzards fault both times? I wanna hear that story.

lol how did I know this was coming?

I don't play WoW so I'm getting hacked because I installed some shifty add-on and I don't open Blizzard e-mails promising free shit so how is it anyone's fault but Blizzard's?

The security question is "banana".

at least somebody now knows my battle.net password. cuz i sure dont

Blizzard must actively hate being this secure because *you can't paste passwords in the change password field*. This is some moron's idea that it is more secure because password changes can't be automated or something. Like I can't fake a keyboard device and enter passwords as fast as I want. Mean time I had to type a 16 character completely randomized password twice. Active deterrents are bad, Blizzard!

@louiedog said:

This is a good reminder to use a password manager like LastPass. Generate different passwords for every site so when one gets stolen you don't have to change them all. Sure, they didn't steal plaintext passwords or anything, but you're still going to change yours, right?