MMO Account Security
There’s been a lot of concerns over account security in MMOs recently, more so in WoW than any other game and, frankly, it’s always something that’s baffled me. I can understand why accounts get hacked, and I can understand how accounts get hacked but what I find surprising is still how slack security is in most MMOs. For something that causes so much ruckus and, apparently, uses up a huge amount of resources and customer support time, there are some pretty obvious (to me) steps that have never been taken to improve basic security.
Yeah, I know, Blizzard Authenticators. Unfortunately, as much as I commend Blizzard’s efforts, they are far from ideal because, aside from the facts that they’ve still proven to be hackable and have actually been used by hackers to lock off broken accounts so they can pilfer your wares undisturbed, they are not effective solutions for MMO companies that lack the vast resources of Blizzard. Plus they are annoying and mean you end having to carry around a special piece of hardware all of the time just to log in. Petty qualm, I know, but I’m just scared I’d get one, loose it and then have to go through the embarrassing and time consuming pain of getting it all reset through Customer Services. Nah, I’ll stick to the old fashioned concept of passwords, thank you very much.
Still, the whole thing got me thinking. I mean, I use online banking and yet I don’t have an Authenticator for that. Surely my bank takes security a lot more seriously than Blizzard does (or so I’d hope). The information held within my online account is certainly a lot more sensitive and important than a few virtual character items yet I can access it from any computer in the world without needing to carry around a plastic key fob with me.
So, taking a lesson from my bank and other online resources, it seems like there are a few basic tricks that any MMO company could implement to increase their account security without the need to produce Authenticator keys. For instance, why not just ask a random security question like “what’s your mother’s maiden name” or “what was the name of your first pet” every time you log in as second step? That’s going to be very difficult information for a key logger to gather and associate if they can’t match the answer to a question. And how about locking the account after, say, 3 or 5 unsuccessful log in attempts? And what about sending the account owner an email if the account is accessed outside of a 50 mile radius from the previous log in? At least that way someone could respond more quickly to any legitimate breach in security.
A few alterations to the account registration process and game log in functionality and bish, bash, bosh, Bob’s your uncle, account security has been increased dramatically. Is it going to prevent all account breaches? Probably not as I’m sure there’s some Chinese supervillian out there who will find cunning ways to still extract the information from us but, regardless, it would definitely help fight the back against hackers and wouldn’t be incredibly difficult to implement at all.