Wednesday, June 9, 2010

Account security is your problem - not mine

Spend five minutes cruising the official forums, or the blogsphere, and you'll stumble across someone who was recently hacked or had their account compromised. Even if you don't want to look for it, the posts are out there. Just like cancer, everyone knows someone who has been (or has been themselves), hacked.

While I haven't had it happen to me, I can only imagine what it must feel like. It's a violation of your personal space, and even though nothing physical has been touched, I think we can all assume that the products of WoW are very real indeed. Not only does the attack affect you though, it has reaching impact on your guild mates (you can't raid till you get your gear back), your guild bank (no more repairs /sadface), and your overall feeling about the game.

A recent experience

During my stint in a 25m guild recently, one of our priests was hacked and had a couple of his toons deleted (as well as his stuff stripped). This simple act sparked a couple of things. First, we had to take someone who was wholly unprepared to the raids. It's bad enough that between RL issues, moves, end of expansion blues, and bad raiders who can't stand being called bad - we're short on players - but now we had to bring in someone from the bench.

Second, the guild management (who really shouldn't have been leading a raid guild in the first place) freaked out and implemented one of the most idiotic policies I've ever seen. Not only was it impractical, the implementation and attempt at enforcement was ludicrous. They wanted to enforce, and require, that everyone have an authenticator. /facepalm

Now don't get me wrong, I think that anyone who's still playing without one is just asking for trouble. I think they're free if you have an iPhone or a Droid, and cost about $6 if you get the key chain version. Between the ashtray in the car and the couch cushions, most of us have that already.

Requiring everyone to have an authenticator though? Insane. We set ranks in after one of our members got hacked, because everyone had full gbank access. Once we set the permissions though, it wasn't a big deal.

What these guys tried to do though was require a Screenshot of the applicant standing there with their perky pug targeted to show they had an authenticator. While this sounds good on paper, you wouldn't believe the number of applications that come in without a screenshot. Or someone linking to their local C:\.

It's not my problem

Get an authenticator or don't - it's your choice. Don't complain when you get hacked if you don't have one though, and don't expect your raid spot to be waiting for you on your return. If you don't care enough to get basic protection, you're probably the same type of person who thinks a Flask of the North is acceptable for progression raiding.

Oh, and learn how to post a bloody screenshot while you're at it.

4 comments:

  1. My guild does something very similar and it's worked well. We differentiate guild ranks by people with authenticators and people without. People with authenticators have greater access to the guild bank.

    For us, this makes a lot of sense. We've had guild member accounts hacked, but because of the limited guild bank permissions for non-authenticated members, the annoyance/loss to the guild was minimal.

    Toget upgraded in rank, we just ask members to meet up with a guild leader and show their corehound.

    ReplyDelete
  2. I hope they were asking for Core Hound Pup screenshots and not Perky Pug screenshots O_O

    ReplyDelete
  3. 1) I hate the Pug.

    2) "During my stint in a 25m guild recently..." implies said stint is at an end. Yes? No? How did it work out?

    ReplyDelete
  4. @joeego - It ended with a disagreement in management and leadership. It was a guild 'merge' with my 10m group and their 25m. Things worked well for a while, but in the end we didn't all see eye to eye on how progression/attitudes should be handled. See the last post on "Save the Lightwell" about Rule #1 for more info (in my blogroll).

    ReplyDelete

Note: Only a member of this blog may post a comment.