Could More be done on the Diablo 3 Hacking Problem?Posted 31 May 2012 by Elly
The account hacking has been a hot topic since the game launched and there are many players quite rightly upset at the loss of items or gold, whether it is their fault or not. Over the past 48 hours, Forbes.com have been covering the topic and the comments in the articles have become rather heated.
In the first article the author explains his experiences being hacked without an authenticator in place and questions whether it is entirely the fault of the users after noticing that only some characters on an account are being stripped. To follow-up, he looks at the source of the problem and whether Blizzard are doing enough.
Blizzard has urged everyone to be super careful and advised that players should use an authenticator which costs a little extra, but as the author points out, is that really enough? There has been a discussion on the authentication methods used such as case insensitive passwords and some kind of alert to users when a character suddenly loses everything in one swoop, both of which seem quite logical measures for Blizzard to add.
I will cite a recent example from the MMO world which is very similar.
When TRION were experiencing hacked accounts with RIFT they implemented a safeguard called ‘coin-lock’. If your account was logged into with a suspicious IP (one far removed from your own) the account would become ‘coin-locked’.
The only way to unlock the account was to click the button on-screen which would send a string of randomly-generated numbers to your account’s email address. You could then go back in-game with the number, paste it into the unlock box in-game and your account would unlock. This process would take literally a couple of minutes, if that.
During ‘coin-lock’ you could still play the game, (questing, killing) but could do nothing with your inventory (no removing items, no selling, no dropping of items, no removing gold). This proved very successful and stopped the problem overnight. TRION had this up and running in around 48 hours after the initial reports.
Obviously if a hacker had access to your email and you used the same password for mail as your Battle.Net account (which would be really silly) they could retrieve the coin-lock password. However, this would, if anything alert you to the fact that your PC had definitely been compromised (if they’re accessing your personal email account too).
Subsequent investigation revealed a hole in TRION’s authentication system which they plugged thanks to a community member who found the problem and alerted the development team privately (never making the method publicly known). The point is however, TRION acted fast to find a solution for the users and worked to get it in place to protect them very quickly, and to be honest, it did wonders for their PR and community team.
Whether the user is to blame or not, the Forbes article suggests it does not appear that Blizzard are doing enough and aren’t being pro-active at all. As TRION demonstrated, they took action, accepting that users could be lax with security, but still wanted to make sure players were being protected from their end.
The hacked accounts discussion is not going away any time soon unless more is done. Users are likely at fault in most cases, but should Blizzard add something like “coin-lock” to at least put a stop to it and show the community they are looking at every angle to help protect customers from losing time and money?
Thanks Softshack for the Forbes links.
Should Blizzard Implement a "coin-lock" type system
- Yes as soon as possible (69%, 1,640 Votes)
- Yes. But not for people with Authenticators on their account (19%, 444 Votes)
- No, it's a user's responsibilty (12%, 302 Votes)
Total Voters: 2,386