![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
zhivaTuesday, October 13th, 2009 06:32 pm
Say, someone was hacked and carelessly posted about this on forums. What kind of response will s/he receive?
Victim blaming, of course. "Lol, you were asking for it"
And, of course, "Buy authenticator, you fool".
And if s/he gets a blue answer, it will be "bla-bla-bla, and buy authenticator".
Wowinsider published an article advocating Battle.net merge, listing "common excuses" and their "solutions".
"Excuses" are lack of trust into Battle.net system and publicity of Battle.net login. "Solutions" are to buy authenticator and create a special secret e-mail just for Battle.net.
This is bullshit.
When you are buying a car, will you buy a car without door locks? A car, locks for which you are required to purchase separately? And these locks are often out of stock? If authenticators are so crucial for account security, they should be included in every WoW bundle, and every owner of existing account without authenticator attached should be getting it for free. Yes, for free. If Blizzard cannot provide account security without authenticators, it's their responsibility and headache to make sure every account has authenticator attached, not users'.
What does authenticator do? It adds one more authorization factor.
What does battle.net do? It makes one of authorization factors public.
"Then you should make a new email address and use that instead of your personal or work email". Bullshit. How is that different from using custom account name as login, apart from having to remember one password MORE?
Having just one password for everything is bad. But forcing users to make extra passwords is bad too - the more passwords you require users to have, the more users will use same password for several accounts.
TL;DR: Blizzard security approach is flawed; victim blaming and shifting responsibility to users is bad.
Victim blaming, of course. "Lol, you were asking for it"
And, of course, "Buy authenticator, you fool".
And if s/he gets a blue answer, it will be "bla-bla-bla, and buy authenticator".
Wowinsider published an article advocating Battle.net merge, listing "common excuses" and their "solutions".
"Excuses" are lack of trust into Battle.net system and publicity of Battle.net login. "Solutions" are to buy authenticator and create a special secret e-mail just for Battle.net.
This is bullshit.
When you are buying a car, will you buy a car without door locks? A car, locks for which you are required to purchase separately? And these locks are often out of stock? If authenticators are so crucial for account security, they should be included in every WoW bundle, and every owner of existing account without authenticator attached should be getting it for free. Yes, for free. If Blizzard cannot provide account security without authenticators, it's their responsibility and headache to make sure every account has authenticator attached, not users'.
What does authenticator do? It adds one more authorization factor.
What does battle.net do? It makes one of authorization factors public.
"Then you should make a new email address and use that instead of your personal or work email". Bullshit. How is that different from using custom account name as login, apart from having to remember one password MORE?
Having just one password for everything is bad. But forcing users to make extra passwords is bad too - the more passwords you require users to have, the more users will use same password for several accounts.
TL;DR: Blizzard security approach is flawed; victim blaming and shifting responsibility to users is bad.
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
It is NOT Blizzard's fault that:
The user doesn't know how to safely use the internet and is playing on a computer infested with spyware, keyloggers and/or trojans.
The user's idea of a "complicated" password is their dog's name with a few numbers at the end.
If a password is based on a real word, it's NOT secure.
Secure passwords are a minimum of 8-10 characters and look something like this: i$kL^e2!M9x8.
Don't give me BS about it being 'hard to remember'; you type it often enough, you'll remember it.
The user thinking they're 'safe' from viruses/spyware/keyloggers because they use some shite free anti-virus software and maybe update it weekly.
The user thinking that it's okay to click on "FREE $ITEM!" ads, use gold buying, or use powerleveling services.
The user being dense enough to fall for phishing e-mails "from Blizzard".
The user thinking they're safe just because they use a Mac. Macs are not virus immune.
The user sharing account info with friends/family; it's amazing how fast they can turn on you out of spite during a disagreement.
The user thinking, even with a facerolling style password, that it never needs changing. Passwords should be changed monthly. Oh, boo hoo, it's hard.
Suck it up, security isn't MEANT to be transparent and easy.
The user not keeping their OS up to date with the latest patches.
The user using IE for websurfing; it's a giant security hole, especially when paired with most of the above.
Firefox + NoScript + AdBlock cuts WAY down on potential issues.
The user being generally under or uneducated as to how their computer and how computer security operates. http://www.grc.com/securitynow.htm <--- best security podcast for both computer wonks and normal people.
The victim, in the case above, IS 100% to blame, it was their own complacency and ignorance that caused the issue, not Blizzard's.
Blizzard provides the tools, but they can't force you to use them.
/Bitter IT guy who knows from 10+ years of experience that it's always the end user's fault, no matter what shoddy excuse they give.
no subject
An authenticator would be more like paying extra for power locks + a remote key fob whereas a standard password only would be more likened to standard non-power locks.
Locking doors have come standard on cars since, I believe, at least the 1950s anyway.
Oddly, basic "locks" are standard from Blizz as well; they call it your password.