Pages

Wednesday, March 2, 2011

Mini-Games Can Stop Account Hacking

Did you know that there's a fun way in-game whereby Blizzard could stop, prevent or at least mitigate the effect of account hacking in World of Warcraft? Not only that, but it can be easily implemented and they already have the system in place to do it.

Now, Blizzard has already done a bunch of neat features that reduce the impact of account hacking. I'm not talking about region based account locking or Warden updates - but rather smaller things, like making gear Bind on Pickup and setting their vendor price really low and/or making them immune to disenchanting.

You see, when your account is hacked, they want to clean out your account as quickly as possible. The cleaner will disenchant or sell all of your gear/items and transfer that gold to a laundering account. The most gold they get from you is your on-hand gold and what they can get for vendoring/disenchanting.

Vendoring, for the most part, has been taken care of - you can hardly get anything for vendoring gear, so it's not really worth it.

The big one is protecting your own gold (or your guild's gold).

What if you had the optional ability to deposit your gold into your bank account, and then purchase an in-game Goblin "combination lock" for your bank account?

The Goblin "Gold iLock™" would be a device sitting next to your personal bank (or guild bank if you're the GM) that you interact with it and enter a code to access your personal belongings and gold.

Say that you only have to unlock it once when you login, and it stays unlocked until you log off (e.g. to avoid having to enter the combination every time you try to access your bank.)

The combination lock could be programmed by yourself by using a total of 5 simple movements. For example, UP, DOWN, LEFT, RIGHT, and JUMP. Or it could be made more complicated (eg, spell casts, numbers, etc. to increase the number of permutations.)

The beauty of using standard player movement as a code is that even if you had a keylogger installed on your PC - your account gold and belongings would still be protected. To the keylog file, it would just appear as normal character movements with no special identifying keystrokes. The hacker would not be able to differentiate between normal game play and combination unlocks. So, if your account was hacked, they still couldn't access your gold or valuables. =]

Imagine the Vashj'ir Seahorse training quest where you need to move in different directions. For example, you interact with the Goblin "Gold iLock" system, it asks for you to enter your code, then just press UP UP DOWN DOWN LEFT RIGHT or whatever. Bingo, your personal bank unlocks and you can access your expensive items and gold. (Your player doesn't have to actually move or have character animations during your sequence presses either for additional security.)

This is purely optional too. Some users might find it fun to have it in-game, plus the added security measures are simply invaluable. This could also be applied to Guild Banks.

Now that covers a big part of the issue - your gold, mats, expensive items, etc.

Even though that would make a big difference on it's own, let's take it to the next level. What about gear on your person?

Gear that can't be disenchanted works really well, however that defeats the purpose of enchanting doesn't it? I suppose you could put a timer on it so that it has to be disenchanted on pickup or within a certain time frame. For example, 24 hours to D/E before it's permanent - that would surely revitalize the disenchanting industry for many.

But what if you could have special "enchants" for your gear (for free) that makes the item IMMUNE to disenchanting? =]

This might be very useful for a character that didn't have the enchanting profession, for example, since they probably intend on keeping the equipment for a really long time.

I suppose you could remove this special "enchant" at a later date by using the same lock/unlock code that's shared with your bank account. But even then, this is gear that would typically stay with them for a long time.. and this method would start prioritizing dungeon raids between gear-grinding for profit or for use. (From a Blizzard business perspective, this makes sense since this would actually encourage players to play longer.. which is what they want.)

You put all of these strategies together and you get something simple, fun in-game, and significantly useful. It would essentially kill the account-hacking industry too. What's the point in hacking an account if you can't access their gold and can't D/E their items?

After all, you can't rely on players (who are mostly technically illiterate) to secure and protect their own PCs themselves.. part of their $15 per month bill is paying for insurance, and if Blizzard has the tools and ability, they should be taking these extra steps to protect their customers.