Looking for Help with EpicAdvice.com

We've recently published a new blog post explaining what's going on with EpicAdvice.com and are looking for someone to work with us to improve the site. If you're interested, have some ideas and want to know more, check out our blog post and feel free to email us at team@epicadvice.com. - Jesta

How do I keep my World of Warcraft account Safe and Secure from Keyloggers, Trojans and Hackers?



What steps can I do to keep my World of Warcraft Account safe and secure from hackers, trojans, keyloggers and all around bad dudes?

(Please post each suggestion as a separate answer, and please up-vote the suggestions you feel are useful)

6 Answer(s)

Sort by... votes newest



Install a safe and secure browser and tools to enhance its secureness - ideally, this means Mozilla Firefox and the add-ons NoScript and AdBlock Plus.

NoScript is a powerful tool that prevents most* Javascript, Silverlight, AJAX, Flash, and other non-HTML embeds in a website from activating. Obviously, this can reduce the functionality of websites, so it has a whitelist that you tailor, allowing sites in one at a time until you have a balance of security and functionality. This prevents things such as keylogger injections from URL typo traps (like replacing the o in a popular website with a 0), as these rely on either Javascript or another similar engine to inject the payload.

AdBlock Plus, on the other hand, wards off banner adds, pop-ups, and the like which can carry malicious payloads if your operating system is not updated. I know a while back there were GIF ads on Curse that had a malicious payload in them if you didn't have a specific Windows Update - ABP would prevent the GIF from ever loading, which would prevent the payload from hitting your PC.

Obviously, however, all the software and layers of security in the world cannot make up for good, old-fashioned vigilance. Ensure that you're going where you intend to go (proper spelling, no typos, no added characters), scrutinize the URL of any link you intend to click before you click it, and be alert.

(*: I say most because as you open your whitelist further and further, things can slip in. A fully blacklisted NoScript will prevent everything that's not raw HTML.)


I am torn 50/50 on this suggestion, on one side, Firefox/Chrome/Safari as a suggestion over IE is always welcome. On the other side, noscript/abp are useful if you know you are going to be browing sites that may have bad content.... MANY sites (including epicadvice.com) use javascript to improve your browsing experience. I have both addons, but only turn them on when I go visit pr0n sites ;) – ♦♦gnarf (Mar 1 2010 2:15 PM)


Well right, which is why you let trusted sites (like EA) through on whitelist. :P – Rilgon Arcsinh (Mar 1 2010 2:48 PM)


To be fair IE8 is not a bad browser in terms of security. IE6 deserved all the contempt that was heaped on it, but that's kind of old news now. Chrome probably edges it in terms of security, but there are no "bad" browsers these days (if you maintain an updated version), just bad surfing practices. – Runc (Mar 1 2010 5:18 PM)


So long as FF remains the only browser with NoScript or a simulacrum thereof, FF will remain the most secure browser, IMO. ;) – Rilgon Arcsinh (Mar 1 2010 5:31 PM)


coughOperaWebBroswercough – Wikwocket (Mar 2 2010 8:40 AM)


Opera has a Java/Silverlight/AJAX/Flash blocking system that starts with 100% blacklist and allows whitelisting by both top-level domain, subdomains, and individual items on a page? :P – Rilgon Arcsinh (Mar 2 2010 3:17 PM)



Use an Authenticator

Using an authenticator isn't fool proof (as recent news shows), but it definitely increases the security of your World of Warcraft account. There are multiple devices that you can use as an authenticator for your account.

What is the Battle.net Authenticator?

The Battle.net Authenticator is an optional tool that offers World of Warcraft players an additional layer of security to help prevent unauthorized account access. The Authenticator itself is a physical "token" device that fits easily on a keyring or as part of your mobile phone.

How do I use an authenticator?

You can associate your authenticator on the Battle.net Account Page. For more information on exact usage of the device, please see Blizzard's Authenticator FAQ.

Method #1 - Physical Authenticator

The first type of authenticator you can use is the keyring authenticator, which can be purchased directly from the Blizzard Store.

Method #2 - Mobile Phone Authenticator

The second type of authenticator you can use is on your Mobile Phone. It's an application that runs on your Mobile Phone and allows the extra layer of security that they Physical Authenticator does, except that you only need your mobile phone instead of the authenticator itself. Please refer to Blizzard's Mobile Phone Authenticator FAQ for more information.


Also as far as the authenticator being "hacked" it largely isn't. What happens is a piece of code is capturing the login authentication being sent to Blizzard and returns a failed response to your client. Someone on the other end has around 3 minutes to login before your authenticator code is no longer valid. Yes they can clear out your account but it's not as easy as a keylogger where a hacker can come along and clear you out at your leisure. – Gariig (Mar 2 2010 9:33 AM)



Even if a keylogger, trojan, or other sundry badness manages to get on your PC, if you root it out before attempting to log into your World of Warcraft account, you can still preserve your account's integrity. Doing so, however, requires maintaining up to date virus and malware protection. Many people feel that this is tedious and requires both paid software and lots of time, but that's not the case.

One of the best anti-malware software engines is a free piece of software called MalwareBytes. This powerful anti-malware has been proven against several popular keyloggers, including the most recent man-in-the-middle malware attack specifically designed to infiltrate accounts with Blizzard Authenticators attached.

Furthermore, all Windows users with a legitimate Windows license can enjoy a free and powerful anti-virus engine by installing and using Microsoft Security Essentials. MSE is as powerful (if not moreso) than paid anti-virus software, and its definition files are updated automatically through Windows Update (which you should be running every time updates are available!), meaning that it is rarely, if ever, out of date. MSE also has anti-malware/anti-spyware functionality as well, but in the anti-malware arena, it loses out to MalwareBytes. However, using both in tandem is a great start for keeping your PC clean and secure, and helping to clean it if something bad has made its way in.


+1 for MalwareBytes, managed to find a cunningly named registry value called "Hijack" that my other protection has seemed to miss... – Phood (Mar 1 2010 1:56 PM)


MalwareBytes Anti Malware is the single best tool for rooting out entrenched viruses and spyware. Running MBAM in safe mode has rescued several PC's that would otherwise be hopeless. – Wikwocket (Mar 2 2010 8:39 AM)



Don't give your password out

The more people that know your password / use your account, the more potential there is for your account to be hacked. Your friend might not be as security conscious as you are, and therefore leaving your security credentials in the hands of someone else gives the hackers/phishers/keyloggers one more person to fool into typing them in.

While on the topic of passwords:

Use a secure password

Which is to say, "not your birthday, not your middle name, not 'god'" The best passwords are over 8 characters in length, include some CAPITAL and lowercase letters, numbers, and a s¥mbøl or two... (!@#$%^) Preferably no "whole" English words...


This is important. I trust my friends, same as you do. I don't trust their computers however. – Feist (Mar 1 2010 2:54 PM)


Something I taught my parents that might help the less technically minded: alphanumeric does not have to be gibberish. You can replace letters with symbols or numbers that look similar. E.g.: @ for A, 0 for O. You then substitute them in a 'normal' word, e.g. P@ssw0rd. More secure, but still memorable. – Ecogirl (Mar 4 2010 6:37 AM)



Be Sensible

  • If the offer seems to good to be true, it is too good to be true. You have not won a Brazilian Lottery you never entered, a Nigerian prince is not in desperate need of your help, Bill Gates will not send you $1000 if you forward it to 50 friends, and Blizz has not picked you for an ultra-exclusive beta.
  • In-Game whispers: Blizzard is a big company. Big companies do not /w people in-game under the name 'qwertyuiop' to tell them their account has been compromised or suspended, that they've won a prize or beta key. They have your email address, and will use that instead.
  • E-mails: again, Blizz is a big company. They won't be using hotmail/gmail/yahoo accounts to write to you regarding official business. They don't magically send stuff to an address not associated with your account. If the sender address looks correct and is sent to right inbox - use your bookmarks and navigate to the page mentioned. Don't click on the link in the e-mail.



Dont share your account or give out your pasword to Freinds >_< One of my freinds hacked my other freinds acount Fail.


This answer did nothing to extend past answers that were posted months ago. – Spazmoosifer (Jul 30 2010 2:32 PM)


Particularly this answer -- http://epicadvice.com/questions/5055/how-do-i-keep-my-world-of-warcraft-account-safe-and-secure-from-keyloggers-troja/5059#5059 -- You should upvote / comment it instead of posting. – ♦♦gnarf (Aug 3 2010 7:05 PM)

EpicAdvice.com Sponsors