Easier to have your account hacked?

#0 - Nov. 10, 2010, 7:51 p.m.

Hi! I totally understand that you guys want to make our accounts more secure and I'm very greatful.. BUT here is my concern!

I tried to log into my account from a starbucks (I do this on a regular basis, maybe 2-3 times a week.. it might even be a different one each time).

I was immediately informed that I had to check my email address for more information on unlocking my account due to it being locked because of suspicious activity.

I was required to change my password on my account via a link in my email. When I clicked this link, I was redirected to https://us.battle.net/account/support/password-reset-confirm.xml?ticket=XXXXXX (with the XXs being the ticket number?).

There are two boxes there, one that tells me to type in a new password and another that said to confirm my new password by typing it again. When I typed them in, my password was immediately changed.

This new thing you have going totally bypasses every security that you already have in place.. I was not asked for my old password and I was not asked for my authenticator.

So if my account really was being hacked or whatever... most likely they also have my email address and they can just change my password like that?

Roraks

#2 - Nov. 10, 2010, 8:06 p.m.

Q u o t e:

- This new thing you have going totally bypasses every security that you already have in place.. I was not asked for my old password and I was not asked for my authenticator.

-So if my account really was being hacked or whatever... most likely they also have my email address and they can just change my password like that?

Understood, Tonirae, however keep in mind of the following.

1. The old password is not required.

In a case where an account is compromised and the password has been changed by them, the legit account holder would have no way of knowing what the "old" password is and thus not being able to recover the account themselves.

2. E-mail is compromised and password is changed.

If the account has an authenticator a password change cannot be done via the account management page. A password reset would only be possible if it was recovered using the "I forgot my password" feature and they have access to your e-mail. In this case the password can be changed as many times as they like, however they will still be prompted for an authenticator code when logging in to the game.

This is one of the reasons why we recommend not using the same or similar password for both your battle.net account and personal e-mail.

Secure Your Email Address:http://us.blizzard.com/support/article/30806