likot
Friend
- Joined
- May 10, 2009
- Messages
- 65
- Points
- 6
- Main Character
- Chestha
Massively multiplayer online (MMO) games are big business, and not just for the game companies. Fueled by an often underground market, people spend real-world money to purchase in-game advantages, even though many of the MMOs explicitly ban this practice in their terms of service. The problem here? Where real money is exchanged, fraud and theft often follow.
Why would people spend hard-earned cash on virtual goods that they can't even remove from the game? The thing about MMOs is that in order to have powerful characters and get involved in the most interesting content, you have to put in a ton of time to level your characters, build their skills, and gain access to the best gear.
Not everyone has that kind of time to spare. The most innocent, perhaps, of those who profit off of people who catch up by paying real-world cash are the Gold Farmers. Known mostly for their obnoxious habit of loudly advertising their services no matter how inappropriate the method, many gold farmers today are full-time employees in developing countries who spend their days earning gold and objects inside the game that can then be sold with real money to regular players. You can even purchase characters that have been leveled for you, so you don't have to spend the time doing so yourself.
However, another way to gather gold, gear, and characters with months of playing time invested is to steal them, and then sell the items and gold to other players. Account hacking is so rampant in popular MMOs like World of Warcraft that the company behind the game, Blizzard, has actually set up a portal page for educating players on how to protect themselves.
One of the keys to protecting your World of Warcraft account is the Authenticator. You can purchase a physical keychain version or download mobile versions for your iPhone, your Android phone, and more. The security issue has become so serious that Blizzard no longer charges for shipping these devices.
Once you have your authenticator, you log into Battle.net, the central account Website for Blizzard, and tell it that you want to associate the device (or software) with your account. You're asked to use the authenticator to generate a code (which just involves pressing a button) and enter that code into a form. From then on, you can only log into your online Blizzard games if you first enter your password and then generate a code with your authenticator. Every time the code is different, so a keylogger won't do an attacker any good.
Seeing this level of security available to protect my virtual goods and hard work, I really have to wonder why even more valuable real-world accounts don't come with something similar. Why am I not using some form of authenticator to add an extra level of security to my online banking, for example? Or anything that involves storing my credit card or bank account information for easy access (like PayPal).
Mind you, I don't want to have to carry a huge clanking key-ring of physical authenticators. It seems to me that if someone took this concept and launched a service that allowed organizations to configure their sites to all access the same authenticator (let's say, it could centrally map a single keychain authenticator to my accounts for Web banking, PayPal, 401k, and member e-commerce sites) then the potential for account breaches might be reduced.
Of course, this idea also brings with it a new single point of failure, cause for technical support calls, and other issues. But it feels plain wrong that an account I use for online games has more elaborate security measures available than those for my bank.
source: http://www.internetevolution.com/author.asp?section_id=990&doc_id=193949