|
Hey there TL'ers,
As I was logging on to play teams last night, my friends told me that he was able to log into SC2 with caps lock on. Only his password contained a mix of lower/uppercase letters. Not believing this I tried it for myself, and then checked on Battle.net and lo and behold it seems that Blizzard does not utilize case detection (I don't know what else to call it ><) for passwords.
Considering neither of us were aware of it, I'd well imagine that some of you reading this weren't aware too, and I was quite shocked myself. I can't imagine why they wouldn't implement this when so many other free sites/games (yahoo, google, LoL even) detect letter cases in passwords. I realize this may not be the best time for this thread as NA can't access BNet at the moment, but being as my password is a mix of lower/uppercase letters and numbers, I'm positive that this is the case.
My main point besides getting people aware of this would be for some reactions of people who either did or did not know about this, or if you even think it's a big deal.
TL:DR: Blizz doesn't have case sensitive password recognition on SC2 or BNet (cannot confirm on WoW)
I also searched for a thread like this and couldn't come up with any results, but if this is out of line feel free to close this.
|
It has been like this in WoW for years. Really poor in my opinion, especially given the huge amount of account hacks users (without authenticators) are seeing in that game.
And coupled with the fact that you use your email as your login.
|
Wow I had no idea.
That's pretty scary... something should be done. That's really not ideal for security at all and a weird omission.
|
um my passwords are case sensitive and I cant log in to wow or sc2 if they arent the exact l
*edit*
must be a recent change cause i swear it use to be case sensitive just logged into wow not capitalizing any letters.
|
Interesting, guess I can skip trying to be smart/safe  Rather silly to not utilize it, but there must be some reason behind it.
|
You also can log into WoW by typing your entire password in capslock.
|
Really poor programming by Blizzard. Who knows what other vulnerabilities exist within their system. Or maybe it was their plan all along to reveal a limited vulnerability to make money off of authenticators.
|
Didn't know.
I tried to log in a few months ago and got a message along the lines of "The way you log in changed" and my password did not work. I went and changed it using security questions, and added in caps letters... Guess it didn't help lol.
|
Has been in Battle.net for years.
If you're really worried about your account you have an authenticator or authenticator app anyway.
|
huh, maybe it automatically detects cap's in a password and ignores cap detection if its all the same. testing now.
Edit- forgot server is down.
|
On July 20 2011 01:59 vnlegend wrote:
Really poor programming by Blizzard. Who knows what other vulnerabilities exist within their system. Or maybe it was their plan all along to reveal a limited vulnerability to make money off of authenticators.
They don't make money on authenticators, they are sold at cost. And do you know how much Game Master time hacking takes up on WoW? It costs them a ridiculously large amount of money.
Stupid nonetheless.
|
Oh wow I didn't know about it, but as far as I know, their system detects caps lock when you want to change passwords.
For example, you can't change it from ASDasd to ASDasd, but you can change it from ASDasd to asdASD.
|
On July 20 2011 02:00 PassiveAce wrote:
huh, maybe it automatically detects cap's in a password and ignores cap detection if its all the same. testing now.
Edit- forgot server is down.
It ignores it. But really, just make your password longer or get an authendicator if you are worried about security
|
Well, if someone gets your password say through a keylogger which is the most common. It doesn't really matter anyway. I have a hard time seeing how making it read upper and lower cases different makes a difference in security. It's still symbols. Maybe someone can explain it too me,
|
At first glance, this seems like a terrible thing. Why would they ignore caps?! But think about it. Most hackings are done by snooping and not brute force cracking. At this point in time, you're more in danger if you use the same password everywhere than if your password ignores case.
|
wtf really... that's some major flaw there -_-
|
the lesson here is
dont play WoW
|
On July 20 2011 01:59 Qurid wrote:
You also can log into WoW by typing your entire password in capslock.
I LOVE TO SHOUT AT MY GAME, THEN IT'S SO SCARED THAT IT LOGS IN RIGHT AWAY!
(Get it? Because like, in caps you're shouting and.... yeah right.... I thought it was lame too...)
But yeah, I don't know if it's a recent change in sc2 or something, but I don't remember ever having to remove caps lock in order to log in sc2(but it's not like I'm using caps lock often either!)
and also :
On July 20 2011 01:59 Glowbox wrote:
Has been in Battle.net for years.
If you're really worried about your account you have an authenticator or authenticator app anyway.
Best 5$ investment of my gamer life.
|
On July 20 2011 01:58 Sky0 wrote:
um my passwords are case sensitive and I cant log in to wow or sc2 if they arent the exact l
*edit*
must be a recent change cause i swear it use to be case sensitive just logged into wow not capitalizing any letters.
Same here. Just tried both on EU SC2 site and also in-game, and it wasn't case-sensitive :-/
But I, too, can remmember that it didn't let me log into game becouse I forgot to upper-case some letters in my password.
Weird.
|
I don't really think this is as big of a deal as people are making it out to be. People tend to panic a bit when they feel like they or their property is at risk, and rightfully so. However, the vast majority of the time people get their accounts stolen is due to some sort of keylogging malware, in which case the a case sensitive password system would not matter, because your hacker would know anyway. The only thing I can see it being good for is if somebody is trying to guess your password or something like that. Case sensitive passwords make that a million times harder I would imagine, as you'd have to guess the password and the patter of lowercase/uppercase.
So overall, yes I think it is bad and there is no reason not to have case sensitive passwords for that little bit of extra security, but in reality I don't really think it is that big of a deal. I'm not going to worry about it personally 
|
|
|
|
|
|
EPT
