Not totally true (I don't have the numbers though >.>. But just from what people have said). In FFXI (not sure about WoW), most accounts were lost by visiting well known FFXI sites like ffxiah, ffxi wiki (from wikia), somepage, atlus, or even your linkshell(clan/guild)'s site (yes drama happens, someone who has access to the site loads it up with all the malware they can find). Seeing as how the WoW Wiki used to be hosted on wikia, I wouldn't be surprised if the wiki hosted bad ads occasionally too.

Sometimes this even happened with noscript and adblock plus users too (noscript needs to be set to block all things including iframes and be set to block it on trusted sites too).

Main reason is most of those sites need revenue from ads and some bad ads slip by (also sometimes the site owner leaves or is lazy and site ends up being compromised without anyone fixing it and without users who checked it before knowing).

Finally authenticators aren't full proof either. Some malware redirect, replace, or infect playonlineviewer.exe (for example) to something else. It brings the usual (really spoofed) pop up screen, asks for the one time password and password.

User enters it, it doesn't work. They find out that their authenticator has been disabled and password changed (this can happen by using the one time password the user entered and entering it on the site with the password then disabling the authenticator which is possible with SE, not sure about Blizzard).

Yes so even two step authentication is not completely safe (but it is still much safer).

Anyway as for is cap locks safer? Yes. Now in cases where its stranger vs stranger, account hackings usually happen with the full password given (social engineering, keylogger, etc).

But not all account lost are due to that. Maybe it's a PC bang or public place (where some may be able to sneak and look at what you're typing), or someone you know IRL, etc.

Having caps lock would reduce the risk of passwords stolen in that case (even though it's already small since it's already hard, it'd make it harder at least).

Anyway I think someone should bring this up on the battle.net forums (the caps thing) so they can read it.

UnitedKronos

139 Posts

July 21 2011 00:17 GMT

#103

What the heck blizzard, my password seems easy enough as it is.....

Wr3k

Canada2533 Posts

July 21 2011 00:23 GMT

#104

They probably figure that it will result in less overall hassle for them since the number of people who are getting locked out of their bnet account will go through the roof if its case sensitive. If you have a good password its still going to take someone a ridiculously long time to brute force it even without case sensitivity (if its good they can't dictionary it).

Barbiero

Brazil5259 Posts

July 21 2011 00:23 GMT

#105

Well, the thing is...

a) if you really want a well protected password, you'd have to use upper case, down case, numbers and symbols.
b) efficient hacking methods won't really care about uppercase or not
c) If you REALLY want to protect your account, use an authenticator.

Either way, it isn't such a big deal.

blagoonga123

United States2068 Posts

July 21 2011 00:33 GMT

#106

On July 21 2011 09:17 UnitedKronos wrote:
What the heck blizzard, my password seems easy enough as it is.....

lol well that's not really blizzard's fault

.Aar

2177 Posts

July 21 2011 00:39 GMT

#107

Didn't realize how many conspiracy theorists we had on TL until I read this thread.

Blizzard making it easier for you to get hacked so people will get authenticators? lol
Blizzard loses a ton of time and money because of hacking, and their Game Masters are legendary for how efficiently they handle your case in the event of a compromised account (if you scoff at this, you have never played another online game).
Furthermore, if someone gets your password through keylogging, whether your letters were capped or not has near zero significance.

It's funny to see cryptoanalasys/bruteforcing brought up in this thread. Unless you're Destiny or BoxeR, you have no reason to worry about the safety of your account.

On July 21 2011 05:14 Aberu wrote:
Case sensitivity is not some integral aspect to internet security, if your password has a decent amount of numbers and a word that isn't predictable, along with having an authenticator, it should never get hacked, and if it still does, then YOU did something wrong.

Quoted twice in case you skip over it the first time.

Sadistx

Zimbabwe5568 Posts

July 21 2011 00:42 GMT

#108

At least they don't store our passwords in a text file. Right? RIIIIIIIGHT?

dar0za

Canada74 Posts

July 21 2011 00:45 GMT

#109

who the hell cares? it's been ages since i took a data management/probability class so i won't bother trying to prove it, but i have a good feeling that removing 26 possible characters doesn't put a dent in the total permutations of passwords available for you to choose.

Phaded

Australia579 Posts

July 21 2011 01:01 GMT

#110

capitalization is not a big deal when the majority of password leaks are due to
a) User visiting phishing website, and giving up the full password
b) User having a keylogger, and program logs the full password

The only time capitalization ever matters is
i) Blizzard has their user database leaked, making it quicker to brute force your weaker password
ii) Someone looks over your shoulder and guesses your password and can see that you don't press the shift key so they don't need to worry about that.

Thankfully i) has never happened, and if ii) happened then you deserve it for either typing too slow or having a guessable password