I play World of Warcraft for a while this afternoon before I have to take a nap before work. I have fun, fall short of level 40 and my epic land mount...but meh. Still had fun. So 7pm comes and I toddle off to bed.
11pm comes and I get up and get dressed for work, gather up my laptop and drive to work.
Boring stuff. Check messages, do routine checks of a few things, pull up my IssueTrak (what has repair orders assigned to me) see nothing Earth shattering and so I sit down to dinner and check my e-mail.
Holy Fucking Ass Crackers! Four Hundred and Eighty-three (483) messages from World Of Warcraft each telling me that my account had been broken into and that I need to verify my settings.
Well I know that something is up as Blizzard wouldn't spam me like that and that I have a very secure password that is not likely to be broken into.
Just a bit of a background. To figure out the number of possibilities on say a six-sided die. It's the number of possible outcomes (in this case 6). So there is a 1-in-6 chance of a given number to come up. Now you add a die and you want to know how likely you are to roll a pair of sixes. That's the possible outcomes of one die times the possible outcomes of the second die. So that's 6x6=36 or a 1-in-36 chance of rolling Box Cars. The coveted triple sixes for Dungeons and Dragons stats has odds of 6x6x6=216 or a 1-in-216 chance of getting an 18.
So when you see that guy with three 18's on his character sheet, either he has loaded dice, made up the stats, or used one of the alternative stat generation tactics.
Now, my password contains numbers (10 possibilities numbering from 0-9), letters (26 possibilities ranging from a-z) and special characters (32 possibilities including but not limited to !@#$%^&*()_+ ,etc etc)
S0...68 possibilities per character. Now you have 14 characters and that's 45,198,578,652,761,700,000,000,000 possible passwords that I could be using. So I rather doubt that someone got into my Blizzard.net account and into my game considering that it would take a PC about a billion years to crack (assuming that it had to run the whole series. It might get lucky and hit it in about 500 million years).
I logged on to Battle.net (the proper way and not through the fake link that they gave me) and I checked out the account. Nothing out of the ordinary. But I did see that they have the Battle.net Authenticator and a version for free as an iPhone app. Gee! Lucky I got an iPhone recently ain't it? So I get that set up and now not only does someone have to try and figure out my password, they have to figure out the 8-digit code that changes every 30 seconds.
Hack me now butt fucker!
Happy and secure in my WoW password and the fact that my Night Elf with 7k in gold is safe I go back to gmail and check my mail.
Wait a minute. There is a red indicator that there was an access to my account from Korea. THAT explains all the messages. And checking the math...my password is only 11 years secure for a PC to crack. However if they have multiple PC's or some Server Class machines it could go even quicker. Sonovabitch!
So I put a password on my e-mail that should take even longer to hack. It's again 14 characters, but now I've mixed in Capital Letters to the mix. So that's 26 lower case letters, 26 upper case letters, 10 numbers AND 32 characters. 4,205,231,901,698,740,000,000,000,000 possibilities or 564 Billion years to figure me out.
To quote Mark Hamil in his Cameo in "Jay and Silent Bob Strike Back"
"Don't fuck with the Jedi Master, son."
