Swizec Teller - a geek with a hatswizec.com

Senior Mindset Book

Get promoted, earn a bigger salary, work for top companies

Senior Engineer Mindset cover
Learn more

    A tale about always-on DRM and web security

    Diablo characters (I'm the guy with the shield)

    Two days ago I was at a friend's place and wanted to show her what Diablo 3 looks like. She shows me minecraft, I show her Diablo. Everyone's happy.

    But nope.

    I run Diablo, I mash in my password because of course you have to log in to play a game with yourself. What could possibly be more natural ... but okay, maybe I don't want my cat to mess with my characters and Blizzard doesn't want me stealing their game. Fair enough.

    "Oh hai thar! We noticed some suspicious activity on your account so we decided you have to verify you're you via Battle.net. Here's a link to get you going"

    Really? All I did was try to login from a different IP. I'm at a friend's place damn it, this is a laptop, what if I wanted to play in a coffee shop or on a plane or a pterodactyl?

    Sigh, fine ... I click the link expecting I'll just have to login on Battle.net so they can confirm I also know how to login with a browser and supposedly am not hacking.

    Tap tap tap.

    "So, you want to give us some digits of a physical copy of a game even though the only game associated with your account is a digital-only copy of Diablo? Or do you want to try answering your secret question?"

    Well crap, this isn't just about logging in. I have just been forced to reset my password via a security question just because I tried to play a game at a friend's place!

    I try once. I try twice. I try three times. Nothing.

    This can happen when you choose random security questions and don't always answer truthfully because, you know, social engineering. Usually I just mash my hand over the keyboard.

    "You have made too many attempts! Your account is now locked! Contact support."

    Oh okay! Right. I'm using the wrong account! I used swizec@swizec.com for the Diablo3 beta, then was unable to recover it when I wanted the full game. The real account is swizec+battle@swizec.com

    Let's try again.

    A few attempts later ... OH! The security question is different on this account. Fuck me.

    Yay, I'm in!

    After two round-trips via email, countless attempts at answering the security question, numerous fiddles with the password to get them all matching and fitting the security rules I am finally in.

    That's it. No Hey thanks, no, You can go game now, just a cold account dashboard.

    Close tab. Run game. Log in.

    "Your password is incorrect"

    Oh for fuck's sake! I mistyped my password ... twice ... consistently enough that they matched.

    Diablo massacre

    Sigh, now how do I change my password?

    "Okay, just give us your old password and you can change it"

    But I don't know the old password!

    Log out. Reset password. "You have made too many attempts! Your account is locked! Contact support.__"

    Oh fuck me. Fine. I will contact support because this is getting silly and I am fed up with you mr. Battle.net!

    Clicky clicky through tens of questions trying to divert me from contacting a real person and making me solve my own problems. I battle it through like a champ and finally reach three options: Submit ticket, live chat, phone call.

    Live chat and phone call are currently offline. Well okay, it is midnight and you are the European Blizzard support people so you're probably sleeping. Fine.

    I click Submit ticket.

    "Please login to your Battle.net account to submit tickets"

    __ARGH!

    I threw the computer out the window and cried myself to sleep.

    Ok, in reality I carefully put the computer away after slamming it shut ever so gently, it's new you know, and watched a movie or something with my friend. Screw Diablo.

    Next day I got home and unlocked my account without a fuss. No hint of too many attempts, no complaints about suspicious activity. Nothing. Just worked.

    I'm confused. Yesterday my account was hacked and Terrible Things (tm) were going on, today everything is fine and you don't even warn me that a crazy amount of stupid was happening last night? Right ...

    Enhanced by Zemanta
    Published on March 28th, 2013 in Uncategorized

    Did you enjoy this article?

    Continue reading about A tale about always-on DRM and web security

    Semantically similar articles hand-picked by GPT-4

    Senior Mindset Book

    Get promoted, earn a bigger salary, work for top companies

    Learn more

    Have a burning question that you think I can answer? Hit me up on twitter and I'll do my best.

    Who am I and who do I help? I'm Swizec Teller and I turn coders into engineers with "Raw and honest from the heart!" writing. No bullshit. Real insights into the career and skills of a modern software engineer.

    Want to become a true senior engineer? Take ownership, have autonomy, and be a force multiplier on your team. The Senior Engineer Mindset ebook can help 👉 swizec.com/senior-mindset. These are the shifts in mindset that unlocked my career.

    Curious about Serverless and the modern backend? Check out Serverless Handbook, for frontend engineers 👉 ServerlessHandbook.dev

    Want to Stop copy pasting D3 examples and create data visualizations of your own? Learn how to build scalable dataviz React components your whole team can understand with React for Data Visualization

    Want to get my best emails on JavaScript, React, Serverless, Fullstack Web, or Indie Hacking? Check out swizec.com/collections

    Did someone amazing share this letter with you? Wonderful! You can sign up for my weekly letters for software engineers on their path to greatness, here: swizec.com/blog

    Want to brush up on your modern JavaScript syntax? Check out my interactive cheatsheet: es6cheatsheet.com

    By the way, just in case no one has told you it yet today: I love and appreciate you for who you are ❤️

    Created by Swizec with ❤️