Swizec Teller - a geek with a hatswizec.com

    A tale about always-on DRM and web security

    Diablo characters (I'm the guy with the shield)

    Two days ago I was at a friend's place and wanted to show her what Diablo 3 looks like. She shows me minecraft, I show her Diablo. Everyone's happy.

    But nope.

    I run Diablo, I mash in my password because of course you have to log in to play a game with yourself. What could possibly be more natural ... but okay, maybe I don't want my cat to mess with my characters and Blizzard doesn't want me stealing their game. Fair enough.

    "Oh hai thar! We noticed some suspicious activity on your account so we decided you have to verify you're you via Battle.net. Here's a link to get you going"

    Really? All I did was try to login from a different IP. I'm at a friend's place damn it, this is a laptop, what if I wanted to play in a coffee shop or on a plane or a pterodactyl?

    Sigh, fine ... I click the link expecting I'll just have to login on Battle.net so they can confirm I also know how to login with a browser and supposedly am not hacking.

    Tap tap tap.

    "So, you want to give us some digits of a physical copy of a game even though the only game associated with your account is a digital-only copy of Diablo? Or do you want to try answering your secret question?"

    Well crap, this isn't just about logging in. I have just been forced to reset my password via a security question just because I tried to play a game at a friend's place!

    I try once. I try twice. I try three times. Nothing.

    This can happen when you choose random security questions and don't always answer truthfully because, you know, social engineering. Usually I just mash my hand over the keyboard.

    "You have made too many attempts! Your account is now locked! Contact support."

    Oh okay! Right. I'm using the wrong account! I used _swizec@swizec.com_ for the Diablo3 beta, then was unable to recover it when I wanted the full game. The real account is swizec+battle@swizec.com

    Let's try again.

    A few attempts later ... OH! The security question is different on this account. Fuck me.

    Yay, I'm in!

    After two round-trips via email, countless attempts at answering the security question, numerous fiddles with the password to get them all matching and fitting the security rules I am finally in.

    That's it. No Hey thanks, no, You can go game now, just a cold account dashboard.

    Close tab. Run game. Log in.

    "Your password is incorrect"

    Oh for fuck's sake! I mistyped my password ... twice ... consistently enough that they matched.

    Diablo massacre

    Sigh, now how do I change my password?

    "Okay, just give us your old password and you can change it"

    But I don't know the old password!

    Log out. Reset password. "You have made too many attempts! Your account is locked! Contact support.__"

    Oh fuck me. Fine. I will contact support because this is getting silly and I am fed up with you mr. Battle.net!

    Clicky clicky through tens of questions trying to divert me from contacting a real person and making me solve my own problems. I battle it through like a champ and finally reach three options: Submit ticket, live chat, phone call.

    Live chat and phone call are currently offline. Well okay, it is midnight and you are the European Blizzard support people so you're probably sleeping. Fine.

    I click Submit ticket.

    "Please login to your Battle.net account to submit tickets"


    I threw the computer out the window and cried myself to sleep.

    Ok, in reality I carefully put the computer away after slamming it shut ever so gently, it's new you know, and watched a movie or something with my friend. Screw Diablo.

    Next day I got home and unlocked my account without a fuss. No hint of too many attempts, no complaints about suspicious activity. Nothing. Just worked.

    I'm confused. Yesterday my account was hacked and Terrible Things (tm) were going on, today everything is fine and you don't even warn me that a crazy amount of stupid was happening last night? Right ...

    Enhanced by Zemanta

    Did you enjoy this article?

    Published on March 28th, 2013 in Uncategorized

    Learned something new?
    Want to become an expert?

    Here's how it works 👇

    Leave your email and I'll send you thoughtfully written emails every week about React, JavaScript, and your career. Lessons learned over 20 years in the industry working with companies ranging from tiny startups to Fortune5 behemoths.

    Join Swizec's Newsletter

    And get thoughtful letters 💌 on mindsets, tactics, and technical skills for your career. Real lessons from building production software. No bullshit.

    "Man, love your simple writing! Yours is the only newsletter I open and only blog that I give a fuck to read & scroll till the end. And wow always take away lessons with me. Inspiring! And very relatable. 👌"

    ~ Ashish Kumar

    Join over 14,000 engineers just like you already improving their careers with my letters, workshops, courses, and talks. ✌️

    Have a burning question that you think I can answer? I don't have all of the answers, but I have some! Hit me up on twitter or book a 30min ama for in-depth help.

    Ready to Stop copy pasting D3 examples and create data visualizations of your own?  Learn how to build scalable dataviz components your whole team can understand with React for Data Visualization

    Curious about Serverless and the modern backend? Check out Serverless Handbook, modern backend for the frontend engineer.

    Ready to learn how it all fits together and build a modern webapp from scratch? Learn how to launch a webapp and make your first 💰 on the side with ServerlessReact.Dev

    Want to brush up on your modern JavaScript syntax? Check out my interactive cheatsheet: es6cheatsheet.com

    By the way, just in case no one has told you it yet today: I love and appreciate you for who you are ❤️

    Created bySwizecwith ❤️