The Myths of Account Sharing

The issue of account sharing has always bothered me, for several reasons:

When I find out that someone in my guild is account sharing, I typically confront them about it.  The excuses that I hear back from people are usually amusing, but not once have they been legitimate.  Here, I attempt to dispell some of the common myths and excuses about account sharing.

**Myth #1: Family Members and Friends

Myth #2: Significant Others

“My girlfriend just logs on to farm with my warrior while she’s at home during the day”

This is similar to Myth #1 (in that your significant other may or may not be as wise in the ways of security as you), but has added peril that if the real-life relationship falls apart, damage can be done to your reputation or to your guild if you have access.

When emotions run high, people can do hateful, damaging things to each other.  I’ve sadly been on both sides of that in my life.  If my S.O. played WoW, would I have used that as a way to get back at her for cheating on me?  Probably not, but I doubt everyone could say the same.  If one of the members of the relationship have elevated guild privileges (promote/demote or guild bank access), a fight between two people can have an impact on tens or hundreds of other people.

I’ve experienced this one directly.  I can’t say whether anything ever happened due to that officer sharing account info with his girlfriend, but he is no longer in the guild, which now stands at 32 members rather than the 140+ it had when I first applied to it.

Myth #3: Guild Masters and Officers

“But the officers have to have the guild master’s account info in case something happens to him”

Another excuse I see frequently is that a GM has to give his account info to the officers for emergency situations, and that there is no other way to run a guild.  Bollocks.

Typically what’s happened is that the GM is so untrusting of the officers that he locks down their permissions – limiting guild bank item and gold withdrawls so that all valuable tranactions have to go through him.  But what’s the point of doing so if you just share account info anyway, allowing someone to bypass all of the controls?

Any account sharing that results in one of the parties gaining increased access to guild bank contents is incredibly stupid.  If I found out that it was happening in a guild that I was just a member in, I’d probably quit on the spot.  Is this extreme?  I don’t think so.  Just recently I came across this post on a WoW forum (I’m not linking to the post because the poster’s character is linked to it and it could lead back to the GM in question):

What can be done when over the period of months your guild master has become more and more vulgar and abusive towards guild members? So much so that they’re all unhappy with him. Such that long-standing core raiders have begun thinking of finding new guilds.

Despite repeated attempts to address the issues directly with our GM, he continues to offend everyone. Maybe something happened IRL that changed him, or maybe he’s been unmasked as a tyrant–but these points are all irrelevant. He’s doing real damage to the guild and he can’t be stopped through discussion.

I guess what this thread is truly about isn’t “what to do”, so much as “how to do it”. How does one stage a coup to overthrow the GM and cause as little harm to members as possible? Is it right to log on the GM’s character and snatch the guild master position for a more respected leader? What harm will come from that? What will guild members think? Is it simply a bad idea?

Wow.  I’m not going to defend this GM’s alleged behaviour, but it’s scary that:

  1. account sharing is going on in this guild
  2. people will admit as such on a public forum
  3. an officers is thinking of hijacking the guild using said account info (which would pretty much get you an instant ban once reported, I’m sure)
  4. they honestly aren’t sure if such use of another person’s account info is a bad idea or not

Simply put, if the GM set up permissions properly, there would be no need to share account info.  This means happier offers and members, and hopefully less risk of mutiny (though the description of the GM’s behaviour above, if true, has created an entirely different set of problems).

This means that you have to allow officers to be able to remove items from all guild bank tabs, and to withdraw a reasonable amount of money from the guild bank.  If you choose to have officers, you need to put your trust in them.  You may need to be a little more vigilant in checking the logs regularly (you can do this via the web if needed) to see if an officer is abusing things, but this is  a small price to pay compared to the potential damage someone can do with your account info in hand.

Set up your guild permissions fairly, and this problem goes away.  If you have trust issues, make sure that those with extra permissions know that they’re being watched.  Just don’t share your account info!

The Authenticator

Last year, Blizzard introduced the authenticator, which uses the same technology as corporations use to secure their network for employees who travel.  Due to the nature of the technology, once you associate an authenticator to your account, it is virtually impossible for someone to hack into your account.

The code on the authenticator changes every 30 seconds.  Once it has been used, it cannot be used a second time for that account.  The code is 6 digits long on the physical keyring device and 8 digits long on the version for the iPhone/iPod touch (and hopefully other devices in the future).  It takes about 2 seconds for someone to attempt to log into a WoW account.  While performing a brute force attack where you just try random numbers and hope is possible, you’d get maybe 15 attempts to guess the correct number out of one or one hundred million possibilities.  If you have a username and password you can tell that someone has the authenticator (because of the new popup that you get), but there’s no way to tell which type of authenticator they are using (both say “Battle.Net Mobile Authenticator”).

The biggest benefit of the authenticator is that it bring true two-factor authentication to WoW.  Two-factor authentication is when you need to have something physically in your possession as well as something that you know in order to get access to something.  When you use a cashpoint, you need your bank card and your PIN.  You can’t just stroll up and punch in the numbers that are embossed on your bank card – if you did, then anyone who was able to observe your card at some point, then subsequently observe you entering your PIN could drain your account.

You don’t swipe the authenticator through a reader on your local PC, but the method of using it basically requires that you have it with you.  Even if someone learned your password via a keylogger, so long as you had the authenticator with you, the password would be useless, either to a friend or a hacker.

Case in point: take a look at this article on  The schmuck who got taken was stupid in oh-so-many-ways thinking that he could buy a spectral tiger for 5000g in-game, but if he had been using an authenticator, the hacker wouldn’t have gotten into his account.

At the end of the day, it comes down to this: when you signed up to play WoW, you agreed to not share your account info.  If you can’t keep your end of the bargain with Blizzard, why should I trust you to keep any agreement you make with me?