Please support Game Informer. Print magazine subscriptions are less than $2 per issue

X

PSA: Why You Shouldn't Choose Joke Answers For Security Questions

by Jeff Marchiafava on May 02, 2014 at 12:58 PM

After hearing my fellow editors gush over Hearthstone recently, I finally decided to check out Blizzard's free-to-play CCG the other night. An hour of trying to figure out my login information and an embarrassing chat with a Blizzard support rep later, I still hadn't played the game – but I did learn a valuable life lesson.

I was sincerely looking forward to trying out Hearthstone, but my evening was quickly railroaded by the absurd security precautions of Blizzard's Battle.net service. If gaming services were movie character stereotypes, Battle.net would be the tinfoil-hat-wearing conspiracy theorist that makes the audience chuckle and think, "nobody's that paranoid." Only Battle.net is that paranoid, and not nearly as funny.

I tried to log into my Battle.net account like I do all of my online accounts – by randomly guessing at my username and password half a dozen times before stumbling upon the right combination. Eventually, I figured it out – time to play, right?

Apparently, knowing your username and password (albeit with a few wrong guesses) isn't enough for Battle.net; before starting Hearthstone, it also wanted me to verify that it was really me by answering a security question: What was your childhood nickname?

Only I didn't have a childhood nickname. After trying a couple variations of my name (Jeffro? Jeffy? Jeff?), I looked for an option to answer a different security question, but my nonexistent childhood nickname was the only option. Why the hell would I choose that security question?

After a few more failed tries (including several variations of "Hangtime"), I clicked the link to verify my Battle.net account using another method. The only other option was to input the product key from a physical copy of a Blizzard game tied to my Battle.net account. This also proved to be a problem – the only thing I've ever used my account for before was to play an hour of the free-to-play version of Diablo III. Clearly, you can see why my account would be a top priority for hackers...

The final option at my disposal was to reset my password – it didn't seem like it would be of much help since I knew my existing password, but I was desperate. No luck – I was once again prompted with my security question. Battle.net was obsessed with finding out my childhood nickname.

After 30 minutes of guessing and Yosemite Sam-esque obscenity muttering, Battle.net informed me that my account had been completely locked down. It was time to exercise the nuclear option: online chat support.

Blizzard's support chat is themed like you're speaking to a character from one of the company's games, complete with sound effects and a cartoony avatar of the person you're talking to. The person helping me looked like a cat wearing goggles, and the name suggested I was talking to a woman, which would make the ensuing conversation all the more embarrassing. Below is the transcript of the chat; I have omitted the Blizzard rep's name, as she may or may not have bent a few rules while helping me out.

  • Info: Welcome to live chat with Blizzard Support! A representative will be with you shortly.
    Current average wait time is approximately 16 minutes and 0 seconds.
    Info: A representative will be with you shortly.  Thank you for your patience.
    Info: A representative will be with you shortly.  Thank you for your patience.
    Info: A representative will be with you shortly.  Thank you for your patience.
    Info: A representative will be with you shortly.  Thank you for your patience.
    Info: A representative will be with you shortly.  Thank you for your patience.
    Info: A representative will be with you shortly.  Thank you for your patience.
    Info: You have been connected with [Blizzard Rep].
    [Blizzard Rep]: Hello there, I am Game Master [Blizzard Rep]! Please grant me a few moments while I look over your ticket information.
    you: Thanks.
    [Blizzard Rep]: Do you still have access to the email account registered?
    you: Yep!
    you: I have my account and password too, I just can't remember my answer to the security question.
    [Blizzard Rep]: Okay, sweet that makes this super easy!
    [Blizzard Rep]: Go ahead and try to login for me.
    you: That worked!

The support rep wasn't lying – unlocking the account was super easy, and ironically didn't require any other security measures. Apparently, hackers just aren't willing to wait 20 minutes to ask tech support to unlock the account. However, we hadn't solved the underlying problem – without knowing my security answer, this would all happen again next week when I inevitably have to re-guess my re-forgotten password.

  • you: Is it possible to change my security answer?
    [Blizzard Rep]: awesome! We don't actually change those as they are primary forms of verification so if they were changeable people that were compromised would have a much harder time recovering their account.
    [Blizzard Rep]: We can reveal the answer if you submit a picture of government issued photo ID.
    [Blizzard Rep]: You can also add sms protect and then you wouldn't need the sqa to unlock the account.
    you: Does the SMS just send a text message to my phone?
    [Blizzard Rep]: Yep and then you would use the code it sends you to unlock the account in the future should it get locked like this again.
    you: Okay, can I sign up for that now?
    [Blizzard Rep]: Certainly! what is your cell phone number?:)
    you: *****.
    [Blizzard Rep]: Great, you are about to get a code. I'll need that from ya. :)
    you: It's ******. :)
    [Blizzard Rep]: Perfect, it's all set up now! You will also receive a text if any changes are being requested on your account. 

If I was smart, I would've stopped while I was ahead. Then again, if I was smart, I wouldn't have picked a security question that doesn't have an answer, then make up a fictitious answer and immediately forget it. I was determined to fix all of my Battle.net problems in one fell swoop.

  • you: Awesome. And where would I send a copy of my driver's license if I do want to change my security question in the future?
    [Blizzard Rep]: Well we don't change them, but we can reveal them to you with ID. If you have time right now, you can submit it in this chat and I can tell you the answer. :D
    you: Sure, just give me a sec please.
    [Blizzard Rep]: No problem!

Note how the rep said that they don't actually change security answers...After snapping a few pics, I had a decent shot of my ID.

  • you: Okay, I have the picture. Is there a way to attach it?
    [Blizzard Rep]: Yep, one sec I'll open the dark portal !
    you: Did that upload?
    [Blizzard Rep]: Yep!!
    [Blizzard Rep]: What was your childhood nickname?
    [Blizzard Rep]: Boner
    [Blizzard Rep]: ^ that's the answer >,<

Boner, eh? Was I going for an obscure reference to Mike Seaver's best friend in Growing Pains? Or just being an idiot? I think we both know the answer to that one... Thankfully, the support rep took pity on me.

  • you: Ha, well that's embarrassing. >_<
    [Blizzard Rep]: I've seen much worse.
    you: I suppose I can't change that?
    [Blizzard Rep]: I'll change that for you only because that's awkward if you have to call us on the phone haha
    [Blizzard Rep]: Go ahead and login and press account.
    you: Ha ha, thanks!
    you: Oh thank God, I've changed it. I swear that really wasn't my childhood nickname. :P
    [Blizzard Rep]: ahhaha I was going to say people must not have liked you back then!!!
    [Blizzard Rep]: >,<
    [Blizzard Rep]: While I'm here is there anything else I can help you with today ? :)
    you: Nope, that should do it. Thanks much!
    [Blizzard Rep]: No problem, have a great night!

After thinking about it some more, I vaguely recalled a conversation I had with our former PC editor, Adam Biessener, about how much I despise security questions – likely around the time I would've been testing the PC version of Diablo III for my review of the console versions. I'm guessing that conversation ended with me deciding that a stupid answer would be hilarious, assuming I wouldn't forget it one day...

So there you have it, kids: If you're going to pick a crank response for an online password or security question, at least be smart enough to write it down – it may save you from an embarrassing conversation with a stranger one day.

 

Thanks for reading.

I’d like to ask you to support Game Informer’s continued coverage of games with a subscription. For less than two dollars per issue, we mail you a full year of 10 print magazines, each with cover stories and preview features filled with exclusive details about the most exciting upcoming games. We profile and interview game creators. We look back on the rich history of gaming, and we celebrate what’s next.

Here on the website, we offer much of our content for free, including game reviews, daily news, videos, event coverage, and more – all with minimal ads.

We do so with a small editorial team, alongside contributing paid writers from around the world – over 65 individuals from 9 countries around the world, just in the last couple of years.

It’s not possible without support.

In a time when game makers and games coverage have faced hard struggles and layoffs, the future of this 30+ year magazine and community is at risk. Our new standalone magazine subscription is the number one way you can keep us alive – and we believe you’ll get a pretty fantastic gaming magazine in your mailbox every few weeks for your trouble.

Thank you.

Game Informer Editor-In-Chief Matt Miller
Subscribe to the print magazine

Popular Content