Blizzard’s Battle.Net Password: NOT Case-sensitive
I was checking my twitter feed last week and I read from Mikko Hypponen (F-Secure) feed some interesting story about Blizzard and Diablo 3 password security.
The link points to Battle.net forum discussion about Diablo 3 password being not case sensitive. It was a good read and I was intrigued by the reply of the Blizzard QA. And so what would I do next? What else but to try it out too…
password1234 => OK
PASSword1234 => OK
PassWORD1234 => OK
PaSsWoRd1234 => OK
Sad but true! Yes, Blizzard’s Battle.Net passwords are NOT Case-sensitive. And after X number of years, it just that day I’ve known about it
The Battle.net forum post has some interesting discussion. I’m really amazed on how the Blizzard dude replied to the issue and his/her explanation (I agree its worthy of the Post/Reply of the Year). Good #gaming and #security read too on the technical details on the combinations (and how hard to hack them), the use of the authenticator and other related stuff.
I guess this will really boil down into striking a balance between a lot of factors including security and user experience.
Read the full Battle.net forum discussion
I don’t had much experience with other MMORPG/online gaming password systems, but do you know if they have the same issue too?
Feel free to share your feedback and comment below.