I was checking my twitter feed last week and I read from Mikko Hypponen (F-Secure) feed some interesting story about Blizzard and Diablo 3 password security.
The link points to Battle.net forum discussion about Diablo 3 password being not case sensitive. It was a good read and I was intrigued by the reply of the Blizzard QA. And so what would I do next? What else but to try it out too…
password1234 => OK
PASSword1234 => OK
PassWORD1234 => OK
PaSsWoRd1234 => OK
Sad but true! Yes, Blizzard’s Battle.Net passwords are NOT Case-sensitive. And after X number of years, it just that day I’ve known about it 🙂
The Battle.net forum post has some interesting discussion. I’m really amazed on how the Blizzard dude replied to the issue and his/her explanation (I agree its worthy of the Post/Reply of the Year). Good #gaming and #security read too on the technical details on the combinations (and how hard to hack them), the use of the authenticator and other related stuff.
I guess this will really boil down into striking a balance between a lot of factors including security and user experience.
Read the full Battle.net forum discussion
I don’t had much experience with other MMORPG/online gaming password systems, but do you know if they have the same issue too?
Feel free to share your feedback and comment below.