Over at WoW.com, there is a post about “Why Blizzard should make authenticators mandatory on Battle.net accounts” and it got me thinking about just how many online accounts the average gamer has.  Taking myself as a typical gamer; they might have two MMORPG accounts (one P2P and at least one one F2P), one Steam account, they probably have a paypal account, online banking, a couple of forums accounts, maybe something like a Bioware account that they use for playing NWN online, perhaps even a VPN login for work.

All of these will need passwords, so the average gamer would have one or two usernames (which will likely match the account name) and reuse the same couple of passwords for most of them.  They will probably choose simple passwords like their favourite sports team, wife’s name, kid’s name, some even use their character’s name, maybe drop the date or year of birth on if it asks for some numbers…

I keep literally dozens of passwords in my head to avoid this, using tricks like non-English words, nonsense-sounding strings of letters, etc. but I know that one key-logger could compromise all of these.  I could probably reclaim the accounts, but the hacker would likely have stripped off my characters’ gear to sell for gold, bought stuff using my credit card and, if I am really unlucky, downloaded a pre-release and DRM-free copy of the game we are developing at work.

Now a keyring authenticator for each of these would possibly be a bit irritating, but you get the idea; one extra security step on the critical ones would be a ten-second speed-bump at login and a major roadblock or even a dead-end to the hacker who only has my password.  Of course, not everyone needs one, since some people are bigger risks than others, but the only fair answer is a blanket requirement.

Suddenly, I think I agree with WoW.com - those authenicators should probably be mandatory, since you never know which clown with Guild Bank access got got scammed.  And it is not just Blizzard.  My internet banking uses one, so why not paypal?  If Battle.net has one, why not Steam?  It sounds like nannying, but we’ve all heard the old maxim; better safe than sorry.