Securing a Battle.net account
In this guide we'll go step by step on how to check and secure a purchased Battle.net account.
This guide is applicable to the following game accounts: World of Warcraft, WoW Classic, Overwatch, Diablo 2 and 3, Heroes of The Storm, Hearthstone, Starcraft 2.
When buying a Battle.net account, you need the following information from the seller:
- Account username (email)
- Account password
- There must not be phone number or authenticator linked
- Access to the email account or being able to receive a code from the email at least once
Then you need to do the following:
- Change the email
- Change the password
- Change the secret answer if set
- Make sure that there's no phone number or authenticator added
- Terminate sessions
- Unlink accounts
- Revoke access from apps
- Remove saved payment methods
Below is a step by step tutorial with images, on how to easily do all of that.
Secret answer is deprecated as of mid-2022. It's still there, but it's not being used for anything as far as I'm aware. It's probably still a good piece of information to have, in case support ever asks for it to check account ownership.
Step 1:
Before getting the login information, tell the seller to remove the phone number or authenticator if one is present on the account.
- To remove a phone, they'll need a code sent via SMS to the current phone number. To remove the authenticator, they'll need to input a code provided by it. So to remove either, they'll need to have access to them. If they don't, they'll have to contact support to get them removed manually.
The info that you'll receive from the seller will be an email, a password, the secret answer (optional) and/or password to the email.
Step 2:
Go to eu.battle.net or us.battle.net and log in to the account using the provided email and password.
It will ask for a security check, where you need to receive a code from the email.
As of 2022, the secret answer is no longer offered as an option to pass the security check. You need to have access to the email.
Step 3:
Once you're logged in, open the account overview page (https://account.blizzard.com/).
On the left, click on the "Account Details" tab. Here, you can modify the email of the account by clicking on the "Update" button on the right.
It will just ask you to type in a new email and once you click save, the email will be changed.
The email will be marked as "Unverified" and you'll receive a message with a verification link which you can click to make it verified.
Verifying the email is optional and there's no downside to keeping the email in the unverified state. The account will work the same.
On the same page, check the "Phone number" section to make sure that no phone is added. If there's no phone, there should just be a blue "Add Phone Number" link.
Step 4:
Click on the Security tab on the left.
- Change the password by clicking on the Update button on the right. It will ask you to type in and confirm a new password, as well as to provide the old. After clicking on Save the password is changed.
- Make sure the the blizzard authenticator status is "Inactive".
- If the secret answer is set, click on update. You'll be presented a set of 6 questions and will be asked for an answer to the one you choose. If the answer is not set, you can just leave it like that. Setting a secret answer is permanent and there's no way to remove it once set. It can only be changed. If it's not set I suggest you keep it like that.
- Click on the "Log out from all devices" button. This will terminate all existing sessions, both for the games and for the account management.
Step 5:
Click on the "Connections" tab on the left.
Connected accounts allow you to log in to the bnet account without knowing the username or password. They provide full access to the account and are basically a backdoor to the account. You must remove all those links for your account to be secured.
- Disconnect all connected accounts by clicking on the "Disconnect" button next to each one that's linked.
- You can also revoke access to applications, by clicking on the "Remove" button next to each. Applications usually don't have any access to the account, but you can remove them for the sake of just cleaning up the account.
Step 6:
Click on the "Payment methods" tab on the left.
Any saved paypal accounts and credit cards will be listed here. You should remove all of them by clicking on the remove button next to each.
You have now successfully taken full control of the account.
Last edited by a moderator: