Securing a Battle.net account
In this guide we'll go step by step on how to check and secure a purchased Battle.net account.
This guide is applicable to the following game accounts: World of Warcraft, WoW Classic, Overwatch, Diablo 2 and 3, Heroes of The Storm, Hearthstone, Starcraft 2.
When buying a Battle.net account, you need the following information from the seller:
- Account username (email)
- Account password
- There must not be phone number or authenticator linked
- At least one of the following:
*Access to the email account (or being able to receive a code from the email)
*Knowing the secret answer
Then you need to do the following:
- Change the email
- Change the password
- Change the secret answer
- Make sure that there's no phone and authenticator added
- Terminate sessions
- Unlink accounts
- Revoke access from apps
- Remove saved payment methods
Below is a step by step tutorial with images, on how to easily do all of that.
Before getting the login information, tell the seller to remove the phone number or authenticator if one is present on the account.
- To remove a phone, they'll need a code sent via SMS to the current phone number. To remove the authenticator, they'll need to input a code provided by it. So to remove either, they'll need to have access to them. If they don't, they'll have to contact support to get them removed manually.
The info that you'll receive from the seller will be an email, a password, the secret answer and/or password to the email.
Go to eu.battle.net or us.battle.net and log in to the account using the provided email and password.
It will ask for a security check, where you can pick between a code sent to the current email or the answer to the secret question:
As of mid-2020, the secret answer is optional information. Some accounts do not have it, in which case getting a code from the email is the only way to enter an account.
Once you're logged in, open the account overview page (https://account.blizzard.com/).
On the left, click on the "Account Details" tab. Here, you can modify the email of the account by clicking on the "Update" button on the right.
It will just ask you to type in a new email and once you click save, the email will be changed.
The email will be marked as "Unverified" and you'll receive a message with a verification link which you can click to make it verified.
Verifying the email is optional and there's no downside to keeping the email in the unverified state. The account will work the same.
On the same page, check the "Phone number" section to make sure that no phone is added. If there's no phone, there should just be a blue "Add Phone Number" link.
Click on the Security tab on the left.
- Change the password by clicking on the Update button on the right. It will ask you to type in and confirm a new password, as well as to provide the old. After clicking on Save the password is changed.
- Make sure the the blizzard authenticator status is "Inactive".
- Click on update next to the secret question. You'll be presented a set of 6 questions and will be asked for an answer to the one you choose.
- Click on the "Log out from all devices" button. This will terminate all existing sessions, both for the games and for the account management.
Click on the "Connections" tab on the left.
Connected accounts allow you to log in to the bnet account without knowing the username or password. They provide full access to the account and are basically a backdoor to the account. You must remove all those links for your account to be secured.
- Disconnect all connected accounts by clicking on the "Disconnect" button next to each one that's linked.
- You can also revoke access to applications, by clicking on the "Remove" button next to each. Applications usually don't have any access to the account, but you can remove them for the sake of just cleaning up the account.
Click on the "Payment methods" tab on the left.
Any saved paypal accounts and credit cards will be listed here. You should remove all of them by clicking on the remove button next to each.
You have now successfully taken full control of the account.
Last edited by a moderator: