One of the major problems facing WoW today is the proliferation of keyloggers and hacked accounts. With the introduction of Guild Banks, hacked accounts are an even greater security risk. It's a very hard problem for Blizzard to solve, because the player's computer is already compromised by the time World of Warcraft is started up. I imagine that Blizzard's Warden already looks for known hacks and keyloggers, but they'll always be a step behind.
The best way for people to avoid having their account hacked is to be rigorous about their computer security. But sometimes people make mistakes. So what are some other ideas that Blizzard could implement that would help security?
Here are three ideas that I had that could help stem the tide of hacked accounts:
Remove hyperlinks from the WoW Forums
The WoW forums are one of the main vectors of keylogger transmission. It's compounded by the fact that your account and password for the forums are the same as the ones for your game. Most people will not take the extra effort to cut and paste a link rather than just clicking on it. So the lack of hyperlinks will probably cut the spread of a keylogger infection significantly.
The price here, of course, is that you wouldn't be able to link to other useful sites. I personally get a fair number of hits from the link in my signature on the forums. So you would damage the "eco-system" of WoW websites.
Make the user select a secret image upon logging in
A password is just text. You can detect someones password by detecting the keys pressed. There is a one-to-one correspondence between a key and a letter. Every time you type your password, it is the same. So we need something that is harder to detect than a straight key press.
One idea is to have the user select a secret image when setting the original password. Then when logging in, you type your password and choose an image from an array of possibilities. The location of the image changes each time. All you can really tell from outside the program is the exact co-ordinates of the mouse-click.
Since the image's location will change each time, the co-ordinates of the mouse-click will change each time, and it will become harder for a keylogger to capture the necessary information to access the account.
Have World of Warcraft create a "signature" of the physical machine used to create the account for the first time. This signature would be derived from the physical characterstics of the machine including things like the processor, amount of ram, hardware installed, etc.
When a computer connects to the account, its signature is compared to the signature on file. If the signature is different, the account starts up in "Safe Mode". In Safe Mode you wouldn't be allowed to do stuff like sell or disenchant soulbound blues and epics, spend more than 100 gold, or withdraw items from the bank. Guild officers would not be able to invite, promote, or remove people from the guild.
The idea here is that WoW is basically saying, "Hey, this isn't your normal computer, so I'm going to be very suspicious." Of course, people will occasionally play from different computers, or a laptop, so you can't prevent them from logging in entirely.
As well, you would need some mechanism for changing the computer signature on file for when people get new computers or upgrade. In many ways, this idea is similar to Microsoft's Windows Genuine Advantage, and it will have the same issues that system has.
Anyways, those are three ideas I had which could help stem the problem of hacked accounts. I don't think that there is anything (short of banning asymmetric trades, which I think is overkill), that Blizzard could do to eliminate the problem entirely. The point of weakness that allows for the installation of keyloggers and computer hacks lies outside Blizzard's control.