Keeping Your Account Safe

Protecting Your Account from Unauthorized Access

"Unauthorized access" means that somebody else, not you, has gained access to your account without you knowing it. Generally, account hacking is perceived as a rather difficult and technologically intensive process. However, in majority of cases users themselves give out vital and confidential information to hackers.

In this article we will explain you how unauthorized access happens and how to protect your accounts. We hope that after having read this article you will take all recommended measures to protect your accounts.

Rule 1: Never give out your login details

This seems obvious to most people, but the leading cause of unauthorized access is when an attacker gets someone's username and password. Intruders usually pretend to be game managers, victim's relatives or friends. They also offer handsome amounts of in-game Gold and Credits in order to gain access to confidential information, asking users to share their login and password in order to claim "gazillion Gold" prizes.

Remember, if somebody, even if it's a Wargaming CEO, asks you for a password of your account, do not share it under any circumstances! We would also appreciate if you inform our Support Service Team about cases when potential attackers are trying to find out your confidential information. This will help us to rid World of Tanks from another rascal stealing accounts.

Rule 2: Update your web browser

Why update a browser if the game runs by itself? Because a browser is still software that can contain bugs or have vulnerabilities, and is regularly used. If you don't update regularly, a browser can be vulnerable to new external attacks and opportunities to steal user data.

Normally, your web browser can automatically download and install updates, or offer to install them. Be sure that these options are on, and check that your browser itself is not obsolete. These browsers are regularly updated, often automatically:

  • Mozilla Firefox
  • Safari
  • Google Chrome
  • Microsoft Edge

Rule 3: Turn on your browser's phishing filter

"Phishing" is like regular fishing — a way for attackers to "bait" you into giving up your account details.

In order to steal your confidential information, thieves create phishing sites to fool you into submitting your login details. For example, they may use a site that looks remarkably similar to an official Wargaming site, but the address will be slightly different — not "" but perhaps "" or slight misspellings like "" Pay attention to your address bar and make sure links are pointed to real Wargaming sites.

Other phishing activities — suspicious emails or instant messages — run rampant, as well. Activating phishing filters and other security features of your web browser will help you to leave would-be fishermen high and dry. When attempting to open such a web site, your browser will notify you that this site is fake and prevent it from loading.

Rule 4: Regularly update your computer's operating system

Similarly, if your browser needs updating, so does your OS. Security updates are regularly delivered to Windows or Mac OS users, or you can manually check for them yourself (Windows Update on Windows; App Store on Mac OS).

Rule 5: Make sure your email address is secure

Your e-mail is vital to protecting your account. Email is used to help regain control of your account in case of break-ins, forgotten passwords, and so on. Even if you protect your account, unsecure e-mail can negate all your efforts.

  • If possible, use a different email address on your game account than what you typically use. The less that's known about this alternate address, the better.
  • Don't use the same password for your email and game account.
  • Ensure your email password is complex, and change it regularly.
  • Regularly check your mail settings. If your address forwards mail to another, make sure that address is secure, too. Check and use security questions on your account. (Hint: You don't have to give a real answer to a security question — it can be a random string of characters just like a complex password. But it's double important you don't forget it!)
  • Use two-factor authentication (e.g., sending a verification code to your phone) where possible.
  • Do not store notifications of password changes. It's best to delete such messages after reading.

More information about email account security

Rule 6: Keep your PC free of malicious software

In addition to a variety of attempts to steal your password, attackers may also make use of viruses. Computer viruses are are special programs designed to perform certain actions on users' computer without their knowledge. For example, viruses may identify and steal login and password from your account. Thus, being careful and following the rules listed above, your username and password can still be stolen without you knowing it.

To avoid these malicious manipulations, you must use antivirus software and antispyware programs. This will allow you to be sure that on your PC there are no programs that can steal your data.

Most antivirus and antispyware programs should be periodically updated. This is due to the fact that over time the web gets flooded with new viruses. Developers release updates of antivirus software to let anti-virus programs detect all known up-to-date viruses. That's why before you start checking your computer, be sure to use the latest version of antivirus software.

Antivirus programs

Antivirus programs scan PC memory and hard drives for viruses and then remove them. The following list shows the most popular antivirus programs:

Antispyware programs

Antispyware programs scan hard drives and memory of your computer for malicious programs, which without your knowledge gather information on how a computer operates. Such programs may be causing various technical failures: "freezes," spontaneous closures of programs and games, Internet connection problems, etc.

Rule 7: Regularly change your passwords

It can be inconvenient to invent new passwords and remember them, but a set of uppercase and lowercase letters mixed with numbers. However, if you stick to these easy steps, you will protect yourself from a sea of troubles:

  • Do not use the same password for different services. If an attacker discovers your password, not only will your account in World of Tanks suffer, but all your other services as well.
  • Use complicated/strong passwords. A simple password is easier to hack through password dictionary crypts. For example, if your password is "apple," a special software will pick it up very quickly. A website like or an app like 1Password, Keepass or Lastpass can generate complex, hard-to-guess passwords for you — and the apps can store them safely!
  • If somehow attackers get to know your password, regular password changes will help you to get out of harm's way.

Rule 8: Avoid scams

You may come across tempting offers for discounts on World of Tanks Gold or similar promotions, via websites that promise to deliver the currency to you.

Please be aware that all in-game billing procedures and operations (Gold and Credits crediting, vehicle upgrading, etc.) takes place on the game servers, not on a player's PC. In other words, it's impossible to make billing or technical changes to a World of Tanks account by bypassing the game server.

You can change the interface of your Garage, the exterior of your vehicles, get millions of in-game Gold or Credits, but all these changes will be fake and will not affect your real account status.

The only official place to buy Gold and other special items, outside the game clients, is the Wargaming Premium Shop.


Fraudulent offers are usually found on specially created websites. Their aim is to get you to provide your login details. Some of them might also try to get your email access data. This can leave you wide open to account access by other people.

Wargaming game portals and the Account/Support site are the only websites allowed to ask you for your login details.


Another way used by cheaters is the active advertising and distribution of programs that promise to give you Gold or upgrades in two clicks by downloading their special software. Fraudulent malware can provide unauthorized access to your account in a few seconds. Plus, such websites could infect your PC with even more kinds of malicious programs that gives someone access to your information.

Second Authentication Factor (2FA)

Enabling the Second Authentication Factor is free. Authentication App required, available on iOS and Android.

How to Enable 2FA

  1. Log in to your Account
  2. Go to the Account Management section
  3. Find the Second Authentication Factor
  4. Click Enable
  5. Follow the steps on the Portal
  • Account email access required.
  • Accounts with a phone number linked will need access to confirm the request through a free SMS.
  • Enabling 2FA requires an Authentication Application, available on iOS and Android devices.
  • When 2FA is enabled on your Account, ten (10) Backup Codes are generated. You can create new codes or view the remaining ones at any time.

How to Disable 2FA

  1. Log in  to your Account
  2. Go to the Account Management section
  3. Find the Second Authentication Factor
  4. Click Settings
  5. Click Disable second authentication factor
  6. Follow the steps on the Portal
  • Access to 2FA required. 
  • Account email access required.
  • Accounts with a phone number linked will need access to confirm the request through a free SMS.
  • If you lose access to the Authentication App or don't have Backup Codes, contact Player Support.

Authentication App: iOS and Android


Activating the Second Authentication Factor (2FA) requires an Authentication App.

Authentication Apps:

  • After Activating 2FA in your Wargaming Account, don't delete the App or you will lose access to your Account.
  • If you lose access to the Authentication App or don't have Backup Codes, contact Player Support.

Backup Codes: When you lose access to 2FA


Backup codes allow access to your Account when you lose access to the Authentication App.

How to access or generate new Backup Codes:

  1. Log in to your Account.
  2. Go to the Account Management section.
  3. Find the Second Authentication Factor. 
  4. Click Settings
  5. Click Backup Codes
  6. Generate and input an Authentication Code
  7. You can either check, save, or generate new Backup Codes

Good to know:

  • When 2FA is enabled on your Account, ten (10) Backup Codes are generated.
  • Each Backup Code can be used only once.
  • After a Backup Code is used, a notification email is sent.
  • Backup Codes can be created to check any time.
  • Backup Codes can be generated no more than 2 times every 15 minutes.
  • After requesting new Backup Codes, the old ones will be disabled. 
  • Store your backup codes and secret key in a safe place. Do not give them out or show them to anybody.
  • Access to 2FA required. 
  • If you lose access to the Authentication App or don't have Backup Codes, contact Player Support.