Just had a thought. Assume you’re running a guild, and thus you control a guild bank. Whom are you going to give access to it? Obviously, people you trust. However, there is also the possibility of people you trust being hacked. Admittedly, just like Tobold, I believe that in the vast majority of cases “having been hacked” is simply a euphemism for “having done something very stupid”. But it happens. Clever people can do stupid things – when they’re half awake, when they’re distracted and not paying full attention, or whatever. Windows does its share by still using the “hide known file extensions” default, thereby opening something that cannot be legitimately called a backdoor, but rather a user trap. You see, those very intelligent people whom you really trust as much as you trust yourself may happen to just not be geeks. Those who are not geeks may be legitimately unaware of what file extensions are and how they work in Windows. Long story short, account theft happens.
Surely, it is again a matter of trust. In addition to asking whether you can trust a person to treat guild bank access responsibly, you may have to ask whether you can trust that person to treat their own account securely. Enter the Blizzard Authenticator. While not a “slay all” weapon for security problems, it does reduce the risk of “being hacked” significantly (see Tobold’s reasoning on how it’s a dual-improvement). So, we can simply demand people to make use of an authenticator, if they want access to the guild bank.
How can we verify if they have an authenticator? Corehound pet. I don’t know if Blizzard had this in mind when introducing the pet and the way it works, but if they had, compliments. If someone can summon a cosmetic corehound pet, it means an authenticator is linked to their account that very moment.
What if they unlink it later? We can’t make them show their corehound every day, after all. Well, at the very least, that would constitute a conscious move towards compromising their own account security. Which would be stupid. We covered clever people doing stupid things, but is unlikely to be one of those. Why a person would unlink their authenticator is beyond me. So, as long as you can verify that you’re dealing with sensible people, and maybe hold regular “Banker’s Trust” meetings where everyone shows off their corehounds, that’s one step against unexpectedly empty guild banks.
Mind you, this has just as much to do with responsibility and credibility. “Yes, the log shows I’ve emptied it, but I was hacked. Luckily, I got my account back before they sold off my gear and sent off all my gold, but the guild items are all mysteriously gone. Sowwy guys” – just doesn’t fly. Either you did it, or you compromised your account in a grossly negligent way (as opposed to the “oops” way) by putting the corehound to sleep.
Want access to the bank? Show your pet. If you can’t, you’ll have to resort to asking others to retrieve stuff for you. Until they get sick of it and tell you to GTFO and get an authenticator. See, smoking’s not the only thing peer pressure can lead to.