Guild Wars 2

So today we learned that if someone in your guild gets hacked and steals everything from the guild vault, Arenanet has no means of restoring items. This kind of renders guild vaults useless because there’s no protections we can put on them other than denying access to most people, which defeats the purpose.

To that end, I have several ideas:

• Authentication required.
  If this is checked, you cannot take things from the guild vault unless you use mobile authentication (it’s under “My Account” -> Security).
• Request -> Granted
  If this is checked, guild members may request to take an item, which moves it to a temporary holding area, but they don’t actually get it until someone else with “granting” permission releases it to them. That is, I click to remove the Sword of Awesomeness but I don’t get it until an officer approves it (officers can approve each other’s requests but nobody can approve their own request).
• Limited access.
  The most basic protection is to simply limit how many items someone can remove per day.

As it is, we have no defense against further hacking, short of locking down the vault. And even then eventually some officer may get hacked and that’ll be that.

Someone else suggested a vault PIN a while back, which seems easier on folks than mobile authentication. Just don’t put the PIN in the MOTD

I like the idea of being able to set the number of items a particular rank can remove from the vault per day.

Limiting the number of items one can remove can be a blessing, and a curse. A curse especially for crafters in a guild who will often require more than just a couple of items per day. Nevertheless, limitations on the number of items that can be removed per day should be an option that Anet should give to guilds. But it shouldn’t be something that is imposed on all guilds by default.

No matter what Anet do, the guild leadership has a measure of responsibility in this matter. For instance, only certain ranks should be allowed “withdraw access”. Whereas lower ranks can see whats in the bank, but not remove anything directly (deposit access)

Plus this problem basically boils down to how secure a players account is. A large part of responsibility on that is down to the player, not just Anet. If a guild doesn’t entirely trust it’s members, then they should reduce the amount of people who have full access.

Pandemoniac.4739:

Someone else suggested a vault PIN a while back, which seems easier on folks than mobile authentication. Just don’t put the PIN in the MOTD

I like the idea of being able to set the number of items a particular rank can remove from the vault per day.

Problem is that a hacker could in theory just ask for the PIN again in guild chat, and a guildie could give it to them, not knowing that they aren’t actually the real account holder. And that one move destroys your entire security system. The same would occur if the guild limited “withdraw access”, and then enforced a “secret password” between members and didn’t involved Anet.

Don’t get me wrong, Anet should allow guilds better security measures, but there’s no way of making them foolproof without severely impeding on how useful the GV is.

This has always been a problem in every game that has a guild bank system. Best thing for you to do is deny everyone vault access ecept for the leader and a few officers. If someone needs an item from the vault, they can ask for it.

Everquest had a good system where someone could look through the vault and if they saw someone they wanted, they could ask an officer and the officer could tag the item as reserved for that player that asked for it. Then the player could only remove what was reserved for him. Or in the case here since you cannot trade items, Have an option to mail directly from the vault to the person who requested the item.

Also, the vault has a log that records who takes and places what in the bank. If this person cleaned out the vault, it all documented and really shouldn`t have a problem having the items returned. But do yourselves a favor and restrict access to the leader and a few trusted officers who can hand out anything that is requested.

Banewrath.5107:

This has always been a problem in every game that has a guild bank system. Best thing for you to do is deny everyone vault access ecept for the leader and a few officers. If someone needs an item from the vault, they can ask for it.

Everquest had a good system where someone could look through the vault and if they saw someone they wanted, they could ask an officer and the officer could tag the item as reserved for that player that asked for it. Then the player could only remove what was reserved for him. Or in the case here since you cannot trade items, Have an option to mail directly from the vault to the person who requested the item.

Also, the vault has a log that records who takes and places what in the bank. If this person cleaned out the vault, it all documented and really shouldn`t have a problem having the items returned. But do yourselves a favor and restrict access to the leader and a few trusted officers who can hand out anything that is requested.

Love the “unlock item” concept. It ensures that ultimate responsibility for granting access to any items lies with the guild, not with Anet. Thus an “officer” can vet a request in their own way.

Tarkaroshe.8370:

Pandemoniac.4739:

Someone else suggested a vault PIN a while back, which seems easier on folks than mobile authentication. Just don’t put the PIN in the MOTD

I like the idea of being able to set the number of items a particular rank can remove from the vault per day.

Problem is that a hacker could in theory just ask for the PIN again in guild chat, and a guildie could give it to them, not knowing that they aren’t actually the real account holder.

The way we handle our TS server password is that you must go to the private area of the forums to find it. We never ever give it out in chat. Now if you have a member that’s silly enough to use the same credentials for everything, and the exploiter goes and finds the guild web site just to break into your vault, well what can be done?

You can also use a number combination that you can infer from something else you already know or look up, so all you have to remember is the question. For example, the month and day of some well known figure’s birthday.

Any security can be overcome, it just depends on whether the reward is worth the effort and time.

Pandemoniac.4739:

Tarkaroshe.8370:

Pandemoniac.4739:

Someone else suggested a vault PIN a while back, which seems easier on folks than mobile authentication. Just don’t put the PIN in the MOTD

I like the idea of being able to set the number of items a particular rank can remove from the vault per day.

Problem is that a hacker could in theory just ask for the PIN again in guild chat, and a guildie could give it to them, not knowing that they aren’t actually the real account holder.

The way we handle our TS server password is that you must go to the private area of the forums to find it. We never ever give it out in chat. Now if you have a member that’s silly enough to use the same credentials for everything, and the exploiter goes and finds the guild web site just to break into your vault, well what can be done?

You can also use a number combination that you can infer from something else you already know or look up, so all you have to remember is the question. For example, the month and day of some well known figure’s birthday.

Any security can be overcome, it just depends on whether the reward is worth the effort and time.

Agreed. Which is why I said that no system is foolproof.

However, the “unlock item” system that apparently is in use in Everquest is probably one of the more robust guild vault access systems I’ve heard of to date. Maybe that is the one that Anet should implement because it ultimately puts the responsibility of guild vault security on the shoulders of the guild leadership, who can then implement their own means of “vetting” a players request.

No need for convoluted security systems and pin numbers (which can be easily circumvented for the same reasons that causes an account to get hacked in the first place). Just a request made by a guild member, and that request must be “authorised” by an officer. So if a hacker does access a guild member, the damage is minimised. Unless of course, the person who gets hacked is a player with higher levels of access.

But in the end, Anet can only do so much. The ultimate responsibility is on the player.

Banewrath.5107:

But do yourselves a favor and restrict access to the leader and a few trusted officers who can hand out anything that is requested.

That’s generally the best policy in the current system – if you have an open guild bank, don’t put anything in there you would get really upset over losing. It’s a pain to have to wait for an officer to be around, but it reduces your risk considerably. Just cross your fingers and hope none of the officers have account problems

After re-reading, I realized maybe I should have said more clearly that any time you have a accounts with more privileges than others, those accounts should have additional security. A pin or additional password when exercising those extra privileges is the simplest way… requiring a mobile authenticator is another.

It seems like however you guys think the best way to secure the guild vault or treasure trove is, that security is only as good as the weakest link in the chain, which is your guild member that got their account hacked. The solution is to ensure that they don’t allow that to happen or kick them from your guild. Maybe have open discussions about security in game or on social media. Discourage things like becoming a member of a fansite and using the same email or password as is used in GW2. Prohibit buying gold from gold sellers or purchasing power leveling services. Just encourage your guildmates to be smarter about security, and kick anyone who chooses to remain a kitten. Laziness with security hurts everyone, as you’ve already seen.

Edit:
I love how my post was edited to show the word “kitten” instead of what I really typed. I also love how the guild announcement on my guild in game (Brotherhood of the Shadows [bots]), shows kittenbook in place of the word facebook (f@c3b00k).

It’s a little bit like putting a screen door on a bank vault and then blaming the people who steal from the vault when nobody is looking.

Yes, okay, sure, blame the people. You’re not wrong to do so.

But it’s also a bad vault design to have a screen door on it.

We can talk to people about the authenticator and the need for better password security and user behavior but that doesn’t change the fact that the vault, itself, has a really weak design and needs to have some more thought put into it.

PIN code would be Great!