Guild Wars 2

I think it would improve security if your forum login details were different to your game login details. I’m sure you could create an authentication system so that people could show their in-game IDs on their forum profiles if they want, but there’s no reason for the forums to be actually linked to the in-game account. Reasons:

1. a lot of people are more careless about logging in and out of forums, they might log into the forum from a friend’s computer or a public PC and not log out, thereby basically giving away their account to someone else;

2. a lot of people are probably still using old browsers with loads of vulnerabilities, which ANet can’t do anything to protect them from – I’m sure the majority of stolen accounts are due to people having used the same password in another game whose database was hacked, but it’s only a matter of time before keyloggers, rootkits and other malware akittengeted at users directly, and you don’t want to lose people just cause they’re still using IE6.

3. separating the two accounts and FORCING people to use a different password for each would allow you to safely allow cookies to keep people logged into the forums between browser sessions, and to switch off mobile authentication for forum logins (which is kinda overkill for a forum login).

Obviously this is a low-priority suggestion as the system already works, but I think it would improve our experience and our account security!

The current system is fine imo, the additional step for two-factor authentication only takes me about 10 seconds longer than a simple login. Security by obscurity has never been a good choice. I guess we see a lot of support/community forum hacks because their respective owners seem to think exactly that, “well, it’s just a forum, no need for secure auth”, and the security measures are just not as strict as with the actual product. Better implement a reliable, secure authentication backend (which ANet seems to have done) from the beginning and don’t run into problems at all.
Considering the amount of time it takes them to fix usability bugs with these forums, I hope they put a lot of work in making it secure, which would explain a slow rollout (or they’re just lazy).

Most of the ANet hacks I heard about were because people reused logins from places that had been hacked. I just use KeePass and had it generate new a really strong password, and set up a separate alias email (a bunch of email services let you set up fake emails that redirect to your real email, so there’s no way for hackers to use your fake email to take control of your real email).

It’s terrible that some people resuse insecure passwords, but I don’t know what ANet can do about it.

I believe folks need to be more proactive in their own behalf for security on their accounts. This, more than anything else, helps the company (no matter which one) help keep the consumers’ accounts safer as well.