It’s in an infinite loop. At the page where it asks to scan or enter the code into your device. I enter the code into the device then the resulting code below and hit next, it then just basically refreshes that page with yet another QR code.
“If you wish to make an apple pie from scratch, you must first invent the universe.” -CS
Thats because you aren’t entering the secret code into your device, and then entering the following authentication code into the website fast enough.
There is a time limit to do this. If you didn’t do the steps fast enough, you’ll get a new secret code after you enter in the old and now defunct one.
Edit: Further, if you use a Third Party Authenticator, the timing sync maybe off in comparison to the Google versions. That may cause a hiccup as well.
YOU NEED TO BELIEVE IN THINGS THAT AREN’T TRUE. HOW ELSE CAN THEY BECOME?
- (Death, Terry Pratchett, Hogfather)
Just tried it again. Not going to happen apparently. Did it as fast as I could =\
Edit: I’m using the Google version.
Ya this is pretty lame. I can input all the info in 30sec but that’s to long?
At least allow for a one minute window to input the numbers.
WoW, Rift and Swtor authenticators were a one time no fail set up.
“If you wish to make an apple pie from scratch, you must first invent the universe.” -CS
There is no time limit between scanning the QR code (or manually entering the secret) and entering the first numeric code. The server checks to see if your code is correct at the moment you click Submit.
If this is stuck and not accepting your numeric codes, there is a problem with the clock times someplace. It could be on your device itself, or it could be that our server is out of sync. The first thing to try would be to go into the Google Authenticator app, open the Settings menu, and select Time Correction for Codes, as detailed here.
If that doesn’t help, please do let us know, as we might need to adjust our server’s time window a bit to better align with the rest of the world.
Huh, I know I had the same trouble until I entered the code fast enough here. I guess my assumption of a time limit on the QR code was wrong. I just recall it took me a few tries the first time I was setting it up, until it worked. Of course, I think I may have hit that same Time Correction for Codes in my impatience on my Android Device at some point, and thats what probably fixed it.
Sorry about that incorrect assumption, RLD.
YOU NEED TO BELIEVE IN THINGS THAT AREN’T TRUE. HOW ELSE CAN THEY BECOME?
- (Death, Terry Pratchett, Hogfather)
There is no time limit between scanning the QR code (or manually entering the secret) and entering the first numeric code. The server checks to see if your code is correct at the moment you click Submit.
If this is stuck and not accepting your numeric codes, there is a problem with the clock times someplace. It could be on your device itself, or it could be that our server is out of sync. The first thing to try would be to go into the Google Authenticator app, open the Settings menu, and select Time Correction for Codes, as detailed here.
If that doesn’t help, please do let us know, as we might need to adjust our server’s time window a bit to better align with the rest of the world.
Thanks!
I’ve successfully setup gauth4win but I’d much rather have the mobile authentication tied to the account instead of the PC based, so I’ll give your suggestion a go.
Edit: BTW your link goes to a blank page.
“If you wish to make an apple pie from scratch, you must first invent the universe.” -CS
Have you thought about having your authentication system send a text message with the code as an alternative method, similar to paypal’s system, for phones which aren’t as advanced, or is that too costly?
When trying to link the accounts in the GW2 Security Page (using Google Auth.) don’t go to fast, wait till it reaches half way mark for the timer on the code, then enter it.
I’ve also noticed this issue with logging into the forums, if I input the code right after it has refreshed, it will bring me right back to the login screen with no error message. Basically wait 5 – 10 seconds in the 30 second countdown before entering a code.
Hi
I’ve got one suggestion. When you log in to the game , could the cursor appear in the box needed to enter the code automatically?? It does in the web browser when you login to your account
I would really like to see the option to buy a authenticator, as someone who does not see the need for a smart/cell phone I would love to have the option to just buy one for 5-10$.
Anyone else feel this way also?
Aria Treedove (SDL)
Darkhaven NA Server
(semi noob wvw)
I would really like to see the option to buy a authenticator, as someone who does not see the need for a smart/cell phone I would love to have the option to just buy one for 5-10$.
Anyone else feel this way also?
Aria, I merged your thread with this one as this seems more fitting for your original message.
Please do not replace the current IP/Email authentication with this Mobile 2 Factor Auth system. As a privacy professional who has been fighting against Google’s attempts to turn every person on the planet into a product at the expense of their privacy I do not use any Google products and if you require us to use this service in order to play I will simply stop playing.
It’s compatible with any OATH-TOTP device or app, though, so you wouldn’t be required to use Google Authenticator. You could, for example, use a YubiKey: http://yubico.com/totp
When I looked at the options for authenticators, I did not see Yubikey listed. I would expect ArenaNet would need to do some configuration first before the yubikey can be used with GW2 accounts.
And thank you ArenaNet for offering this. So far it is working flawlessly for me.
I would really like to see the option to buy a authenticator, as someone who does not see the need for a smart/cell phone I would love to have the option to just buy one for 5-10$.
Anyone else feel this way also?
I agree completely. I don’t own a smartphone. But I DO want access to an authentication system.
I’m somewhat bewildered how Anet borrowed Google’s authentication system, and yet, Gmail allows authentication using ordinary phones (it sends a code to one that you setup) whilst the system Anet are using does not.
I would really like to see the option to buy a authenticator, as someone who does not see the need for a smart/cell phone I would love to have the option to just buy one for 5-10$.
Anyone else feel this way also?
Yes.
I don’t have a smartphone, I don’t want one, I have no use for one.
Buying one would make it the most expensive dedicated authenticator ever.
I am very disappointed there is no hardware GW2 authenticator available.
I’ve got multiple GW2 accounts that I log into from this computer. When it became possible to use 100 character long passwords, and we were being asked to change passwords by Mike O’Brien, I changed the passwords to longer passphrases, and then created separate shortcuts for each account using the -email, -password and -nopatchui options so that I could log into the right account easily (with multiple accounts, you can’t just save the login details in the launcher).
Add the authenticator…and this is no longer possible. -nopatchui means that you won’t get a prompt for the 6-digit code, so you cannot login. Not using -nopatchui means that -email and -password options do not work at all. Further, the launcher has remembered the original password for the main account I use, and point-blank refuses to learn the updated longer passphrase for it instead (I’d use that as a work-around for the main account if someone knows how to get it to update properly).
I’ll gladly take the authenticator anyway, but the loss of account-specific login shortcuts in combination with long passphrases is frustrating, given that those used to work.
Despaired Ranger: Crafted The Dreamer, lost range, lost GS condi damage for synergy.
Pet AI awful. Sword root+Aussie latency unmanagable. Lost playstyle, lost legendary, given up.
Mell: 80 Asura Guardian (+7 other 80s) | Aus Serenity [AUS] | Jade Quarry
This is a small issue, but is there any chance you can make it so that the auth code box is automatically selected when launching GW2? Having to click to enter the code feels like an unnecessary step.
I’ve got a prob with the new QR Codes: They don’t work on the Iphone version of google authenticator and I think it’s because of the space between GW2 and the login e-mail address. Maybe consider using a : instead, like Dropbox does.
Nice work on the authenticator, couple of suggestions some of which have been mentioned above:
- let us select from a few options regarding not asking again for a period of time, suggest ‘every time’, ‘not for a week’ and ‘not for 30 days’ or similar.
- let us keep the new location email security as well if we choose to. Personally although the authenticator is more secure, i would also like to approve new IP location logins
- as cherry says above, please put the cursor in the box by default, only a minor thing
- please sort out the game so that it works with the mumble overlay, or give us some other way to launch the game with an authenticator so that the overlay works as well. Currently we have to choose between one or the other. Security first of course, but i miss my mumble overlay
The authenticator is working without bugs, which is great.
I’d love to see the following two features implemented, as they’d make the authenticator more pleasant for me to use:
1) Remember Me option for the authenticator – for the forums and the game. Even if it’s just for 7 days or 30 days, it’d be great to have this, as having to enter it every single time I log ingame or into the forums from the same exact computer and IP I always use is tedious and arguably unnecessary.
2) After successfully logging in via the game launcher, it asks me for the authentication code. I have to click the actual authentication code field before I can start entering it, despite the fact that I just successfully logged in. I’d love it if, after logging in, it would automatically focus my cursor on the authentication code input field, rather than me having to click it.
I’ve been using this extra step now since it was announced. I would like to say what I thought of it.
Setup was painless, I had to put in my own account name since the QR code didn’t do that for me and I didn’t have anything associated with my gmail address so that wasn’t a problem for me, but I understand those problems have been fixed.
Overall the system works well, you didn’t do half work and implemented it for the game, forums and account login… This is fine really but it creates some annoying situations where you’re authenticating yourself 3-4x a day for several services. I also had to deal with a desynchronisation issue, without knowing the sync option in the authenticator I was a little stressed out and worried I wouldn’t be able to play. Found it
To sum up the changes I would like to see:
- People need to be told how to synchronise their authenticator clock at the places where it might go wrong (where you fill them in, after 1 failure show a link with general frequent issues)
- It would be nice to a) have a system in place where your device is recognized for x amount of days and no longer needs to use the authenticator b) turn it off completely for the forums (what would hackers want to do with that?… unless it grants you more privileges than I’m aware of..)
Thank you ArenaNet, it’s a great option, now improve upon it :p
I think this is the culprit why my launcher stop responding once I click login, it starts sometimes the loading animation stops. This is getting frustrating, I cannot login. I cannot play!
I would really like to see the option to buy a authenticator, as someone who does not see the need for a smart/cell phone I would love to have the option to just buy one for 5-10$.
Anyone else feel this way also?
Yes, I definitely feel this way. I have one for another game, and it works wonders. I can’t afford a new phone, and when I do finally replace my phone, it will be a phone with texting .. nothing else. I do want a physical authenticator to log in with. (Involving an outside – and hackable – source, is not my idea of security).
I’m not sure if its really authenticator related but after logging in the client loses focus asking for the authenticator code. Since I’m usually watching the code to see if it changes midway my entry I lose one attempt with the code ending up anywhere but the GW2 client.
Sorry if someone already posted this, I did not read through all the post…
When you log into the Game, and the authentication code box comes up, the focus is not on the text box by default, but seems to be on the window in general. Several times, I have seen the box come up, typed in my code, only to realize I need to first click on the text box and then type it in. Would be cool if it selected the box by default.
This is not the case on the website, only seems to happen on the game client.
I’ve got my authenticator working on my account, however it’s asking for the code EVERYTIME I log in..
My IP hasn’t changed in the last 2 months, so why am I getting coded everytime I log-in. Shouldn’t this be requested only when my IP changes, or a periodic challenge (like once a month).
I’ve even had to authenticate just to post here, even though I logged in last night (from the same IP).
I can’t afford a new phone, and when I do finally replace my phone, it will be a phone with texting .. nothing else. I do want a physical authenticator to log in with. (Involving an outside – and hackable – source, is not my idea of security).
One of the good things with Google, (apart from the relish in abusing peoples privacy), is that the source code for the authenticator is open source, so that you can see if there are any security concerns.
In this case your fears are unfounded. Anet just passes the authenticator a user specific key, which the program encodes and combines with the current time to generate a code. The only way to retrieve this key would be to steal your physical device and attempt to reverse engineer the key. There’s no data being sent over 3G(or 4G or any other wireless network). Just the key that Anet gives you to scan and the time.
I would really like to see the option to buy a authenticator, as someone who does not see the need for a smart/cell phone I would love to have the option to just buy one for 5-10$.
Anyone else feel this way also?
I feel the same way Aria, and I seriously hope that ArenaNet is in the process of providing a physical authenticator in the very near future.
Valiant Aislinn – Aveneo Lightbringer – Shalene Amuriel – Dread Cathulu
Fojja – Vyxxi – Nymmra – Mymmra – Champion of Dwayna .. and more
Highly Over Powered Explorers [HOPE] – Desolation EU
Is there a way that you can make the box where you enter your authenticator code the active box so I don’t have to click into it to type my code… i am just hella lazy like that. Thanks!!
I’ve worked with this style of system on a a few other MMO’s. In short, when you log it, you will still put in your user name and password…THEN the system will ask you for the 6 digit (in this case) magic code. The cycle time for the codes looks to be about 30 seconds or so. This means that BadGuyBot has to figure out which code out of one million combinations it could be before that 30 seconds is up and it has to start ALL over again.
with 6 digits, its exactly 1,000,000 possible codes, but its a bit more complex than that im sure. Basically, its 10^6th codes, because there could be 10 numbers in each. Even if they had a computer that could run 100 codes per second(3000 in a 30 second time), their chance of getting your account unlocked is much smaller. I think they need to set up a lockout, so that after 3 failed attempts, that IP is locked out from trying any and all GW2 accounts and passwords for 10 minutes. This would make it an even smaller window to get it right. as it is, if they get lucky, then they are in, but they need both your pass and your number, so, its much much harder to do(but still not impossible, ask WoW players that use the authenticator, they still get hacked somehow).
Is there a way that you can make the box where you enter your authenticator code the active box so I don’t have to click into it to type my code… i am just hella lazy like that. Thanks!!
its not active by default to confuse bots that are trying it. Its a security measure, and albeit a small one, im glad they did it this way. Don’t make it too easy on the bot programmers.
Have you thought about having your authentication system send a text message with the code as an alternative method, similar to paypal’s system, for phones which aren’t as advanced, or is that too costly?
Googles PC based 2 step verification can already do this, i don’t think it would be hard to work into this, but for now, this is the way it is. This is much like Blizzards authenticator, we just need a physical one now and those that dont have smartphones can have the same security.
Is there a way that you can make the box where you enter your authenticator code the active box so I don’t have to click into it to type my code… i am just hella lazy like that. Thanks!!
its not active by default to confuse bots that are trying it. Its a security measure, and albeit a small one, im glad they did it this way. Don’t make it too easy on the bot programmers.
So… a script is going to read the auth code and type it in automatically? Ummm if they made that sophisticated of a script I don’t think having the box not active is really going to hinder things. Furthermore, why would a bot account be using a authenticator? i am sure their password is just a bunch of random letters/numbers: kewvm43d3kd22kdff20f seriously… to deter bot accounts…. lmao
Just now I cant loging – it write Waiting for authentication…
Please check your email. A link is included which will allow you to authenticate this login attempt.
and nothing happen. no mail. no possibility enter.
This is 100 procents worked login and password (you cant see this text if your password or login was incorect).
I`m so tired from billions of bugs of this game. Cant you something do whith 100 procents working???? I play hundreds of games and you are champions of bugs. No one game have such, even half of bugs that have BugWars 2…..
FIX YOU GAME!
I tried the Authenticator and it works well, but I would really like a “trust this location for 30 days” option. I won’t be using it before this gets implemented.
Is there a way that you can make the box where you enter your authenticator code the active box so I don’t have to click into it to type my code… i am just hella lazy like that. Thanks!!
its not active by default to confuse bots that are trying it. Its a security measure, and albeit a small one, im glad they did it this way. Don’t make it too easy on the bot programmers.
So… a script is going to read the auth code and type it in automatically? Ummm if they made that sophisticated of a script I don’t think having the box not active is really going to hinder things. Furthermore, why would a bot account be using a authenticator? i am sure their password is just a bunch of random letters/numbers: kewvm43d3kd22kdff20f seriously… to deter bot accounts…. lmao
Just make the kitten thing active.
Yeah, I have to agree. I like the authenticator feature, it works well, but the fact that the text box doesn’t automatically get focus is just annoying. This isn’t going to slow down a bot by even 1 millisecond, but it’s a continual annoyance to all of the legit customers.
I suspect this is just a bug in the launcher, since the same thing happens with the password field — focus should go there automatically when you start the launcher, so I’m not typing my password onto the desktop. (Or at the very least, don’t have the cursor blinking if it doesn’t actually have input focus!!)
Its free, it works with pre-pay phones like boost mobile, and it offers another layer of protection. Thank you, I am not complaining.
My wow account was hacked twice and i never clicked any silly links from forums or anything else. I formatted my HD after each occurrence, but to this day I still do not know how it happened, so I am glad that arena net offers the authentication free of charge personally.
Oh, and btw. as somebody mentioned it: Yubikey does only work with GW2 if you use a “trick” which involves running a desktop app which acts as some kind of “proxy”: http://yubico.com/totp
Setup was smooth and it’s working great! Thank you for implementing this so quickly!
The one small thing I’d like to see is that the code field in the launcher gets focus automatically. If not getting focus blocks any automated attempt, that already happened at the password field. I don’t mind having to click the password field, but when I have my phone out to get a code, I can’t use the mouse and keyboard at the same time, so it’s just awkward.
Btw, to those people asking for a “remember me” setting in the game login, you’re asking to greatly weaken the security of this whole system. The hackers working for the RMTs will just update their trojans to include remote control and empty your account from your own computer while your PC is downloading torrents at night.
It’s 10 seconds to open the authenticator and enter the code, surely that’s not too much to do once or twice a day?
Since I added the authenticator this morning, I get d/c every 20 mins or so. There is a thread on this with many other ppl reporting the same problem. Please fix this or at least allow back email authentication while it gets fixed.
