Has anyone noticed the lack of security?

Has anyone noticed the lack of security?

in Guild Wars 2 Discussion

Posted by: Volomon.9147

Volomon.9147

I saw that other thread and that guys plight, but has anyone noticed that GW2 does not lock down your account after an attempt on it? It doesn’t lock it down like every other MMO out there. If someone continues to put in wrong passwords GW2 just doesn’t care.

I notice this one day after changing my password, I think it took me about 6 or 8 tries. Normally an MMO locks down after three. I’m not sure GW2 every locks down.

Does anyone else find this odd? How hard would it be to get a cracker and run email addresses one after the other while running passwords.

Ain’t that a bit scary?

Another thing is it doesn’t lock it down if someone from another IP attempts to get on it….

(edited by Volomon.9147)

Has anyone noticed the lack of security?

in Guild Wars 2 Discussion

Posted by: Ayrilana.1396

Ayrilana.1396

Locking down after 6-8 attempts is hardly anywhere close to being a lack of security.

They also have an authentication method going on that you assign the trusted locations that can log onto your account. For example, I can log on from my home network but when I try to log on from my phone, an authentication email is sent to my account email asking whether the log in attempt on my phone is authorized.

(edited by Ayrilana.1396)

Has anyone noticed the lack of security?

in Guild Wars 2 Discussion

Posted by: Volomon.9147

Volomon.9147

Locking down after 6-8 attempts is hardly anywhere close to being a lack of security.

You clearly didn’t read, it didn’t lock down.

Has anyone noticed the lack of security?

in Guild Wars 2 Discussion

Posted by: Ayrilana.1396

Ayrilana.1396

Locking down after 6-8 attempts is hardly anywhere close to being a lack of security.

You clearly didn’t read, it didn’t lock down.

Your phrasing was misleading.

There’s hardly any chance of your account being hacked if you use your email address for the game only and nowhere else. If you use your email address on other sites then “hackers” will have access to it.

Has anyone noticed the lack of security?

in Guild Wars 2 Discussion

Posted by: Max Lexandre.6279

Max Lexandre.6279

Maybe lock our account after X number of incorrect login attempts is a good thing for security.

Alot of MMO’s do it, as social sites, I mean everything, is a way to protect the account and then confirm the owner of the account to go back login again without issues.

I’m The Best in Everything.
Asura thing.

Has anyone noticed the lack of security?

in Guild Wars 2 Discussion

Posted by: MrQuizzles.6823

MrQuizzles.6823

A hacker cannot access your account unless the login attempt is authorized by someone. They can get your password correct, but they’ll just be met with “Awaiting Authorization” until someone opens up the email that the game sends and clicks on the link inside. These emails cannot be spoofed or tricked since they use nonces to verify the identity of the authorization attempt.

Now, if the hacker also has access to your email, then that’s a problem, but it’s not really Anet’s problem at that point. You’re screwed in a whole host of other different ways if that’s the case.

Has anyone noticed the lack of security?

in Guild Wars 2 Discussion

Posted by: Healix.5819

Healix.5819

Another thing is it doesn’t lock it down if someone from another IP attempts to get on it….

Verify your email, then yes it will.

Has anyone noticed the lack of security?

in Guild Wars 2 Discussion

Posted by: Volomon.9147

Volomon.9147

Locking down after 6-8 attempts is hardly anywhere close to being a lack of security.

You clearly didn’t read, it didn’t lock down.

Your phrasing was misleading.

There’s hardly any chance of your account being hacked if you use your email address for the game only and nowhere else. If you use your email address on other sites then “hackers” will have access to it.

I’m not sure how accurate that is, if it was so easy as that. Why don’t more companies use this email verification.

I know you can spoof an email address and I know you can spoof an IP address.

So how secure is that really?

Has anyone noticed the lack of security?

in Guild Wars 2 Discussion

Posted by: Volomon.9147

Volomon.9147

Another thing is it doesn’t lock it down if someone from another IP attempts to get on it….

Verify your email, then yes it will.

This doesn’t lock them down it’s only a question that asks if you would like to allow them on. It doesn’t prevent them from continuing to attack your account.

Has anyone noticed the lack of security?

in Guild Wars 2 Discussion

Posted by: AnonEMouse.7932

AnonEMouse.7932

I know you can spoof an email address and I know you can spoof an IP address.
So how secure is that really?

Actually fairly good assuming you don’t have a bad password on your mail account.

Spoofing an e-mail address is fairly simple but doesn’t get you anywhere, all you’re doing is saying YYY sent the e-mail instead of XXX.

You don’t control where the e-mail goes, and as the e-mail is still sent to the relevant e-mail box (which for the most part don’t use IP addresses), which only you can access with the right information.

If you’re concerned, put an authenticator on your account.

Has anyone noticed the lack of security?

in Guild Wars 2 Discussion

Posted by: Healix.5819

Healix.5819

This doesn’t lock them down it’s only a question that asks if you would like to allow them on. It doesn’t prevent them from continuing to attack your account.

As long as you never verify them, they are locked out. The email verification is checked prior to validating the password. In this sense, every IP is blacklisted, except for those you verified.

For blacklisting or temporarly locking out individual IP addresses, there’s no point. If I was going to hack your account, I would use one of the many free available proxies and rotate through them.

If you want your entire account locked, where you then have to do basically the same thing that the verification email does, then once someone knows your email, they could permanently lock down your account. Worst case scenario, you’d get kicked from the game every attempt and then eventually temporarly banned while waiting for support to change your email. Best case scenario, you have to verify your account each time you wanted to login, which already happens if you chose to not remember your own IP.

Spoofing the email or IP address should have no effect here, unless they locked out IP addresses on failed attempts for 24+ hours, then I could spoof your IP to make it look like you are failing your own login, forcing you yourself to be locked out. The only way to properly “spoof” the IP would be to proxy using your connection, which would mean you have a much larger problem.

If someone is truly brute forcing your account, which is both rare are time consuming, your account would be getting login attempts hundreds of times per second. Since ArenaNet has confirmed that they can watch failed login attempts, surely, they can detect and stop this. If someone is able to login to your account in under 50 attempts, they know your password or a variation of it.

If you want additional security, attach an authenticator. If you don’t have a device to run it on, you can emulate an android one. If someone else gains access to your secret code however, the authenticator is pointless, same goes for the physical (keychain) ones.

If you want to go full paranoia mode, no matter how much security you throw on your account, it will be able to be bypassed given someone is specifically targeting you. After all, as long as you can access your account, someone else can. The user will always be the weakest link.

(edited by Healix.5819)

Has anyone noticed the lack of security?

in Guild Wars 2 Discussion

Posted by: Exterminans.9723

Exterminans.9723

Security IS broken, but for a different reason then mentioned in this thread.

Nowadays you usually won’t go for the bruteforce approach, it’s to easy to detect and it takes to long. Instead you make use of one of the many email+password lists obtained by hacks of various large websites. Chances are good, that you information have already been stolen by someone.

Now there is also a second problem: Many people use the same password on many services, even when warned not to. Now just think about it for a moment, what happens if a person used the same password for Guildwars as for their email account?

Right, their email accounts get compromised, and since the security system of Guildwars only relies on sending an email, the Guildwars account gets also compromised!

Using the authenticator would be a solution to this problem, IF, but only if, it wouldn’t be broken so badly. Too many bugs and too many crashes which don’t affect “normal” users.

Has anyone noticed the lack of security?

in Guild Wars 2 Discussion

Posted by: Asglarek.8976

Asglarek.8976

Has anyone noticed the lack of security?

in Guild Wars 2 Discussion

Posted by: schizophrenic.1507

schizophrenic.1507

Authenticaters wouldnt fix the problem either. Just google WoW authenticator hack. You’ll find many unsatisfied users and maybe, if choosing your google input wisely, some instructions how to do it.
Best way still is: use unique email adress (from a trustworthy provider) and unique passwords for your gw and you email account.
I’ve done that for 10 years, and never got hacked in any game, tho.

Has anyone noticed the lack of security?

in Guild Wars 2 Discussion

Posted by: mulch.2586

mulch.2586

From the way OBrien described it, they don’t have prevention measures to stop hackers from trying millions of passwords. Their solution is to blacklist the top 20 million attempted passwords they’ve seen… Just hope yours is not 20,000,001.

Has anyone noticed the lack of security?

in Guild Wars 2 Discussion

Posted by: JemL.3501

JemL.3501

i dont know what to say about security system and help for customers to not get hacked, all this time ive been in the internet, ive never been hacked, bank, mail, games, i wonder why?…in the other hand when the hack is to the company thats different, so all i need for my security is they actually have security, i dont need babysitting or tools, so in my pov, since arenanet havent suffered any kind of hack to their database…i give a 10/10 to their security.

I took an arrow to the knee

Has anyone noticed the lack of security?

in Guild Wars 2 Discussion

Posted by: Sekin.7803

Sekin.7803

I don’t understand these hacking business… hackers can’t just take over your account miraculously, can they? The whole hacking thing requires the original owner to do something for the hacker either by downloading an unknown file or answering some bogus emails.

Has anyone noticed the lack of security?

in Guild Wars 2 Discussion

Posted by: HawkMeister.4758

HawkMeister.4758

I don’t understand these hacking business… hackers can’t just take over your account miraculously, can they?

Then don´t start making assumptions?
“Hacking” through stealing data directly from the user, by way of getting a Trojan onto your system is just one way. The rarer way.

The far easier and more widely used way is to just buy the data from the internet and use it on the client. HOW these lists are gained is a big part of the problem and a topic you should research for yourself.
ANET actually explained a bit about it themselves. Thieves just use these lists on the client and eventually one combination fits.

It was appalling enough that ANet kittenedly made one of the widest available resources (e-mail addies) part of the login. That they aren´t restricting the login attempts is just another unsurprising detail.

Polish > hype

Has anyone noticed the lack of security?

in Guild Wars 2 Discussion

Posted by: beren.6048

beren.6048

think if they restrict login attempts that lots of people will be locked out because of the hacking attempts going on. My account is linked to my e-mail address, what if someone keeps on trying my e-mail address? I ll be locked out all the time?

Has anyone noticed the lack of security?

in Guild Wars 2 Discussion

Posted by: MrQuizzles.6823

MrQuizzles.6823

think if they restrict login attempts that lots of people will be locked out because of the hacking attempts going on. My account is linked to my e-mail address, what if someone keeps on trying my e-mail address? I ll be locked out all the time?

Yes, this is a legitimate concern. Locking an account due to failed login attempts gives hackers the ability to perform a denial of service attack at players, requiring only an email address to perform the attack.

Another method is to block an IP after it sends you a certain number of invalid attempts, but that’s easy to get around, and the dynamic nature of residential IPs can lead to it blocking out a legitimate user who hasn’t entered a single failed attempt. Thus, the method is also not very good.

In all seriousness, the email verification thing they’ve got going is a good way of securing accounts. If someone is spoofing your IP address (which is not easy to do if you’re not on the same network) or is intercepting your email, then you’ve got way bigger problems to worry about then your GW2 account.

(edited by MrQuizzles.6823)

Has anyone noticed the lack of security?

in Guild Wars 2 Discussion

Posted by: Gehenna.3625

Gehenna.3625

I think the discussion is about the wrong element. Anet have their security measures and they will improve them as they go along. Hackers at the same time improve their methods also. It’s a constant battle.

What concerns me, in general, is not the actual security of a game, but what a game company does for its customers when something goes wrong.

I think it’s fair to ask people to participate in security as in the article that was linked, but I don’t think it’s good customer service to lay the responsibility and blame simply with the customer as well as the consequences. And this is where I think Anet has its shortcomings. I already got my account hacked in GW1 once and as people who have had it happen here, there is ZERO assistance in recovering your account beyond what the hackers decided to leave you with…usually naked characters.

This is the real issue to me. And having found out this is still the case for GW2 (even though they said they were looking into this for GW2), I have another reason not to want to pick up this game. GW1 is still the only time I got an account hacked. It never happened before nor since.

Regardless of whose fault it was…there was just not support and everything I collected over years was gone and Anet couldn’t help. That is just an experience I wish on no one. Anet in any case has no tools to help with this if it does happen, whether it was your fault or not.

It’s a game forum. The truth is not to be found here.

Has anyone noticed the lack of security?

in Guild Wars 2 Discussion

Posted by: mulch.2586

mulch.2586

I think the discussion is about the wrong element. Anet have their security measures and they will improve them as they go along. Hackers at the same time improve their methods also. It’s a constant battle.

What concerns me, in general, is not the actual security of a game, but what a game company does for its customers when something goes wrong.

I think it’s fair to ask people to participate in security as in the article that was linked, but I don’t think it’s good customer service to lay the responsibility and blame simply with the customer as well as the consequences. And this is where I think Anet has its shortcomings. I already got my account hacked in GW1 once and as people who have had it happen here, there is ZERO assistance in recovering your account beyond what the hackers decided to leave you with…usually naked characters.

This is the real issue to me. And having found out this is still the case for GW2 (even though they said they were looking into this for GW2), I have another reason not to want to pick up this game. GW1 is still the only time I got an account hacked. It never happened before nor since.

Regardless of whose fault it was…there was just not support and everything I collected over years was gone and Anet couldn’t help. That is just an experience I wish on no one. Anet in any case has no tools to help with this if it does happen, whether it was your fault or not.

This is a big difference in attitude between east Asian game companies versus NA games. ArenaNet of course could easily re-equip a stripped character, but they choose not to. It was the same with other NCSoft games.

GMs for NCSoft games are minimally-supportive, and really just there to keep the rules. My experience was similar with other Asian company games. Even stuff that’s patently the game’s fault, they won’t fix, as policy.

Whereas a Blizzard or Trion or other American game has a different view of GMing, that it’s about customer support. If you approach GW2 support with an expectation of service, you’ll be disappointed.

Has anyone noticed the lack of security?

in Guild Wars 2 Discussion

Posted by: jwburks.9735

jwburks.9735

Nope. Never noticed the lack of security in this game. Well, other than the fact that GW2 had a record number of hacked accounts in its first couple of days? Nope, haven’t noticed.

We heard . . . we listened . . . we ignored.