Guild Wars 2

A while back, my guild leader got hacked and the entire guild bank ended up being cleared out. Though the account got rolled back, the guild bank wasn’t for understandable reasons. However, it got me thinking of what if we were allowed to put passwords on guild banks as an additional safeguard to protect it. One can argue that limiting the member’s position is one way of protecting the guild bank but as stated, what if it was the guild leader/high ranking member that gets hacked? By adding an additional password, hackers will have a harder time destroying the hard work that guilds have built up in their banks since the password of the bank will probably be different from the password of the hacked account.

The way that the password would work in my opinion, is that you just have to key in the password for the first time you access the guild bank in that day. Or whenever the guild bank is accessed.

So what are your thoughts about this?

I strongly agree with OP. It’s a good idea and it’s easy to implement.

Although, I would add that if this was to be implemented, I’d recommend the insertion of the password to be through a virtual keyboard. You know, the one you click with the mouse on the screen.

That would help against key loggers.

Considering it as a feature in the launcher as well is not a bad idea either in my opinion.

Maybe it could work similarly to the way the bank pin works in Runescape? A four digit code you only have to enter once per login to access your banks? I can totally see it working. You also have to click the numbers as they appear in a random order, so keyloggers can’t catch it.

Doombringer BG.3740:

…and it’s easy to implement.

Good idea or not, it won’t be "easy to implement. There isn’t anything in the game similar, so they’d have to create new code just for this. They’d also have to design the UI and figure out a plan for dealing with individuals who forget their passcode and guilds that lose the people who know the passcodes.

It won’t be one of the most difficult things to add to the game, but it won’t be “easy” either.

Illconceived Was Na.9781:

There isn’t anything in the game similar, so they’d have to create new code just for this.

It wouldn’t be easy, I’ll give you that. But Custom Arenas are already password locked, so that’s not exactly a first in the game.

Illconceived Was Na.9781:

Doombringer BG.3740:

…and it’s easy to implement.

Good idea or not, it won’t be "easy to implement. There isn’t anything in the game similar, so they’d have to create new code just for this. They’d also have to design the UI and figure out a plan for dealing with individuals who forget their passcode and guilds that lose the people who know the passcodes.

It won’t be one of the most difficult things to add to the game, but it won’t be “easy” either.

Agreed on the difficulty of implementation. It doesn’t matter how small or how large a feature or some content is, there’s a 99% chance that they’ll miss a couple of things and/or bugs will arise from its addition.

I think they’d do well using their current system with the Trading Post if this were to happen (CoherentUI I think it’s called?). It seems to work well with the TP, and it may do well towards bank pins. Regarding how they’d deal with the forgetting of said pins, possibly a simple “Forgot pin?” link in the window which, when clicked, prompts you to enter your e-mail address to send a new pin, or to change your current one?

Or, possibly, something dealing with the mail system in-game?

MrWubzy.3587:

Illconceived Was Na.9781:

Doombringer BG.3740:

…and it’s easy to implement.

Good idea or not, it won’t be "easy to implement. There isn’t anything in the game similar, so they’d have to create new code just for this. They’d also have to design the UI and figure out a plan for dealing with individuals who forget their passcode and guilds that lose the people who know the passcodes.

It won’t be one of the most difficult things to add to the game, but it won’t be “easy” either.

Agreed on the difficulty of implementation. It doesn’t matter how small or how large a feature or some content is, there’s a 99% chance that they’ll miss a couple of things and/or bugs will arise from its addition.

I think they’d do well using their current system with the Trading Post if this were to happen (CoherentUI I think it’s called?). It seems to work well with the TP, and it may do well towards bank pins. Regarding how they’d deal with the forgetting of said pins, possibly a simple “Forgot pin?” link in the window which, when clicked, prompts you to enter your e-mail address to send a new pin, or to change your current one?

Or, possibly, something dealing with the mail system in-game?

That would seem to bypass the purpose of the PIN in the first place. If a nefarious person has compromised the account, they already know the email address (it is usually compromised, as well).

I believe there is some Dev response on this; I might try to dig it up.

Edit: Here’s one: https://forum-en.gw2archive.eu/forum/support/support/Security-Suggestions/first#post4375966

Gaile Gray

ArenaNet Forum Communications Team Lead

Please see my post [url=https://forum-en.gw2archive.eu/forum/support/support/Security-Suggestions/first#post4351580]above. Substitute “PIN” for “password” and you’ll see why there are drawbacks, i.e., it’s not the perfect solution. That’s not to say it won’t be considered, simply that it’s not the be-all and end-all that some may believe.

Good luck.

passcode sent to a phone number, which is required to make a passcode. if that’s compromise then it’s a total loss.

Why was this moved into account and technical support forum? Can a dev plz move this back to discussion? It’s a suggestion for discussion

This is an interesting idea, awesome.

Generally, it all fails at the guild bank password recovery level. It has to exist, but will most likely get compromised at the same time as the account (because most cases of account hacks start with a compromised email). In other words, the additional password system will usually fail in situations where it would have been useful.

Doombringer BG.3740:

I strongly agree with OP. It’s a good idea and it’s easy to implement.

Although, I would add that if this was to be implemented, I’d recommend the insertion of the password to be through a virtual keyboard. You know, the one you click with the mouse on the screen.

That would help against key loggers.

Considering it as a feature in the launcher as well is not a bad idea either in my opinion.

NO, NO, NO, NO please NO virtual keyboard password, is a PAIN THE THE KITTEN to type passwords on such, a code that would take most people 1-2 seconds to write with a normal keyboard can easily take up to 10-20 or more seconds on a virtual keyboard, is too much compromise on the convenient to use side, compared to the security in the first place. I’m fine with a normal password if they implement that, i can live with it, I virtual keyboard i CANNOT. While that may not count for everyone, i very much doubt i am alone either saying that i likely would never use a guild bank ever again if such feature was there with VK. Matter of fact the vast majority of guilds bank passwords with a VK would likely be some 4digit number code(or similar) as they are a bit easier to type in than full-fledged passwords on a VK, and as such if they got into your guild leader account they more than likely can crack that extra password in no time as well

And in the first place if your guild leader had opted to use 2-step verification, he more than likely would never had been hacked at all, the security should be focused on the accountlevel in this case, which is already more than sufficient options for players to make. Is really no excuse to not have 2-step tbh any phone can have the app needed, and you can even get software you install on your computer if need be (though it is far more optimal on your phone). And if the hacker got through that kind of security (that is 1000 times as secure and user friendly than a VK) your guild leader should be having bigger things to worry about than your guild bank

Sorry but it’s not as simple as copy and pasting code. In most cases it’s easier to just rewrite the code from scratch to tailor it to exactly what you need. This coming from my experience using VBA for Microsoft Office programs.

Sorel.4870:

Illconceived Was Na.9781:

There isn’t anything in the game similar, so they’d have to create new code just for this.

It wouldn’t be easy, I’ll give you that. But Custom Arenas are already password locked, so that’s not exactly a first in the game.

Right, the “password” UI might be able to be re-used, but that only covers one of the mechanics. Custom Arena passwords allow full access or nothing; guild banks have several different levels of access. Is it “type once” to gain full access until you logout? Until you change characters? Is there one password per person? One password per type of access (stash vs deep cave)? Do you have to type a password to put stuff in or only to take stuff out? How many times can you try a password before getting locked out?

Some of the answers are probably obvious (some not). Regardless, someone has to consider and walkthrough the design and consequences (pro|con) of each and ideally check in with some people who play a lot (but don’t code a lot).

And again, that’s before people start to send in customer service tickets asking for help with the new system, for good or for “oops” reasons.

I’m not against such a system; I just don’t think it’s that easy to add. Given that, I’m not sure the benefits outweigh the costs, especially given all the other features want to see in the game.

Doombringer BG.3740:

I’d recommend the insertion of the password to be through a virtual keyboard. You know, the one you click with the mouse on the screen.

That would help against key loggers.

It really wouldn’t. It would only help against hardware keyloggers that have been placed between the keyboard and the computer. With software (or hardware interception on the mouse, for that matter), it’s just as easy to watch for and record mouse position and clicks as it is to watch for keyboard keys.

Virtual keyboard “safety” is a lie.

No thanks, and why should everyone be inconvenienced becuase of few people don’t take proper security steps on there side?

If you use strong passwords, run anti spy ware programs daily, don’t open email from people you don’t know, never give out account info in emails, and invest in a good anti virus/firewall software. Your chances of being hacked is greatly reduced unless you leave all your account info laying around on a note pad for anyone to steal.

JediYoda.1275:

No thanks, and why should eeveryone be inconvenienced becuase of few people don’t take proper security steps on there side?

If you use strong passwords, run anti spy ware programs daily, don’t open email from people you don’t know, and invest in a good anti virus/firewall software. Your chances of being hacked is greatly reduced unless you leave all your account info laying around on a note pad for anyone to steel.

And also don’t use the same login info for other places such as websites.

one of officer was hacked and we lost the superior sieges, expensives sigils/runes and any things that have good values.

yes, we should have the password. not for putting things but for taking things out.
then again, if the ability to change password fall on simply permission basis, then the people who has the permission to do that got hacked, wouldnt everything fall apart too?

That moment when someone forgets his password or pin for the Guild Bank…

Smooth Penguin.5294:

That moment when someone forgets his password or pin for the Guild Bank…

That too, Passwords to guild bank would be like telling one of your friends my parents are going out of town for weekend and don’t tell anyone I’m having couple friends over. Next thing you know you have tons of people knowing about it and the police raiding your party, or the house gets trashed. (or both)

Sorry I haven’t been on much so a very late response here. I think there are some very valid points here so I will try my best to discuss them.

1) Changing/losing the password:

With regards to changing the password, I think that the old system of having to input the password first before you can change it should solve most of the issue. Ideally, only the guild leader should be able to change the password, then he/she can choose who to give the password to. This password will then give whoever has it, full access of the bank. So if the guild leader is careless and gives it to many people and results in the guild bank being trashed, that is the result of their own negligence. The guild bank password is to protect the collective efforts of what the guild has decided to deposit. With regards to password being lost, I honestly don’t have a good suggestion for that but I think custom arenas are also the same?

2) Access:

As mentioned, I think that the password should give full access to the entire guild bank. And it will only apply when you are trying to withdraw items/money out of the guild bank. In the ideal situation, you just have to key it in once per login but I’m no programmer so I don’t know what is the best way to go around programming this.

3) Why have guild bank password when you don’t protect your own account? It’s your own problem!

I think its a good point. But sometimes unforeseen circumstances arise and result in information being compromised. And personally I think that have an additional safety barrier is better than nothing. It is easy to tell others that they should have done X but sometimes they just don’t expect it to happen to them until its too late and this results in not just the hacked account in losing items, but also people who invested in the bank. At least with the guild bank password, it would limit the damage somewhat.

Sorry for the kinda necroposting ><