Guild Wars 2

Have any and all money whether it be from drops, emails etc dropped directly in your bank.

Any repairs or purchases are drawn directly from this till.

The catch is that, only one time you will need to provide a unique code to gain access and provide proof that you are indeed authorised to access these funds.

You get the first unique code form your account page. You then enter the game and use an in game applet/ui element of sorts and you take that code and it’s not typed in but entered via a clickable mini keyboard like they have in Windows.

This would prevent keyloggers from copying the second key. The first key is irrelevent as it provides only the base from what the second code will be generated from. The second code will be one of many, many millions of possibilities.

Last night my account was compromised. All items that were sellable were put on the TP and sold. Anything else was vendored. And all the gold was then taken and then sent off in a mail to god knows who.

With a system like this or with the same basic principal would have completely negated the whole incident and thwarted the thief.

I won’t go in to a rant complaining about the things Anet should have done or how their security should have been managed right from launch. That would be a complaint not a suggestion. I thnk they know they could have done much better.

All of the hacks talking about are user problems not ANet. Its not ANets fault people register on a 3rd party gw2 forums using the same email addy and password they use to log into the game. Where hackers can get that info easy.

Its not ANet fault that people use the same password for everything. Or that they been using that same password forever. You need to change your password once in a while to keep your info safe.

Its not ANet fault that people use easy passwords that have to do with their personal info. If you are signed up to 15 movie urls and make posted all over your facebook page your fav movie is star wars and your password to GW2 is starwars, how is that ANet fault.

Its not ANet that got hacked!!! Blizzard got hacked and the hackers are checking passwords and usernames people used in that game. If you are using the same username and password from other MMOs you have played. Well again, not ANets fault.

Also if you have keystroke recorder on your PC, thats not ANets fault.

People need to learn how to secure their data.

Nanfoodle.2439:

All of the hacks talking about are user problems not ANet. Its not ANets fault people register on a 3rd party gw2 forums using the same email addy and password they use to log into the game. Where hackers can get that info easy.

Its not ANet fault that people use the same password for everything. Or that they been using that same password forever. You need to change your password once in a while to keep your info safe.

Its not ANet fault that people use easy passwords that have to do with their personal info. If you are signed up to 15 movie urls and make posted all over your facebook page your fav movie is star wars and your password to GW2 is starwars, how is that ANet fault.

Its not ANet that got hacked!!! Blizzard got hacked and the hackers are checking passwords and usernames people used in that game. If you are using the same username and password from other MMOs you have played. Well again, not ANets fault.

People need to learn how to secure their data.

Your post is nothing but all about placing blame. This is a suggestion forum.

You can’t hold millions of people responsible for their own security. They simply aren’t capable of it and also… things happen. I don’t care how careful you are.

Offer up some suggestions to improve the game and stop pointing your finger.

He didn’t mention broadcasting his password, so you have no reason to believe he did.

You are right about 3rd parties, ANet has been very clear about this especially the part about using old passwords.

I would suggest a sent feature in the mail, I don’t remember seeing one but that would be provide hard evidence on who the culprits are.

I occurs to me that it would be easy to hack two accounts and drop items from one into another, however the victims would be notified quickly, the items stolen would be noted and the IPs involved would be recorded at log in.

RLD.7439:

You can’t hold millions of people responsible for their own security. They simply aren’t capable of it and also… things happen. I don’t care how careful you are.

Actually you can & must. Pretty much everything that the user does to authenticate & identify who they are must come from the user’s choice. ANet can impose very little that they have not already done so without legions of users going ‘but we can’t log in, stop making this so hard!’.

ANet have to send email to an email address for example, even with email authentication. The security of that email address is entirely outside their hands. What else can they do?

Your proposed system (if we truly want to debate security) is as vulnerable as the current one. It misses the point that if someone can hack into your account and clean out a character, they already had access to at minimum your website account page, your in-game login, and probably your email address login. No code in the world will prevent access if that is already breached.

If ANet want to improve security, it has to be at the cost of annoying legitimate users. They should mandate gmail email addresses, two-factor authentication enabled on those gmail addresses, and provide two-factor authentication to users either in the form of a physical RSA-type key, or a mobile phone app. How about a mandated password complexity, such as at least 16 characters long, containing at least two special characters? Going further will annoy legitimate users even more.

By far the best simple account security measure is one that users like myself repeatedly told ANet we’d want, and they ignored (probably because NCSoft insisted) – and that is to stop making email addresses usernames. If instead we had to pick a username to log in as well as a password, then a given attacker has one more piece of information they must obtain. This is pretty classic security stuff, and I’m disappointed ANet did not follow this.

Nevertheless, security is as good as the user makes it.