Guild Wars 2

I reasently had my account hacked and realized how easy it is to steal an account. Assuming that the hacker has user name and password to your guild wars 2 account, there is currently a big hole which i have reported to anet already.

In aion there a set up where you would set a 6 digit code you needed to enter every time you would log into the game, here is how it could work in guild wars 2

first you set up the code with anet which saves the code on their servers. Once the code is saved, they sent you a email stating that the code was saved with out mentioning any of the code itself.
At this point only you and anet would know this code.

Now when you log in you enter your user name and password. After you hit play, a screen could come up and ask for the code with no remember option. if the code is incorrect, you can not enter the game.

Assuming they also hacked your email, they could check it but not find out what the code is and there for not be able to get in. If they dont have access it would not matter since the only way to know the code is by
A) being anet
B) be the creator of the code/ be told it
C) intersect the code while the info is sent from your computer to anet

This is just a though which might prevent some hackers from getting into accounts

you do know that things like that are super annoying, i have this in both scarlet blade and vindictus and it frustrates me to no end.
the biggest problem with this system is that the numbers always randomize after each number and you need the mouse to select the numbers, i am big on securities but when the keyboard is out of the picture it a no go from point one.

i am still angry about the password blacklisting, don’t make it even harder to get in the game fore the ones who do own the account.

It sounds like it’s just a second password. I prefer a linked key generator. Usually it’s on your phone, then rather than being a code that you create it is generated for you and and you input it. This also bypasses the hacked email issue because it never goes to your email.

Of course this is also why you should have different passwords for GW2 and your email, and most other things, for that matter.

sorudo.9054:

you do know that things like that are super annoying, i have this in both scarlet blade and vindictus and it frustrates me to no end.
the biggest problem with this system is that the numbers always randomize after each number and you need the mouse to select the numbers, i am big on securities but when the keyboard is out of the picture it a no go from point one.

i am still angry about the password blacklisting, don’t make it even harder to get in the game fore the ones who do own the account.

That is why I support being able to define a computer as linked. Then you only have to enter the extra code once, say this computer is good, and you don’t have to do it again.

Kal Spiro.9745:

It sounds like it’s just a second password. I prefer a linked key generator. Usually it’s on your phone, then rather than being a code that you create it is generated for you and and you input it. This also bypasses the hacked email issue because it never goes to your email.

and when, for some reason, the app is off your phone, bye bye access.

ArenaNet has implemented Two-Factor Authentication for logging in to its games and websites. It’s not required to use, but is an option.

Check out this link….It may be what you’re looking for.

https://forum-en.gw2archive.eu/forum/info/news/Beta-Feature-Mobile-Two-Factor-Authentication/first#post398418

I use it to log into GW2 and I find it very handy. Just an option for you….

Stop clicking on dodgy links. There, no more hacks.

Charismatic Harm.9683:

ArenaNet has implemented Two-Factor Authentication for logging in to its games and websites. It’s not required to use, but is an option.

Check out this link….It may be what you’re looking for.

https://forum-en.gw2archive.eu/forum/info/news/Beta-Feature-Mobile-Two-Factor-Authentication/first#post398418

I use it to log into GW2 and I find it very handy. Just an option for you….

ironicly that is how they got around my email and hacked me. It works yes but the issue is if they disable all verification to get into your account you are still defenseless. The idea of the code is that you only can get it if you have a way to verify yourself other than account name and password.

As for dodgy sites, all sites can be considered dodgy when My mom actually got a virus that killed a computer I had from visiting chase.com the banking site.

kesla.9187:

ironicly that is how they got around my email and hacked me. It works yes but the issue is if they disable all verification to get into your account you are still defenseless. The idea of the code is that you only can get it if you have a way to verify yourself other than account name and password.

So, you’re saying that this hacker had your e-mail address, password AND a way to authenticate their connection using your randomly generated 6-digit code?

How could they disable all the verification on your account if you were using the two-factor authentication? Were you using it only on the game and not also using it on the e-mail account attached to the game?

I’ve gotten e-mails from ArenaNet stating that attempts were made to access my account without authorization before, but no one has ever made it past the second layer of protection. It’s just very confusing to me. Two-Factor Authentication works if you use it properly.

So, you’re saying that this hacker had your e-mail address, password AND a way to authenticate their connection using your randomly generated 6-digit code?

How could they disable all the verification on your account if you were using the two-factor authentication? Were you using it only on the game and not also using it on the e-mail account attached to the game?

I’ve gotten e-mails from ArenaNet stating that attempts were made to access my account without authorization before, but no one has ever made it past the second layer of protection. It’s just very confusing to me. Two-Factor Authentication works if you use it properly.

The code is a idea as a third in case they find use the hole I found trying to get back into my account. I know my hack was a targeted attack due to the way they got in and the fact it was on the days when I am typically never on.

They did not access my email account at all. What they did was use the system hole that exists. If you have a account name and password not probably necessary, you can force off the authentication system. You basically trip it to think you are trying to get in and you forgot your password. The screen is that of disable authentication or reset password. Once the authentication system was turned off, the hacker used user name and password to get into the account manager. from there they used the Mobile app as verification in order to bypass the email. once this was done. the hacker just needed to attempt to log in as usual but since it would go to mobile without using the email, there is no evidence of the hacker, the only reason i know this is there where two unread authentication then none on my email. If they wanted to get into the email there would of been no trail to make me think some one had tried to get in. I know how it was done because I had to rehack my account the same way it got hacked.

Charismatic Harm.9683:

kesla.9187:

ironicly that is how they got around my email and hacked me. It works yes but the issue is if they disable all verification to get into your account you are still defenseless. The idea of the code is that you only can get it if you have a way to verify yourself other than account name and password.

So, you’re saying that this hacker had your e-mail address, password AND a way to authenticate their connection using your randomly generated 6-digit code?

How could they disable all the verification on your account if you were using the two-factor authentication? Were you using it only on the game and not also using it on the e-mail account attached to the game?

I’ve gotten e-mails from ArenaNet stating that attempts were made to access my account without authorization before, but no one has ever made it past the second layer of protection. It’s just very confusing to me. Two-Factor Authentication works if you use it properly.

Um, they send the code to your email. Therefore if they have your email, they have your code.

BaconCatTheGreasy.9542:

Stop clicking on dodgy links. There, no more hacks.

This – and it applies to all your computing security. PEBKAC. You can’t fix stupid – making the folks who aren’t stupid suffer because of the ones who are is… well… stupid.