Beta Feature: Mobile Two-Factor Authentication

Beta Feature: Mobile Two-Factor Authentication

in News and Announcements

Posted by: MikeLewis

MikeLewis

Lead Gameplay Programmer

As part of our ongoing commitment to security in Guild Wars 2, I am pleased to announce that we are making a mobile two-factor authentication solution available for beta testing, effective immediately.

Mobile two-factor authentication is an alternative means of securing your Guild Wars 2 account, and like e-mail authentication, is optional but strongly encouraged. Rather than sending you an e-mail when unauthorized login attempts occur, the game (or any of our online web sites) will prompt you for a six-digit number any time you log in to a Mobile Authenticator-protected account. Using a freely available app on three major smartphone platforms – iOS, Android, and Windows Phone – you can obtain the correct six-digit number unique to your account. These numbers change every 30 seconds and can only be used once; this ensures that without your mobile device, an attacker would not be able to compromise your Guild Wars 2 account.

Please be advised that this feature is currently in beta and we are actively working to get it up to our standards of quality. Use of this feature should be considered “at your own risk” until we have completed the beta phase. We have already identified two major improvements to the feature that we will complete before releasing this system for general use:

  • To increase security of your account, unlinking the Mobile Authenticator will require additional six-digit codes.
  • We will be introducing an option to “remember my current network” so that you will not have to authenticate every login from trusted environments.

Of course we will also be interested in your feedback on this feature, and will make sure to take into account your suggestions and opinions during final development.

Setting it Up:
Steps will be associated with either [Computer] or [Mobile] for where the step is taking place.

  1. [Computer] Navigate to https://account.guildwars2.com/account/security/totp and log in with your Guild Wars 2 credentials.
    - If you are redirected to the Security home page (https://account.guildwars2.com/account/security), be sure to add /totp back into the URL.
  2. [Computer] Identify the correct app for your mobile platform. Here are some suggestions:
    - Google Authenticator for iPhones and Android.
    - Windows Authenticator for Windows Phones.
  3. [Mobile] Download the application to your mobile device.
  4. [Computer] Click ‘Next’ on the Account Management page
  5. [Mobile] If your version of the Mobile Authenticator app has the ability to scan QR codes, use it to automatically scan the QR code displayed in Account Management [Computer] and skip to step #7.
  6. [Mobile] If your version of the Mobile Authenticator app does not have the ability scan QR codes, or that ability is not working with the QR code displayed, enter your credentials manually.
    - “Account Name” is the same as your Guild Wars Account Name.
    - “Key” is the secret code displayed in Account Management [Computer].
    - Select “Time Based” and not “Counter Based”
    - Select ‘Add’.
  7. [Computer] In the field below the QR code, enter the six-digit code now displayed from your Mobile Authenticator app [Mobile].
  8. Click ‘Next’.

    For more information, please refer to this Knowledge Base article – http://en.support.guildwars2.com/app/answers/detail/a_id/9238

Thank you in advance for your support, and we look forward to hearing your thoughts on this initiative.


- Mike Lewis
Guild Wars 2 Security Coordinator