Guild Wars 2

Well after the hacking of my account recently and the palaver around getting it back up and running I would like to enquire about a few things -

Why after logging out of the forums then logging back in say 20+ mins later.. I actually don’t even need to log in as the forum remembers and opens the gateway to things such as MY Account.. unbelievable really.

If I log out of the site or close the web page completely etc I should not be able to just re access such information so easily.. surely I should be required to enter my password etc… surely.

Only this morning, after pulling teeth to get action on my ticket since April 23rd I was presented with "we have today reset the passwprd on your account please follow the link to update your password… or words to this effect.
Sounds great except somewhere in the [process it was kinda not noticed that the ticket specified the hacker had placed their mobile authenticator on the account – so what was the point of resetting a password when access to the account was blocked anyway..hmmm

How does one make changes to a players account like adding authenticators, changing passwords etc without a single email or notification from ANET to allow me to verify it… does this ability to simply reopen the forum and go straight into myaccount without logging in somehow open that gateway for wannabe hackers.

When the hack was taking place I was logged into the forums and could see all the IP addresses opened.. forcing them to disconnect worked for about 2 attempts before the I became locked out of the myaccount page temporarily with like a DoS type attack then I could retry disconnecting.. rinse repeat.

To note – I never use the same password twice anywhere so this hack was kinda strange and in many cases my passwords are pretty long and sometimes I cant even remember them ..add to that I tend to keep passwords reasonably fresh including my own email password.. So this hack was a surprise to me even though I could see it unfoulding in front of me

Your browser can remember your password and log in. Has nothing to do with Anet site security (as far as it knows, your browser IS sending the credentials again when you access the page). This is a browser setting on your computer (and you can change it to NOT remember passwords at certain sites if you desire…..how to do that depends on the browser being used). Note that another computer (or even user logged into your computer) will NOT get access to MY ACCOUNT on this site without typing in your credentials (at least once).

Are you 100% sure your associate email account has not been compromised. Email account hackers are usually very adept at keeping the actual account user from knowing the account is being monitored and used to try and hack other sites.

Brother Grimm.5176:

Your browser can remember your password and log in. Has nothing to do with Anet site security (as far as it knows, your browser IS sending the credentials again when you access the page). This is a browser setting on your computer (and you can change it to NOT remember passwords at certain sites if you desire…..how to do that depends on the browser being used). Note that another computer (or even user logged into your computer) will NOT get access to MY ACCOUNT on this site without typing in your credentials (at least once).

Are you 100% sure your associate email account has not been compromised. Email account hackers are usually very adept at keeping the actual account user from knowing the account is being monitored and used to try and hack other sites.

Agree web browsers do indeed retain info in their cache.. mine gets emptied on closure but I understand and agree with what your saying. I can’t ever remember visiting and then revisiting a site where it automatically remembered me and failed to require a new login to get into my account.. but that I surely can do on this site, surely they should have some form of process to eliminate that potential risk.

With regards to my own associate email.. All I can do is keep everything checked and updated my end.. when I was hacked last week the first thing I ddi was inform my email provider and got them to also check for any possible breaches their end and to look at my email calls. nothing was found and I actually found out that they had already put in place additional specific measures in the wake of heartbleed etc , which was good to hear as well.

I guess at the end of the day all we can do is make ourselves as watertight as is possible and trust that others do the same as I previously said… waiting to see what potential fallout there is from today announcement about the IE flaw that’s been alerted.. guess the cyber wars are in full bloom nowadays.