Guild Wars 2

In a recent post from Gaille

The thread can be found here

https://forum-en.gw2archive.eu/forum/support/account/Guild-Wars-2-ArenaNet-worst-account-security-EVER/first#post21847

“I have news for you: If someone gets your password on any system, there’s a pretty big likelihood you’re going to be in trouble. And that is why we say — often and very firmly — that account security begins and ends with you. We’ll help, but your security is in your hands.
Use a strong, unique, hard-to-guess password for Guild Wars only.
Do not share your account.
The title of this thread is misleading. Our database has not been hacked. People are not waltzing in and getting players’ credentials. The incursions are coming from external sources, over which we have no control.
More information is available in our recent article about security.”

Not once did anyone in the thread mention database compromisation.
Nor does the title.
All i said was it requires no confirmation to change anything which i confirmed on my own account.
This is undoubtedly and unarguably a huge loophole.
Imagine i walked into a bank and said “I want to withdraw ALL the money from this account X”. (imagine you are withdrawing much more than an ATM would allow)
They reply: " Okay do you have your PIN?"
You reply: “Yes here it is”
Cool have all the money KBYE.

Now normally you would expect things like
“you are not tied to this account or this person anyway”
“do you have proof of identity”
the list goes on.

But none of this needs to be done to get at an account.
This is where i believe the problem lies.
Now yes; account security DOES lie with the account holder but it also lies with Arena Net. This needs to be heightened.

Now above “We’ll help, but your security is in your hands”. This is what you have not done. You do not even have a Captcha function to prove someone isn’t just brute forcing the email. Some of the even the most basic of forums have.

TL;DR: ANet lacks account security and there is nothing stopping the brute forcing of account passwords. Yes users need to do what they can but ANet doesnt provide the resources for this.

I’ll reference you BACK to your previous thread :
https://forum-en.gw2archive.eu/forum/support/account/Guild-Wars-2-ArenaNet-worst-account-security-EVER/first#post21939
______
ArenaNet can’t be held responsible for compromises that occur outside their domain. If you overlap passwords or by any other means offer ways for your account to become compromised, you are solely to blame.

Swanky McDanky.5214:

I’ll reference you BACK to your previous thread :
https://forum-en.gw2archive.eu/forum/support/account/Guild-Wars-2-ArenaNet-worst-account-security-EVER/first#post21939
______
ArenaNet can’t be held responsible for compromises that occur outside their domain. If you overlap passwords or by any other means offer ways for your account to become compromised, you are solely to blame.

You miss the ENTIRE point of this thread.

Arena Net does not have the tools to help us defend our accounts basically; if you have a password (bruteforceable by any computer) you can take complete control of an account; also changeable by a computer with noone behind it.

Even the implementation of the Captcha system would greatly increase the secuirty and atleast make it so bots could not hack accounts through brute force then changing emails to set parameters.

TL;DR
learn to read an entire thread please
get back into school