Guild Wars 2

Hello
There are ISP accounts that use dynamic IPs that change every few days.
My account is like that,and I already had to authenticate via Email quite a few times.
From what I see in the security section of my GW2 account,there is no list of the previous IPs I’ve authenticated.Just the IP I’m currently using.
Can you please give me more info on what happens to the older IPs I’ve authenticated?
Are they automatically deleted every time I authenticate a new IP?
If not is there a way to disable them?
Thanks

You probably should remember that (at least to my knowledge) the authenticator is a beta product atm. (That said, it’s a relatively straightforward problem from an engineering perspective, since it’s been done to death)

I see removal of IP as a massive feature for account security and not having it implemented is something that seems massively overlooked on implications especially when Mike O Brian was saying how account account security is a very important thing.

There are numerous scenarios where you would need to remove a IP.

Especially if those places have static ip’s.

RMT if someone logins you want to be sure that they cannot log back in even if they get your changed gw2 password etc as currently if they do get your new password they can get straight back on on that ip.

Public places like school/college/uni/etc networks, internet cafes that have gw2 installed etc or you use your own system on there network.

Business places if you play during your lunch break.

If you attend big lan partys a example dreamhack with 10 thousand people which are nearly all gamers or ones here in my city that are 3-400 people..

If you accidentally allow a link from a RMT then realise oh crap as soon as its done.

The fact you say they cannot be removed is you just gave access accidentally or someone who uses/shares your email has and you have realised it and cant remove that access yourself, this is a massive one right here that a few thousand people have most likely already done or will do at some stage and I have nearly done myself and creates extra support on your end when there accounts are eventually taken over which can be avoided and they need to do tickets to get the account back.

How many tickets have you had already with hacked accounts?

At least allowing removal of a IP will put some added security into players hands and reduce support requests for these accidental IP location clicks freeing up valuable time on your end.

Its just too much of a risk to leave ip’s allocated for public or not frequent locations and incidents as above.

It seems that while you guys say how much important account security is and keeping things safe there are things like this that can cause big issues and they seem to be ignored or brushed off when they are still a really big part of the picture and making sure accounts are secure.

There have been a couple other things like region blocking account logins that could be done but removal of no longer authorized IP’s you allowed in the past is a bigger one than region blocking.

Pretty much all of those situations that you mentioned, you should NOT be clicking the “remember this IP” option anyway, making it completely moot. The only place you should ever have it remember your IP is on your own personal computers at home, just like passwords.

That being said, I, too, would like an option to delete remembered IP addresses. If it’s really that important, I think I read somewhere that using the account recovery option will reset remembered IP addresses, but that involves entering the Serial number of your game to reset all of the information. I’m not going to try it because I’m lazy.

If it makes you feel any better, the vast majority of hacking cases are going to be caused by gold farmers in Asia, and the only people who might get assigned your old IP address are people in your general area on the same ISP. If you just so happen to live in Asia then oh well!

(I jumped on the mobile app beta as soon as I found out about it, though)

I don’t feel very comfortable using mobile authenticators on my smart phone.
Even if Anet guaranteed for the operation of a 3rd party program like the Google authenticator,it cannot guarantee about my smartphones operating system,and it cannot guarantee that Google authenticator won’t stop being supported on iPhone.
(Apple can be that stupid)
A physical authenticator device would be the best solution.
I don’t live in Asia,but being able to manage the IP addresses would provide one more layer of security.
I know it is highly unlikely I’ll get hacked through one of my older IPs,but you can never be sure.
That being said I’ve already taken action to apply a fixed IP to my isp account.

Hello!

I think that for dynamic IP validations, it would be best to log in all attempts from a given town and area (according to the ISP providing the information) instead of the IP address. I think it is highly unlikely that someone from the user’s ISP will really try and succeed at hacking that account, unless that user’s able to watch the internet traffic. That case however raises much worse problems, such as easily hacking a low security POP3 authentication leading to a hacked e-mail account.

Even if this cannot be done, I’d like to suggest adding a new feature where dynamic IP users may validate an IP address against a DynDNS (or similar) account, since most current routers have built-in support for updating these services with the current IP address of the user and would only provide a single DNS lookup per login attempt to verify. This could be added to account settings, and I’m sure that we would create a nice guide on the wiki for less experienced people to be able to use the feature.

P.S.: I write this post because right now the system seems to keep sending me e-mails on every IP address change. If this is not how it is supposed to work, then please tell me so that I would open my support ticket.

It would be better if they provided log of last ~20-50 logins/attempts with timestamps and IPs in account manager that you cannot clear or delete or edit instead of current active sessions.

As for the question itself – just dont check “Remember this network” checkbox when you authorize your log in.