Guild Wars 2

It is blatantly obvious to the world that GW2 has severe security issues. I know you guys are back logged in fixing hacked accounts, resetting emails, ect ect.. But what is being put into place CURRENTLY to prevent FURTHER accounts getting compromised? If there is no advanced security procedure in place this 5-10 day back log will ALWAYS continue to be there. What are the dev’s doing to prevent further destruction? Any and all posts welcome, but keep it polite as I want a mod/dev/admin to actually answer this legit question. Thank you.

The measure is already in place: e-mail authorization. So long as your e-mail is secure, nobody can gain access to your account without your authorization. (If you have Gmail, enabling two-step verification is suggested – it causes a code to be sent to your cell phone whenever an unauthorized IP tries to access your account)

Maybe they need to make the content of the e-mail more clear, however, as it seems pretty easy for people to just go “Huh, that’s a legit e-mail. Guess it’s safe to click the link” rather than thinking about the potential danger.

I’ve also heard that some people don’t have e-mail authorization enabled, and have never even once gotten the prompt to enable it. It might be that a button needs to be added to our account options, here on the web site, to enable it properly, in the case that you don’t get the prompt.

Perhaps it would also be wise to expand on the Account Security tab in our account options, to give us the option of manually choosing which IP addresses are automatically authorized for account access. Just in case.

they really should invest in the same system (or similar) that blizzard uses to protect accounts. i havent had a single issue (knock on wood haha) since i’ve gotten mine back when it first came out (years ago) so i’m sure its safe to say it is a working system.

beafnuts.7960:

they really should invest in the same system (or similar) that blizzard uses to protect accounts. i havent had a single issue (knock on wood haha) since i’ve gotten mine back when it first came out (years ago) so i’m sure its safe to say it is a working system.

e-mail authorization is similar. Perhaps not quite as strong, but still reasonable secure. It’s just not foolproof.

email verification is the WORST way of account security where as email is so much easier to hack than a game account. i will def agree the account page has very limited options and needs to be relooked at to give us better security options.

beafnuts.7960:

they really should invest in the same system (or similar) that blizzard uses to protect accounts. i havent had a single issue (knock on wood haha) since i’ve gotten mine back when it first came out (years ago) so i’m sure its safe to say it is a working system.

You mean besides the well-publicized penetration of battle.net earlier this year that resulted in Blizzard customers’ account information being stolen?

http://news.cnet.com/8301-1009_3-57490533-83/e-mail-lists-encrypted-passwords-stolen-in-battle.net-hack/

The e-mail Authorization is junk, Read the last 20 posts where people switched emails, and changed passwords and still getting hacked. It is not a security measure.. And it doesn’t work. Yesterday I went to my brothers house.. First time since launch and logged in with my account. I never received a confirmation email to accept, and it is enabled. It’s not a security measure, it’s a fools way to believe they are “trying”. The amount of posts people are creating daily about getting hacked is reason enough to say it’s useless and a waste of resources. Next!

beafnuts.7960:

email verification is the WORST way of account security where as email is so much easier to hack than a game account. i will def agree the account page has very limited options and needs to be relooked at to give us better security options.

Not really. Have you looked into Gmail’s 2-step verification?

When an unauthorized IP tries to access my Gmail account, a text message is sent to my cell phone with a 6-digit code (or maybe it was 7 digits) that must be entered to actually access my e-mail.

i never said they were hack proof. i was stating how much safer those coders are than just an email verification. my battle.net account still remains safe (knocks on wood again) due to that little code generator. and i couldnt go 2 days playing this game without apparently being hacked…..thats pretty sad in their security if you ask me

I second the option for just being able to see the IP list that have been given permission to your account. That way if we spot something thats unusual or out of place we can just grab a ticket and mention the IP that needs to be blocked from the account, or even better be able to just deny and take away their IP access there on the spot.

Spectorx.9762:

I never received a confirmation email to accept, and it is enabled.

This means it’s not enabled on your account. As I said in my first post, there are issues that I’ve heard of where e-mail authorization is not being properly enabled. The only flaw in the system is that Arena Net has failed to consider the possibility of that happening, and so did not provide a means to manually enable it on our end.

It’s also worth noting that, if you did get an e-mail prompt, and clicked on the link figure it was “safe” because the e-mail is legit, you then unknowingly authorized the IP address of whoever initiated that confirmation e-mail.

Gargoyle.7685:

I second the option for just being able to see the IP list that have been given permission to your account. That way if we spot something thats unusual or out of place we can just grab a ticket and mention the IP that needs to be blocked from the account, or even better be able to just deny and take away their IP access there on the spot.

We can already see the IP list, we just don’t have any sort of control permissions in regards to the IP addresses. It’s just a history of IPs that have accessed the account.

What I’d like is a way to specifically authorize my computer’s IP address as the one and only IP address that can access the account without an authorization e-mail being sent.

beafnuts.7960:

i never said they were hack proof. i was stating how much safer those coders are than just an email verification. my battle.net account still remains safe (knocks on wood again) due to that little code generator. and i couldnt go 2 days playing this game without apparently being hacked…..thats pretty sad in their security if you ask me

The thing is, I know people firsthand whose accounts are still safely in their hands only because of e-mail authorization. They got an e-mail prompt that they did not initiate, and so promptly changed their password and got a new e-mail address, and haven’t gotten a single prompt since.

Spectorx.9762:

Read the last 20 posts where people switched emails, and changed passwords and still getting hacked.

If they have changed emails and passwords and still get hacked, either those email/password combinations are already in the hacker’s database, and are therefore compromised, or else there is a keylogger on the machine in question.

email authorization should still prevent access, but in that situation, the only thing you can do is to get a really thorough virus scan.

DrakeWurrum.6049:

Spectorx.9762:

Read the last 20 posts where people switched emails, and changed passwords and still getting hacked.

If they have changed emails and passwords and still get hacked, either those email/password combinations are already in the hacker’s database, and are therefore compromised, or else there is a keylogger on the machine in question.

email authorization should still prevent access, but in that situation, the only thing you can do is to get a really thorough virus scan.

This isn’t accurate. It may be an easy answer but it isn’t the only plausible scenario. Keyloggers are VERY easy to detect. I was rehacked and ran a very good key logger scanner during the 5 days I had between attacks and found nothing. I also ran Avast before and after with mutliple deep scans and even 3 boot-time scans. You can’t explain that away with simple finger pointing.

I also had a brand new email and a random 32 char ASCII password. I did everything ANet said to do and more and still got smacked a 2nd time.

Widowmaker.5812:

DrakeWurrum.6049:

Spectorx.9762:

Read the last 20 posts where people switched emails, and changed passwords and still getting hacked.

If they have changed emails and passwords and still get hacked, either those email/password combinations are already in the hacker’s database, and are therefore compromised, or else there is a keylogger on the machine in question.

email authorization should still prevent access, but in that situation, the only thing you can do is to get a really thorough virus scan.

This isn’t accurate. It may be an easy answer but it isn’t the only plausible scenario. Keyloggers are VERY easy to detect. I was rehacked and ran a very good key logger scanner during the 5 days I had between attacks and found nothing. I also ran Avast before and after with mutliple deep scans and even 3 boot-time scans. You can’t explain that away with simple finger pointing.

Provide an alternative scenario then. Because the only scenario is that they got your email and password from a keylogger, or from a database that they have built up using fan sites and other easily-hacked targets. I’m not “finger-pointing” here, unless you think it’s bad to point my finger at keyloggers.

With the way the tech world works, scanners cannot keep up with the pace of those creating viruses and trojans and keyloggers. It’s simply the case that, every so often, somebody’s computer will catch one of those little buggers fresh off the compiler, and it won’t be detectable right away.

First off Gaile closed the previous thread for no reason. It is a legimate post, and needs to be discussed. The security that IS IN place.. DOES NOT work. It is enabled on my account but I can still login from any location without confirming. Please see below.

DrakeWurrum.6049:

Spectorx.9762:

I never received a confirmation email to accept, and it is enabled.

This means it’s not enabled on your account.

It IS enabled on my account. I have the emails to prove it is enabled. See below. I got this once.. And allowed it. Ever since then.. I can login from anywhere without getting another confirmation. The “Security” is junk.

ArenaNet noreply@guildwars2.com

Sep 3 (9 days ago) to me

A login attempt from the following location is currently awaiting your authorization.

Address:
City:
Region: FL
Country:

I think Gaile’s post in closing the other thread was legitimate. I think she said they’re working on security improvements or maybe I read that somewhere else?

We just have to try to be constructive and not abusive in these conversations.

Widowmaker.5812:

I think Gaile’s post in closing the other thread was legitimate. I think she said they’re working on security improvements or maybe I read that somewhere else?

We just have to try to be constructive and not abusive in these conversations.

And I agree, if you read the previous post, that was what was said in the opening conversation. There was no “abuse” and nothing NON-constructive, there was NO REASON to lock the post. The question is a legit question and really should not be brushed off. We are asking WHAT will be in place to remedy this. A generic “We have stuff in place” is not an answer.. Thats the equivillent of me asking you whats for dinner and you replying “Food”….

By once again… This is not to belittle Anet or anyone for that matter, but to have their customer base be aware of WHAT is going to happen.