Guild Wars 2

Gaile is there a possibility of a physical authenticator for those without supported smartphones?

Is there any way to use this mobile authenticator when using command line arguments (e.g. those of use who wish to have the mumble overlay work)?

Okay Mike, I don’t have a smartphone at all. How about that?

Working great so far. Thank you Mike, your efforts are appreciated greatly

Any chance to make app compatible with Symbian?

Setup and worked the first time.
Would be nice to be able to “whitelist” my PC so I don’t have to put in the code every time when logging in from home. Did I miss something on this or is it not there?

Fantastic news! At least for those with smartphones. There are still some of us, few in number I know, but we don’t have smartphones. I don’t have the need for one, but I would need to buy a phone just to secure my account?

I applaud ArenaNet’s hard work to get us to this point, and politely request that hopefully a physical unit will be made available that will enable those without smartphones to protect their accounts as well. I am also quite sure that there are some who would prefer a physical unit to a smartphone app even though they have smartphones.

That was EASY to setup, my iPhone scanned in the barcode and it was done. This is now the third game I play with an authenticator and that barcode scan thing was the easiest to use.

I’m all set up. There’s a little quirk that got me confused at first. As an Android user, I also use the Google Auth app to login to various Google services. However, when I had it set up on here, it only displayed 1 item. This kinda confused me at first until I tried the code out. It worked and it linked. On my phone, I had it set up for Google and for Dropbox. Dropbox was able to have theirs separate but maybe it’s because they use a different generation system.

Can you please modify the appropriate places so that future users will know what to look for? I’m going to guess that most who do have Android also use the Google auth app with their Google account. And that they already have an entry for their OTP.

@dlechestnut: that’s kind of the point of authenticators, is a second layer of security that can’t be bruteforced or keylogged. WHY this can’t be brute forced or keylogged is because the code changes every 30 seconds, it’s synced to an algorithim that is dependant on your authenticator’s PIN (not the same number you input to log in, but the number used to register your authenticator). In order for a hacker to break through the authenticator system they’d have to know your PIN AND have hacked Arenanet’s algorithim for authenticators, to be able to predict the code for that 30s window, OR, you get infected with a specialized type of malware called a “man in the middle” attack, where you get infected, and the malware will put up a false login screen when you launch the client. Then you input your code in the false login screen, and they use that 30s window to hack your account and abuse it. It’s a lot harder to pull off than keyloggers which don’t need to be specialized for any particular game client.

I’m probably oversimplifying things but that’s how it works as far as I understand.

TL:DR, you have to keep inputting the code every time you log in because the code changes every 30s, that’s what keeps your account secure.

This is great news! However I have to admit, it’s a bit confusing right now.

See, on my iPhone screen I see two codes. Both labeled as “myemailaddress@email.com”. One is for Guild Wars 2 and one is for another account. I can’t seem to find a way to change the labels (which is all it would take to clear this up).

Any suggestions?

So… what about a keychain unit? I don’t use smart phones.

Hi, I’m not able to attach my authenticator to my account. I scan the barcode and it sets it up, but whenever I input the 6-digit pin, it just refreshes the page. Any ideas?

Binarynova.2476:

This is great news! However I have to admit, it’s a bit confusing right now.

See, on my iPhone screen I see two codes. Both labeled as “myemailaddress@email.com”. One is for Guild Wars 2 and one is for another account. I can’t seem to find a way to change the labels (which is all it would take to clear this up).

Any suggestions?

I was able to rename mine by clicking the “edit” button and then the email string. I renamed mine Guild Wars 2.

First bug (FIXED)

My daughter was able to connect the authenticator to her account and log in to the game BUT it wouldn’t let her log in to the forums. It gave her an error 401: Unauthorized, ActionController::InvalidAuthenticityToken.

Ticket 121011-000359

CORRECTIVE ACTION: She had to decline the ToS and then log in a second time, accept the ToS, and it worked.

I would like to let everyone know that if you’re running a webOS Palm smartphone, there is an app in the catalog called GAuth. It is free and works great! You might want to think about adding that to the list of supported phones ArenaNet.

(Note: I’m not trying to sound like a spammer, it’s not even my own app. Just trying to point those with other smartphones in the right direction.)

Izzy Katsu.6024:

I would like to let everyone know that if you’re running a webOS Palm smartphone, there is an app in the catalog called GAuth. It is free and works great! You might want to think about adding that to the list of supported phones ArenaNet.

(Note: I’m not trying to sound like a spammer, it’s not even my own app. Just trying to point those with other smartphones in the right direction.)

Awesome Izzy! I am a WebOS user. I’ll check this out!

WebOS GAuth app works a treat! Thanks!

Windows Phone application is not avaiable for download in Poland (probably also in the rest of Europe).

those who do not have a smart phone, but do have an iPod touch. you can use your iPod.

Anyone know how to use the Google Authenticator on Android if I also use it for my actual Google Account? I can’t install the same app twice, and I need it to generate codes for Google, too.

Carighan.6758:

Anyone know how to use the Google Authenticator on Android if I also use it for my actual Google Account? I can’t install the same app twice, and I need it to generate codes for Google, too.

There’s no need to install the app twice. All you need to do is fire up a QR code scanner (I use Scan on my Galaxy S3) and have it read the QR code on their security setup page. Let the QR code scanner pass the info onto Google Authenticator and accept the key. If your Google account is the same as the account name for GW2, then you won’t see anything changed visually. Otherwise, and I am assuming and guessing w/o verifying, you’ll see a new entry that will indicate the one-time-pass to use for your GW2 account.

Hrm, doesn’t work for me.

I go into the Google Authenticator, either scan the QR there or have it sent over from an external QR scanner, and it responds with the “Secret saved” popup.
So far so well, now the number generated on the main screen givekitten-digit numbers for GW2, but, those codes don’t work for Google Accounts any more, ofc. Luckily I have the Google QR secret code saved, so I could easily re-set it to allow me into my Google account, but the point is – I can apparently only have numbers for one of the two at a time.

I suspect if my GW2 mail address were different than my google address, it’d show me 2 codes generated (listed under seperate email addresses) in the main window?
Mail is the same though, so I only see a single number, and once I sync it to GW2, it no longer works for Google. And vice versa. :s

I’m using Google Authenticator on an Android for GMail, two Google Apps accounts and now GW2. Setup went without a hitch (all four addresses are unique), and login to all accounts using the authenticator works properly.

At least on Android, you can touch and hold a GA entry for about two seconds to bring up the menu that contains options to rename or remove it. That’s pretty much an Android standard thing.

I know this is going to sound shocking but… I don’t have a phone :/
(And no I’m not an old lady I’m 25 :P The one I had broke but I never even used it so being poor it’s not an investment I’m able to make or therefore worth making)

Are there any keyring type authenticators being worked on? I always preferred these regardless as you aren’t tied down to a phone that might break or be hacked itself (not to mention the annoyance of batteries running out).

I really hope so as I’d really like to add another layer of security to my account

Ok, follow-up:
Got it working.

The problem is, as suspect, that you can only have each account name once. Meaning if my Google account has email address X, the very same mail was used for GW2, linking GW2 overwrites the stores Google Accounts setup, and vice versa.

Renaming the Google account beforehand did the trick.

Thank you for this. This is the first time I’ve used a mobile authenticator for anything (Also added one to ‘that other’ mmo now) and really appreciate the extra security you’ve given us.

AlietteFaye.7316

Hi, I’m not able to attach my authenticator to my account. I scan the barcode and it sets it up, but whenever I input the 6-digit pin, it just refreshes the page. Any ideas?

That happened to me – it means you entered the code after the 30-second window had ticked over. Just try to make sure you’re within the window (and check for typos), and it should be fine!

Thanks for doing this, Mike and ArenaNet, it’s much appreciated. Although, it makes me sad to realize that my Guild Wars 2 account is now more secure than some of my financial institutions.

I realize the mobile authenticator is in beta, so, Mike, please please PLEASE give an UNIQUE name to the account (for example: GW2:emailaddress).

Using only “emailaddress” as account name overwrites the Google Account already present, as pointed out by Carighan, forcing us to re-create it with all the single-application associated passwords.

Dropbox uses “Dropbox:emailaddress” as account name and it works very well.

Many thanks for the all the hard work you’ve put in to this 2-Step protection – much appreciated.
Out of interest, is there any way to have BOTH my iPhone or Android Tablet able to provide me with the GAuth 6-digit code? I initially installed this to my phone but realised I may not always have the phone with me – whereas the tablet is always nearby.
Will I have to unlink the iPhone and re-add it via my Nexus 7?

Can you use Blizzard’s Key Fob? I have two of them, and I couldn’t find out if it uses the same ’ RFC 6238’ as the mobile.

Doesn’t the Blizzard one have 8 digits?

Blizzard’s Mobile = 8 & Key Fob = 6

Devildoc.6721:

Gaile is there a possibility of a physical authenticator for those without supported smartphones?

This would indeed be great to be inclusive of everybody.
Personally I use android and am happy with the google authenticator so I don’t need to install yet another authenticator app of which I already have 4 for other games; but I would still buy it just because it’s cool to have some funky physical device thingy with GW2 artwork

This is fantastic. No more worrying about my account.

Will a battery pull break the app?

The SWTOR Mobile Auth breaks if you do that ‘Encounter an expected error. [followed by a force close]’. Which means people who had to do this would need to call CS to get the authenticator removed.

Blizzard’s app doesn’t do this, neither does RIFT’s or Google’s.

illutian.7630:

Will a battery pull break the app?

The SWTOR Mobile Auth breaks if you do that ‘Encounter an expected error. [followed by a force close]’. Which means people who had to do this would need to call CS to get the authenticator removed.

Blizzard’s app doesn’t do this, neither does RIFT’s or Google’s.

What do you mean by this? The authenticator services are third party— it’s not like it’s running directly from your phone, it’s relaying info from a server.

vince.5937:

illutian.7630:

Will a battery pull break the app?

The SWTOR Mobile Auth breaks if you do that ‘Encounter an expected error. [followed by a force close]’. Which means people who had to do this would need to call CS to get the authenticator removed.

Blizzard’s app doesn’t do this, neither does RIFT’s or Google’s.

What do you mean by this? The authenticator services are third party— it’s not like it’s running directly from your phone, it’s relaying info from a server.

The authenticators use unique data from the phones’, like timestamps to create a unique registration key, this is the key you are asked to enter and is the same type of key found on the back of the physical keys above the barcode. If you pull the battery the timestamp freezes (duh), and is suppose to be picked up the next time the phone is powered and receives the cell tower’s timing.

But for whatever reason Bioware’s app doesn’t update and you get an ‘unexpected error’. This was patched though, but anyone who did a battery pull or had their battery drain to 0 ended up with the error.

Personally, I think they rushed the release because of the rampant account hacking that went on. That’s why I want ArenaNet to be aware of this and not make the same mistake….I HATE talking on the phone, ‘specially when it’s going to result in me proving I’m “me”.

EDIT: In fact, I just reinstalled the app on my HTC Eris. Instead of generating the registration key natively, you go to their website and it generates it there. Don’t recall doing that the first time.

EDIT2: I see you’re using Google Authenticator (I have an Android phone)

After a long day, I came back to check on this thread. Ah-ha! So that’s it, eh? Good detective work, everyone. I got my Google account set up again and renamed so I can uniquely identify it. I now have 3 unique entries. I also see that when I went through the link setup for GW2 that it is now appropriately labeled to give us a unique visual identifier. I should check to see if I can file a suggestion or bug report for the Auth app so that they can look into confirming a key overwrite or some sort of pop-up dialog to notify what will happen.

I also vote for a physical device. Not everyone will have a capable smartphone. So having one like this hanging with your keys will be cool to have.

Can y’all address how the recovery process will be? Google has their recovery system covered practically and virtually perfectly. But this is attached to our phone or mobile device. Accessing our account require us to enter that OTP. On one hand, it is fine… as long as we have our device with us. But what happens in the event that we lose that? It is of no surprise that a phone ends up missing, lost, stolen, or broken at worst.

As a suggestion, I think we should take a page from Google’s idea of recovery and print out a recovery code that enables us to access our account despite losing possession of our device that generates the OTP. But please do not let it be a short recovery code if you use that idea. Let it be long, complex, and contain alpha-numeric (symbols optional) characters yet no ones, zeroes, and the letters I, L, and O.

What I would like to know is will this app be in the respective APP stores? I know that no official APPs can be installed on Windows Phone 7 or 8 unless M$ evaluates it first and puts it in the store. There is no way for Anet to have the app here as a download link unless it somehow is instructing ZUNE software to install it with M$ blessing…

I want to add this, but I would like someone else to install it, then remove it.. and make sure you can login after it being removed…. I flash way too many ROMS to my rooted phone…

Spectorx.9762
I want to add this, but I would like someone else to install it, then remove it.. and make sure you can login after it being removed…. I flash way too many ROMS to my rooted phone…

I do the same, actually yesterday i tested a lot of jelly bean roms in my phone, the only thing that you have to do is go to account seccutiry and unbind the phone, that will take like 15 sec.

I’m gonna admit to being in the even smaller minority than people without smart phones and ask: Is there any way to get this on my Blackberry?

Kalendel.5406:

I’m gonna admit to being in the even smaller minority than people without smart phones and ask: Is there any way to get this on my Blackberry?

AFAIK, the Google Authenticator is available for Blackberry too, as long as the device has an internet connection. You can find more info here: http://support.google.com/accounts/bin/answer.py?hl=en&answer=1066447

Awesome! Just added it and logged in and out a couple of times using different codes works like a dream! thank you

Also had to use it to post on here

Ady

I would also love to see a physical authenticator that I could purchase. I do not have a cell phone, and was hoping you’d offer authentication.

Although I would prefer a separate unit that I could put on a keychain, a less ideal solution is if there is anything that would work on a Blackberry Playbook, but I’m not really holding out hope for that.