Securing an account, for real
Looks like it’s not the game that is the problem but your email account isn’t save.
As long as that isn’t secured you will keep getting these emails and that is how they get your account info.
Looks like it’s not the game that is the problem but your email account isn’t save.
As long as that isn’t secured you will keep getting these emails and that is how they get your account info.
But my e-mail has 2 accounts’ infos in it. Why is only mine getting hit?
Also, is there a way to change the e-mail?
I don’t know, I can’t tell you how hackers think and act.
But I would change your log in info for your email just to be sure.
Changing your email is possible, but you will have to talk to support about that.
I’m not sure how anyone adding you as a friend gets 50% of your log-in information. Your display name has nothing to do with logging into your account. One uses the Account name to log in, not the Display name.
It does sound as though your email account has been compromised. Or, you might have a keylogger. There are free programs to check for keyloggers, you might want to find one. CNet has some viable choices. You can speak to CS about securing your computer, and they will be happy to help.
Good luck.
I’m not sure how anyone adding you as a friend gets 50% of your log-in information. Your display name has nothing to do with logging into your account. One uses the Account name to log in, not the Display name.
When you have your account restored, they ask you 4 question to prove you are the owner.
1. Display name(the blabla.1234)
2. Name of a char on the account
3. Creation time with 3 days error margin
4. Serial code
When you add somebody as friend, you get 1 and 2. That’s half the proof of account ownership.
Well, cool, you were lucky then. They asked me a lot more than 4 questions. Considering all the signatures on the forum that include character names, I guess many accounts have given out some percentage of the information needed. But none of the information needed for logging in, thankfully. =)
There’s also the fact that your probably using your registered email address don’t forget this part for many people
Or at least one that you had registered against it if the hacker has changed it
Msi Z87 Gaming Board AMD R9 270x
-crucial 256 M500 SSD -Samsung 500Gb HDD
I don’t know, I can’t tell you how hackers think and act.
But I would change your log in info for your email just to be sure.
Changing your email is possible, but you will have to talk to support about that.
If you have a smart phone and your mail provider offers it, I’d also add some form of mobile authentication (such as a texted code, or using something like Google Auth for the constantly changing codes, etc).
A link to an article on the ZoneAlarm page http://www.zonealarm.com/blog/2013/08/how-to-turn-on-two-factor-authentication-for-your-email-accounts/
Also, if you are going to change your email, I’d start by contacting support from the new address, with mention of WHY (namely, the fact that you’ve been made unsecure in some way on your other email account). Don’t mention the new email in any contact with the old email.
This is something I have mentioned before, and it is the biggest mistake Anet has made and the most serious of all security flaws in their system.
Simply, the forums use the same login and password as the game.
If you have the forum remember your password, it is stored in your browser. This information can be extracted by any malicious website. All the website really needs to know is the website they want the login and password to. So if you want to steal logins and passwords to https://forum-en.gw2archive.eu, you create a site that will attract GW2 players. Maybe show hints, maps, or even just armor pictures. The player visits the site, the site owner then has their login and password to the game. It’s really that simple. You can have a “secure” computer, but just visiting one of these sites can expose your info.
From the demo I was given at my employers, there where many different factors that could make your computer vulnerable to this, java version (newest is NOT always best), browser version, browser security settings, etc. To be completely safe, do not allow your browser to remember your login and password, and be VERY selective what GW2 related sites you visit.
The problem is that I don’t actually know what the problem is. My best guess would be a secondary e-mail associated with the account(because if my e-mail was compromised it just doesn’t make sense that they’d arbitrary choose to take my account and ignore the second account info). And since they are changing my password, they should have my serial code as well, no? I was going to slowly request changes to my account until the issue is resolved, but yesterday saw they offer 1 rollback per account. I like GW2 just enough to consider starting over for the second time, but I definitely don’t like it enough to keep starting over every 3 weeks. Since their solution is “change your password and don’t share it with family”(obviously not working), I guess I’m looking for changes to my account that’ll plug all perceivable leaks. New e-mail, new password(that I’ll probably forget again so I guess the forum will be out of the question…), new…what else?
On an amusing side-note: My fiancé mailed them last night to ask what the puppy is happening and why aren’t they replying to my 6 days old e-mail. He got a response this morning. I’m still waiting with only an automated answer to show for it….
(edited by TWMagimay.9057)
So you are saying you have your fiancé’s login and password in your email account? That is not a good idea. You are making a few incorrect assumptions. Only 1 email address is associated with an account. A serial code is not needed to change a password, all that is needed is the old password.
First, you should make sure your computer is secure. Then contact support and ask them to change the email account associated with your GW2 account. The new email address will then be your new login name. Use a secure password and be sure to setup email authentication at the very least. Also, NEVER use the same password for both your email and GW2 account.
So you are saying you have your fiancé’s login and password in your email account? That is not a good idea.
Well, I don’t have my password in my e-mail either. My e-mail contains the exact same amount of information for my account as it does for his(well, did, I moved to paper copies out of the boredom the last 6 days).
You are making a few incorrect assumptions. Only 1 email address is associated with an account. A serial code is not needed to change a password, all that is needed is the old password.
Oh…I just always use the “forgot password”-option. In that case, how do they get passwords that I’ve never used in my life and don’t even know myself the next week?
First, you should make sure your computer is secure. Then contact support and ask them to change the email account associated with your GW2 account. The new email address will then be your new login name. Use a secure password and be sure to setup email authentication at the very least. Also, NEVER use the same password for both your email and GW2 account.
Weekly scans got that covered. I got e-mail authentication set-up, I just don’t seem to receive mails from it(now that you mention it…could it have been turned off?). I never had a matching password between my GW2 account and my e-mail. The last game to use the mail password closed servers 5 years ago and I haven’t used that password for any accounts in the last 4 years.
It sounds like you have a handle on most of it. From what you are saying, it does sound more and more like they have access to your email account.
As to how they get the passwords, it’s anyone’s guess. I had a VERY secure password when I setup my account. Not 10 minutes after setting it up, I had someone from China try to login. My machine was completely clean (actually a new install less then 24 hours old). Firewalls, high security on routers, etc. I do computer security for a living so I know it was not from my end, especially in 10 minutes time but somehow they got my login and password all the same.
So, new e-mail it is…
You seem fairly familiar with this stuff… Question: I just received a mail to my ticket to rate the support. The only response to my ticket was the automated msg and now this. Does that mean they consider my issue resolved in which case should I mail them back and politely tell them they are idiots? Or is it just a random mail and I should sit tight so I dun get pushed back in the queue(if that even happens in GW2?)?
It’s hard to know, but if you have not heard anything specific back, just the automated response, it’s likely they are still working on it. If it’s been more then 72 hours since the last response, you should post your ticket # in the thread below.
https://forum-en.gw2archive.eu/forum/support/account/Tickets-for-Review-3-days-and-older-merged
[quote=3458074;TWMagimay.9057:]
Oh…I just always use the “forgot password”-option. In that case, how do they get passwords that I’ve never used in my life and don’t even know myself the next week?
First, you should make sure your computer is secure. Then contact support and ask them to change the email account associated with your GW2 account. The new email address will then be your new login name. Use a secure password and be sure to setup email authentication at the very least. Also, NEVER use the same password for both your email and GW2 account.
Weekly scans got that covered. I got e-mail authentication set-up, I just don’t seem to receive mails from it(now that you mention it…could it have been turned off?). I never had a matching password between my GW2 account and my e-mail. The last game to use the mail password closed servers 5 years ago and I haven’t used that password for any accounts in the last 4 years.
While they ask for it, the password reset does not require a serial code. If you can supply enough other info, they’ll reset it. (non-automated though).
Also, they do offer Google-auth two-factor – you’d have to use it to sign in every time though.
It’s hard to know, but if you have not heard anything specific back, just the automated response, it’s likely they are still working on it. If it’s been more then 72 hours since the last response, you should post your ticket # in the thread below.
https://forum-en.gw2archive.eu/forum/support/account/Tickets-for-Review-3-days-and-older-merged
I did that…yesterday… I’m usually very patient with support requests, have been known to wait for a month before making any fuss about it… But I was recently in an accident(2 days after the incident) so now I literally have nothing to do. Just sit on a chair and refresh my e-mail… I finally understand why people complain about long support wait times…
On a side-not: If I were to play GW2 and just mail my farmed stuff to my fiancé every day…and then get that account rollback…will we get in trouble?
Is your account still tied to the “suspect” email account? If it is, there can be no doubt someone else has compromised your email account. Never use it again.
Hackers don’t really care about your Serial #s as Anet can pretty quickly determine account ownership without it (and who is NOT the owner even if they have the SN).
What kind of passwords are you using? If they are guessing it (or you are using one you have used on another website in the past), then by all means make a LONG password of 4 to 6 unrelated words you can easily remember. An 8 character long password (with letters, numbers AND punctuation) can be guessed in less than 24 hours by an i5 computer. A 16 chracter password of just lower case letters would take hundreds of years to guess.
Fate is just the weight of circumstances
That’s the way that lady luck dances
What kind of passwords are you using? If they are guessing it (or you are using one you have used on another website in the past), then by all means make a LONG password of 4 to 6 unrelated words you can easily remember. An 8 character long password (with letters, numbers AND punctuation) can be guessed in less than 24 hours by an i5 computer. A 16 chracter password of just lower case letters would take hundreds of years to guess.
The last password was 12 letters and numbers, I have never-ever used it before. I’m the typical noob who has 1 password for everything and changes it like once every 2-3 years, GW2 is forcing me to come up with new passwords that I can never remember. Funny thing is, my usual password never lead to account issues(my fiancé still uses the same password that’s tied to about 5 e-mail accounts, countless forums and games without an issue -.-), it only started after I used my first GW2-specific password…
PS: I finally created a new e-mail and mailed them from it to request a change. That was 3h ago, I didn’t even receive an automated msg…
(edited by TWMagimay.9057)
It’s hard to know, but if you have not heard anything specific back, just the automated response, it’s likely they are still working on it. If it’s been more then 72 hours since the last response, you should post your ticket # in the thread below.
https://forum-en.gw2archive.eu/forum/support/account/Tickets-for-Review-3-days-and-older-merged
I did that…yesterday… I’m usually very patient with support requests, have been known to wait for a month before making any fuss about it… But I was recently in an accident(2 days after the incident) so now I literally have nothing to do. Just sit on a chair and refresh my e-mail… I finally understand why people complain about long support wait times…
On a side-not: If I were to play GW2 and just mail my farmed stuff to my fiancé every day…and then get that account rollback…will we get in trouble?
You already got your once-only account rollback, so farming mats and keeping them (or sending them off) shouldn’t be a problem.
4) That THAT response was also a booboo on support’s part; they can’t roll an account back 6 whole months (I didn’t think that they could!)
Mine was allegedly rolled back 11 months…
Went through the usual support fun, had my account restored, got yet another brand new password.
You already got your once-only account rollback, so farming mats and keeping them (or sending them off) shouldn’t be a problem.
What can I say…I’m an optimist. Until support tells me “No!” I’ll pretend it can all work out.
PS: I think they closed my old ticket just for funzies. Since I got a reply to the mail from this evening. They reset my password. Adorable. facetail
So let me be clear — you had not had a single human response (just the “got your ticket” auto-response) and then a survey? I’m thinking that the access to your e-mail account may include someone deleting our responses, but could you give me this ticket number, please?
I don’t like to think we’d say “How’d we do?” until we, you know, did something.
Communications Manager
Guild & Fansite Relations; In-Game Events
ArenaNet
So let me be clear — you had not had a single human response (just the “got your ticket” auto-response) and then a survey? I’m thinking that the access to your e-mail account may include someone deleting our responses, but could you give me this ticket number, please?
I don’t like to think we’d say “How’d we do?” until we, you know, did something.
Ticket is 217896. It’s a windows live mail so I get a very loud ding every time I receive a mail(and it’s been open since the whole thing started). I’m more thinking it’s that mails not getting delivered thing since I made a new e-mail last night and the issue got almost resolved in about 3h(I’m still waiting to hear about whether restoration would be possible or not because your guys just sort of ignore it every time I bring it up, that ticket is 235962).
Oh, btw, in that “reminding you what the ticket was about”-part, it has only my writing in it…
I might have something that can help you to get more secure passwords. I also used to have 1 password for everything, so a friend of mine pointed me towards a free open source program called KeePass.
It’s a program in which you can store passwords, and you use it to generate new random passwords for you. It’s protected by a master password of your choice. I use it in combination with its firefox plugin, which allows me to easily login on any site without having to enter the username/password myself. When I need to make a new account somewhere I just generate a new password with that program and then save the username and password in that program, with a Title that matches the name of the game/site that the account is for. This way I don’t need to remember my passwords as I can just look them up in that program and copy/paste them when I need them. So if you currently only use 1 password for almost everything or have trouble remembering passwords, then you might want to give it a try.
If you decide to use it then do make sure to make regular backups, as if you lose it then all your passwords are gone to.
Here’s a review if you’re interested: http://www.pcworld.com/article/2026547/review-keepass-makes-strong-passwords-and-keeps-them-safe.html
(edited by Firion Corodix.4510)
Hmmm, isn’t that a bit…dangerous? If somebody gets access to such an account, they literally take over your entire life… Yes, I’ve grown paranoid over the last few days.
On the paranoid note: Support decided to mail my new log in address to the old e-mail. I deleted it roughly 3h after it arrived(I sleep at night), didn’t seem to have been touched… Should I be worried?
Hmmm, isn’t that a bit…dangerous? If somebody gets access to such an account, they literally take over your entire life… Yes, I’ve grown paranoid over the last few days.
On the paranoid note: Support decided to mail my new log in address to the old e-mail. I deleted it roughly 3h after it arrived(I sleep at night), didn’t seem to have been touched… Should I be worried?
My advice: Can’t be too careful. Update the ticket through the NEW email address. Tell them what happened and ask that they auto-generate you a NEW password and send it only to that address. Explain that if the system sends to both the old and new addresses, that can put your account at risk. In this situation, the agent may be ahead to manually reset and not send you an auto-generated password. If he/she does that, simply change the password to something of your choosing once you access the account.
Communications Manager
Guild & Fansite Relations; In-Game Events
ArenaNet