Security flaw ? Password broken

Security flaw ? Password broken

in Account & Technical Support

Posted by: KratosAngel.7289

KratosAngel.7289

Hello,
I don’t know if other people have encountered the same problem but I’m under the impression that there is a security flaw somewhere from GW2/Anet.
On 3rd December, I got my password modified twice without receiving any confirmation mail or mail to allow the access, so I decided to file a ticket.
I had some elements that could have caused the problem due to security issues :
- I had allowed free access to my 3G internet access (to browse forum on my mobile)
- I accessed my account on unsecured internet providers (university, job)
1) So I modified the email address to one that is unique to the game, not posted on any website, with a strong password used nowhere else.
I activated the double factor authentication for that mail address AND for the GW2 account.
2) Then I removed all free access to IPs to my account, except for the one from home (static IP).
3) I made sure to clean viruses : reenforced analysis with Avira Antivir, MalwareBytes Anti Malware, AdW Cleaner … (nothing found)
So I should have been OK

But, tonight, it happened again : password was changed again.
So, like last time, only the password was changed, account remained the same but I still have not received any email ….
Like last time, I checked the history regarding my email adress : nothing except from my legit ones.

Consequently, there are only 3 possibilites :
1) Someone hacking me using my IP (don’t how it could be possible …)
2) Someone hacking through using my own computer without I noticing it ?
3) A security flaw that would allow to bypass the security from authentication confirmation asked ….
I’m ready to hear/read about your opinions guys.

Security flaw ? Password broken

in Account & Technical Support

Posted by: ShiningSquirrel.3751

ShiningSquirrel.3751

Are you sure your password was changed, or was it just not working when you tried to use it?
There have been issues with account passwords not working. They where not being changed, but they no longer worked. Support was tracking the issue and there was something about trying to access your account here on the forums from a smart phone that could cause it as well.
Before assuming it’s a security issue, you should open a ticket with support and let them look in to the issue. Top of page, support, then submit a request in the upper right hand corner.

Security flaw ? Password broken

in Account & Technical Support

Posted by: Brother Grimm.5176

Brother Grimm.5176

On the notification issue, what email provider are you using (there have been major delivery issues with yahoo mail and some with gmail)?

Does the Account Security page on this site indicate any unknown IP has accessed your account (is something you don’t recognize in the authorized list)?

We go out in the world and take our chances
Fate is just the weight of circumstances
That’s the way that lady luck dances

Security flaw ? Password broken

in Account & Technical Support

Posted by: Gaile Gray

Gaile Gray

ArenaNet Communications Manager

Next

If there were a security breach of the type you mention, we’d have tens of thousands of tickets about this and probably a few hundred forum posts. The fact that we do not have those things points to an isolated, personal situation, perhaps with your computer system, your authentication set-up, your e-mail account, etc.

Please read this thread about e-mail transmittal/receipt problems:

I suggest that you create a ticket (or update an existing ticket if you previously received support in relation to this concern). Please allow our team to try to assist you with the matter. Click “Support” at the top of this page, and then fill out the form to get assistance. We want to help you with this.

Gaile Gray
Communications Manager
Guild & Fansite Relations; In-Game Events
ArenaNet

Security flaw ? Password broken

in Account & Technical Support

Posted by: Gaile Gray

Previous

Gaile Gray

ArenaNet Communications Manager

Gaile Gray
Communications Manager
Guild & Fansite Relations; In-Game Events
ArenaNet

Security flaw ? Password broken

in Account & Technical Support

Posted by: Astral Projections.7320

Astral Projections.7320

There also appears to be a problem with using iPads with the last IOS update to access the forum or other parts of gw2. If you use the iPad, somehow it causes the game to forget the password. Something is wrong with the iPad software, the part where it remembers passwords, and this causes the game to forget your password when you log on the forum using the iPad.

(edited by Astral Projections.7320)

Security flaw ? Password broken

in Account & Technical Support

Posted by: KratosAngel.7289

KratosAngel.7289

Hello, thanks for all your answers !
1) I’m using Gmail but AFAIK, I’ve always received all the emails (from support, those who state I’ve changed my account email address etc …) and I usually receive the confirmation mails when I am trying to access my account from a non authorised device.
Still, I have added all the emails from Anet to my contact list to see.

2) As I said Brother Grimm, I’ved checked the history and nop, no unknown IP has had access.

3) I know that there would be more, that’s why I posted here and did not file a ticket : to have more answers and … it seems that the answer I was looking for is there :

4)

Are you sure your password was changed, or was it just not working when you tried to use it?
There have been issues with account passwords not working. They where not being changed, but they no longer worked. Support was tracking the issue and there was something about trying to access your account here on the forums from a smart phone that could cause it as well.
Before assuming it’s a security issue, you should open a ticket with support and let them look in to the issue. Top of page, support, then submit a request in the upper right hand corner.

Now this is interesting because Anet told me there was indeed a hack from my ticket but indeed, I only know the password was no longer working (and I know how to type a password several times thanks ….)
I think that indeed, I might have accessed it from 3G only once (no automatic access to the IP though) since it was still saved into my phone, and when I came back home, the password was no longer working (but it could have been changed before that).

FYI, I’m using an Android Phone with Dolphin Browser+Dolphin Jetpack (if it can help) and I had noticed it did not show me threas I had read as such, which I found surprising :o

Security flaw ? Password broken

in Account & Technical Support

Posted by: KratosAngel.7289

KratosAngel.7289

Hi again.
Thank you very much ShiningSquirrel.3751 for your answer, it definitely looks like it is the problem !
I’ve just tested it myself : password working.
Then I go to my mobile, browse using 3G with the same bug as mentionned in my previous post.
Then I go back to the game : password no longer working.

Now that’s one thing : definitely not a security problem nor a hack (as I had been told through support).
Question now is : how do I get rid of this ? I know “no longer use your phone” is an option, but not very convenient …
Is there any other way ?

Security flaw ? Password broken

in Account & Technical Support

Posted by: KratosAngel.7289

KratosAngel.7289

Edited the name of the thread to reflect more accurately the nature of the problem.
Still waiting for an answer or a solution.

Security flaw ? Password broken

in Account & Technical Support

Posted by: KratosAngel.7289

KratosAngel.7289

Alright so I’ve filed a support ticket concerning and it was confirmed that yeah, it has never been a hack or security problem but it’s definitely because of the access from a phone.
They told me to remove the “remember me”, which is that your browser remembers your login and password.
Thus, you gotta type everything everytime if you want to access it from your phone without your password resetting.
Don’t know if it’s a bug they’re working on, don’t think so.

Security flaw ? Password broken

in Account & Technical Support

Posted by: LittleLepton.8915

LittleLepton.8915

I was having this same issue. What seemed to fix it for me was Not checking remember email and remember password on the game launcher.

Also, I always type my emails and passwords in on the forums from my iPad even if it thinks it remembers it.

So far, for the last 3 days, it has solved my issue.

You don’t know me.

#LilithFan#1