Guild Wars 2

All,

A friend of mine just discovered that she’d been hacked. While none of her characters had been pillaged, her bank account has…gold, items and anything NOT account bound was gone.

Apparently ANet provde 1 and only 1 account recovery in cases like this. Not much good if you get hacked multiple times to be honest.

Several thoughts come to mind about this…

- ANet should look at refining the password requirements. Sure, a password with speci@l ch&racters, numb3rs and capiTals might be all well and good, but if the password is all one word such as “OMGThisIsAGr3atGam3” it is apparently easier to hack than if you had the same password with spaces (ie “OMG This Is A Gr3at Gam3”). ANet need to do some more research into this to see if this makes it a lot tougher to crack and then notify the community of their findings;

- Given that numerous items in the bank and such are NOT account bound since they can be sold on the BLTC, maybe ANet needs to look into introducing an Option in the OPTIONS panel that LOCKS all items in the account (bank ,character etc etc) regardless. If the playert then wants to sell material and such, they then enter a SECOND [different to their login] password to unlock this option so that the player can sell items as they see fit. Once done, they then RELOCK the account ingame.

Certainly the mobile phone feature that ANet has as a part of security is nice. However I, for one, do not have a sophisticated phone…it’s a brick. Other people may also be in the same boat.

Providing additional security on an ingame player ACCOUNT basis makes it easier for everyone who plays to enhance their security.

No idea if ANet looks at these, but what the heck.

Cheers

The problem right now is most likely a third party site got hacked.

Which gave hackers access to emails and passwords. Now the site’s password might not have been the same as the game’s password. But it might have been the same as the email password.

And any who bought the digital version of the game likely has their serial number in their email still. Given anyone who gains access to their email the ability to change the password (and then delete the evidence).

A lot of the recent hacks have had email compromises alongside of them. So it’s likely not ANet’s security that’s to blame. It’s the email providers and the fan site.

Moral of the story: Have a separate email you use for registering at fan sites and don’t share passwords with anything you don’t want to lose. And most certainly keep email passwords unique. Because email access is usually the only requirement for password changes on various sites.