Guild Wars 2

Hello,

I wouldn’t have had to open this thread if you read this subforum since this issue was raised countless times but here we are. I don’t think any other subforum is really appropriate for this kind of feedback so I went ahead, feel free to move it if necessary.

Mail authentication is made useless by the mobile authenticator : if a hacker gets one person’s account name and password and then logs into the guild wars 2 website, he can enable Mobile Authentication which will bypass the mail authentication.

All you need to do is to create a mail confirmation, that way the hacker will have to get the account name, the GW password, and the mail password. Right now, mail authentication is useless because you created the mobile authentication. Which was created to secure accounts. And it does exactly the opposite for the majority of the playerbase. I truly have no clue how you guys could not spot that breach from a million miles away, you’re supposed to be professionnals.

Do I need to mention that many players don’t own smartphones, hence they can’t use the mobile authentication?

In the hope that it will get fixed soon™.

On a side note, you can’t undo the mobile authenticator from an Android phone. You ask for two codes and no matter which codes you do put in, it never works. Fixing that soon™ would be nice, too.

If someone manages to get both the login e-mail address and password, losing your GW2 account is the least of your worries. This means you have a keylogger on your computer.

Not necessarily, they could have gotten the GW mail adress and the GW password from another website where you use the same IDs.

Even if you have a keylogger, they couldn’t get the mail password unless you type it which rarely happens : if you use a web browser, the password is probably saved (same if you use a mail client like thunderbird).

So yes, it is a security breach. The fact that players don’t secure their account is another issue entirely. Anet is making its own security system insecure. Quite the joke, don’t you think?

1) Not all people save their passwords in their browsers.
2) Reusing your password from other websites is already a huge security risk.
3) All players are responsible for their own security.
4) It’s a Security Breach, but not on Anet’s end.

Please see Chris’ post about security here:

https://forum-en.gw2archive.eu/forum/support/account/Account-Security-What-you-need-to-know