Authenticator bug [Merged]
I want put code manualy every time please bring back that feature back ASAP thx.
Tekkit’s Workshop
Well it was to my understanding that using the authenticator meant you had to enter a code each time you log in which is why I just set it up for my account 5 minutes ago. However upon logging in, I’m not prompted for a code at any stage during the login in process either on this site or my game client.
Is this a bug with the authenticator? Or did I just not set it up right?
If it matters, when the email authentication started I selected the “remember this network” option, but that was like a month ago. I thought with the authenticator you still have to enter in a code everytime you login.
Personally, I’d like to have the option to always ask me for the 6 digit code regardless of where I go to log into my account.
Add me to the list of folks who chose to be paranoid. Would really like this feature.
+1 more. There’s a checkbox letting me choose whether the login client remembers my password or not. There should be a corresponding option for the authenticator.
I’m all for you guys trying to streamline logins for people who want that, but I would really rather have the peace of mind of knowing the authenticator challenge is always being presented, regardless of where the server thinks I’m logging in from.
+1 for having the option to always be prompted.
and/or
+1 to having a notification that it did not ask for code as it was on a remembered network.
+1 for having the option to always be prompted.
and/or
+1 to having a notification that it did not ask for code as it was on a remembered network.
the same the guy over there is having, thank you.
See MikeLewis’s post in this thread
https://forum-en.gw2archive.eu/forum/support/account/Authenticator-bug-Merged/first
Your authenticator is setup, it didn’t prompt you because you are on the IP you previous allowed.
I too would like an option to keep using it every login. I can spare the two seconds to input 6 digits.
Yes, I agree as well. If anything please keep an option for allowing us to continue using the 6 digit authenticator. Its more reassuring to have it.
Since yesterday I can start the game or go into my account settings without entering the number from my authenticator. I tried to disable and enable it again but it is still not working.
Both the game and the account management aren’t asking for Authenticator Key either for me.
Same here, was working fine yesterday but not today.
Same issue here… Still better than locking out all of us…
http://www.guildwars2guru.com/news/879-remember-this-network-for-authenticator-users/
This might be why it’s not asked, if you log in from “secured network” which has been remembered by email authenticator.
I have downloaded the new build a couple of minutes ago, it was all fun and dandy, but now every time i try to enter the game, the game crashes after i try to put the mobile authenticator!
is there a reason for this or has something changed, i have read the part about the mobile from Anet, and it has been working aces, until the new build has been implemented?
so does anyone have any clue to whats happening
thanks
Same here, when I enter mobile authentication code it failed.
I agree I would like to disable the auto remember and have to log the code in each time please, by having this auto remember it is a potential opening for hackers. Its fine for those that don’t want to type it in, but I would prefer the extra security of having to.
Thanks
All we’re saying ANet, is when you change something, especially something that affects things that took a lot of time and investment and now looks like it’s at risk:
NOTE IT SOMEWHERE.
This is an ongoing suggestion.
+1 to always ask for auth code. I suppose that when you allow(ed) a network…Its a bunch of IPs from this network that are able to log in without asking for a code, not only the one you have/had and permitted. So even If one more person can access my account without giving auth code for me is not secure.
So I think the solution to always give the auth code is the best. If anyone finds it frustrating then do not activate it. Good Security always need more time and credentials. I am aware that I need to sacrifice time and battery (mobile phone) to be more secure and I want that.
(edited by Kamui.2618)
Agree with everyone else who wants to have the authenticator trust nothing!
I rather take the extra 5 secs to log in then be hacked. Heck I rather take an extra minute or two and go through 3 or 4 layers of security then have my account be at risk.
We don’t want ease of access we want peace of mind.
Its rather poor design decision to disable both security measures on “remember this network” checkbox (without proper warning). Lack of control upon allowed networks/IPs list via account manager (I want to be able to supervise them and remove from list if necessary) adds a lot to this issue.
even though i don’t find the logic in making no security authenticator, and I am not on bored with it, i am finding myself in a delima, as i found the only way to log in yesterday was to uninstall the app from the security page, and go with the mail authenticator.
now i am trying to reinstall it in my security page, it is refusing to do so, saying the password provided by Anet, is incorrect? so whats the deal now?
Never thought I’d say this, but I would actually like to input those extra characters. I have gotten quite used to the peace of mind those extra few seconds and 6 numbers bring. I’d rather take those few seconds to secure my account rather than those few mins to report my account hacked and all my efforts wasted. I realize you guys are probably working on it, but I just wanted to throw my vote in with the paranoid folks here
Better safe than sorry they always said…
Thanks, I decided to finally look into this “my log in isn’t prompting me to input my authenticator code” issue tonight and i’m really glad it has been made clear by Mike. Awesome!
I’m not sure if this was brought up, but I log in from 2 different areas/2 different computers. both I told to remember as a safe IP way back when. I have 2 way authentication. But when I log in from 1 location, it doesn’t ask me to input the 6 numbers ever (which you’ve explained why), while the other location I have to input the 6 numbers only sometimes. I realize this is a beta, so I just wanted to make sure you were aware of this issue (entering 6 numbers every time I log in it no trouble at all, and I would be in favour of the suggested option to trust no IP :P Only reason selected to trust the IPs back with email authentication was because it was a pain to go to that email every time. Hitting a button on my phone is much easier :P
Just a small question:
If we use this Google Authenticator, would it also help us to avoid getting wrongly suspended? I am currently suspended as many others because I used Battleping VPN. GW2 didn’t say we cannot use it but it is just ok, but still I got banned because I am an american living in China and I got disconnected from my VPN (USA) and then automatically connected with my chinese ip. So would this Authenticator help this better than using email authentication?
I’d been concerned about the login abruptly not requiring the authenticator as well, and thank you for clarifying what has happened. Like others above, I will also voice my strong preference for having the option to always require 2-factor authentication.
The intent of the new functionality is in the right place, but should not have just assumed that if the network was ‘trusted’ previously that it should always be trusted. I personally trusted my network until my account continuously was attacked by Chinese IPs. I switched to 2-factor authentication and have (had) NO intention of going back.
I would also ask that the good folks at ANet add an option (somewhere) to ‘un-trust’ a network, or all networks.
Hey hey
I started to use mobile authenticator and it went all fine till one day the game client/patcher just stopped to ask me for it. I still need to put the number to log into forums or account managment page but not into game. I feel like naked now
Any ideas how to bring it back to my game login? I don’t want to mess up things by registering another one.
Thief/Necro/Guardian/Mesmer/Elementalist of SFR EU
Another vote for an option to “Always Require Authenticator” – it makes my paranoia feel better.
I’m a little confused by this whole thing, I stopped using the authenticator a while back when it had connectivity issues. I re-enabled it after recently being hacked. But besides the initial code to link the account I’ve never been prompted to enter any code again? both logging onto the forums or my account or the game since.
I understand it quite possibly has remembered but i’ve never selected or opted for it to be remembered. Is this normal that its just accepted my IP as a trusted location or should i be a paranoid as i am :p
@Kindeller
There is no option to opt in or out at the moment. As long as you have the authenticator, you should be fine.
I have the Google Authenticator for my Android phone and the app worked perfectly. Still is.
The problem is, the windows Client doesnt ask me for an authentication code when i log in any longer. Is this normal?
~ just read the thread after my post has been merged with the others, i feel a bit less stressed right now :>
Rig#2: Core2duo@3Ghz/ 4GB DDR2/ 9800gtx+
(edited by seithan.4823)
I still hope they consider giving us the option to use the authenticator always. It seems silly otherwise and just asking for trouble down the road.
I’ll be the 1874th customer to support having mobile authenticator ask every time.
The potential benefits far outweigh the added 3 seconds of effort. And for those players who do not care as much about security and who are driven off by those 3 seconds (let’s not kid ourselves, there will be many, perhaps even a majority), simply make it clear to them that they can just stick with email authentication and remember their network.
I know you folks are hard at work. Thank you.
And I’ll be # 1875. I’d like to have to enter the authentication number each time please.
It would be nice if you added a UI of remembered locations. I have a few that I’d like to remove.
Can the Technical Department give us an estimate for that “Remembered Network Locations” interface release, or at least a quick option to reset “trusted” locations and to treat any new ones as unsafe?
Just adding my voice to the throng. I would also like the ability to reset “trusted network” or ignore it altogether. I’d much rather be reassured that my account is secure by it asking for authentication rather than trust that somehow a “remember and trust this network” option was clicked. Thanks.
When can we have the ability to edit trusted networks?!?
I would like to remove them as it seems hackers are spoofing networks (IPs) to get into accounts; at least from what Mike O’brien implied in the security notes.
Which makes trusting networks not only useless but a potential security breach.
And updating a security feature WITHOUT updating the player base is not a very good procedure. =P
Thanks for attending to this asap.
Edit – forgot to mention, that really you should turn this feature off until you give us the ability to change it.
(edited by Moderator)
I’d like to verify if possible that the mobile authenticator still works even if the e-mail of the account has been changed.
Since of a few hackings on our server a couple days ago, we can’t be sure whether the mobile authenticator still protects the account even if the e-mail was changed by the hacker.
Or if the e-mail is changed then the mobile authenticator no longer applies?
Please answer this question as many others have been asking about it.
Ok here is the deal. I have activated Email Authentication, and I have had it for a looooong time. But suddenly, the past few days, when I login it does not send an email. You know, that email where it gives you a link and in the link you must permit or deny the access that is being tried on your account. It just instantly logs me in. And this is scary. This makes me vulnerable. I have talked with you before. You guys just ignored me after resetting my password and mya ccount like a hundred times, you just ignored me. But now I am asking you to fix this please.I do not feel safe. I even tried the google autheticator and it is the same deal.
Got this “Bug?” too. Since today I don’t get any additional security check anymore. Neither Google Authenticator nor the E-Mail Verification seem to work. Is there any known reason for this behavior.
I am now having the same issue. As of Saturday afternoon the client no longer asks for the authenticator during login.
My IP has changed several times, and this would imply a network change has occured
No authentication prompt.
Just shows how well their system works sigh
I just added authenticator to my account from home and then tried to log in from a pc at work and it didn’t ask for the authentication.
I just added authenticator to my account from home and then tried to log in from a pc at work and it didn’t ask for the authentication.
That is exactly the problem! The authenticator DOES NOT WORK AS INTENDED.
This is what scares all of us!
I reset my house ip…my friend get the authenticator email but i did’t get it..what happen?
For the moment we do not have a user interface for editing your “remembered” network locations. As a result, please be very cautious when selecting to allow new locations from the emails (or, in the near future, from the mobile authenticator login screen).
So this was a month ago. Will we get the possibility to remove such networks? I mean I do not want to edit them, I just want to reset/remove them. Please, that one button cannot be that much work for you… That option make all you security measures somehow useless… And I guess that many hacked accounts were only possbile to hack through this remember network function.
And in addition you dont let me change my eMail… I’m not very happy about all this…
(edited by cubed.2853)
This authenticator does not work. I’ve had it on my account for awhile never once was I asked for a code to log in. I read here that because I verified my email it wouldn’t prompt me for a code to log in but that it still was working so I wasn’t worried. Well, as of yesterday I have been hacked, my log in information was changed and all my gold and gems was taken. I got an email informing me of the log in information being changed, no where did it ask me if I requested this (I was actually going through my email when this email was sent), I instantly tried to log in and wasn’t able to was told I had entered the wrong information. So I contacted support. (This all happened within 5 minutes of getting the email telling me that my information was being changed) They responded and informed me that my account was recovered, but that they are unable to replace anything that was taken. I reply informing them that I have this authenticator on my account. They respond saying that they see it on my account and that its working properly.
OK I was hacked, how is it even possible that the authenticator is working properly!?
(edited by Gracy.2798)
For the moment we do not have a user interface for editing your “remembered” network locations. As a result, please be very cautious when selecting to allow new locations from the emails (or, in the near future, from the mobile authenticator login screen).
So this was a month ago. Will we get the possibility to remove such networks? I mean I do not want to edit them, I just want to reset/remove them. Please, that one button cannot be that much work for you… That option make all you security measures somehow useless… And I guess that many hacked accounts were only possbile to hack through this remember network function.
And in addition you dont let me change my eMail… I’m not very happy about all this…
Yes, you will be able to remove the networks in the future. Keep in mind the authenticator is still in beta testing. More features will be added as we get closer to final.
If you need to change your log-in name (your email address) on your account, please go ahead and contact Support — they’ll help you.
Communications Manager
Guild & Fansite Relations; In-Game Events
ArenaNet
(edited by Gaile Gray.6029)