I would greatly prefer to input the code myself, the reason i put on the authenticator is because somebody tried to log in with my account , so honestly i don’t feel protected unless i am the one to input the code every time, for remote it is as possibility with the new settings, it DO remove part of the control I have on protecting my account.
I am of course paranoid, but if you could allow people to decide if they prefer input the code manually i would feel way more comfortable in playing this game.
From where i log in, the IP is shared by more the a single system, as nearly impossible as it is, if one of the users decide to brute force my password would have a full access to my account, seeing the system would not see a change in IP.
The authenticator is meant to be a last line of defense when your password is gone and your username have been discovered, by removing the code input by the users, you removed the very reason of this defense system existence.
Well it was to my understanding that using the authenticator meant you had to enter a code each time you log in which is why I just set it up for my account 5 minutes ago. However upon logging in, I’m not prompted for a code at any stage during the login in process either on this site or my game client.
Is this a bug with the authenticator? Or did I just not set it up right?
If it matters, when the email authentication started I selected the “remember this network” option, but that was like a month ago. I thought with the authenticator you still have to enter in a code everytime you login.
Personally, I’d like to have the option to always ask me for the 6 digit code regardless of where I go to log into my account.
Add me to the list of folks who chose to be paranoid. Would really like this feature.
+1 more. There’s a checkbox letting me choose whether the login client remembers my password or not. There should be a corresponding option for the authenticator.
I’m all for you guys trying to streamline logins for people who want that, but I would really rather have the peace of mind of knowing the authenticator challenge is always being presented, regardless of where the server thinks I’m logging in from.
Since yesterday I can start the game or go into my account settings without entering the number from my authenticator. I tried to disable and enable it again but it is still not working.
I have downloaded the new build a couple of minutes ago, it was all fun and dandy, but now every time i try to enter the game, the game crashes after i try to put the mobile authenticator!
is there a reason for this or has something changed, i have read the part about the mobile from Anet, and it has been working aces, until the new build has been implemented?
so does anyone have any clue to whats happening
I agree I would like to disable the auto remember and have to log the code in each time please, by having this auto remember it is a potential opening for hackers. Its fine for those that don’t want to type it in, but I would prefer the extra security of having to.
All we’re saying ANet, is when you change something, especially something that affects things that took a lot of time and investment and now looks like it’s at risk:
+1 to always ask for auth code. I suppose that when you allow(ed) a network…Its a bunch of IPs from this network that are able to log in without asking for a code, not only the one you have/had and permitted. So even If one more person can access my account without giving auth code for me is not secure.
So I think the solution to always give the auth code is the best. If anyone finds it frustrating then do not activate it. Good Security always need more time and credentials. I am aware that I need to sacrifice time and battery (mobile phone) to be more secure and I want that.
Agree with everyone else who wants to have the authenticator trust nothing!
I rather take the extra 5 secs to log in then be hacked. Heck I rather take an extra minute or two and go through 3 or 4 layers of security then have my account be at risk.
We don’t want ease of access we want peace of mind.
Its rather poor design decision to disable both security measures on “remember this network” checkbox (without proper warning). Lack of control upon allowed networks/IPs list via account manager (I want to be able to supervise them and remove from list if necessary) adds a lot to this issue.
War doesn’t determine who is right, only who is left.
even though i don’t find the logic in making no security authenticator, and I am not on bored with it, i am finding myself in a delima, as i found the only way to log in yesterday was to uninstall the app from the security page, and go with the mail authenticator.
now i am trying to reinstall it in my security page, it is refusing to do so, saying the password provided by Anet, is incorrect? so whats the deal now?
Never thought I’d say this, but I would actually like to input those extra characters. I have gotten quite used to the peace of mind those extra few seconds and 6 numbers bring. I’d rather take those few seconds to secure my account rather than those few mins to report my account hacked and all my efforts wasted. I realize you guys are probably working on it, but I just wanted to throw my vote in with the paranoid folks here
Thanks, I decided to finally look into this “my log in isn’t prompting me to input my authenticator code” issue tonight and i’m really glad it has been made clear by Mike. Awesome!
I’m not sure if this was brought up, but I log in from 2 different areas/2 different computers. both I told to remember as a safe IP way back when. I have 2 way authentication. But when I log in from 1 location, it doesn’t ask me to input the 6 numbers ever (which you’ve explained why), while the other location I have to input the 6 numbers only sometimes. I realize this is a beta, so I just wanted to make sure you were aware of this issue (entering 6 numbers every time I log in it no trouble at all, and I would be in favour of the suggested option to trust no IP :P Only reason selected to trust the IPs back with email authentication was because it was a pain to go to that email every time. Hitting a button on my phone is much easier :P
If we use this Google Authenticator, would it also help us to avoid getting wrongly suspended? I am currently suspended as many others because I used Battleping VPN. GW2 didn’t say we cannot use it but it is just ok, but still I got banned because I am an american living in China and I got disconnected from my VPN (USA) and then automatically connected with my chinese ip. So would this Authenticator help this better than using email authentication?
I’d been concerned about the login abruptly not requiring the authenticator as well, and thank you for clarifying what has happened. Like others above, I will also voice my strong preference for having the option to always require 2-factor authentication.
The intent of the new functionality is in the right place, but should not have just assumed that if the network was ‘trusted’ previously that it should always be trusted. I personally trusted my network until my account continuously was attacked by Chinese IPs. I switched to 2-factor authentication and have (had) NO intention of going back.
I would also ask that the good folks at ANet add an option (somewhere) to ‘un-trust’ a network, or all networks.
I started to use mobile authenticator and it went all fine till one day the game client/patcher just stopped to ask me for it. I still need to put the number to log into forums or account managment page but not into game. I feel like naked now
Any ideas how to bring it back to my game login? I don’t want to mess up things by registering another one.
Proud member of [BOO]
Thief/Necro/Guardian/Mesmer/Elementalist of SFR EU
I’m a little confused by this whole thing, I stopped using the authenticator a while back when it had connectivity issues. I re-enabled it after recently being hacked. But besides the initial code to link the account I’ve never been prompted to enter any code again? both logging onto the forums or my account or the game since.
I understand it quite possibly has remembered but i’ve never selected or opted for it to be remembered. Is this normal that its just accepted my IP as a trusted location or should i be a paranoid as i am :p
I’ll be the 1874th customer to support having mobile authenticator ask every time.
The potential benefits far outweigh the added 3 seconds of effort. And for those players who do not care as much about security and who are driven off by those 3 seconds (let’s not kid ourselves, there will be many, perhaps even a majority), simply make it clear to them that they can just stick with email authentication and remember their network.
Can the Technical Department give us an estimate for that “Remembered Network Locations” interface release, or at least a quick option to reset “trusted” locations and to treat any new ones as unsafe?
Just adding my voice to the throng. I would also like the ability to reset “trusted network” or ignore it altogether. I’d much rather be reassured that my account is secure by it asking for authentication rather than trust that somehow a “remember and trust this network” option was clicked. Thanks.
When can we have the ability to edit trusted networks?!?
I would like to remove them as it seems hackers are spoofing networks (IPs) to get into accounts; at least from what Mike O’brien implied in the security notes.
Which makes trusting networks not only useless but a potential security breach.
And updating a security feature WITHOUT updating the player base is not a very good procedure. =P
Thanks for attending to this asap.
Edit – forgot to mention, that really you should turn this feature off until you give us the ability to change it.
I’d like to verify if possible that the mobile authenticator still works even if the e-mail of the account has been changed.
Since of a few hackings on our server a couple days ago, we can’t be sure whether the mobile authenticator still protects the account even if the e-mail was changed by the hacker.
Or if the e-mail is changed then the mobile authenticator no longer applies?
Please answer this question as many others have been asking about it.
Ok here is the deal. I have activated Email Authentication, and I have had it for a looooong time. But suddenly, the past few days, when I login it does not send an email. You know, that email where it gives you a link and in the link you must permit or deny the access that is being tried on your account. It just instantly logs me in. And this is scary. This makes me vulnerable. I have talked with you before. You guys just ignored me after resetting my password and mya ccount like a hundred times, you just ignored me. But now I am asking you to fix this please.I do not feel safe. I even tried the google autheticator and it is the same deal.
Got this “Bug?” too. Since today I don’t get any additional security check anymore. Neither Google Authenticator nor the E-Mail Verification seem to work. Is there any known reason for this behavior.
For the moment we do not have a user interface for editing your “remembered” network locations. As a result, please be very cautious when selecting to allow new locations from the emails (or, in the near future, from the mobile authenticator login screen).
So this was a month ago. Will we get the possibility to remove such networks? I mean I do not want to edit them, I just want to reset/remove them. Please, that one button cannot be that much work for you… That option make all you security measures somehow useless… And I guess that many hacked accounts were only possbile to hack through this remember network function.
And in addition you dont let me change my eMail… I’m not very happy about all this…
This authenticator does not work. I’ve had it on my account for awhile never once was I asked for a code to log in. I read here that because I verified my email it wouldn’t prompt me for a code to log in but that it still was working so I wasn’t worried. Well, as of yesterday I have been hacked, my log in information was changed and all my gold and gems was taken. I got an email informing me of the log in information being changed, no where did it ask me if I requested this (I was actually going through my email when this email was sent), I instantly tried to log in and wasn’t able to was told I had entered the wrong information. So I contacted support. (This all happened within 5 minutes of getting the email telling me that my information was being changed) They responded and informed me that my account was recovered, but that they are unable to replace anything that was taken. I reply informing them that I have this authenticator on my account. They respond saying that they see it on my account and that its working properly.
OK I was hacked, how is it even possible that the authenticator is working properly!?
For the moment we do not have a user interface for editing your “remembered” network locations. As a result, please be very cautious when selecting to allow new locations from the emails (or, in the near future, from the mobile authenticator login screen).
So this was a month ago. Will we get the possibility to remove such networks? I mean I do not want to edit them, I just want to reset/remove them. Please, that one button cannot be that much work for you… That option make all you security measures somehow useless… And I guess that many hacked accounts were only possbile to hack through this remember network function.
And in addition you dont let me change my eMail… I’m not very happy about all this…
Yes, you will be able to remove the networks in the future. Keep in mind the authenticator is still in beta testing. More features will be added as we get closer to final.
If you need to change your log-in name (your email address) on your account, please go ahead and contact Support — they’ll help you.
