Guild Wars 2

Please confirm: Has the email authentication mechanism changed, or is this an attack vector? I don’t remember seeing anything to this effect (and can’t find anything on the forum either).

On previous occasions, when my network has changed (as it inevitably does from time to time when my ISP connection drops), I’ve been asked to visit a web page to confirm the login attempt.

This morning, instead, and following my entry of email address and password on the client, I received a different prompt, asking me to enter a code sent to me in an email (akin to the SMS authentication that I haven’t, as yet, signed up to). Now – my ISP connection definitely dropped yesterday evening, so it’s quite possible that this a confirmation is to be expected. However, I’m concerned by the apparent, unnotified change in mechanism. (I’m also slightly concerned by the standard of English in the email, which talks of the login attempt being “initialed” as opposed to either “initiated” or (in the case that this is ANet jargon “initialled”).

It occurs to me that nothing in that sequence proves that either the request or email actually came from ANet. In principle (if my machine were compromised), the email address and password could have been harvested from the previous screen, and my active conformation used to confirm that the harvesting was successful (although that seems like an odd way of doing things – better to simply harvest and keep quiet – but even so).

I’ve changed my password, anyway, and am seriously considering signing up to SMS authentication – but, frankly, if it was an attack, it’s presumably still present, and will simply harvest my new password as well – and neither a new password nor SMS authentication would change that.

Yes, email authentication sends a code now, which the launcher will ask you for. As for initialed, they’re referring to the location as being like a signature.

Healix.5819:

Yes, email authentication sends a code now, which the launcher will ask you for. As for initialed, they’re referring to the location as being like a signature.

Well that’s one good thing (although, as I indicated above, the correct spelling is “initialled” (double “l”) – and bad grammar/spelling are classic red lights for possible malice, hence my concern).

What is a bigger pain is that one of my two accounts is now currently unreachable – it’s prompting me for a code to confirm the new network, but not sending me the confirmation emails (or none that are reaching my email account – and that includes my spam folder). And for tortuous reasons I won’t go into, the same is true of my attempts to access my account info – the web interface prompts me for a code, then doesn’t send me an email with the code in. I have SMS enabled on this account – but not, unfortunately, that one as yet. And if ANet have replied to the support request I sent in, that hasn’t arrived either. Ugghh.

There are quite a few words where the American version uses one L instead of two seen in the British spelling, initial(l)ed is one of them.