Guild Wars 2

Since the megaserver has rolled out the gold sellers have increased exponentially, as well as accounts that have been lost to them. Now typically in an mmo setting this would call for the developers to come up with better and greater security measures. I’ve always been satisfied with ANet, until now. Instead of talking about what they can do to help us, the players, they are telling us it’s our fault that specific accounts are being targeted with password bots, offering one time rerolls.
Now while we can always reset our passwords and have the mobile authenticators, it is clear that this is not good enough, and ANet from what we’ve seen isn’t doing much. You’re driving away honest and dedicated players to the game, and will continue to do so until the gold seller problem is dealt with. Currently the gold sellers are winning, and are not showing any signs of stopping. My accounts (I have multiple) within the last hour has had 5 password reset requests from people that are not me. This concerns me greatly, that while I have what I believe to be a strong password, but that with a simple bot it could probably be hacked into.
Now how could this fixed? Well for starters we can look at Gw1. In Gw1 you had to enter one of your character’s names to log in. While a seemingly simple fix, it was efficient and worked from what I had seen. I would love for this to be implemented, atleast to be optional to log in (Activated in account settings). But more specifically, why not have a set char name that could be entered? This would effectively slow down bots and also help prevent them. By having a set character’s name that would have to be put in, we could have “security characters” whose names would be absolute gibberish and would never be played, and could effectively be second passwords.
ANet needs to take action if they don’t want to lose a significant amount of their playerbase, because as it stands I saw maybe around 10 gold sellers in the ~1 hour I was online yesterday, which is a large upscale from before the megaserver. And every single one of them looked like a lost account, not a name of gibberish.
It’s a two way street, ANet, yes players do need to have more complex passwords, maybe use the mobile authenticator, buy you too need to help by atleast giving us more optional security options, such as the simple one from Gw1, and that would help many players in protecting their account and securing a safe future for the player base.

This thread might be locked or deleted, but that’s only avoiding the issue ANet, and making you look weak as an MMO. Action needs to be taken, more security measures need to be had, instead of yelling at the players to have stronger passwords and then hiding behind a closed thread.

Forgotten Deus.1423:

Since the megaserver has rolled out the gold sellers have increased exponentially, as well as accounts that have been lost to them.

Got some proof on that statement or even preliminary numbers?

I don’t see how having to type in a character name would substantially slow hackers down.

When you friend people not only can you see their account name but when they log on you can see that character name. Someone could buy or steal an account then set a computer to friend hundreds of thousands of accounts off the leaderboard, or even all 3 million plus accounts sold, and have the computer watch for logons and record character names.

By the way, you say you are getting password reset requests? Have you done a security sweep of your computer? Checked for a keylogger and then changed your email password? Because they’ve gotten your information and if they are trying to change your password they may have your serial number from your email.

From my recent experience AND viewing the newest “I been hacked!!!” posts here, I’d venture to say 90% are due to email accounts being hacked. Gaile has already posted a good thread on this issue, and while Anet can’t really fix that security issue, there are a few things they could consider to make game accounts more secure to that vector (I get that vector (associated email account) is 100% the players responsibility to secure).

Suggestions:

1. Require player account verification on ALL support requests (password resets, authenticator enable/disable, etc.). I know this is more work for Support on the front end of the request and is an inconvenience for valid Players, but in light of what I see as an increase in email accounts being hacked, it would likely prevent TONS of CS work on the backend (account restoration & rollbacks) while preventing a large number of account compromises up font. The real issue is email submissions as the submit ticket form does this verification already so why not point all email requests to filling out the submission form? Yes, that is a bit of a hastle to the player but I would rather know that Anet wants to make sure the requester is the account owner rather than making it “easy” to reset the account password. While a hacker might know some of the verification info, the process change itself would (IMHO) deter most attempts right up front.
2. change the account user login to something you set up like a password that is not displayed somewhere nor is an actual email address (that can be known by others easily). I get this is quite a technical change to pull off, but if a hacker has to GUESS your log in UID as well as obtain your password, that basically doubles account security from ALL compromise vectors.

I know both of these are work for Anet, but they ARE something they should consider if they are serious about helping players keep their accounts secure. Just my 2 cents.

If you are not in this bad situation, please could you keep your comments for you if you have no compassion for these people?
You don’t need to act like truth holders even if you would actually work at A-Net

Hacked players are already in emotional distress just because of this and you should not mock their affirmations

All mockeries in these threads made by the same 3-4 people make me feel you are one of those benefiting from the hacked accounts “goodies” or you are one of the hackers
There is no other explanation in why you always need to point out to everyone that it is their own fault. They already get slapped in the face by official answers.

Not being compassionate is not “mocking” the situation. You are being overly sensative and most are asking legitimate questions about the OPs claims. I do feel there is a rather recent issue of email accounts being hacked and Anet’s Support policy directly allows those security issues to turn into compromised accounts (thus my post), but I don’t see a single comment anywhere that implies “mocking” someone that has been hacked.

If you are talking about MY post, I apologize if any of it comes off to anyone as “mocking” as that was never my intent.

Discussions of Exploits/Hacking/Cheating/Goldsellers are not allowed on our forums. If you witness any of these acts while playing, please report them using the in-game ticketing system so our Customer Support team can properly investigate the issue.

Don’t hesitate to check this thread about account security : https://forum-en.gw2archive.eu/forum/support/account/Account-Security-What-you-need-to-know