Guild Wars 2

GaileGray.9587:

People are only able to change account credentials if they know the account credentials, which is something that is happening outside of our game where a database for a forum, game, website, etc., is stolen and where the player is reusing credentials — something we’ve warned against for years!

Someone can try all day and night to change your email address, but they can only do that if they know the email address and the password. They can try to reset the password, but that is only processed if you confirm it.

Account security is important to us, but the principal owner of security is the account holder him- or herself.

Gaile,
Change to make things better in the future has to start with the provider to save users from themselves. If i built a skillsaw without a blade guard and 11000 people cut their fingers off it would not be good enough to say ….“Hey we’ve been warning you for years to keep your fingers away from the blade.”

For one, people tend to only want one email not several as its a pain to check a half dozen in-boxes every day. They also tend to keep email address for years. So when you have us use an email for our account name its like using a internet signature of our activity over the last several years making it easy for hackers to zero in their attacks.

So hackers are hacking into unencrypted web forum data bases and collecting peoples email address and cross referencing them to build a list of common passwords I’ve used around the net..Right? And we know this is happening for years so why then are we using an email address as our User Name and giving the hackers a target and the part of the equation they need to match up a password used elsewhere.

Why not protect users and generate a unique “account name” for them, just like you did for the forum names because I guaranty you Dman.9516 can not be traced back to any of me email address, that way the user name would be unique and guaranteed not to be on any hackers list.

I concede that users need to do more to protect themselves but providers of these internet products need to do more, and be smarter about user security, gone are the days were an email address is good enough as an account name.

It’s time to put a saw blade guard on internet security and protect users from losing their fingers to poorly designed security or their own bad habits …Right?

This is as much an attack on ANet as it is us users. GW2 success is directly related to selling goods to us in game but how much are you going to spend knowing your account might be hacked? …and you can’t rely on ArenaNet to get your stuff back.

This is a black mark on a otherwise outstanding game but I have to think that if ArenaNet didn’t have us use our email address as our user names the hackers would have had a much harder time of it matching up passwords and email addresses pilfered from other games or game forums.

With our emails required to be our log-in name half the work is done for the hacker.
I concede users need to do more to make sure they are secure but on the other hand is it really reasonable to expect us to create a new email address for every game or service we pay for or receive on the internet?

Isn’t some of this responsibility in the hands of the provider, isn’t it in the interest of companies that rely on internet transaction to keep our stuff safe?

I can’t believe in 2012 with account theft as prevalent as it has become that some kind of better authentication system was not put in place.

Even Bioware was smart enough to have both a hardware and phone app authenticator ready at launch along with a list of personal questions you had to answer to make any account related change.

Pointing the finger at the user and saying this is all on you is not good enough ….

Sorry if a Skillsaw came without cutting blade guard and 11000 people cut their fingers off would you say …“well the user should know better not to get his hand in the way of a spinning saw blade”… or did the manufacture not do all he could to protect his customer? ….and how many more Skillsaws would they sell once that hit the news?