Guild Wars 2

The problem here is that Arena Net has had the past 5+ years of online gaming experiences to draw from as it pertains to security. There are very easy and common sense controls they could have put in place to massively curtail what is turning out to be a huge embarrassment.

1. Email addresses should never be your logon.

2. Location IP based aware logon protection. If your account suddenly logs on from a new location based on IP you must provide a second security challenge to authorize that location.

3. Optional 2 Factor logons should have been ready from go. An SMS/text cell phone version and a pay key FOB.

4. Any change of password or other account info should require that a verification email or text message code be used before it can be made.

5. Provide a pin or have the user set a pin at account creation(that can not be changed unless the account is verified compromised and returned to the rightful owner) that can be entered on the game support site (along with some other user information) to temporarily “freeze” the users account and automatically start an investigation/open ticket into the comprised account.

And so on and so on. This entire mess is pretty bush league and worrisome from a company that wants access to things like Pay Pal and credit card info to sell you gems.

One of our guild officers got the dreaded someone moved your email and immediately filed a support ticket with all the needed information yesterday AM. Yes, I already explained the entire “how to secure your account” spiel yesterday.

I logged on this morning and his account is logged on.

I get that there is a huge backlog and he was not expecting to see his account again for 5 days but the person is on right now and the account hasn’t been at least locked out.

There should some form of in-game GM report that could let a GM get a quick notification that a suspect hacker is currently logged on. IP location vs. history should be a reasonable enough Red Flag to warrant the account at the very least get temp suspended .

If your IP history for the past 7 days has been say, Utah and all the sudden it is now China…its is a very safe bet you have a hack. Not sure why such a system is not auto set. If your IP location changes outside of a certain range you should be forced to use some 2nd tier authentication to prove it is you. People do travel and game but a 2nd level security is a reasonable expectation for overall security.

Such a system is also very easy to institute.