Guild Wars 2

This only seems to be the case for characters in Heart of Thorns territory. Core game areas work as usual with leaving the mists.

Leaving the Heart of the Mists or World versus World maps now deposits characters straight into Lion’s Arch rather than back to their previous location.

I hope this is a bug and not an intended change because it’s incredibly frustrating.

I can confirm that characters at 100% world completion do not get map rewards for Southsun, Dry Top and The Silverwastes.

As of two(?) updates ago, Silverwastes rewarded my guardian (who has deliberately missed a point of interest in every city, so is at close to 100%, but not AT 100%) gifts of exploration.

Moments ago, my warrior (who has skipped all the renown hearts in Timberline Falls, has not even entered Silverwastes and has Dry Top at under 50%) was rewarded gifts of exploration for Southsun completion.

Apologies if this has already been posted, but creating a new character causes the loss of GWAMM (legitimately earned) and around 600AP. This has happened to me twice now – having to log into the original GW and relog into GW2 every time I do a Black Lion key run is something of a hassle, though it does fix the issue – until the next run.

The need to confirm a mastery once it has been trained feels a little too clunky, like it could be streamlined a little.

Once you have picked the mastery you wish to train, you’re free to change it right up until the xp bar is filled anyway – this leaves plenty of time for a player to change their mind. The need to manually open the hero panel and confirm the mastery may well leave players forgetting about it and losing progress towards the next mastery through lost xp.

Either, the current mastery could instantly train or players could have a mastery reminder pop up in the corner, at the same location as a reward chest leaving them free to change their mind right up until the last second before chosing what to train next.

Gaile Gray.6029:

• Data shows that authentication helps a great deal, especially mobile authentication. It’s not flawless, but it’s extremely effective at reducing account thefts.

Is there any way to make the game’s mobile authentication NOT reset upon a username change? And for those players without smartphones, how unfeasably expensive would it be to offer the call/text verification provided by many email services?

shycrow.5982:

For some reason the forum is displaying an incorrect email address under my username.

Is the incorrect email address the first one you used for GW2? I’ve changed my account email many times, but the old one still appears under my username in the forums. If you want to change it, you can do so via the forum profile link – if you press that, you’ll see a big, red “edit profile” button

Dana Hawkeye.9724:

One of the problems of being hacked for the first time is that the original e-mail from Anet with your game code is stolen/copied and then deleted from your e-mails – giving them ‘ownership’ or ‘proof of’. So, when you do send in a ticket to Support, this information is not available to you.

The first time I was hacked, the hacker had my product code (though I bought the boxed version of the game, so still had the code available to me). As a one-time courtesy, I was provided with a new product key.

I suggest a more robust multiple layer system, much like Online Banking. The choice of Mother’s Maiden Name, Pets Name, First School, etc should be used. Also a 5 digit number, whereby every time a choice of two of those digits is used. In addition, a memorable name should also be included. All of this is pretty standard for Online Banking. Maybe, Anet could supply (at a price) a calculator authenticator (such as Barclays Bank use).

As tolunart has pointed out, answers to such questions could be readily available – and not all users will put in nonsense answers into those fields. Perhaps simply providing a second (and even third) unique, secure password could be an option? Support would know THIS password, which would (hopefully) not even slightly resemble your log-in password.

I like the idea of a passnumber.

One of the main attractions to hackers is the ‘high-end’ armours, bags, weapons, mini-pets and other collectables. There should be an option, whereby the player can soul-bound or account-bound these items. This would have a two fold effect, in not only protecting the items, but the economy as well, should the account be hacked. At the very least this option should be available at the Exotic, Ascended and Legendary level. .

Most armour is soulbound or account bound on use. If we were somehow able to make these items unsalvagable, they would become much less enticing to hackers.

I have a dynamic IP – the first time I was hacked, I had stopped being asked for verification (I had not disabled authentication myself – the fact that I was no longer being asked to authenticate really should have tipped me off. It didn’t.)

After the second time I was hacked, I stopped checking the box to remember the network, ensuring I got emails every. single. time. I logged on. This also made it easier to see if anyone else HAD remembered any networks on my account.

I’m now using the mobile authenticator, which I actually find faster (and less annoying) than email authentication – it just means that I need to move my phone from my bedroom into the living room whenever I want to play.

I was indeed missing something. Something potentially massive.

Your web browser is possibly storing passwords and almost certainly storing usernames. As I’ve already said, your username is 50% of the information needed to gain access to an online account. A quick internet search on your web browser for something along the lines of “Stop [browser name] from storing usernames” should provide easy steps to solve this issue.

Back door entry
There are some hackers who go through simple channels with various online companies to glean the data they need to access a particular account, exploiting the human factor. Those four little digits at the end of your credit/debit card that all websites leave on display? Those four digits can be used as proof of account ownership in a lot of places. I know the support tickets we send in to Guild Wars 2 asks for those four digits. That, and a billing address (never obscured if you’re logged in) can further prove your identity.
Amazon and Netflix aren’t services that I’m about to give up, but they hold those precious four digits (well, Amazon DID until around an hour ago).
*If your username/password combination for these is weak (mine CERTAINLY was), then it’s very easy for someone to get hold of what should be secure details about you.
*I read of an Amazon account being accessed in two phone calls (one to add a credit card and one to reset a password) when a username was known. This was then used to gain access to other accounts.

Other steps I have taken
After the most recent attack on my account, I was all but certain there WAS a keylogger on my system somewhere – no matter what my active processes looked like or what a multitude of security scans told me (they all came up clean every time). I reinstalled Windows (if you’re wondering why I didn’t do this sooner, an accident with my laptop left me needing a new hard drive, so my recovery partition was gone and I needed to purchase the software).
As a matter of extra caution, once the installation had finished, I set up a new account to sign in.
All my accounts have unique passwords – the shortest of which are for outlook and paypal because these set character limits.
If there is an option to verify accounts using my phone (via app or text message), I verify accounts using my phone. Which now uses a keypad lock and my SIM card is also pin locked. My phone rarely leaves my home.
I am NOT storing any passwords in any digital format – neither online nor on device – I’m using the old fashioned pen and paper method.

Pitfalls with ANet’s system
Please note, I am NOT laying any blame here.
*Once an account name and (presumably a few) other details are known, it is easy to change the email address associated with it. I have been assured that nobody has contacted support using my product code, which means this isn’t needed.
*Once an account name HAS been changed, the mobile authenticator resets, so if your log-in HAS been compromised, the mobile authenticator won’t help you.

Personally, I would like to see either a more thoroughly filled out support ticket needed to change a username. Failing that, a 24 hour account suspension after a username change to allow time for counter-tickets to go through.

Non-salvageable/saleable gear
The vast majority of my armour and weapons were salvaged or sold. One of my characters is currently geared to an acceptable level to play with. My necro has a full set of WvW armour and a WvW axe. She’s borrowed The Incinerator from my thief. If you fear that you’re still vulnerable to hacking, invest in some WvW armour and weapons for one or two of your characters.

I hope this helps someone out there. I hope nobody can beat my record of number of times hacked (because, honestly, it sucks). If I’m missing anything, please let me know.

Good with keeping secure!

Fresh back from my fourth, yes FOURTH account hacking (the third was intercepted by ANet and unsuccessful though – of course this was less than ten days before the fourth), I felt it beyond necessary to find out HOW online accounts are hacked (this isn’t specific to gaming, just in general) in order to best prevent it in future.

What follows comes from mistakes I have made myself, mistakes I have read of other people making, back-door access I’ve read about and the methods used for learning passwords.

Username email addresses
Up until two days ago, with the exception of Guild Wars, every single one of my online accounts tied to the same email address.

When a hacker has your username, they already have half of the data they need to access the account they’re interested in. Using the same email address for more than one account that you actually care about gives half the data needed for anyone to access those accounts. (My basic utility accounts use the same log-in, but I’m fairly sure hackers have no interest in my gas and television services. Likewise, I’m not about to change my log-in for pizza hut).

After so much trouble with account security, this has afforded me a wealth of possible usernames and now none of them have gone to waste. The five services I use most often/feel most concerns over security breaches now each has a separate username assosciated with it.

Potential mistakes with multiple emails
*Having the SAME string of characters at the start of the email. For security purposes, many services —- out portions of an email address, but if the recovery email starts and ends with the same letter as the account – well, that’s the FIRST address they’ll try.

*Using the same email address as recovery for all your other email addresses. No matter how secure you think this email address is, if it IS breached then you’ve just given away access to ALL of your other email (at least any addresses that are known). Pairing email recoveries together seems a sensible idea here – a recovers to b, b recovers to a, c recovers to d etc etc.

Securing your emails
*Two way verification is a good thing. Use it. I’m particularly impressed with microsoft’s app – this doesn’t require a code (which someone could luck into) but needs you to actually use your smartphone to approve access.
*Regularly UNtrust devices if you are able to (yahoo does not give this option – google and microsoft outlook both do)
*If a service insists on security questions, use these to your advantage. Don’t answer the questions honestly -instead create an additional two passwords.
*If a service allows you the opportunity to create a sign-in seal, use it (this is where yahoo has just about its only advantage). This prevents you accidentally signing in via a fake site giving away your log-in details.

Passwords
ANet has a leg-up here by blacklisting passwords. I’m not sure if EVERY password ever created for Guild Wars is unable to be reused, but they’re certainly off to a good start.
*There are common password patterns – the most common being to start with a capital letter and end with digits or special characters
*The most common digit used in passwords is 1
*The most common special character is !
*There are programs that work out the order of characters in a password (I don’t know how these work)
*Hackers will start by trying with the most common password components looking for a match
*A 30 character password consisting of all lowercase letters WILL take magnitudes of time longer to crack than a 6 character password containg a mix of character types.
*A 30 character password that mixes all character types will take longer to crack than the 30 character password only using lower case letters.
*If someone has sufficient information about you, they can change the password to your account without logging into it themself.

Nobody is saying that zerker gear should be replaced or that the dodging mechanic should be made obsolete.

What is being said is that there need to be viable options. There are so many cool concepts that really should work in practice – but when it comes to the crunch, they are overlooked because they just don’t stand up against the meta. A little skill tweak here and change on how that reacts to a particular stat there could go leaps and bounds to actually giving us those viable options. Without overwriting zerker gear or forcing anyone to go out and invest in a whole new gear set.

There is nothing wrong with the dodging mechanic as it stands; however there are a number of reasons why one player may not be as adept at dodging as another:

e.g.
Visual impairment
Colour blindness (one of my guildies has real trouble seeing those red AoE circles)
Subpar graphics
Lag
Other hardware issues
and of course poor reflexes.

While lag is typically a short term problem, some of the higher end content actively punishes and marginalises those with trouble seeing what they need to react to. I do not think it was ever ArenaNet’s intention to make life difficult for colourblind players, and while this really is a separate issue a slight shift in mechanics to make those missed dodges less punishing while throwing up a separate challenge to overcome would make combat more fun for those players than being on the ground 80% of the time without making it easy or insulting.

I just learned that on maximum settings, the chat filter censors the sex of Kessex Hills. I’d been playing around with the filter and seeing the difference between the three settings and forgotten that it was on maximum. Anyhow, this is an issue.

I have the same trouble – most member names reset when they’re on-line, but not all of them.

The chat filter is inconsistent at best. A whole host of common profanities used in the UK and other commonwealth countries make it past the filter (if needed, I can provide a list of these along with their meanings), while the middle part of the word “reputation” is filtered. I have since learned from a Portuguese guild-mate what the trouble with puta is, however, we can type assassin, bass, crass, grass etc without —- in place of a three letter word.

This is a particular issue as NPCs occasionally talk about reputation (it first came to my attention while NPCs were talking about reputation in Metrica Province).

The whole thing reminds me of trying to find players for Quimang’s Last Stand in early Factions, where the chat filter obscured the first half of an NPC’s name.