Page 2 of 7 FirstFirst
1
2
3
4
... LastLast
  1. #21
    Moderator Remilia's Avatar
    Join Date
    Apr 2011
    Location
    Avatar:鉄花まき
    Posts
    7,202
    Quote Originally Posted by Ganagati View Post
    It did indeed launch like that. I played at headstart and was asked to verify my email for authentication from day 1.

    Just like any other online company, Arenanet can defend against a lot of things but it can't really stop the sheer stupidity of its users. If you are stupid enough to ignore ALL warnings from the company saying "Use a different password", use the exact same password and email combination as another game or entity (especially if said game or entity was ever hacked...), and then get hacked because of it... well, what can Arenanet really do about that beyond REQUIRING everyone receive and respond to an SMS text message on every login?

    We were all taught how to follow directions in kindergarten. Time to put those mad skills to the test and try following the very basic and simple instructions Arenanet gives on protecting accounts. It's amazing how well that works out.
    http://www.guildwars2guru.com/news/7...s-august-31st/
    Email authentication
    We now have email authentication enabled for all players who have validated their email addresses. This feature sends an email whenever it detects a login attempt to your account from a location you haven't played from before, asking you to allow or deny the login.
    A total of 6 days including prelaunch.

  2. #22
    Quote Originally Posted by nemro82 View Post
    but this is just a bloody game, not my bank account ffs, most of the people don't give a damn about it.
    Having new e-mail for everything, new pasword and what not, is madness.
    What you do not seem to understand is that banks accounts dont get hacked, game accounts do. You know why? Because beyond the amazing security on banking sites, if you are caught stealing a bank account, you go to jail. If you are caught stealing a video game account, that account gets banned. And yet you can still make money that way. Which one do you think is more targetted?

    Now that we established that, you also have to reallize that you need to act intelligently. Different emails work, but thats not even what we are talking about here: people used the same password and email combination on random web pages as they do for their game accounts, in an environment where they know for a fact there are hackers about. Thats sheer unresponsable stupidity.

  3. #23
    I think the unknown fansite might be http://www.guildwarsguru.com, was unable to go there yesterday with both google and my anti-virus warning that the site had been compromised.

  4. #24
    Quote Originally Posted by nemro82 View Post
    but this is just a bloody game, not my bank account ffs, most of the people don't give a damn about it.
    Having new e-mail for everything, new pasword and what not, is madness.
    If it's "just a game", then you won't mind if it's compromised, right?

    Having a different password for your GW login isn't exactly asking the world of you, if you can't be bothered to type out a few letters and numbers that are different to the norm then you can't really complain if it becomes compromised - it's like complaining your house was broken into when you never bothered to lock the door.

  5. #25
    The Insane DrakeWurrum's Avatar
    Join Date
    Mar 2011
    Location
    Isle of Faces
    Posts
    15,030
    Quote Originally Posted by Chry View Post
    How about Arenanet doesn't take a step backwards and provide an authenticator on launch? Nobody wants to remember a laundry list of emails and passwords for video games.
    Remember that they have e-mail authentication. Which works exactly like a physical authenticator, except with your e-mail. You don't have to worry about losing some physical little doodad, or having it eaten by the dog, or having to wait to get one mailed to your place, let alone paying for one (however cheap they are).

    At that point, you need to use your e-mail account's security, which is very easy to do with Gmail, thanks to their two-step authentication. So, in a way, GW2 has three layers of security, while WoW only has two.
    I hope you haven't forgotten my role in this little story. I'm the leading man. You know what they say about the leading man? He never dies.

    If you give in to your impulses in this world, the price is that it changes your personality in the real world. The player and character are one and the same.

  6. #26
    Quote Originally Posted by DrakeWurrum View Post
    Having a new e-mail for everything, yes, that's madness. New password? Definitely not. If you're stupid enough to use the same password for multiple accounts, you deserve to lose your account. It does the hacker's job for them.

    I've got dozens of passwords memorized. I can't always remember which password goes to which account, but it usually doesn't bite me in the ass. Until we get thumbprint identification built-in to all PC applications, we'll have to deal with passwords.
    Agreed, and you can always drop a symbol or two/ caps lock here and there in strong password you are used to. I don't think you even need to do something extremely different, from what I've heard from experts. Then they have to do trial and error on your game account, which only manages to hack very weak passwords.

  7. #27
    The Insane DrakeWurrum's Avatar
    Join Date
    Mar 2011
    Location
    Isle of Faces
    Posts
    15,030
    Quote Originally Posted by parcus View Post
    Agreed, and you can always drop a symbol or two/ caps lock here and there in strong password you are used to.
    Actually, that doesn't make passwords that much stronger. Even Arena Net links to this in their support page:
    I hope you haven't forgotten my role in this little story. I'm the leading man. You know what they say about the leading man? He never dies.

    If you give in to your impulses in this world, the price is that it changes your personality in the real world. The player and character are one and the same.

  8. #28
    baddies got hacked. Well deserved

  9. #29
    I use the same password for everything, and yet somehow manage to not be hacked (Ever. Not in RIFT, not in WoW, not in SWtOR, Tera, or goddamn UO. Same password for all things since I was twelve) so I kind of take offense to all this 'Internet 101' bullshit. The real answer is stay away from shady websites, not have a small notebook with a list of all twenty-five of your different passwords locked up in your computer desk. If it isn't official don't give them your email address; far easier than having all those passwords.

    Beyond that I know people who haven't used any manner of fansite, beyond mmochamp and more recently the official forums, (Because they don't like to visit unofficial websites/give their emails out) and still had their accounts taken, so color me suspicious of this report.

  10. #30
    Moderator Remilia's Avatar
    Join Date
    Apr 2011
    Location
    Avatar:鉄花まき
    Posts
    7,202
    Quote Originally Posted by DrakeWurrum View Post
    Remember that they have e-mail authentication. Which works exactly like a physical authenticator, except with your e-mail. You don't have to worry about losing some physical little doodad, or having it eaten by the dog, or having to wait to get one mailed to your place, let alone paying for one (however cheap they are).

    At that point, you need to use your e-mail account's security, which is very easy to do with Gmail, thanks to their two-step authentication. So, in a way, GW2 has three layers of security, while WoW only has two.
    Actually an email authentication is worse than a physical or smartphone one.

    The physical authentication we know of today works by a randomization algorithm that works with a seed also known as your serial number. This serial number acts as the unique set of sequence at which the server, and your device cooperates. The device continually changes its sequence along side with the server but they are never actually connected in a sense. This is why if the authenticator desyncs it requires a sync back to the server in order to keep it back in line. The service requires you to input it every time you log in, much like authenticators in real life companies. In fact they're exactly the same authenticators as companies use.

    However an email authentication is just a click of a button. The email can in essence be compromised, and because of this it is actually worse than a physical authenticator.

  11. #31
    Quote Originally Posted by Chry View Post
    How about Arenanet doesn't take a step backwards and provide an authenticator on launch? Nobody wants to remember a laundry list of emails and passwords for video games.
    you dont have to remember them. just write them down somewhere or leave clues for urself on ur desktop

  12. #32
    The Insane DrakeWurrum's Avatar
    Join Date
    Mar 2011
    Location
    Isle of Faces
    Posts
    15,030
    Quote Originally Posted by Achyra View Post
    I use the same password for everything, and yet somehow manage to not be hacked (Ever. Not in RIFT, not in WoW, not in SWtOR, Tera, or goddamn UO. Same password for all things since I was twelve) so I kind of take offense to all this 'Internet 101' bullshit. The real answer is stay away from shady websites, not have a small notebook with a list of all twenty-five of your different passwords locked up in your computer desk. If it isn't official don't give them your email address; far easier than having all those passwords.

    Beyond that I know people who haven't used any manner of fansite, beyond mmochamp and more recently the official forums, (Because they don't like to visit unofficial websites/give their emails out) and still had their accounts taken, so color me suspicious of this report.
    You got lucky.
    I hope you haven't forgotten my role in this little story. I'm the leading man. You know what they say about the leading man? He never dies.

    If you give in to your impulses in this world, the price is that it changes your personality in the real world. The player and character are one and the same.

  13. #33
    Quote Originally Posted by Zeek Daniels View Post
    you dont have to remember them. just write them down somewhere or leave clues for urself on ur desktop
    And then we get posts like 'My brother deleted by level 80 ranger, what do?'. :/

  14. #34
    The Insane DrakeWurrum's Avatar
    Join Date
    Mar 2011
    Location
    Isle of Faces
    Posts
    15,030
    Quote Originally Posted by Remilia View Post
    Actually an email authentication is worse than a physical or smartphone one.

    The physical authentication we know of today works by a randomization algorithm that works with a seed also known as your serial number. This serial number acts as the unique set of sequence at which the server, and your device cooperates. The device continually changes its sequence along side with the server but they are never actually connected in a sense. This is why if the authenticator desyncs it requires a sync back to the server in order to keep it back in line. The service requires you to input it every time you log in, much like authenticators in real life companies. In fact they're exactly the same authenticators as companies use.

    However an email authentication is just a click of a button. The email can in essence be compromised, and because of this it is actually worse than a physical authenticator.
    In this case, no, it's not worse. My two-step Gmail authentication sends a code to my cell phone anytime somebody tries to access my e-mail from an unauthorized IP, and only those who access my e-mail can be authorized to log into my GW2 account, and both accounts use unique passwords.

    ---------- Post added 2012-09-09 at 01:54 PM ----------

    Quote Originally Posted by Achyra View Post
    And then we get posts like 'My brother deleted by level 80 ranger, what do?'. :/
    File cabinet?
    I hope you haven't forgotten my role in this little story. I'm the leading man. You know what they say about the leading man? He never dies.

    If you give in to your impulses in this world, the price is that it changes your personality in the real world. The player and character are one and the same.

  15. #35
    Moderator Remilia's Avatar
    Join Date
    Apr 2011
    Location
    Avatar:鉄花まき
    Posts
    7,202
    Quote Originally Posted by DrakeWurrum View Post
    In this case, no, it's not worse. My two-step Gmail authentication sends a code to my cell phone anytime somebody tries to access my e-mail from an unauthorized IP, and only those who access my e-mail can be authorized to log into my GW2 account, and both accounts use unique passwords.
    http://en.wikipedia.org/wiki/IP_address_spoofing

  16. #36
    Quote Originally Posted by DrakeWurrum View Post
    You got lucky.

    I assure you there is no 'luck' involved in keeping my gaming accounts safe and secure, but nor is there an absurd level of 'defense' for the sake of 'defense'.

  17. #37
    The Insane DrakeWurrum's Avatar
    Join Date
    Mar 2011
    Location
    Isle of Faces
    Posts
    15,030
    Quote Originally Posted by Achyra View Post
    I assure you there is no 'luck' involved in keeping my gaming accounts safe and secure, but nor is there an absurd level of 'defense' for the sake of 'defense'.
    You act like hackers all use some kind of fancy tool to break into the code or servers of these video games in order to get some backdoor to where your password is kept, or some other super high-tech method. Some DO manage to break into servers and steal lists of passwords, but "hacking" is nothing more than guessing at people's passwords, even if that is often made more efficient with programs that make thousands of guesses per second. If nobody out there has ever guessed your one password shared across every account on the internet, plain and simple, you got lucky.

    ---------- Post added 2012-09-09 at 02:05 PM ----------

    Funny thing about that. They'd have to know the exact IP address my computer accesses the internet from. At this point, not only do they have to guess the password to my account, but now they have to discover the IP address specifically authorized for that account.

    It's not any less secure, and there's plenty of accounts out there with weaker security.


    You act like there's anything out in the world that is immune to security threats. Even the VASCO authentication thing could be hacked - "all" they have to do is figure out the variables used to calculate codes. It's even been done before, I'm pretty sure.
    Last edited by DrakeWurrum; 2012-09-09 at 07:07 PM.
    I hope you haven't forgotten my role in this little story. I'm the leading man. You know what they say about the leading man? He never dies.

    If you give in to your impulses in this world, the price is that it changes your personality in the real world. The player and character are one and the same.

  18. #38
    Quote Originally Posted by DrakeWurrum View Post
    You act like hackers all use some kind of fancy tool to break into the code or servers of these video games in order to get some backdoor to where your password is kept, or some other super high-tech method. Some DO manage to break into servers and steal lists of passwords, but "hacking" is nothing more than guessing at people's passwords, even if that is often made more efficient with programs that make thousands of guesses per second. If nobody out there has ever guessed your one password shared across every account on the internet, plain and simple, you got lucky.
    Or maybe I just have a really secure, delightfully random generated phrase for a password.

    Or there are just lots of lucky people out there. I'd hazard a guess and say most people don't use multiple passwords, and yet most people don't have their gaming accounts taken from them.

  19. #39
    The Insane DrakeWurrum's Avatar
    Join Date
    Mar 2011
    Location
    Isle of Faces
    Posts
    15,030
    Quote Originally Posted by Achyra View Post
    Or maybe I just have a really secure, delightfully random generated phrase for a password.
    Just because it's random generated, doesn't necessarily mean it's incredibly secure. It just means it's incredibly hard for you to guess, unless you're smart enough to use the kind of password that allows a nifty "That's a battery staple. Correct!" memorization trick.

    You could hazard that guess, but it's also verifiably true that most people who have hacked accounts are the ones failing these little security 101 tips that you are now belittling.

    By your logic, the fact that nobody has ever tried to break into my home, means that it's secure enough to never lock the doors.
    Last edited by DrakeWurrum; 2012-09-09 at 07:11 PM.
    I hope you haven't forgotten my role in this little story. I'm the leading man. You know what they say about the leading man? He never dies.

    If you give in to your impulses in this world, the price is that it changes your personality in the real world. The player and character are one and the same.

  20. #40
    Moderator Remilia's Avatar
    Join Date
    Apr 2011
    Location
    Avatar:鉄花まき
    Posts
    7,202
    Quote Originally Posted by DrakeWurrum View Post
    Funny thing about that. They'd have to know the exact IP address my computer accesses the internet from. At this point, not only do they have to guess the password to my account, but now they have to discover the IP address specifically authorized for that account.

    It's not any less secure, and there's plenty of accounts out there with weaker security.


    You act like there's anything out in the world that is immune to security threats. Even the VASCO authentication thing could be hacked - "all" they have to do is figure out the variables used to calculate codes. It's even been done before, I'm pretty sure.
    MMO-C has your IP you know, all it takes is one contact to the offender and they can get your IP unless you're behind a proxy. Guessing is not the only method to obtain a password. There is packet sniffing and such method. Data breach being the most obvious.

    In essence all you need to do is figure out the algorithm yes, except you also need to serial / seed for every specific account.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •