GW2 - Poorest Account Security ever?

[Deleted]

Okay so let's say the way people get hacked is a horrible mess and down to their own faults.

Whose fault is it that the systems in place, support tickets, emailing CS, using the GW2 website etc, to have your account restored is non-functional and completely broken.

I guess it's the players fault because if I ever make a car with failing brakes, I can just say: "never drive the car then?" or "never go fast enough to brake". I'm sure that would go over splendidly.

[DavidGX]

Well I'm glad you felt the need to be condescending and post without reading any of the posts in the thread. Thank you.

...what? That was something I posted before seeing this thread, it wasn't directed at anyone here or anyone specifically. I thought it might help someone. Take your misplaced internet rage somewhere else.

[notorious98]

The answer is,..~drumroll~... Anet doesn't give a fuck about the ppl that bought their game because they already got all the money from those customers they're going to get. Which means that I'd say at least 25% of the people who have lost their account will buy a new copy, garnering Anet two sales from one customer.
This is one of the ways the whole "No Sub Fee" thing takes a hot steaming shit all over the playerbase. Paid MMOs get you your account back fast because if your not playing, your not paying.

Don't forget about the 3000+ that got perma banned for "exploiting" ArenaNet's fuck up. If I go to the store and find something that seems like it's too good to be true when it comes to a deal, go and pay for it, take it home, and it turns out it WAS too good to be true, the store doesn't ban me from their facilities for "exploiting" their fuck up.

[Abstieg]

I guess it's the players fault because if I ever make a car with failing brakes, I can just say: "never drive the car then?" or "never go fast enough to brake". I'm sure that would go over splendidly.

That comparison is utterly unrelated to the issue.

Don't forget about the 3000+ that got perma banned for "exploiting" ArenaNet's fuck up. If I go to the store and find something that seems like it's too good to be true when it comes to a deal, go and pay for it, take it home, and it turns out it WAS too good to be true, the store doesn't ban me from their facilities for "exploiting" their fuck up.

Sorry, this is the way online video games have always worked. Exploits are exploits. Whether they were an unintentional mistake by ArenaNet, it's still an exploit and you can still get banned for it.

[Fenlnir]

You might as well be comparing your front door to a secret gold vault in the Pentagon or something.

Just because it's not the ABSOLUTE best security method ever, does not mean it's not secure.

---------- Post added 2012-09-12 at 11:01 AM ----------


In other words, the security methods worked, and you're regretting buying the game, simply because of people who already know your e-mail address by hacking other games and fan web sites?

Blizzard products aren't that much more secure. Thousands of Diablo 3 accounts were hacked on day one.

I've not had this happen, but I do feel kind of bad for throwing them my $60 (would have at some point anyways) given that they can't really do much to help in the case of an account being hacked. I'm still wondering if while A.net didn't have an issue, NCsoft may have been compromised to all hell and not said a word. In the 6 months I played guild wars prior to this, my NCsoft master account was hacked into like 4 times, with a completely unique password, on a clean machine.

On the whole character restoration: It should be a given in today's CS system. I've seen free MMO's able to do it, a full AAA game from an established dev/publisher should have no problem. Doesn't help that NC runs their CS, kind of like EA when SWTOR came out.

[DrakeWurrum]

I've not had this happen, but I do feel kind of bad for throwing them my $60 (would have at some point anyways) given that they can't really do much to help in the case of an account being hacked. I'm still wondering if while A.net didn't have an issue, NCsoft may have been compromised to all hell and not said a word. In the 6 months I played guild wars prior to this, my NCsoft master account was hacked into like 4 times, with a completely unique password, on a clean machine.

On the whole character restoration: It should be a given in today's CS system. I've seen free MMO's able to do it, a full AAA game from an established dev/publisher should have no problem. Doesn't help that NC runs their CS, kind of like EA when SWTOR came out.

Blizzard can't do much more about it either. If they get your account's e-mail by hacking, say, MMO-Champion, just to use one example, there's absolutely zero chance of Blizzard being able to prevent it. If you also make the mistake of using the same password (maybe you don't, but most of the thousands of hacked accounts out there do make mistakes like this), then... again, Blizzard can't do anything about it.

I'm not trying to bring game vs game into this - I'm just trying to point out that nobody is special in regards to account security. Other game developers are just as powerless in these situations.

ANet certainly will be working to get your account access back, but most of the methods to prevent the hacking to begin with are there, and do work, if you simply take advantage of them.

[Zeek Daniels]

im pretty sure some ppl are misreading the attempted login email and actually giving hackers access to their account and enabling them to change their email. That being said if you do get that email and someone did attempt to change your email, then that means that the email your using has been compromised from an earlier database, or that hackers are just brute forcing email names till they get one that is taken, then they attempt to hack that account. Which i believed anet already talked about this how 3 accounts were constantly changing their emails to see what emails were taken.

IMO i would use a email and pass you have never used for another game or gaming forum/ guild forum. Just a completely new email. And make the name so unique that it wont get tested by hackers.

[Deleted]

That comparison is utterly unrelated to the issue.

How is it? The systems in place to get accounts back, having had them compromised, do not work.

[Abstieg]

I've not had this happen, but I do feel kind of bad for throwing them my $60 (would have at some point anyways) given that they can't really do much to help in the case of an account being hacked.

They've helped a ton of people get their hacked accounts back...

How is it? The systems in place to get accounts back, having had them compromised, do not work.

It's more akin to your brakes failing, and then getting them replaced taking longer than you'd like.

[notorious98]

That comparison is utterly unrelated to the issue.



Sorry, this is the way online video games have always worked. Exploits are exploits. Whether they were an unintentional mistake by ArenaNet, it's still an exploit and you can still get banned for it.

When Ensidia got banned for exploiting the Lich King encounter, it was for 3 days. It wasn't permanent. Temp ban? Sure, I get that. Perma-ban? Excessive and unnecessary.

[Deleted]

personal questions would be nice but thats all i think they should make for the Account Security.

[Fenlnir]

Blizzard can't do much more about it either. If they get your account's e-mail by hacking, say, MMO-Champion, just to use one example, there's absolutely zero chance of Blizzard being able to prevent it. If you also make the mistake of using the same password (maybe you don't, but most of the thousands of hacked accounts out there do make mistakes like this), then... again, Blizzard can't do anything about it.

I'm not trying to bring game vs game into this - I'm just trying to point out that nobody is special in regards to account security. Other game developers are just as powerless in these situations.

Sorry, I should clarify. I meant that A.net (as we've seen) can't/won't do much for restorations. That was the comparison I was going for. The one time I needed a character restore (my brother deleted my main by "accident") it took like 15 minutes and I had her back. Oh, and now I'm gonna change my passwords again, this stuff is making me super paranoid.

[Deleted]

They've helped a ton of people get their hacked accounts back...



It's more akin to your brakes failing, and then getting them replaced taking longer than you'd like.

Given my Google searches, they have not. Reddit, GWGuru, their own website, this website: I've yet to see a single thread detailing the issues, addressing them, and any attempts made to get an account back. In the links I posted in the OP, some of the posts in the 17-page thread have included people who have had their account hacked, without word from ANet, for over 7 days. Unacceptable.

[DrakeWurrum]

Sorry, I should clarify. I meant that A.net (as we've seen) can't/won't do much for restorations. That was the comparison I was going for. The one time I needed a character restore (my brother deleted my main by "accident") it took like 15 minutes and I had her back.

I will admit, they should change their policy on THAT and do proper character restores. It's a bit of an odd choice in regards to policy.

This is one of those cases where customers need to use their voice as much as possible.

[Fenlnir]

They've helped a ton of people get their hacked accounts back...



It's more akin to your brakes failing, and then getting them replaced taking longer than you'd like.

Except you can die if your brakes fail. I've also seen a few friends get hacked on day one of headstart (they really did deserve it though, I've hacked them more than once for giggles) but they've yet to hear anything back, besides the bot email. So maybe it's just taking forever, but they had to have anticipated this. I mean c'mon, launches are always super stressed. I had the same issue with SWTOR on launch though. Even if it's just temps, they probably should have loaded up on CS for the first few weeks.

I thought I would look around for a password storage thing, and think what you will, I find them useful if backed up across a few places. Here's the best 5 from lifehacker http://lifehacker.com/5529133/five-b...sword-managers
People were mentioning the remembrance of passwords, so maybe this will help. I use one on my laptop, and it's pretty useful.

@Drake, I should have just edited my post earlier, but there should be no limitation on what they can restore (time permitting). I really do feel bad that this happened to people, because I really like the game, and people shouldn't have to go through this crap to be able to play. Even if a ton of later stuff is broken.

[DrakeWurrum]

I'm still very strongly of the mind that they should have started on "open" beta on the 25th, and then launched the game September 28th, with the 25th for headstart, running that beta on the actual servers they plan to use at launch.

And I put "open" in quotes, because it would obviously only be accessible to those who got headstart access. That would've been enough to properly stress test the game.

[notorious98]

Except you can die if your brakes fail. I've also seen a few friends get hacked on day one of headstart (they really did deserve it though, I've hacked them more than once for giggles) but they've yet to hear anything back, besides the bot email. So maybe it's just taking forever, but they had to have anticipated this. I mean c'mon, launches are always super stressed. I had the same issue with SWTOR on launch though. Even if it's just temps, they probably should have loaded up on CS for the first few weeks.

The difference in these two scenarios, though, is that TOR launched with an authenticator.

[Deleted]

Awesome solution:

Get a piece of paper. Write down this:
1) Your username
2) Your password
3) Any security questions + their answers

Now place the piece of paper in a book and put it on your shelf.

Do this for every account you register. Use a different password every time, and variations in usernames for less trustworthy sites. You will never have your account information stolen because they would have to break into your house to steal your account information.

Most hacking is not 'poor security', it's registering on websites with the same username + password or trick emails.

If you don't want to do that, have 2 passwords: One for everything you care about, one for things you don't.

[Abstieg]

Also, you'd have to look at it from the point of view of the brakes failing being your own fault, since they didn't compromise your emails.

[mafao]

Yep, I agree that account security is poorly implemented, to say best.