About Account Security

THX Gaile!!!!
Thanks ArenaNet!!!!!

everyone here seems to have their heads about them
use hard passwords 8-10 charecters minimum with letters, numbers, and symbols if u can. Use a FIREWALL!!! this will do wonders for your security. Trojan/malware is the most difficult of all to guard against, because you can get them by using unsecured software without your knowledge, my best advice would be dont download a peice of software, unless you have no other option. stay away from filesharing programs as they are a serious security risk. finally, while i have never personally had a prob. with IE, the logic in the arguments listed throught this post should'nt be disreguarded.
(1 of the 500mil IE script kiddies could be eyeing me as i post this )

I have a firewall, I just scanned for viruses a few days ago, I don't download mods, and well...

"Someone at 196.202.xx.xxx has reset your Guild Wars Game Account password for account [email protected]. If you did not make this change, please contact support immediately at [email protected]."

Also got my PlayNC master account :\

Update, maybe useful:

I went into the PlayNC website to see just how easy it was to change my account stuff around.

All it took was a birthday and a security question. Unfortuntaly, my security question was...lacking and was easily taken. From here, without any email validation(as is the normal function of a password reset) the "thief" could change the password(without it being reset and sent to an email first, as is usual)

From there, the thief can look at your accounts you have linked and change your passwords with ONLY your birthday.

So if they get into PlayNC, Guild Wars is gone without a problem, without an email(except for the one to tell you it happened).

I was a lucky one, though, as all my charaters and stuff seem to appear to be there.

few people know this but u should use a trusted spyware/malware remover

some websites will tell u which programs are trusted, if u dont know, ask someone who does

some of this software will actually install spyware/malware on ur pc, and "pretend" to delete it

It is too late now for GW to move away from using your email address as your account name isn't it?

Unfortunately the most risk is to the least savvy folks, who only have one email address and don't understand that some ISP's offer email aliases or that they can buy a web domain (i.e. another set of email addresses) which they can use just to forward emails to their ISP mailbox.

I went into the web store screens three times but chickened out each time as there was no answer to the question "does the email account made in the shop become my GW logon account"? From reading this thread I beleive that it does not. Question 1: Is that right?

The "five strikes and the account is locked" change will stop the brute force password cracks on the PlayNC account.
Question 2: can anyone confirm whether this five strikes rule exists for our Guild Wars accounts or whether it will be introduced?

These are the instructions from the official GW site for changing the PlayNC master account email address:Gaile, please can you suggest points 5 and 6 be changed to read
5. Retrieve the two different e-mail verification codes sent to both the old and the new e-mail addresses you entered.
6. Enter both e-mail verification codes on the VERIFY EMAIL ADDRESS page

If you no longer have access to the old email account, you will need to wait 48 hours after the initial request before you may proceed to verify the change using only the single code sent to the new email address.



The reason for this requested change is that if someone does hack into your PlayNC account, as it stands now, they can take it over without you even getting told (on the "old" email address). By insisting on a code from both the old and the new addresses, a hacked owner can know it is happening and have a chance to access their own account from their "old" email and change its password.

Hacking will happen sometimes but let's make it as hard as we can

Thanks

Lanni

Yes, that's a very important thing to remember, can't imagine why I forgot to mention it

You should always be extremely careful when clicking on ads on sites, especially the ones that advertise with texts like "WARNING! An error has occurred on your computer! Click here to scan!" or "Your computer is running slower then it should, click here for a registry cleaner!". Many of those 'cleaners' install spyware and adware when you run them.

Rule of thumb; if an ad-remover needs to be advertised it's probably not good enough to clean your pc. Look in PC magazines or websites you trust for tests on which removers are worth using.

Also; clicking on most ad banners will download a tracking cookie to your computer, those are used to monitor your internet activity and send info to the advertising company that made it. They can also be far more malicious (then referred to as data miners) and send information about your computer to others. Hackers can make use of your cookies to obtain info about you, so be careful with them.

-edit-

If someone wants a secondary email send me a PM and I can set you up with a gmail account (that is, if they allow us to change the email registered to our accounts)

i have purchased 3 slots and my account login is unchanged

I got the following email 12 times!

So... What do we do? I tried contacting [email protected] but ended getting this:

Anyone with similar problems?

When i made my GW account i knew i had to choose a hard password!
So i did and now i dont have any problems !

JUST IN CASE

you can also turn your question into a 200+ character password and then go maximum on the answer as well.

the answer does not have to be anything but what you put down as the matching program doesnt care

be sure to write it down though because you will not remember it

- Use the 'Remember Me' so keyloggers cannot see your email address on GuildWars.
- Use -password=yourpassword in the command line of GuildWars, I think this prevents keyloggers from logging your password.

Greetings,

Jessica

PS: LF GOOD HA/GVG GUILD
PPS: Gaile, you promised to look at my idea, but you didn't *cry*

Well well well, tried to sort this issue silently for a week, but now i feel i have to post this here and everywhere else i can.
Such a big company should have the option to restore even just character. is not such a big problem. Blizzard does, and their player base is 4 time bigger then guild wars one.
Restoring full account is impossible because it would mean duping items and golds? No problem, just allow people to simply restore their characters. naked, without gold coins nor weapons, simply naked withou any damage to the economy.

as for security issues. this discussion was mainly opened because of what happened to me. my password was probably not the strongest one, but it had letters and numbers, after massive scans system has been found to be completely clean. i'm very paranoid about security on my side.
i wouldn't be pleased to discover that my only fault was to buy characters slots via ncsoft guildwars store, linking that way my game account to my play.nc details

tho i can't possibly believe nothing can be done to solve the issue of a character hacked and deleted by whoever. a feature that, maybe upon request, stores character details in a safe location and that allows that given character to be restored if anything happens (just the character itself, no items or gold as this would open a door to players willing to be richer) is something that i'm very concerned is not in this game.

Seriously, starting to be upset

@gaile. sorry for posting it here but u were not expecting that i was fine with the answers telling me "we're sorry for what happened to you. but it happened and programmers technicaly cant manage details in their game, for security reasons. regards" were u?

Personally I would really favor a system where you can set an option where you HAVE TO change your password every 30days (or thereabouts). It is something I am familiar with, with all the companies I have worked for and it works quite good. Again, nothing much to implement I'd think and a great step into better security.

Another thing about the "-password" switch in a shortcut to gw.exe. If you DO NOT have a GOOD firewall running, DO NOT DO THIS! The easiest thing for a dedicated hacker is to look for files on your harddrive that contain WRITTEN passwords, without masks. Including shortcuts of course.

For the rest, Gaile's first post and Shanaeri's are GREAT ways to start with your own security while playing/logging into GW.

When you buy from the store and link your account, do you have to make an master account name?

if a good hacker is in your system already you have already lost.

as for masking i am sure that you also know the same cure i do

For me point one raised by Gaile is the biggest flaw in the system.

Using an e-mail address as a loginname.
E-mail addresses are so easily obtained.

That is allready one hurdle taken by someone who wants to hack into your account.

What if I have more than one GW account?
Then I would need several 'secure' e-mail addresses.

Please change it to a user provided (or by ANET) logonname.
This coupled with an e-mail verification system is a lot more secure.

With all the stuff that's been going on, I'm a bit scared to use the online store, even though I'm taking all precautions (antivirus, firewall, antispyware). Would changing the password to something completely random and temporary while making a purchase, and then changing it to another password after activating the new content help mitigate the dangers...?

I have been stating this in support for over a month now, well actually since the day they added the store interface really...

I regularly used the old account maintenance options to secure my account. changing my login and password monthly. and now this is not possible. as the NCSoft system will not let you. and when I try to do password change it says it needs verified, so I get it sent to my account and the verification is blank... so I can not change my password at all... As such I have been in the process of getting rid of everything so I can get new retail accounts and NEVER NEVER going into that dumb NCSoft store again. cause guess what? When I used my freebie account for the WPE I was able to do it cause I never entered the store on that account. Lesson learned... Account about to be abandoned unless Anet wakes up to the support requests and make the changes to unlink the accounts again. Or at least an option to do so for people that are stuck like I am and those poor people that got their accounts hacked.

If we could just unlink and opt out of the store usage then we could use the normal anet game engine to fix this stuff as we used too.

I'm a bit worried too. After reading about Guinevere AC's troubles I went to playNC.com to see what's possible securitywise:

1. You can change your password.

Good, I like this... except when coupled with the next two list items.

2. You can't change your username.

That's a huge problem because at some point the username was required to be an e-mail address. As was mentioned in this thread previously, that's a huge security hole because if a hacker gets this info he/she now has unlimited time to try and guess the password. Worst of all is that the GW client sends you to playNC when you try to change the password via the client. Once you're at playNC you have no way of making that change. Very kindergarten.

3. The GW client will let you enter a wrong password repeatedly.

Sorry, but on any standard system you get frozen out after some number of failed guesses. This makes brute-forcing much more difficult. Why not lock the account and require the user to re-verify after 5 or more failed attempt.

4. Weak passwords are accpeted by the GW client.

No need for detail here. It's a problem that should be fixable. Passwords should contain numbers and letters anf have an enforced minimum length with no dictionary words allowed. Symbolic characters should be permissible as well.

5. playNC store interface is now coupled with GW password and vice versa.

If either password is weak/compromised you've got a big problem. If either GW client or playNC has weak security you've got a big problem. It's a potential financial problem too because now there's a way to commit fraudulent orders.

That's all I can think of at the moment. I'm convinced there's room for improvement in this security triangle. ANet needs to improve the client. playNC needs to allow for changes to the username. The players need to be smarter about keyloggers, strong passwords and never sharing personal info no matter how well you know an internet friend.

*dismounts soapbox*

EDIT: ANet might consider implementing some of the security features that online banking services do. These days it's not uncommon for banks to require you to answer personal question, identify a random challenge image (that you've previously chosen) AND provide your password. Usually this is done when the bank detects access to your account from an IP that is not normally used by you. It's a small inconvenience when switching computers/locales, but as some have found out... the alternatives are much much more worse.

*dismounts soapbox*

funny how everyone advises not to download 3rd party prgrams
and this thread has numerous posts with links in to programs to either scan viruses or scan for fake programs or whatever...

lots of people who dont know macafee site advisor dont know if its good or bad... and if it has or not has trojans in it...

Well at some point there has to be a root link in the trust chain. I'd say that some companies have proven themselves reliable and spyware/virus free. As for claims of one site being better than another... use your brain and investigate for yourself. Just googling the site or their product is usually enough to find out some interesting information.

Keylogging

I've been active on the forums recently and a few posts are created in a bid to get back lost items, characters or titles lost to hackers. Keylogging is the most common cause of password loss. Keylogging takes place when a virus or trojan (also known as worms) are installed or opened on somebody's computer. These viruses and trojans are often located in tempting emails or hidden in programs downloadable from everyday websites. To view Wikipedia's excellent page on keylogging (or Keystoke Logging) click below:

Wikipedia: Keystroke Logging

Prevention

To protect my Guildwars password from keylogging I use the following method. This method logs into Guildwars without the use of the keyboard to enter your password.

Step #1

1. Right click on your Guildwars Icon on your desktop
2. Click on Properties
   
   

Step #2

1. Click on the Shortcut tab at the top of the window
2. Go to the end of the text in the "Target" text box
   
   
   
   
   
3. Copy and paste the text in the following code window into the text box after what is already in there
   
   Code:

    -password=crystalline

   • I've used crystalline as an example, enter your password here exactly as it is
   
   
4. Press OK and try out Guildwars
   

If Guildwars skips the login screen and goes straight to the character selection screen, then it has worked. As far as I'm concerned this is the best method of avoiding keyloggers obtaining your Guildwars password available. I am extremely paranoid about security and for me, this works fine. I also have 1 firewall running and 2 antivirus programs activated at all time. So up to now nobody has obtained my password.

Remember, it's better to be safe than sorry.
-Taurohtar

This does seem like a nice measure to get around keyloggers- given you have one...

But for those of us who share a computer, this isnt such a good idea ^.^

My wife and I both have separate accounts...

I'm sure she'd get tired of having to log out of my account constantly to get to hers...

Still for those lone users- seems like a good one...
Easy way to never forget your password as well...

you could make 2 different shortcuts for each account, one for you one for your wife, just add [email protected] along with the password as shown by the OP.

running 2 AV's at the same time is not a good idea as it causes problems even if is doenst seem like there is, even if u are running it at diff times a lil overkill if u ask me imo

Well, you've now dodged the keyloggers but opened up all doors for Mister Trojan.

I've used this website to help test my passwords
http://www.securitystats.com/tools/password.php

Please remember not to use your actual one, but a variation on it.

Yeah, that method seems very insecure to me. More so than a keylogger.

unless they made a recent change the -email was gone over a year ago

I use -image, and that's about it, don't trust "things" coming into my computer or people in the house playing around and happen to mess with my account.

I've only assumed this works. Can you explain to me what you mean by opening doors to Mister Trojan?

You do of course realise this is pointless if you already have a keylogger on your computer?
And as a note to that if you decide to use this; Don't let anyone you don't fully trust use your computer without your supervision. The password is freely available to all users with access to the shortcut.

Number 1 tip:

Use the knowledge of common sense before doing any thing.

Thank you for the all advice, i think they would be useful for the account security. more or less i think.

I wish to change my account emails to something that I don't use for anything else, however if you have logged in with plaync (you need to in order to buy any more character slots) you cannot change your email via the website.


[edit]
I should read the thread before I comment. Maybe. :P

Indeed, the only thing no program can solve is user stupidity and ofcourse that other wonderful trait, greed.

No, that popup promising you free sex will do nothing of the sort and no, that popup that promised you ubergodly items for GW also will not anything of the sort.

If something sounds too good to be true its pretty much guaranteed not to be true, so stop clicking on every thing in sight because it promises you x, y or z, okay?

Firewalls, AV & anti-spy/malware are not match for human greed, negligence or lack of common sense, all they can do is hopefully mitigate some of the damage.

There's still no way to change my GW account's email and login address. When will this be added?

For me, accounts are as safe as eating fast food.. clogging arteries, maybe i'll die before someone hacks me hopefully

Hi guys,

Sorry for re-opening an old thread but this issue has cropped up again. Just last week both my younger brother and one of his friends had their Guild Wars account stolen. The strange thing is however that neither of them have been part of a phishing scam so how the thiefs have managed to get a hold of their account details is beyond me.

So this is a reminder to you all, if you notice anything strange happening on your account, for example if a favourite weapon goes missing, or just a few gold, please report it to PlayNC straight away.

Sados.