I am tired of this NCsoft security hole

You can prevent being "hacked" (or more accurately the target of a key logging malware, since it's unlikely someone manually hacked this information) by educating yourself about basic computer security. It does sound like Anet dropped the ball with their password reset option, but had the user taken proper security measures it wouldn't never been an issue.

Point being, maybe the person could try and learn a thing or two from this experience instead of just complaining.

The OP saw fit to post this in multiple fan forums. I must say, that's not a good or courteous choice, since server costs have an impact upon the kind folks who house these forums, and it appears a tad like "dev bashing" to take a negative, accusatory post to multiple sites. Regardless, let me repeat what I said elsewhere:

I have passed this along. I share your concerns, but I must, once again, make suggestions rather than simply shaking my fists at the heavens. For the vast, vast majority of account thefts are connected to simple human error and poor choices in selecting a user name, or in keeping a password private. Here are some tips:

• Select a unique user name, and not "(name)GuildWars."
• Use a secure password. No birthdates, no pet names. Toss in symbols, capitalization, numbers, and more.
• Do not use that same password for PlayNC or any other purpose!
• Do not use an email account that is publicly known. Since Guild Wars requires an email address for user name, can you see fit to set up a separate account for games? Can you not give out that name to people you meet in the game? Have an email for games, and an email for, you know, email. But keep them both current so you don't find yourself unable to confirm ownership of the account, or receive alerts should someone try to access the account.
• If you set up your account through PlayNC, it seems to me you have an extra layer of security: PlayNC name, game user name, password. I could be mistaken, but that seems better, not worse. However, being able to change that information would be a really good thing, and I've written tonight to ask if there is any chance that we can foresee such an option in the near future. I'm hopeful that players will, someday, be allowed to change some or all of the various parameters of their account security. But at the same time, the very ability to make those changes could open security breaches, and in fact requires greater diligence on the part of both player and company.

I hope to have more information for you soon, and thank you for your patience on this matter.

Your friend is a total idiot. Of course the "addons" are giving away everything. They have keyloggers built in. This has been mentioned so many times, on so many forums, that anyone falling for this completely deserves what they get, or lose in their case.

(Edits in italics)

Can you please detail exactly what your concerns are with regards a "security hole" in PlayNC accounts? I ask, because security has been significantly improved on PlayNC master accounts over the last few months:

1. It is no longer possible to 'brute force' the resetting of passwords on an account, because the system will lock out for a period of time after a handful of incorrect attempts.

2. Resetting your master account password now involves an email being sent to the address registered within PlayNC. You cannot simply change someones password by knowing their birthdate and guessing their security question answer.

Now, with regards changing your details within PlayNC:

1. You CAN change a linked Guild Wars account password through a PlayNC master account. Simply login to the account, find your GW account in the Games List and then click the "Account Details" button associated with that account. Then choose the "Reset Password" button.

2. You CAN change your contact email address. This email address will be used for notifying you of any password changes and for resetting a forgotten Master Account password. To change the email address, login to your Master Account and scroll down to the bottom of the page. At the bottom are your contact details. Click the "Edit Contact Info" link, and change your designated contact email address.

Important Note: A PlayNC Master Account is *not* the same as a Support account used for communicating with the PlayNC support teams. Logging in to a PlayNC Master Account should be done through the "Account" link button on the left side Nav of the PlayNC site.

Alex,

The concern that I've seen expressed is handling changes to your Guild Wars user name once linked to PlayNC. I believe that is not possible with the current situation. Now that may lie in the fact that one has lost access to an older email address, through a change in ISP, though a expiration, for whatever reason. Some processes require verification via email, and once one cannot access a former email account, verification becomes impossible. One wants to change to a new Guild Wars user name, but changing the user name requires receiving email at that user name (email address), yet one cannot access that address any longer.

So yes, there are processes for changing passwords and the PlayNC user names, but I believe that the issue is changing the Guild Wars user name once linked to PlayNC. Obviously those experiencing the problems, and expressing their personal concerns, can tell you better than I.

Just curious, if some logged in to your NCSoft account couldn't they just change your email THEN change your password? I mean if they change your email then the having to confirm your password change wouldn't really be an issue for them. I realize that for them to even be able to get on your NCSoft account would be a security hole on the user's end. I'm just saying once they did I don't see how you could get your NCSoft account back if all they had to do was change your email first then your password.

Last time I checked on my own Master account, I incorrectly entered a password 15 times and never triggered a lock out. That was about two months ago. Fifteen attempts is way too high. It should be no more than five.

There have been a couple recent threads here where the users stated getting a huge number of the auto response email about someone attempting to access an account. If the lockout mechanism in in place it appears that it is nonfunctional.

Solar Light, I am so sorry to say the security hole is in YOUR computer. If you use a good correctly configured anti-virus and firewall you will NEVER be hacked again EVER.

Thats exactly what happend to me, i have two accounts, but because i coudnt link them both to one email address i made another one at hotmail. But stupid hotmail closes your email if you dont log in once every month, so if i forget to log in im running the risk of my email address being taken becuase i cant change my email adress to an other one,(Gmail for example)

I wanted to post on GWo and here in order to let more people see the security issues i want to adress, i still see tons of people bashing and calling people stupid for getting hacked, but, how or why someone gets hacked is not my topic, it is the fact that the lockup of GW login name, and password sometimes, has costed my freind a second hacking when she was getting on her feet again.

as far as bashing goes, i recall either you or alex posting on improvements to the NCsoft secuirty, and yet the login lockup still persists in being around.

I can dig up quotes from here if needed =p

but, i can admit i was fustrated at what happened to my friend, and i was probably a bit harsher then needed.

Galie and Alex, please assit however you can to Ncsofts Lockup changed so we can easly and freely change our logins and passwords without headaches.

Thats not all the precautions you need to take..

Many people have been hacked because they used the email address they use for GW as a login, or incuded in forum logins. These forums, esp some free hosted ones are easily hacked and they can get the details from there.

Never use your GW user email for anything else, Gaile posted a while ago some very good hints on account security. Follow those and you'll be ok.

I'm sure the non changing of email addresses will be fixed very soon, but one does'nt want them to open up a new vulnerability while trying to fix this one.

While we are on the subject of improvements I believe two areas could be improved.
1. User Authentication. A Password strength indicator, being able to change user name etc.
2. Access Control. Prevention of deletion of a character should 1 be compromised. Enabling the setting of a flag on a character indicating it cannot be deleted unless 24 hours have passed and a confirmation mail sent. Also have an item/armor maker, like the hat guy where a customised replacement of the armor/weapon can be made should the main ones be lost(would also serve as additional storage

The mechanics are all there in some shape or form and I believe their implemention would save a lot of support calls and worried gamers.

Some of you need to actually read the OP instead of posting patently retarded knee-jerk responses the moment you see the word 'hacked'.

Yes, we understand that you're a tough, no-nonsense person that has no sympathy for people getting hacked.
Yes, we understand that you believe getting hacked is entirely the fault of the person leaving themselves open to being hacked.

However, in your self-righteous tirades, you morons have conveniently missed the fact that the OP is talking about an entirely different issue.

So please, take your tough-guy "you deserved to be hacked" bull**** somewhere else.

I want to change my account email, but I can't because I can't find an option anywhere to do so. Before I linked to PlayNC, I was able to and did so a couple of times. I can't do it through 'edit account', it just sends me to the PlayNC website. Once logged into my PlayNC account, I can't find anywhere to change my account email. I can change my contact info email, but for my account info and details, I can only change my password.

I think that may be part of the problem that the OP is trying to express, but I could be wrong.

qft. Unfortunate most Guru readers don't actually read whole posts.

I wanted to mention that one of the ArenaNet Co-founders today sent an email to team members who work on this aspect of our service, to ask about the status of certain improvements to the system that will address such concerns. We're very sorry for the time that it has taken to make the changes, and as far as I know, there are still changes and improvements yet to be made.

It's very possible for your closest friend to steal your girl/boyfriend. It's even easier with GW account.

Thus you are here, and it is that simple, therefore you contradict yourself.

If you had actually read the thread and paid attention to what his actual complaint is, you'd know you're wrong.

I am starting to belive that flaming, mockery, and such is a hobby for 75% of the forum population, and they seem to have selective hearing/reading.


For those that i refer to, please tone it down, read, interpet, and figure out what i am saying, THEN try to derail me, discussions get boring when others dont even know what the full topic is.

oh, and lets not forget civalty please, i dont mind discussion and debate, but keep within the rules please

Yea but the sad thing is how many times has Gaile said something and it turned out to be a lie? From my experience ive learned not to trust anything she says if shes not 110% sure on the matter, shes as bad as the next person.