In game names and security

So I read the recent security posts by Gaile and the different posts by people who have lost their accounts but one of the precautions suggested strikes me as odd. How does protecting an in-game-name protect your account?

Accounts are e-mail based, and I know of no way to link an in-game-name to an e-mail account by some sort of in-game action. On forums, I'd expect hackers to go after accounts that advertise good items or just accounts that are easily accessible, not go after people who list an in-game-name.

Unless I'm misunderstanding the situation, it seems like hackers go hold of e-mail accounts under which the forum user had registered, and were able to hack into the e-mail account. From that email account they got access to the GW account, or something along these lines. I don't see how blocking a user's in-game-name adds any security to the process.

So am I missing something or is blocking every user's in-game-name an overreaction?

I'll quote ArenaNet:

Quote: Originally Posted by Gaile Gray

Makes perfect sense to me. You got my approval. Although I've kept my IGN off guru for a few years, ever since I started getting death threats in game for suggesting nerfing SF in Saradelac (psychos). Only place this will frustrate people is the auction forum.

Gaile has stated twice (in the top stickied thread in the main discussion forum) that a security breach occurred in a fansite that lead to at least some of the stolen in-game accounts. For the sake of people who want to keep their accounts safe, which site was this?

edit: another thought. So we don't have characters / in-game names posted in our profiled any more. So how do we follow through in the buy/sell forums? If the answer is 'pm the guy your details', well that is virtually the same as telling the entire forum the same info.

That's the thing. Anet wont tell anyone what site they suspect. Everyone is just speculating on who this could be. This is merely Inde getting ahead of the curve so to speak.

Honestly, Anet/NCSoft needs to take a hard look at their own security before they start suspecting fansites on somewhat baseless "facts".

I completely disagree with this. If you are dumb enough to name your e-mail after a character name then subsequently advertise yourself you deserve to get hacked.


Another thing is that it has always been the user's choice to display their character name. Seeing as it is a CHOSEN right I don't see the need to remove it entirely. My username on guru is my character name, and I will be using "Location" as character name for now. I encourage others who disagree like me, to set their "Locations" to their character names.

I think there is two options here:

1. Deal with it
2. Whine and threaten to never use guru again (oh dear...shame)

The vast majority will choose option 1, the rest can go be petty elsewhere.

I don't really understand the removal of IGN's either. I mean, you can simply go to the wiki and find out usernames. People have it all listed out over there. If what Gaile said is a concern, why are they promoting that on the GW Wiki? Did Gaile just jump the gun and say that too early? Or are they stretching for answers?

I guess I also have to point out that other games allow you to search for character names, like Aion. You can see their IGN's, full character stats and armor. So what about Anet security is so lacking that this would a concern when other games do this freely? I mean I applaud you Inde for trying to see that we're protected and taking anything that might be a security concern into consideration. But all Gaile's statement did, when compared to what I listed above, just makes me more concerned. I mean, why even bring that up?

I never thought it was a good thing to post your ign....so I never did, and now I feel a bit, uhm, vindicated? I never posted where I really am nor any other relevant information related to my gw account either (and I am a subscriber to the tinfoil hat club too...ask slayer).

Well, Gaile's reasoning is fine and all, but then so is "don't use the password 12345." It's just common sense.

I've had my IGN listed on this and other GW fansites for 3 years without a problem. I still see the issue being GW and guru-linked email accounts rather than in-game-names. Going after people in the high-end trade section is going to be the quickest way to steal your way to riches, so are we going to discontinue that section as well? It would be in the best interest of safety...

Sarcasm aside, I guess I'll just put my IGN as my location or something else like that.

Quote: Originally Posted by Iotan

Since ArenaNet/NCsoft chose to simply blame "a fansite" without naming it (or presenting any kind of proof for that matter), every fansite, including GWG, has been made suspect.
We are simply trying to show that we do everything,- and then a little extra to ensure our users safety.

With the option to list your character name removed, people will not list it simply because they feel compelled to when filling in their profile information.
Now it is a conscious choice to include the IGN in posts or change profile information to list it.

Like Malice, I would like to point out that I have never been hacked either.
I have been a member here for several years, have listed my IGN repeatedly and have been known to have a bit of valuables.

In case it is GWG, ArenaNet/NCsoft suspect of being the "fansite responsible",- they are wrong!!!

I feel like my personal identity and security is more likely to be breached by giving out such information as my exact location, hobbies, interests, biography, etc. These things are all also fields that GWG prompts you to fill out when editing your profile, yet I have done no such thing. Users have the option to withhold whatever information they wish. IMO, restricting us from placing our IGN in our profile is silly because we voluntarily choose to put such information out there, and we are prepared to deal with any consequences of disclosing such information. I can understand why richer players may be cautious about this, and I would also probably elect not to offer my character name had I amassed a large wealth in the game.

That being said, I have craftily circumvented the newly imposed restriction (look to the left, at my profile summary). If this violates any GWG rules, please inform me and I will remove it. Until then, I would like people I deal with on here to be able to contact me.

No Curo: we have no rule against you listing your IGN the way you do or listing it in posts you make.
The character information was removed to ensure that all had a chance to reconsider whether they wanted to give out that information after the remarks made by ArenaNet/NCsoft,- not to prevent people from choosing to do so.

This is the dumbest thing.. so now instead of it being on my every post under my avatar.. the person has to take 5 extra seconds to look at my posts to find out my IGN. I gotta hand it to Arena.net they're absolutely brilliant.

I'm sure everyone who is affiliated with GWG/other affect fansites is doing a great big /Facepalm atm.

An extra 5 seconds, sacrilege!

There is always other sites. Feel free to use one of those. I've heard the Team QQ forums are full of intelligent people.

Quote: Originally Posted by Malice Black

An extra 5 seconds, sacrilege!

There is always other sites. Feel free to use one of those. I've heard the Team QQ forums are full of intelligent people. Sorry Malice, your sarcasm is so thick here that I'm not sure if you are agreeing or disagreeing with the above poster. I believe that he is right in saying that if someone wants to find out who you are, they will.

I understand that Yang says this was done to give people a chance to reconsider in light of the new security issues made by ANet. Not everyone is savvy enough to be aware of these ongoings, and this was a nice little nudge for all the GWG users that may have not realized the safety problems. Although, wouldn't it have been suffice to just erase all the character name entries in GWG profiles, rather than removing the option altogether? Unless that isn't possible....

I just fail to see why such a big deal is being made out of such a minor issue.