an idea anet should consider to counter the hacks

Tonight, one of my guild members was hacked. He's not a dummy with computers and he's very careful with passwords. Long story short, we reviewed what we could over what we could find and it seems as many have suggested, that his master Anet account was compromised. I took a look at my own (changing the password for the millionth time) and realized a few things:
1. no matter what, you can't change your login email for the game if you've purchased anything online.
2. the Anet password is purely alphanumeric and can only be 13 characters.

I know this is obvious but through this, I have one suggestion that might just eliminate this problem. First, hide the email address used for logins. As we own the accounts, it's obvious we know the email used. I think Anet should hide that information in that profile. Just blank it out, simple as that. At least if the account is compromised within the Anet site, they'll only have the password, not the email. From where I sit, this should hopefully stop the hacking of accounts.
Secondly, the passwords should be able to be longer and alternate characters used to slow the brute force hacks used so often in this type of situation. I'm not sure if this has been suggested by anyone but I figured I'd give it a shot and post it here. If these two changes can be implemented, at least it'll give us SOME protection. Which is far better than it seems we have now.

As for my guildie, he's waiting for word back on if he can access his account. It was confirmed he was nailed by a Gold seller for sure.
I think everyone is getting a bit tired of the canned reply of 'it has to be a keylogger or spyware.' I think with all that's happened recently with so many, other variables in this equation need to be considered. I sincerely hope that the support staff that frequents this site reads the horror stories that have been posted here and actually looks into this issue instead of whitewashing it and hoping it'll fade. It seems to be getting worse by the day.

Anyway, I'm curious of the reactions of all of you from the community on this idea. Thanks for taking a minute and reading my suggestion.

Marvin Alito has suggested hiding the GW login a million times already.

Gaile has been trying for YEARS to get things changed so that the login can be changed, but NCSoft just won't do it.

Money.

12char.

Close GW down.

No more hacks.

As far as super long passwords with random numerics, it's just unconventional. I tried it and wrote it down and spent 2 minutes typing the damn thing in.

Maybe not make it so someone can try endlessly to brute force the password, it gives no warning message, no cooldowns or anything.

All they need are the ability to KNOW the current password before changing the password AND actually make it so it does not go though without a confirmation by you clicking the "ok" on your own email. Password hacking solved.

And the hard to know passwords are not unconventional. If you want to get hacked and lose 4+ years of content you built up, be my guest. Lemme know how empty you feel afterwards.

If Gaile has been trying to get the password changed for years, I assume that vulnerabilities have been known for just as long.

So WTF has all this only been brought up in the past several weeks. And why is it being brought up AFTER ANet blackmailed the playerbase with the 4th anniversary storage pane?

Why even do this to players if they know how unsafe this NCSoft garbage was?

maybe there's nothing wrong with anet's security, rather certain conditions and security issues with email providers. hint hint. wink wink.

how long have i been hinting at this idea in threads like this, and everybody's still confused as hell?

This time 10,000,000,000! Blackmailing us with the 4th year "present" = Worst. Idea. Ever.


I know SO many people who are unbelievably security-savvy and yet their accounts were hacked. I completely blame the lack of security of PlayNC. Plain and simple. End of story.


@ aNet: if you want hackings to be reduced to an absolute minimal then I recommend to simply send a 1kb email asking "yes" or "no" if they want their password changed.

Seriously... It's now that hard. :\

I think it will not help much. I would much prefer more security on accessing the account than on the items inside it. If you put too much blockades here and there you will just hamper the gameplay.

False, NCSoft's is, Anet's (the one you enter in the client) isn't purely alphanumerical.

Still, I'd like to see some changes in the security system too.

Including Anet/NCsoft, maybe you should lend them your expertise, they certainly seem to need the help.

Ummm, Gift3d seems to think otherwise... as you two seem to KNOW what the problem is, why don't you get in contact with Anet and advise them on how to fix it? Of course, first you'd need to battle to the death in a cage arena with chainsaws, just to determine which of you is correct...

I don't know why ArenaNet/NCsoft even bothers paying expert security consultants, I mean, it doesn't seem to be helping and there are all these free experts they could utilize in the fan forums.

I'm one of those who was stupid (uninformed) enough to get the free storage pane.

You should be required to know the existing password in order to change it. I can't believe it's as easy as type in a new one and own the account.

1) anet will never admit its their fault.
2) anet will always say its your fault.
3) anet will never listen to our subjestions.
4) anet doesnt have someone in house smart enought to get rid of all gold sellers.

so nothing we can do but hope gw2 is at least better protected then our gw1.

Replace anet with "anyone that has a face in society."

/notsigned- I'd much rather have a confirmation email if my password is changed.

They will obviously reuse the same authentication servers and mechanisms otherwise how would they know who you are in order to cross over to GW2 your HoM achievements and character names?

Unless they fix it for GW1, nothing will happen.