/signed
so many easy things can be implemented such as "confirming" password changes via email
Petition For Improved Account Security.
alluring athena
Broseiden
/signed
Why wouldn't anybody support this? I know it may sound silly, but I check my email almost every chance I get to make sure I don't have any compromisation of my account.
Why wouldn't anybody support this? I know it may sound silly, but I check my email almost every chance I get to make sure I don't have any compromisation of my account.
Volitar
/signed
If a player does not feel that their account is secure, what incentive do they have to try and accomplish anything in the game if it can so easily be taken away?
If a player does not feel that their account is secure, what incentive do they have to try and accomplish anything in the game if it can so easily be taken away?
boxterduke
I wholeheartedly /sign this.
Account security is a joke in GW as well as customer support.
More than 24 hours and I still have not gotten my account back
And as far as I am concerned now, Arenanet and PlayNC lost a loyal customer as I won't be getting GW2, as well as a lot of my friends after hearing what happened to my account yesterday.
People here and people that I played with know how much I defend GW against other games and how much I love this game.
But as Shan said, enough is enough...
Account security is a joke in GW as well as customer support.
More than 24 hours and I still have not gotten my account back
And as far as I am concerned now, Arenanet and PlayNC lost a loyal customer as I won't be getting GW2, as well as a lot of my friends after hearing what happened to my account yesterday.
People here and people that I played with know how much I defend GW against other games and how much I love this game.
But as Shan said, enough is enough...
jesenski veter
___signed___
vandevere
/Signed.
Security should be the most important thing right now. Skill Balances can wait. Everything else, in fact, can wait, until the security issue is taken care of. It's one thing when you lose your stuff through your own carelessness, quite another to lose your stuff through someone else's carelessness.; especially when that someone else is the company running the game.
I know the issue if more likely NCSoft than Arena, but we pay these people, through game purchase, or the various extras we buy at their online stores.
We shouldn't have to petition them for good security. The security should be there as a matter of course...
Security should be the most important thing right now. Skill Balances can wait. Everything else, in fact, can wait, until the security issue is taken care of. It's one thing when you lose your stuff through your own carelessness, quite another to lose your stuff through someone else's carelessness.; especially when that someone else is the company running the game.
I know the issue if more likely NCSoft than Arena, but we pay these people, through game purchase, or the various extras we buy at their online stores.
We shouldn't have to petition them for good security. The security should be there as a matter of course...
MissyX
/Signed.
Seen too many people lately that this has happened too, and it worries me that its my turn next.
Seen too many people lately that this has happened too, and it worries me that its my turn next.
AngelWJedi
/SIGNED
i can say we need this badly by my own personal issue. after being banned for 2 day because of a mistake on their end. they thought i was a gold seller. no proff was given no i'm sorry just here is your account back. i say we need better people working in the banning section and serc. section. but with the way gw1 is going downhill i dont see it happening soon. get real people they rather invent stuff like minis then help us poor people.
i can say we need this badly by my own personal issue. after being banned for 2 day because of a mistake on their end. they thought i was a gold seller. no proff was given no i'm sorry just here is your account back. i say we need better people working in the banning section and serc. section. but with the way gw1 is going downhill i dont see it happening soon. get real people they rather invent stuff like minis then help us poor people.
Wyndy
/signed......
Tramp
Quote:
|
Originally Posted by Symeon
It's got to the point where I'm expecting it to have happened every time I log in.
|
Exactly. My feelings too.
The recent thread about how easy it is to brute force the 2 questions for lost passwords at PlayNC in order to get in and change your master password has me spooked. Along with all the other stuff about how insecure their whole website is which was beyond my technical knowledge, but sure scared me too. I am too nervous to log onto PlayNC to even change my questions or see what I put down.
nagisaki
/Signed
Not that a-net can do much on their end, but perhaps NCsoft will see this and their shrived hearts will grow to be three sizes too big, then they'll suddenly toss a crack team of security experts into a closet and tell them to do their best to make their PlayNC security not be the laughing stock of the internet.
Or perhaps I should lay off the drugs and realize I'm doomed to eventually have my account stolen even with the greatest of passwords, phishing protection, and virus control due to the laziness of a-net's loving parent.
Not that a-net can do much on their end, but perhaps NCsoft will see this and their shrived hearts will grow to be three sizes too big, then they'll suddenly toss a crack team of security experts into a closet and tell them to do their best to make their PlayNC security not be the laughing stock of the internet.
Or perhaps I should lay off the drugs and realize I'm doomed to eventually have my account stolen even with the greatest of passwords, phishing protection, and virus control due to the laziness of a-net's loving parent.
Beren985
/signed
And please, please please make that NCSoft lazy guys fix the huge enormous security holes and nonsensical restrictions once and for all! I want to be able to change my associated email account which is 50% of my account access information, and to have to enter my old password before changing it to something else. It's common sense!
And please, please please make that NCSoft lazy guys fix the huge enormous security holes and nonsensical restrictions once and for all! I want to be able to change my associated email account which is 50% of my account access information, and to have to enter my old password before changing it to something else. It's common sense!
IninefingersI
/signed
The security of people's accounts and information should be paramount. Their current lackadaisical attitude toward something so important is inexcusable.
The security of people's accounts and information should be paramount. Their current lackadaisical attitude toward something so important is inexcusable.
vector03
/signed
My account just got hacked, and although it was restored and NCSoft was very helpful with this process, it shouldn't be happening as often as it is. I've heard of at least a dozen other people I know of having this problem as well. I understand it's an older game, but it's also an MMO, and account security is one of the most important things.
My account just got hacked, and although it was restored and NCSoft was very helpful with this process, it shouldn't be happening as often as it is. I've heard of at least a dozen other people I know of having this problem as well. I understand it's an older game, but it's also an MMO, and account security is one of the most important things.
FengShuiDove
/signed
Never been hacked *knock on wood*, but the prospect is entirely too disconcerting.
Never been hacked *knock on wood*, but the prospect is entirely too disconcerting.
chessyang
Quote:
|
Originally Posted by Shanaeri Rynale
Enough Is Enough.
|
sorry had to say it.
/signed
Bathal Nasp
/signed
even a way to untie a GW acct. and PlayNC one would be great.
even a way to untie a GW acct. and PlayNC one would be great.
Khorrax
/signed
Far too many people have had their accounts hacked.
Far too many people have had their accounts hacked.
nitetime
/signed my thoughts are shared below
Quote:
|
Originally Posted by Lyger
/signed.
I've never been hacked, but it is heartbreaking to read about the people who have lost so much. After 4 years of my life invested in this game, being hacked and having my account trashed would devastate me. And after reading so many reports of people who have been hacked, I have to admit that I always have that horrible moment of holding my breath everytime I log on. |
JimmyNeutron
Has anyone ever install Wireshark and sniff the packets to see if our account and password is transmitted in cleartext over the internet?
Maybe that's how hackers are getting the login info.
Also, what about ANET website that requires you to log in? Is it secure(https) and not transmittig in clear text also?
Maybe that's how hackers are getting the login info.
Also, what about ANET website that requires you to log in? Is it secure(https) and not transmittig in clear text also?
Michael805
I find it odd that this thread popped up today. You see, I haven't played Guild Wars in several months, yet I constantly get e-mails about my GW password being changed at an email account that has no GW account linked to it. Then, this morning, I get an email at an account that does in fact have an account linked to it. It seems someone reset my password. The IP given was traced to China, so I can only assume Chinese gold farmers brute forced it.
Within 5 minutes of me receiving this email I contacted NCSoft support regarding the issue. It's now been almost 12 hours, and I've received no response (and even if I was to recieve one within the next 30 seconds I'm sure my account has been cleaned of the few million gold I had sitting on it, and I'm sure all of my characters are trashed as well).
This is the only time anyone (that I know of) has been on the account in several months. No one else knew my password, nor has anyone else ever been on my account. I have no keyloggers, and even if I did it wouldn't matter since I've not logged into either my plaync account or my GW account for several months.
Long story short, yes there needs to be more security, and there should most definitely be a link that you must click in order to reset your password. I don't know who in their right mind thought it would be ok to allow someone to reset their password without having to have access to the email account for which it is being reset.
Within 5 minutes of me receiving this email I contacted NCSoft support regarding the issue. It's now been almost 12 hours, and I've received no response (and even if I was to recieve one within the next 30 seconds I'm sure my account has been cleaned of the few million gold I had sitting on it, and I'm sure all of my characters are trashed as well).
This is the only time anyone (that I know of) has been on the account in several months. No one else knew my password, nor has anyone else ever been on my account. I have no keyloggers, and even if I did it wouldn't matter since I've not logged into either my plaync account or my GW account for several months.
Long story short, yes there needs to be more security, and there should most definitely be a link that you must click in order to reset your password. I don't know who in their right mind thought it would be ok to allow someone to reset their password without having to have access to the email account for which it is being reset.
Rushin Roulette
/Signed
The easiest and most cost effective way would be to do something as simple as a confirmation Email for any change in the account (Namely Email address or Password).
Password changes go to the existing email account and the change only happens after the link has been activated or the one time TAN which is sent in the Confirmation Email is entered correctly (Wrong TAN = New Email and new random TAN Number/Letter code).
Changes in the Email Address have to be confirmed by both the old and the new Email via the same principle (2 Different TAN Codes).
This is the normal process for most sites and programs with sensitive data.
Both these can be overridden via the existing Support ticket method (Name of all your characters, all your Receipts, Activation codes for the games, name of your neighbour's boyfriend's Poodle's puppies in alphabetical order etc...)
P.S. My account has not been hacked yet, but a guildies account was hacked a few weeks ago a few minutes/Seconds after he had changed his Master Password on the NCSoft Site. And im 100% Sure that he doesn't buy Gold or similar, because Students don't really have that much money they can burn for crap like in game currency.
The easiest and most cost effective way would be to do something as simple as a confirmation Email for any change in the account (Namely Email address or Password).
Password changes go to the existing email account and the change only happens after the link has been activated or the one time TAN which is sent in the Confirmation Email is entered correctly (Wrong TAN = New Email and new random TAN Number/Letter code).
Changes in the Email Address have to be confirmed by both the old and the new Email via the same principle (2 Different TAN Codes).
This is the normal process for most sites and programs with sensitive data.
Both these can be overridden via the existing Support ticket method (Name of all your characters, all your Receipts, Activation codes for the games, name of your neighbour's boyfriend's Poodle's puppies in alphabetical order etc...)
P.S. My account has not been hacked yet, but a guildies account was hacked a few weeks ago a few minutes/Seconds after he had changed his Master Password on the NCSoft Site. And im 100% Sure that he doesn't buy Gold or similar, because Students don't really have that much money they can burn for crap like in game currency.
Anonymous IXl
/SIGNED
I agree. My friend got his account hacked a week ago. 3 sets of obby, 60e, obby edge, VS, and a bunch more, all gone...
I agree. My friend got his account hacked a week ago. 3 sets of obby, 60e, obby edge, VS, and a bunch more, all gone...
Another Felldspar
There is a serious account security issue. Drop everything else -- nothing else matters -- and fix the security issue. No Chinese IP address should be able to access my account. I don't want to hear that the team is working on great new Wintersday quests/hats/minis/weapons; I want to hear that the team is working on account security. Or, I want to hear that there is a brand new security team in place at ANet, and they are working on account security. I definitely want to hear that security is being placed at the top of the priority list. No more sales, not another dollar, for ANYTHING whether A-Net or NCSoft related, until I hear that this issue is being addressed. None.
I'm happy to pay for security upgrades once I do hear that this issue is being addressed.
/signed
I'm happy to pay for security upgrades once I do hear that this issue is being addressed.
/signed
Martin Alvito
/signed
But you knew that already.
But you knew that already.
Aleta
Quote:
|
Originally Posted by Symeon
/signed
It's got to the point where I'm expecting it to have happened every time I log in. |
It's a day late and a dollar short as my best account, played the most is trashed and empty now.
/signed
I also wonder every day if my Aion account ok
Kurald Galain
/signed
twelvesigneds
twelvesigneds
coil
/signed but i think the problem lies within ncsoft, not anet.
Kronk Shaan
I'd sign anything that improves network security anywhere.
However, as a PC/Network Tech myself, I would have to say that the chance of having your account (game login or NCSoft) hacked are really, really low. The only way that they (you know, 'they' - be it gold farmers or your 10 year old little brother who is eyeballing your ecto as a Christmas gift to himself) can hack your account is for you to have given them your info in some fashion. Whether it is a keylogger you got from a site claiming to have some awesome game cheat, or because you bought gold (most likely). The odds of someone guessing (or using a program to crack) your password because they already have your email address (so your game login) is pretty good. But I doubt that anyone could guess your login and than crack your password. Bob @ some random service provider .com/net/org etc. The number of possible letter, number and character combinations plus punctuation before the @, not to mention all of the varied service providers you could be using for email means I have a better chance of winning the powerball (I think the odds on that are like 73 million to 1) than they do of guessing an email address to someone who happens to play Guild Wars and conveniently just happens to have LOTS of gold, ectos etc. Read the warning on the login screen. Don't buy gold or items online.
However, as a PC/Network Tech myself, I would have to say that the chance of having your account (game login or NCSoft) hacked are really, really low. The only way that they (you know, 'they' - be it gold farmers or your 10 year old little brother who is eyeballing your ecto as a Christmas gift to himself) can hack your account is for you to have given them your info in some fashion. Whether it is a keylogger you got from a site claiming to have some awesome game cheat, or because you bought gold (most likely). The odds of someone guessing (or using a program to crack) your password because they already have your email address (so your game login) is pretty good. But I doubt that anyone could guess your login and than crack your password. Bob @ some random service provider .com/net/org etc. The number of possible letter, number and character combinations plus punctuation before the @, not to mention all of the varied service providers you could be using for email means I have a better chance of winning the powerball (I think the odds on that are like 73 million to 1) than they do of guessing an email address to someone who happens to play Guild Wars and conveniently just happens to have LOTS of gold, ectos etc. Read the warning on the login screen. Don't buy gold or items online.
Broseiden
Quote:
|
Originally Posted by Kronk Shaan
I'd sign anything that improves network security anywhere.
/Snip |
Bob Slydell
NCSoft needs to get their act together.
/signed
/signed
Kawil
/signed
Many valid ideas have been discussed on how to bring about greater account security. I'm sure they aren't too difficult to implement.
Many valid ideas have been discussed on how to bring about greater account security. I'm sure they aren't too difficult to implement.
Axel Zinfandel
Definitly a /signed on this one. I havnt logged on in quite some time and i'm nervous to even do so, despite my curiousity if it's been hacked or not.
Changing the password honestly isn't enough anymore and these guys are getting more and more pushy by the day. If NCsoft doesn't do -something-, it's pretty much the worst PR move someone could ever do.
Changing the password honestly isn't enough anymore and these guys are getting more and more pushy by the day. If NCsoft doesn't do -something-, it's pretty much the worst PR move someone could ever do.
Verene
/signed, even though I have not been hacked, don't worry about it happening to me at all, nor know anyone who was.
However, I must point out, that even when threads pop up on here...people who post on GWG do not make up a large proportion of GW players. Nor is it Anet that has any control over this, but rather NCSoft. And angry attitudes do not help with anything.
Also, about the suggestions made on how to increase account security...none of us know if those suggestions are even feasible. We don't know the way the game is hard-coded. Plus, even if they were, there may be legal issues with a suggestion from a player being implemented.
However, I must point out, that even when threads pop up on here...people who post on GWG do not make up a large proportion of GW players. Nor is it Anet that has any control over this, but rather NCSoft. And angry attitudes do not help with anything.
Also, about the suggestions made on how to increase account security...none of us know if those suggestions are even feasible. We don't know the way the game is hard-coded. Plus, even if they were, there may be legal issues with a suggestion from a player being implemented.
Siirius Black
/Signed
four of my guildies got their account hacked. This is ridiculous. The number of accounts reported hacked has increased dramatically. Someone found a vunerability in ncsoft and obiously they are exploiting it.
four of my guildies got their account hacked. This is ridiculous. The number of accounts reported hacked has increased dramatically. Someone found a vunerability in ncsoft and obiously they are exploiting it.
Shadowmoon
/signed
AND
I am willing to pay for this feature for a reasonable price. $5 or $10 to guarantee that my necro and all of her accomplishments make it to guild wars 2 is worth it to me.
AND
I am willing to pay for this feature for a reasonable price. $5 or $10 to guarantee that my necro and all of her accomplishments make it to guild wars 2 is worth it to me.
Chthon
/Signed.
I've been keeping tabs on the "I've been hacked" stories. The most likely explanation is that, in addition to the usual number of people who get their accounts stolen through their own stupidity, there is currently a method of stealing accounts directly through a-net/NCSoft. The password reset feature on the NCSoft master account seems the most likely culprit.
This is unacceptable. If I fall for a phishing attempt or trust someone whom I should not have with my password, that's my own damn fault. But to have my account open to being stolen, no matter how careful I am, because NCSoft can't build a secure system is utterly unacceptable. So, not only do I sign on with Shan's petition -- harsh language and "security is more important than anything else" and all -- I'll go one step further: NCSoft will not see another penny from me, ever, until this is fixed.
To rehash several years worth of suggestions:
1. Find and close whatever vulnerability is allowing accounts to be stolen directly through a-net/NCSoft.
2. Since NCSoft clearly can't get their act together, just let us sever our GW accounts from NCSoft.
3. If we must retain the connection to NCSoft, then at the very least: (a) Give us back the ability to change our usernames. (b) NEVER display the e-mail that is the GW username from within the NCSoft account. (c) Require the current GW password to be entered in order to change the GW password.
4. Give us the ability to blacklist and whitelist individual IP's and IP blocks. I want to blacklist all of mainland China from ever logging into my account and I want to be prompted for a second password to login from any IP other than my current one.
5. Give us a "last login attempt for this account was X hours ago from IP W.X.Y.Z" notification every time we log in so that we know when someone is after our account and can contact support preemptively.
6. Give us an optional character lock that is permanent or takes at least a week to remove.
7. Give us a customized item lock with the same traits.
I've been keeping tabs on the "I've been hacked" stories. The most likely explanation is that, in addition to the usual number of people who get their accounts stolen through their own stupidity, there is currently a method of stealing accounts directly through a-net/NCSoft. The password reset feature on the NCSoft master account seems the most likely culprit.
This is unacceptable. If I fall for a phishing attempt or trust someone whom I should not have with my password, that's my own damn fault. But to have my account open to being stolen, no matter how careful I am, because NCSoft can't build a secure system is utterly unacceptable. So, not only do I sign on with Shan's petition -- harsh language and "security is more important than anything else" and all -- I'll go one step further: NCSoft will not see another penny from me, ever, until this is fixed.
To rehash several years worth of suggestions:
1. Find and close whatever vulnerability is allowing accounts to be stolen directly through a-net/NCSoft.
2. Since NCSoft clearly can't get their act together, just let us sever our GW accounts from NCSoft.
3. If we must retain the connection to NCSoft, then at the very least: (a) Give us back the ability to change our usernames. (b) NEVER display the e-mail that is the GW username from within the NCSoft account. (c) Require the current GW password to be entered in order to change the GW password.
4. Give us the ability to blacklist and whitelist individual IP's and IP blocks. I want to blacklist all of mainland China from ever logging into my account and I want to be prompted for a second password to login from any IP other than my current one.
5. Give us a "last login attempt for this account was X hours ago from IP W.X.Y.Z" notification every time we log in so that we know when someone is after our account and can contact support preemptively.
6. Give us an optional character lock that is permanent or takes at least a week to remove.
7. Give us a customized item lock with the same traits.
Golgotha
The security issues both stop me from purchasing in-store products as well as really making me pause before purchasing GW2 when it is released. These issues aren't even based around NCSoft's laziness, rather their apathy towards the users' issues. If these issues were around during Prophecies and you had to tie your account to the NCsoft store, you can bet GW would've likely become a failure based on these problems. As a company, it makes it increasingly difficult to turn profit when your customers lose faith and trust in you.
/Signed
/Signed
iTzF3aR
Signed
Although to me it this really seemed like a QQ thread at first, I actually got to thinking what it would be like to have all my stuff deleted. Obby armor, high end weapons, my henchman tonic, characters, 6000+ hours. All gone. Like I am paranoid enough about it as it is. Fix it. Now.
Although to me it this really seemed like a QQ thread at first, I actually got to thinking what it would be like to have all my stuff deleted. Obby armor, high end weapons, my henchman tonic, characters, 6000+ hours. All gone. Like I am paranoid enough about it as it is. Fix it. Now.
Tullzinski
Quote:
|
Originally Posted by Chthon
/Signed.
there is currently a method of stealing accounts directly through a-net/NCSoft. The password reset feature on the NCSoft master account seems the most likely culprit. |
http://wiki.guildwars.com/wiki/User:...count_Security
Keep your email secure.
If someone gains access to your email account, immediately change your Guild Wars user name and password. (If you can't get access for some reason, get in touch with support right away. If your game account is bound to an NCsoft Master Account, you are not able to change your Guild Wars user name but you can protect your account by changing your GW game password from within the NCsoft Master Account hub. And you can change the email address associated with your NCsoft Master Account (and your games) at any time. Many players feel that having an NCsoft Master Account adds another level of security to the game's security.
I take it you are not one of the "many players who feel that having a NCsoft Master account adds another level of security to the games security"
/signed again for anyone who has not played the game in awhile....