Petition For Improved Account Security.

Then what we need is attention to this problem in IGN.com and any video game magazines that see this as news. Ways to let consumers know before considering buying an ArenaNet or NC Soft game. Because right now if it's only on GW Guru, they may not be all that concerned. Usually Guru is something gamers later find their way to after playing for a while, I assume.

I also don't like how Anet will make people jump through hoops before doing something or admitting anything. They'll tell us that we downloaded some unauthorized program or gave our password away and that we need to scan our computers and check all the security. Which are valid points but there are people who testify to being hacked after already doing all that.

It's just like when GW first started, people were getting lagged. And Anet blamed our computers and video cards. They had people checking their computers and their internet connections and buying new video cards and more memory. Jumping through all these hoops. Then finally they admitted it's a server clog on their part.

Account security threads are topped on GWO and Guru right now. They've noticed.

Word of mouth is powerful in this business. Reviews matter a great deal, but players bring their friends (or ward off their friends) in many cases. The word will get around.

EDIT:

Count me in the 20%.

I'll continue playing what I already have but won't buy anything more. Would that be considered a boycott? From further purchases?

My decision is not just from this issue. It's because I'm not interested in their other games or upgrades.

And there was the time when ordering from the ingame store meant being banned by error.


EDIT: This reply is in reply to another that was here a moment ago. It concerns the idea of a boycott.

/signed

12 char ftw

/signed

I was one of the people whose NCSoft account got broken into. The NCSoft site only has a maximum 13-character length password, and it does not allow symbols. I imagine whoever did it simply brute-forced their way in, then simply reset my password to one of their choosing. As it happened while I was asleep, by the time I was aware of the intrusion, it was 13 hours later and the crooks had already been and gone (and gotten my account locked for 'gold selling' in the process).

I'm now trying to get my account unlocked by Support so I can get in and see what kind of damage has been done, but I've been playing for 4 and a half years, have 5 main PvE characters, and had an extensive collection of personal trophies, minipets and other mementos. All of it could be wiped out, simply because the NCSoft Master Account has piss-poor security compared to a lot of other sites.

At the very least, as somebody mentioned, you should be required to enter your CURRENT GW password to change your game password. Or if you've forgotten your password, your new password be sent to your e-mail address (requiring the hackers to have to break into a second account).

I don't blame ANet for this, since the fault lies with NCSoft, but I AM pissed that there's such a glaring weak spot in their security net. Something seriously needs to be done about this, before more innocent victims fall prey to it.

I can see that, but my point just happens to be in the part you didn't include in your quote of me

It's obvious they've noticed already, but that's not going to force them to reply. A ticket sent directly to Customer Support by a credited Guru admin probably will. That's the point of a petition anyway, to hand it in to whoever it's for

How is sending an e-mail *forcing* them to do anything? One click of the mouse by some flunky on the support staff, and it's digital trash...

/Signed
/Signed

twice - for both my accounts

Honestly I am very careful with my account security/passwords - everything. Infact I do not care enough for the game to go researching things and thus capturing spyware and key loggers etc

What really made me scratch my head is that I had not logged in for ages, yet last month 1 of my 2 accounts was mysteriously blocked by anet due to a hacker and lacking 1000k gold when returned to me. I seriously doubt a dormant account was hacked by a keylog or other such way. I use different passwords for my two accounts and had not logged in for ages.

I'll /signed to the original and /signed to the above too. I've been paranoid about the unchangeable-email-address-as-login rubbish for nearly as long as I've been playing GW and, whilst I haven't been hacked yet, with all the recent hackings I'm starting to think my fears of it happening to me one day too aren't just paranoia. Get NCsoft to sort it before it's too late please ANet, because if my GWAMM and his stuff winds up gone then so am I and all my/my family's future GW2 expenditure.

/signed

I haven't been hacked. I doubt anyone would bother hacking me because I'm a new player and it wouldn't be worth the effort for the contents of my account. I'm far from a prize target.

That said, the sheer number of reports makes me worry. Not to mention knowing that I wouldn't have to e-mail confirm before a password change, and that there's no lockout for failed password attempts. Overall, it's just not a secure enough situation for me to feel comfortable.

I'm still going to be playing the game, but I won't buy additional ArenaNet or NCSoft products for myself or anyone else unless there's some kind of resolution to this. Not so much even as a boycott, but because it's apparently such a crapshoot about whether my money would just be going down the drain.

We should also further stress that we should not buy gold from gold sellers. I'm sure the usual Guru member doesn't do that. But there are people out there still doing that. Imagine these sellers hacking accounts from the GW community and taking the gold and selling it to take money from other people in that community. It's worse than those scumbag solicitors that practically block store entrances to beg for money or signatures.

/Signed for account #1
/Signed for account #2(Given to me by a "Since Beta" player after most of his friends left after being hacked)

This is a joke. Truly. Neverwinter Nights has better security, and it's damn near twice the age..Get your act together anet/ncsoft.

/signed

Special emphasis on "this issue will affect our decisions to purchase further arena-net products".

Also I read through some of the posts here about NCSoft caring about nothing other than money. I personally would be willing to pay something like a $10 account insurance fee.

/signed

Given all the threads about people who have full anti-virus/firewall/all that stuff and don't do anything dodgy like buy gold who get hacked, it'd be nice for Anet to step up security.

/signed

definately needs to be addressed

/proper job

<filler>

/signed

I've also become paranoid lately about having my GW stuff hacked. Installed Flashblock and Adblock Plus into Firefox, used the game interface to change passwords multiple times, stuff like that. If my GW stuff were hacked, I'd most likely just quit the game and not look back.

/signed

From all I read it probably has to do with the ginormous security-holes at the NCSoft-Site. This whole Change your Password - Mess is a joke and whoever is responsible for that should get replaced by a monkey.

Just another reason to vow against the linking to the utterly useless NCSoft Master-Account (my account was linked in 2006 forcefully, like others I didn't want it and I have no advantage in Guild Wars from it).

If they want us to purchase NCSoft products (which this linking to a "Master-Account" is all about) there are other means to get our attention (other than forcing a link). Like the Aion Wing-Emote.

I know that I would not purchase GW2 if I would get hacked, not to get some kind of weired revenge or boycott anything, but because it would not be worth the effort to accumulate wealth ingame and only having a random chance of maintaining that wealth.

Long story short: If NCSoft refuses to react, ArenaNet should find a way to separate from NC and end the partnership (I know that Anet is a 100% owned subsidiary of NC, but there's always a way, say like "breaches of faith")

/signed of course for more security, who wouldnt, but i would like to know why account security is flawed in the first place or is it that people havent taken measures to protect their own stuff?

This petition suffers from a rather fundamental bias: Nobody is going to vote against better account security. As well written as the OP was, it has no constructive value.

A much more interesting and useful thread would be 'How could ArenaNet improve account security. What measures would be most ideal? Lucky for us, a thread like that has already gone up over on GWO. With Bellissima's permission, I've copied it over here.

For the sake of keeping the discussion in one place, I'll close this thread. If you want to vent your frustration about the current state of account security, I suggest you use Gaile's talk page.

Greetings everyone!

Right off the bat, I am not here to ask to get my items back or to whine about the fact that my account got hacked!

I am here simply to get justice for what happened to me and to all others out there.

Now let me explain my situation to make it relevant to the thread.

Yesterday I got hacked while I was in-game. I got logged off and was only able to get into my account after 40mins on the phone with NCSoft Support team, which by the way did a great job so koodos to them! I've lost around 700k-800k of valuables. I've contacted the GW Game Support team and they said that items cannot be replaced, which I respect.

I was using a password given by ANet and the hacking happened on their system because I have checked my security logs and there were no inbound connections or trafficking on my systems after the hacking. Plus I have a firewall and a router, so its kinda hard to get into my systems. So I feel like it is ANet's security failure that allowed my account to be hacked!

Yet I think that there are something that could be done and its called a rollback. Every game has a server with a database and every database can be rolledback. So if you have screenshots proof and in-game mates proof of your items, a rollback could be of interest to the player, but thats not the point.

I am here to make a petition about the security failure of ANet. I do not know what kind of security they have at the moment, but I know it is not enough. Everyone out there is like a little turtle going to the big sea for a big adventure and the hackers are the birds that can come ANYTIME and just pick you up and take away everything you have!

Everyone is vulnerable at this point, so this petition does not only concern hacked players already, it concerns everyone!

So I am petitioning to ANet to either create a better security system which either implements better passwords and the protection of them, storage passwords, unknown IP connection protection, password change requests better protected or something in between those lines.

OR

Create a guideline for people who have been hacked for item recovery if one have enough proof for it. (which I doubt will happen sadly...)

I urge everyone to sign this petition before the worst happens to you like it happened to me, like I said, we are ALL vulnerable at this point of time! Because when it does happen , and it might... I dont think one will have the greatest envy to continue striving for the sea of greatness knowing that at anytime you can get hacked again and loose all your possessions you have been working for months and years! Additionally ANet may just loose valuable customers because of that...

Again it can happen to anyone!

/Signed by [ING] Captain Scrat

- Captain Scrat

P.S.: Please do not come here and start flaming or saying "haha it suxed that it happened to you" or "well maybe you deserved it" or "maybe you should stop watching pron and getting your stuff hacked cz of this"...

This is a serious matter that I hope will go far in either GW or GW2 security implementations.

From this thread a little further down on this page:
Please use the thread linked in the response. Thanks.