Poll: Account Security Solutions

[Taken, with permission, from Bellissima's post here.]

So we've had a few threads regarding account security recently. In amongst the commiseration and speculation has been some discussion about possible solutions. Here's a summary of some of the more popular ones and a poll to gauge which ones appeal the most to the community. You can select multiple options in the poll, but do try to prioritize the couple items that you would MOST want to see added.


Here are the descriptions of the options so you don't have dig back through pages of old threads.

Static IP/MAC/HW checking

This is used by some banks. If you try to access your account from an IP or MAC address that is foreign to that account (meaning you haven't used it before or haven't used it recently), then you are asked additional account security questions before access is allowed.

Similar to the IP/MAC address check, a hardware configuration check will compare some aspect of the hardware with which you are currently using to access the account. Additional security questions will be asked if the information is mismatched.

Strong password policy

Password policies prevent you from using passwords that are too easy to crack. Some factors include password length, similarity to previous passwords, repeated characters, and use of non-alphabeticals. Password policies can also enforce minimum and maximum password ages. ArenaNet has already confirmed they have some throttling technology on their end to thwart "brute force" password hacking but strong passwords are still an important part of account security. Strong passwords are still easily broken by key loggers.

SecurID authentication option

This is already in use by Blizzard as an optional account security measure. You get either a device or an app that can be loaded on a mobile device like an iphone. It uses two-factor authentication. You have your usual login method (account name + password) and then you'll be asked for your secure id. You hit a button on the device and it displays a code for you to input.

Short version: you have a second password that is changed automatically every 60 seconds.

"NO DELETE/SALVAGE/TRADE" option on characters/items

With this option you'd be able to mark certain characters or items as undeletable and untransferable. Some variations of this suggestion allow for this option to be toggled on and off using a second factor authentication (second password) or an account security question. Obviously this doesn't make it harder to gain access to your account but it could protect the things you value most.

Additional authentication for Xunlai storage access

Similar to the previous option, this would allow you to add an additional password to your Xunlai storage. You therefore have additional protection around some of your gold and items. However, since you would likely use this password every time you play, it's just as vulnerable to keyloggers as your account password.

Randomized point and click gui for password input

This option would put an image of a keyboard on the screen for you to point and click each character of your password. The keys would be randomized each time to remove the possibility of a keylogger recording the pixel locations of each click and engineering the password based on a standard keyboard layout.

Compromised account restorations

This is already provided by many MMOs. Once the account has been compromised, game support can go back and verify which items were removed and restore them to the compromised account. ArenaNet has always stated they cannot restore items on live servers. Whether this is a technical or a budgeting limitation is up for speculation, but the inevitable comparison has been made and this capability has been requested.

Other H/W solution

Specify in a post if you want other features that require specific hardware.
(e.g. thumbprint scanners)

Other S/W solution

Specify what other software features you'd like to see implemented.
(e.g. Human verification images)

No solution required

Choose this if you don't want any changes.

Better security experts at ANet

Edit:
To clarify, I don't give a damn about people who download keyloggers, give out their password to "friends", people who use their character name as their password, etc etc.

What I do care about, is security vulnerabilities on ANet's end.

#1 No delete for characters. (Locks must be bought, each one comes with a new character slot - so people can never have all slots locked, and no "malicious locking" is possible or economically feasible)

#2 Other S/W:
Option to block IP addresses in other countries or at least the other GW regions (US, Euro, Asia, whatever)
Require old password to set a new one on NCsoft site.
Email confirmation required before password change, not after when using NCsoft site.
Allow special characters for passwords on NCsoft site.

#3 SecurID (as an option)

#4 Strong password policy

The other stuff... nice, but lower priority to me

Great summary of all the suggestions so far.
I didn't vote yet, because the flaw lies within NCSofts Site. It has been reported from various independent sources and you'll only have to look at the "Change your Password" Method to see how utterly fail this whole Master-Account security is.

So I would vote for "Other S/W", specifically suggesting that NCSoft gets their **** together. Other than that, there are no further security updates needed.

The easiest solution would be to UNTIE all GW-Accounts from the useless, security-lacking, no-advantage-at-all "Master-Account". But Anet being a 100% subsidiary of NC I don't see that happening.

Despite my mild venting I did in fact suggest a solution. Hope this will get adressed soon by Anet/NC.

100% agreed there.

hardware verification system. if it aint my computer, it aint me.

Add these, or rather restore them, since we had some of this before NCSoft changed their site. ANet originally required email confirmation to reset or change passwords before linking to NCSoft or the in game store was introduced, IIRC.

NCSoft did allow special characters for password creation initially, but removed them with their new site.

Also, NCSoft needs to change their error message for failed log in attempts such that it does not tell you which entry is correct or incorrect. That's completely unacceptable. Change it to a general rather than a specific message now.

How about an all of the above? Kidding....slightly......but it's very clear that Anet has serious account security loopholes, and still won't come clean (blaming either users or fansites).

On the "other" vote - There isn't much that's reasonable to ask or cost-effective regarding the game client itself. It compares well with its peers. Highly aggressive measures such as IP checking and SecurID authentication would be preferable. But I doubt that ANet would provide such costly measures for free, and I'm not convinced that we should expect such.

The NCSoft master accounts, however, have glaring security vulnerabilities. The following would make these accounts harder to defeat using automation and would protect us even in the event of unauthorized access:

- Let me delink my GW account from the PlayNC account (best)
- Force me to provide something additional to change my game passwords (existing PW, code from an e-mail sent to the login e-mail address, etc.)
- Do not EVER display the linked e-mail address that is my username
- Make the "change password" protections for NCSoft accounts themselves more secure
- Make it impossible to generate a valid list of actual NCSoft accounts via brute force
- Make it more difficult to brute force passwords (NO protections exist at present).

Everything after the first item is a garden-variety security measure that I fully expect to observe in any authentication system today. Do online retailer accounts display complete credit card information when it is saved? No. So why should unauthorized access to my PlayNC account give someone the ability to have all of my game login information?

If those things can't happen for whatever reason and ANet has to go it alone, then I'd support hardware verification, IP checking or SecurID even at a (one-time) cost to the user.

Some great choices here. I think the first one is the best suggestion.

If you discount the things in the first sentence, then there's not much left on Anet's end. NCSoft is the real problem!

No verification for account password changes? Come on...! That's security 101. If Anet had the most iron-clad in-game security known to man, allowing a hacker to change your Anet password at NCSoft without any kind of verification renders the Anet security completely useless!

Useless to you. For NCSoft, it provides marketing information on their customers. So it has value to them...

And apparently that's more important than actually keeping their customers!

Rather then a password for xunlai chest, use a PIN number. This would be 4 numerical characters which you would CLICK on to open your chest (but only have to input it once per login). Can't be keylogged. Protects all items.

~Sickle of Carnage

There's no shame in copying a company that did it right.

Except the ones you're wearing!

Change so you MUST enter the existing password to change it. I just can't believe someone can change it if they don't know it. This is the single most important change.

Change error message for failed log in attempts so it doesn't tell you which entry is correct or incorrect.

Allow people linked to NCSoft to change the login name - and allow the login name to be something other than an email address.

Verification of password change by email
Isolate account from the shop

If a password is added to storage/for toggling items, you could use the randomized point and click gui for that so it's harder to hack access to those things, much like RuneScape's bank pin system.

None of the above.

I think the route of the problem is more to do with the structure/logical steps than the security itself. The way they have it setup up is retarded. For example.

nice ideas. i think the hardware secure ID is the safest. however, I personally thing we will see none of these in GW, maybe some in GW2

I selected:

-No Delete
-Authentication for Storage Access
-Compromised account restorations

Between these three, it ought to build a happy wall around preventing "hacks" and recompensating for them.

This is the one I prefer.
There was this suggestion some time ago, but Gaile said in that thread that it was too much to do according to the developers.
http://www.guildwarsguru.com/forum/s...php?t=10248665


The following two come right after this one.


The SecurID might be a bit more trouble, I keep losing stuff around the house, so having to find one each time I want to log in is a hassle, but if Anet decided to make a thing like that, I would definitely buy one for my account.

The restoration would be a nice thing too, but too prone to abuse.

Anyway, SOMETHING must be done. Leaving the security as it is now is bad.

From the poll, I voted for a No Delete option on characters/items.

However, there are also three additions I'd like to see:

*Require me to confirm through my e-mail account via clicking a secure link before allowing my password to be changed, rather than notifying me after the fact when it's already too late. This doesn't prevent hacking, but means that two separate accounts would need to be hacked to proceed, adding one more layer of protection.

*Require me to provide my old password before allowing my password to be changed unless I initiated the process with a lost password request. Even if I initiated it, I want it going through my e-mail rather than just my game account.

*Locking out the account for a designated length of time (perhaps 12-24 hours) after a specified number (perhaps around 5) of failed password attempts. This makes brute forcing a password a lot harder and a lot less worth the effort.

All this seems pretty basic to me, but I'd feel a lot safer if it was implemented.

Better then nothing at the cost of nearly nothing sounds worth it to me.

I said this before with my account got hacked post but to be positive and not so negative like I was in the past I will say it again.

How about blocking all big items from being sold to NPCs. Does anyone really sell 7 black dyes to the Dye Trader? or sell stacks of Ectos to the merchant? If that action could be stopped then the next part would catch the rest.

Next 3 day grace period on big items! Any trade that is worth more then 100k would have a 3 days for the final trade to go threw. The items are locked in trade so nothing can be changed except for a cancel. If its a legit trade then the trade will go threw on the 3rd day.

I wouldn't mind waiting 3 days to get what ever I wanted, knowing that it would be mine in 3 days and the cost wouldn't go up cause its all locked in.

That would save a lot of accounts, seams like most of us find out that we been hacked within 2 days of event.

The only draw back would be the time it takes to give back our account control.

No problems here, as long as we are able to select or create significant and difficult enough security questions.

I would like to choose how I build my own password, thanks very much. I firmly believe that passwords shouldn't even have any requirements on them such as character number, which characters to use where, words not to use, etc.

I have never heard anything bad about this idea, ever. Thus, I have no complaints against it.

I like the idea, but I'd rather they work on ways of stopping them from getting into the account altogether.

The first idea is ultimately inferior to the second here, and I fully support the second.

Restoration of at least items that were deleted through the trash been should be recoverable. Asking that ANet get better at retracing and redoing every single transaction that a hacker makes is just as futile as simply asking them to do their job better.

I understand that you included this option, just to be fair, but with the recent issues at hand, I doubt there's anyone in the game who would be bothered by extra security being put in place.

The only reason, I think, to choose this option is because you don't believe the problem really lies with ANet. For example, maybe the security needs tightened around NCsoft instead, as Martin seems to be stressing as of late.

Until something is figured out. NCsoft Master Hub password reset should be disabled in the interim. I would be interested in how many times the Master hub website would be is being hit by chinese IPs per day.

With a nod to Theocrat and the Blizzard Authenticator I would pay $6.50(or more) per Authenticator for my accounts.

Yes Arena Net lack of security is a big issue.... That being said... a minority of the community is also partly to blame... the reason the Chinese are so determined to steel your account is because real money can be made selling game currency and goods to others...

Along with increased security I propose the consequences to real world money transactions be raised to a permanent ban.

If nobody is paying real world money there is no incentive to steel accounts.

Other s/w solution:

- Being able to sever accounts from ncsoft master account; and/or
- Better password protection over there.

I'm not really crazy about the opinions in the polls, but I like Martin's ideas. I've followed you around in these recent topics about hacking and insecure accounts and really appreciate your well-thought posts.

I would hope for this issue to be addressed or cleared up by Anet or NCSoft. I ended up changing my email, password, and security questions and check my email every chance I get to make sure some greedy Chinese bot doesn't get grabby with my account.

A static IP isn't available to every Guild Wars player around the world, indeed many are stuck with dynamic IPs and have no choice in the matter, this is also cumbersome for people who play from multiple locations (work, on the road, gaming at a buddies house and net cafes)

Hardware checking and to a lesser degree MAC verification are great if you only play on one system, and rarely make substantial changes to the system. People who game on Dells might like this option, Geeks will revile it.

The whole downloadable game client thing was meant to allow us to download and play Guild Wars from anywhere... and i seem to recall it was once popular in the Korean Net Cafe scene... IP/MAC/HW checking is an inconvenience in these cases.

Policy is never enough to save people from their own stupidity, Anet has been warning us on the log in screen about the needs for account security and strong passwords... that is enough, and as you mentioned, still vulnerable to key loggers, data intercepts (man in the middle attacks) and the like.

Not a bad idea, having to pay extra for basic account security seems a little odd though, and still vulnerable to man in the middle data intercepts even assuming they do manage to implement a SecurID system well, once the user's computer is compromised (no more difficult than it would be to get a key logger on there) this offers NO PROTECTION.

Instead of making the lock on characters/items something that can be toggled on and off (ie BYPASSED) make it time limited... lock a character for a day/week/month and it stays locked for that period, and there is nothing you can do to unlock it short of contacting support in the case of malicious locks.

etc.

This. I have a dynamic IP. It would be a tremendous pain for me if the game stopped recognizing my computer every time I disconnected from the network.

That said-- forgive me if I'm ignorant about the tech, but even with the dynamic IP, my IP address doesn't seem totally random. It's within a certain range. So while it's not identical every session, it's still clearly from the same general geographic area.

Which makes me wonder about regional lockouts. What if I could set up my account to not allow a login from, say, outside of North America? If I was planning a major international trip and felt it was crucial to bring GW with me, I could always green light the region I was going to in addition-- it wouldn't have to be a permanent blackout.

I don't actually know how hard that would be, so it might be totally impractical and/or not really a big enough issue to deal with. But most of us most of the time would only be legitimately logging on from one region. I'd rather see that than something that checks exact IP.

I chose 1, 2, 5, 6, and 7. They sound very good and would be extremely beneficial to have.

Another poll should have been added. What priority should account security be given.
A. It's fine as it is
B. When they can get around to it
C. Drop everything

all this poll is doing is asking us how we would do anets/ncsoft job for them.
The when issue is as vital as how, if not more so.

yes to just about everything except the static IP thing----IP's can be covered up so that just wont work (and us dynamic people dont have choices).

I would pay for a fob---and it would be the last thing I would buy from them too.

My option isnt anywhere on the poll so ill state.

How about a simple confirming email sent to the email BEFORE letting anyone change the info, like every other password that you have to change.

What gets my vote:

1. Static IP/MAC/HW checking
3. SecurID authentication option

Other S/W solution:

- Confirmation e-mail asking you to confirm the password change before the password is actually changed for both the NCsoft master account and the game account(s) linked to that master account.

Generally, MAC can be spoofed on hackers machine and easily retrieved from hackee machine, as are other hadrware signatures, but those are not as trivial.

IP address spoofing is not unheard of either, but it is a bit more problematic.

Problem is that you have to trust machine that runs it, and well, you can not trust it.

Strong password policy

[/QUOTE]

Too strong password policies usually tend to make users go into two modes:

a) reuse as much as possible

b) write credentials down.

a) is kind of problem that we faced lately, and well, it was disastrous and kind of triggered this thread.

This is fairly viable option, but do not be easily fooled by its foolproofness. Generally, this works by binding your account to machine id. Which is usually done on account mamagement web application.

This means that if someone can access that, they have shot at changing your securid binding to piece they own. Confirmation emails or support intervention can fix this, of course.

We worked on similar method: Bank acount is tied to cellphone number, if you want to make transaction, you will be sent SMS with authentication code for that transaction.

People still got hacked thou. How? Social engineering: Hacker simply called support and asked then to change cellphone tied to account (... I am desperate, i really need to pay rent now or i am evicted, etc, that kind of stuff ...). It worked.

This is still best method right after teaching users to be more responsible :-)

This is very much prefered, but there is issue: people flagging items/characters and then changing their mind.

If they can easily unflag, this feature would do little good, if unflagging is harder and requires, for example, support intervention, it is going to be cost prohibitive for ncsoft.

This only protects part of account and not really part people are most worried about: Characters.

Bad option. Taking screenshot of onscreen keyboard layout is trivial if you expect this authentication method.

This is support nightmare and very prone to abuse.

Just to make this clear:
I will not be paying extra for sufficient security.

None of the choices given. What I want to see is NCSOFT sorting out their security (pathetic for a "huge multi billion company").
Martin put it very well so I just +1 onto his suggestions.

you sure that these hacks were carried out by third party? I'm thinking that Anet is doing the "hack" by themselves to save the server's upkeep cost. By deleting items from an account, players are discouraged from playing the game and thus give up on playing. So what? That's less players on the server, meaning the cost to maintain the server will be lowered.

Notice, 3 years ago, the number of accounts hacked was relatively low. Why do these hacking incidents happen now, when the game is in its dying stage? Easy, the most logical answer is: Anet is carrying out these hacks.

Why do I suspect that Anet is doing this? I have 10 accounts ever since I started Guild Wars and I have only been playing on 1 account out of the 10 I bought. I do, occasionally, check on my other accounts but the time interval is somewhere around 4-5 months. From the time when Guild Wars was released to present time, I have never downloaded anything from any third parties and I don't have any viruses/malware/trojan/spyware on my computer. How can I be so sure about the state of my computer? Well, I only go through about 5 hard drives every 2 months since I reformat my computer so many times that it basically destroys my hard drives. Of course, I didn't care much about my hard drives since my family can afford new hard drives every 2 months. Anyhow, not until recently, 5/9 inactive accounts I have, were hacked. Hacked? How? I don't download anything and I reformat my computer every 2 weeks and change my password every 4 months for these accounts.

It's basically impossible to hack my Guild Wars accounts, but somehow, someone managed to hack them. I found it strange since no one else has access to my accounts, but Anet. Whatever the case is, I'm happy that I gave up on this game. I can now allocate my time to more useful things, like spending time with my friends on World of Warcraft ^.^

Solution: None needed since the game is dying. Adding additional security measures means anet has to hire better programmers and security experts, which won't happen for a dying game. Who would want to spend money on something that is going to be dead. Guild Wars 2 is good enough to attract old and new players without having to keep loyal players.

This is my favorite option but it would be way too hard for most people to get working. It would be nice to have a drop down list in my account settings that would say

Only allow logins to my account from: [COUNTRY]

This would be idiot-proof (you dont even have to know what an IP is, let alone whether you have a static or dynamic one), and reasonably robust.