Poll: Account Security Solutions

They can eliminate that issue for characters at least:
Sell character locks, and give a free character slot with every purchase

That way:

a) No need for "undo" if someone changes their mind. It's impossible to have all slots locked, so you will always be able to create/re-roll a new character.

b) Due to the cost, people would think before locking a character

c) "malicious" locking would cost a hacker real money, and would achieve nothing but some clutter in the char select screen.

d) A-Net gets money out of it - the feature pays for its own development costs

e) No ongoing support needed - because of a)

That's about all you need. NCsoft must change their password change procedure.

In addition to the two I voted for (character/item locks and account restoration), which are lovely safety nets that I want to see added for my own peace of mind should the worst happen, the following things are so basic that they shouldn't be missing in the first place - but for some inexplicable reason NCsoft doesn't have them so they needed to be implemented ASAP:

Also, this:

I'm not going to pay NCsoft for making the improvements to their lack-of-security login/password/account system either. I don't mind a small one-off fee for extras like the deletion prevention and the account restoration, but paying for what we should already have? Pfff.

You can run out of slots: account can only have maximum of 32 slots, whould kid on suck if you want to lock character and already have max slots.

Hmmm....what would I like to see?

1. Unlinking of accounts from NCSoft. What's the point of having the website master account link when you can buy the stuff from the in-game store? Considering the security issues associated with changing passwords via the master account, if having this master account is required for the GW-GW2 HoM link, I wouldn't buy GW2.

2. IP checking. If my accounts were created in say North America, for example, and for the past four years I've been playing happily in North America, it should ring alarm bells somewhere if one minute I'm logging in from NA, and a few minutes later I'm apparently logging in from say China.

3. Deletion lock. Tag characters/items that can't be deleted,salvaged or sold. PIN system required if you want to merch/salvage/delete/transfer an item from that character.

And if they introduce a random code generator SecurID system, please don't make it exclusively available through the NCSoft store....

"Only" a maximum of 32. Oh come on, is that really going to happen?

People surely don't buy that many characters slots and play them all. Meaning, the only reason you'd need that many slots is for raw storage. And if it's raw storage you want, why would you buy all those character slots... when you can get a lot more storage for the same money by buying new accounts?

Well, suppose there ARE people in that situation. ANet can increase the maximum number of slots. Anyone subsequently buying huge numbers of character slots or locks needs to beware of the risks.

Or they could simply sell the lock to the user, but either a) the buyer doesn't get a free character slot with it, or b) they get a free account instead plus all skill/item unlock packs for it, and hell - they deserve it after buying THAT many slots.

b) sounds good. But a) wouldn't be so bad: You'd still get your lock; maliciously locking all 32 slots would "likely" cost $200 or more... probability tends to zero; possibility that a player has 32 characters that are all so important they need to lock them ALL against deletion... and they pay $300+ to do it... and therefore end up unable to re-roll characters any more... probability tends to zero.

Actually, Anet can find out exactly how many people are in that situation. If there are none, no problem. If there is only a handful of them, "too bad", let them take a hit for greater good. If there are lots, increase the maximum number of slots... or go with a) or b) above.

would be nice to be able to lock my characters their armors and items from salvaging hazards and deletion
also put a merch lock on it tho

also allow multiple private questions for that IP tracing option
that way security would be tighter

De-linking from NCSoft for one, yes please.

The issue with a SecureID/Keyfob/Dongle is price and upkeep - I highly doubt ANet would pay out for this to begin with (as it is quite expensive to implement based upon the number of subscribers/accounts they have). Plus the cost of the fob itself would more than likely be passed onto the player (which for peace of mind is probably worth paying, other will not though).

My preferred solution, in conjuction with the hardware tie-in and IP check, would be the in-game lock system. This would be beneficial indeed and I would probably go further with it and make this default on login and thus prompt a user for a "pin code" to unlock.

The unlock kepad could also be coded as to position numbers randomly. This is something I implemented into a system I built for a company a while back and has, to my knowledge, worked very well for them.

Example on your calculator you are used to

1 2 3
4 5 6
7 8 9

Each time the keypad appears, the numbers would be in different positions. E.g.

4 8 9
5 3 7
2 6 1

This would help to desist click loggers in determining numbers clicked, since everything is random. Throwing in some letters into the equation would be good too. ANet could even use pictures instead of actual numbers/letters, thus providing a little more security (since the Guild Wars memory is actually very easy to expose if you have some average knowledge of memory manipulation via code).

No matter what is done though, nothing is hack-proof. But at least we as players would have more peace of mind.

I voted for Strong Password Policy, as it is the only prevention listed that is fairly simple to implement and the easiest for the player base to use.

While this poll is useful for determining what the community would like done, it puts zero pressure on Anet/NC soft to do anything in the short term.

This poll will answer the HOW But what is needed is a clear Signal as to WHEN.

As interesting as this poll is, it only serves to make the debate spin round and round as it has done for the last 4 years.

Pressure needs to be exerted on Anet/NCsoft in conjunction with all this discussion.
Anet/NCsoft is currently not feeling any pain about this issue at all and so have no motivation to do anything about it.

They have your money so who cares?

Perhaps it's time to take this subject to IGN,MMOsite and other online sources than fansites...

I would suggest those who feel strongly enough send Regina A PM on this forum expressing this concern and send an email to [email protected] expressing those concerns.

Edit.. I don't get the percentages figures on the poll, they add up to more than 100 ??

What concerns me the most at the moment equally as much as the threat of accounts being hacked, is the the absolute silence from Anet in any of the threads which we as part of the gw community have voiced our opinions on about this very important subject.

Even a small gesture saying "we understand your concerns and will look into it" will suffice, instead of the complete and muted silece, or at the very least an acknowledgement that there is a problem that needs to be rectified as efficiently and as quickly as possible.

Then again this is Anet were talking about and I am sure the most pessimistic of people will feel that hell will freeze over before they admit theres a problem.

Sort it out Anet, I know its just a game but at the end of the day if the security of GW 1 is questionable now what makes you think players now will put faith in the security in GW 2 and purchase it only to have there characters and items destroyed/stolen several months later?

Pol

The percentages for each item, shows the proportion of people that voted for that item. Nr of votes / Total voters * 100.

You can vote for more than one option, so adding the percentages for each item is meaningless - and won't add up to 100.

I thought so, seems a really complicated way of going about things. Oh well

I'm going to give my opinion on the various options

• Static IP/MAC/HW checking
  Implementation on this is hard. I would agree for non-dynamic IP users or users who will be on a limited number of IP ranges (just enable the entire range). Keep in mind that IP might change for some reason and this will cause trouble (we had some serious trouble when our IT department changed the main router last week). A good way to communicate and confirm the change would be nice.
  
• Strong password policy
  I don't believe in more enforcement. Many people don't want the trouble of a 'strong' password, even if that trouble does not really exist.
  The main problem is using the same credentials on various places.
  To discourage brute-forcing it would be nice if a IP address or range can be put to slower logins when failing (not entirely on account level, else there is the possibility of denial of service).
  
• SecurID authentication option
  This is a great option. I use this for work as do many other people. One major problem. Battery will be empty in time. We had this problem several times with people in our IT department who use their token often. And we are not even talking about the people spilling drinks on the item or putting it in the washing machine.
  
• "NO DELETE" option on characters/items
  I think this is good, I would call the option 'fix to account'.
  Meaning marked items cannot be deleted, salvaged and cannot be moved from the account to another account.
  
• Authentication for storage access
  I don't see much added value to this. The 'fix to account' option mentiond above should work better.
  I know some websites offer a 'pin' to protect specific 'valuable' area's.
  It might slow down a hacker, but why is he on the account anyway.
  
• Randomized point and click input for passwords
  Would work against keyloggers. I can see some use for this, but not too much. I think it would be annoying if you d/c about every 15 minutes and have to log in while searching each time
  
• Compromised account restorations
  Ah, rollback. Sounds nice, would not work except when disabling trading
  
• Other H/W solution
  One thing on the 'fingerprint'. We have those at work on some workstations. Funny things. Till one colleague of mine called with the message: I cut my thumb last week and cannot log into the system.... Lucky the help desk for that application has quick response times.
  
• Other S/W solution
• No additional security required

Let me say this.
I do believe that account safety is very important. However, first priority is keeping unwanted people of the account, which is mainly concerned with the user. A-net can implement some things to help here, but this is not their main problem. It will be if their systems are hacked and credentials are stolen from them though.

There are plenty advices on the internet how to make accounts more safe. One of those advises is not sharing the same username/password combination everywhere.
Another is not downloading from an untrusted source or run security measures (like virus-/mallware scanner).

When an account is compromised nothing more can be done. People can do whatever they want with it. Sure, you can have an option that prevents all bad things. However, the hacker might get annoyed and rant in local chat in a major outpost, causing a perma ban (and while busy also change credentials so that you first have to get the account back only to find out it's perma banned).

My suggestion will be in the 'strong password policy'.
Have A-net do a simple check on strength.
All same characters, same case, dictionary for commong languages, low length = red
Variations in case or addition of numbers, low length = orange
Variations in case combined with addition of numbers, decent length = yellow (ish)
Variations in case with addition of special characters, decent length = green.

Give the result back when it's not green with a warning message depending on color. Red = huge warning, yellow = suggestion to add some special characters. People can choose to accept the unsafe pass or type a new stronger one.

And another suggestion. When the password is to be entered make a HUGE message on the window to please, please, please not use the same password as on other online resources.


The second option is something that A-net might implement with not that much effort.
However, I don't think we should expect this from them. Individual account safety is YOUR responsibility, not theirs. When it's about their databases containing those credentials or the servers running guild wars it's A-net's responsibility. But we are not talking about that, are we?

It's become clear over the past few weeks that no matter what we the users do, accounts are being still compromised. This all points to a weakness somewhere in the authentication process.

These design weaknesses in overview have been known about for a long period of time

This is very firmly with Anet's and NCsofts area of responsibility.

At this point in the game it does'nt matter to me what technique is used, so long as my characters and stuff is protected from deliberate sabotage.

Oh, another thing I don't want to add in my previous posting.

A couple of weeks ago there was a kind of strange transaction on my bank card.
In the morning I used it in my country, in the afternoon I used it in my country and in between it was used in South Africa, which is about a day travel away (flying...). Bank solved this fast (thank you for skimming my card....)
I guess it would be possible to detect IP usage and if it's likely that those two can be used in the timeframe.

I like "red/yellow/green" light when entering passwords idea, IIRC, no mmo currently has it, but it has became kind of standart practice elsewhere.

Instant "your password sucks and is easy to break" notfications.

i think this poll is gonna be heavily flawed

theres far too many lazy people on the forums who wont take the time to read through what each one means and how it works. they will just click the ones that they know (dont delete bank stuffs plz) (password for bank plz)

personally i think the static IP checking would be good

i dunno how they could implement the password on xunlai chest, i certainly wouldnt want to enter a code everytime i opened my storage, everytime i logged in perhaps? i could live with that.

also think that there should be an option to lock character so they cant be deleted without a code

To quote Chthon:
http://www.guildwarsguru.com/forum/s...&postcount=117
Given this quote, I do not see why actions we take are even brought up.

If this issue can be resolved by our own actions, then PLEASE somebody make a Riverside thread describing exactly what we should be doing. Sticky it and plaster that link into EVERY "I got hacked!11"-thread before closing it.
If on the other hand the accounts can be compromised REGARDLESS of what we do, then STOP bringing the actions we take to this discussion. Because that's NOT the issue here!

Just as a minor point of clarification, Guru does do this. Because there are many reasons an account can be compromised. See our closing text below:

Read this on security, run this to download anti-malware software, go here to ask for support on your issue.

I really hope they will address this issue seriously. Too many people I knew and played with left the game as a result of account hacks. I like the options JR put in the poll.

I'd like to give a quick technical insight into the proposed solutions (which can also be gauged from the viewpoint of the players ofc, but it's not rare to find misguided security opinions):

1) Static IP/MAC/HW checking

Quite tricky as I suspect many people do like me, and use various accounts from the same IP and various computers anyway, thus making it more difficult to create a clean and simple to understand policy. Some people log in from other countries, e.g. via VPN, banning Asian IP from USA-/EU-tagged accounts may lead to more support problems than what NCsoft can afford for GW1.

2) Strong password policy

A good one anyway, BUT (and this is a MAJOR but) it needs to go hand in hand with good explanations (of why a password is not good AND what a good password is). A good password policy must start from the fact that passwords are tradeoffs between "difficulty to guess/crack" and "how easy it is to remember it", and thus a universal policy is not easy to impose to customers (Microsoft knows that fully well).

3) SecurID authentication option

Very likely to be difficult to manage on such a small-scale company. What looks (and is) fantastic to the customer in fact requires heavy resources behind the scene (both additional servers, modify software, but also new staff and staff training) which can only be recouped either on a WoW-scale or on the long term (if management made the bold decision to go that way).

4) "NO DELETE/SALVAGE/TRADE" option on characters/items

Good but prolly quite complex/costly to implement in the cluttered and outdated GW1 software. Plus it would take resources from the current Live Team projects, slowing them down more. (this actually applies to all proposals!) And potentially generate a lot of support tickets from people who change their mind or who've made a mistake (happens a lot!). And it'd be a perfect way for a non-pro hacker (e.g. your friend who's angry at you) to lock all your chars and annoy you!

5) Additional authentication for Xunlai storage access

Tricky. Authenticate means more stuff to remember/do each time you want access, whereas most people would like an easy access which simply requires a click. More than that and they'll start thinking about not using it!

6) Randomized point and click gui for password input

Breaks the game immersion, sounds too serious for a game, many people could actually get confused at this (it's not because it sounds easy for you that it is easier; I've actually read some research on that and this kind of new security features do improve the security, but at the cost of educating people)

7) Compromised account restorations

Impossible for GW1. That's what Anet will say.

(solution 11 not on the list: educate people? e.g. each Guru-er starts spreading the word rather than pointing fingers, people spend less time speculating about who's fault it is (while still asking Anet and NCsoft for accountability) and more time imagining how to change the situation by themself acting, rather than asking others to act)

Now, someone told me which website was compromised and I immediately thought: Anet and the community have been very lucky that it wasn't worse, it could have been a lot worse.

For character locks, I think not. It's comparitively simple, it only affects character selection screen, nothing "in game" needs to be changed, play-tested etc.

Do it the way I suggest (below), and the friend who's angry at you will most likely have to spend $80 or more to do this (assuming 8 characters). They'd have to be pretty angry to do that, and also quite dumb since the "victim" would GAIN a sh*t-load of characters/free storage in the process, and nothing would be achieved except cluttering up the character selection screen.

I'm asuming a character lock would cost at least as much as a character slot.

As Zwei pointed out, the "angry friend" could buy enough locks/slots to completely fill your account. (And make them all Mesmers ha!) But that would cost over $200 assuming you had 8 characters originally - and even if someone was determined enough to buy you all that free storage... I'm sure A-net could find a way around that situation anyway eg.

I give an example I encountered recently and brought up in my previous post.
Somehow people managed to get access to the card of my bank and my pin code. It's called skimming (copy card and read pin when entered) and I know what I should look for to avoid this as much as possible. Still people managed to steal this from me.

I can yell at the bank that they should fix this now and do whatever they can to avoid this. But they do not control all the payment-devices, many are in less secured stores. People are implementing a fix (get magnet-strip out and work with chip) but this will take several years before full implementation.
Meaning I will be vulnerable to those kinds of attacks.
Good thing for me the bank covers the money, however, I could have gotten in some serious trouble if people had taken more from my account (because I also have to pay the bills).

Compare this to A-net.
Suppose there is a leak at A-net/NCSoft. This still means people got the initial data (the e-mail address) somewhere else. This is like the payment devices banks do not control. This would make it possible to brute-force or do a somewhat targeted attack.
Then it's known that many people use the same credentials at other places. Hack a less secure place and you have those available.

Let's put it this way. How many people are hacked while having:
- an e-mail address not registered on any fan forum
- e-mail address most likely unknown by other means (social sites, mailing lists and such)
- a truelely strong and unique password
- the actual e-mail address was not compromised

If there are many of those accounts I'd say the problem should be more A-nets problem. Just as banks took responsibility for skimming issues.
However, I doubt this is the case.

Please prove me wrong if you have solid data that my assumption is wrong.

Other S/W

Remove e-mail for account id anywhere and everywhere.
Force the use of old password before changing to new with email verification prior to change.
Keep password changes game side not on a site else where.
Allow all ascii characters for passwords.
Drop down menu (point & click) listing each 'remembered' account name on game log on screen. Must remember the first letter/character in name to open menu with name and pass.

Just to list a few options.

Well since my account got hacked just yesterday and my petition thread closed just now... I've voted for: Additional authentication for Xunlai storage access - Compromised account restorations - Strong password policy -Static IP/MAC/HW checking.

I do hope that this poll will be taken very seriously by ANet and be implemented in GW and/or in GW2.

Think ANet, please think about this! We are all vulnerable at this point of time!

- Captain Scrat

Virtual Keyboard on the login screen. Instead of typing passwords from your own keyboard, clicking on a virtual one. Prevents keyloggers.

1. I disagree, fiercely, with the decision to close the previous thread and replace it with this one. The problem is not that a-net doesn't know what security measures would constitute an improvement. They've been discussed for years. The problem is not that a-net doesn't know that they have a big security problem. They know. The problem is that NCSoft doesn't give a damn. You don't get NCSoft to give a damn by conducting polls of people, most of whom are technically unqualified, about possible security features a-net already knows about. If you want to get their attention, you're going to have to convince them that the cost of giving a damn is lower than the cost of lost customers/revenue if they don't act. You might get their attention with a large protest thread threatening not to buy any more of their products until they fix this. As someone noted in the previous thread, you might get their attention by making that large protest thread, then pointing it out to the "gaming press" like IGN. If the goal was to goad NCSoft off their ass and into action, replacing the protest with a poll was a step in the wrong direction.

2. What security measures you want depends on what method of account theft you're trying to stop. If you're trying to protect the idiot who gives their username and password to a "friend," character locks are about your only hope. If you're trying to protect people from RMT gold sellers attacking the NCSoft master account, you'd better start with the NCSoft master account.

In case anyone has been living in a cave, I'd like to repost this from the previous thread:
To me, that is the biggest problem, and the place where efforts need to be directed. I can do a perfectly fine job of keeping my computer clean, not giving anyone my username and password, not falling for phishing, etc., etc. Basically, I can manage not to be a total dumbass, and I am willing to accept responsibility for the consequences if I fail at that. But I am not willing to accept a system where I am unable to keep my account safe because a thief can just go straight to NCSoft and take it. That absolutely has to be fixed.

(Now, I am not opposed to added security features directed at protecting against user idiocy. If a-net wants to work on them, I'd be perfectly happy to have them. I just see them as far less important than protecting against NCSoft idiocy.)

3. The most important security improvements that could be made right now were left off the poll. They are all directed at fixing weaknesses with the NCSoft master account:

4. Now to take a look at the options from the poll:

The best option from the poll. I'd like to flesh out some of the details for implementation:

• It would have to be optional. And, sadly, the default would have to be disabled. If it were enabled by default, too many stupid people would lock themselves out of their accounts and it would be a PR mess. To counteract the undesirable default, I'd suggest (a) an introductory POP UP announcement strongly suggesting that the user go turn it on, and (b) a very good "what the hell is this" guide/instructions for unsophisticated users.
• Whitelist option. Anything that's NOT the specified IP, IP range, MAC, hardware serial hash has to go through an additional password/security question/etc. to login. This additional hoop is part of GW and in no way connected to the NCSoft account.
• Blacklist option. Anything that IS the specified IP, IP range, MAC, hardware serial hash cannot login to the account under any circumstances.
  • Politically insensitive as it may be, "mainland China" should be a predefined IP block that users can simply check to blacklist. For most accounts, the only person who might ever try to login from mainland China is a thief. The comparatively few users who might live in or visit mainland China and make legitimate login attempts can simply not use this option.
  • Stealing a page from g-mail, the user should be notified upon logging in "last unsuccessful login attempt X hours ago from IP W.X.Y.Z. (block this IP?)" and be given a chance to blacklist the IP that tried to login and strongly encouraged to turn on the whitelist feature.

Yes. This is easy. A paragraph of simple text is enough to explain to the user what they need to do.

Also, NCSoft site needs to be changed to even ALLOW strong passwords.

Not a fan.

First, the inconvenience level is quite high. The things can get lost, broken, dead battery, etc.

Second, while it does a good job of keeping out unsophisticated and unfunded attackers, someone willing to purchase and sacrifice enough keyfobs to figure out how to get past the physical tamper-resistance measures and dump the ROM can break the whole system. The RMT companies who steal accounts en masse are the second sort of attacker (at least some of them are).

Yes.

In order to allow me to change my mind, either (a) allow me to remove the lock after a 1 or 2 week wait, or (b) allow me to remove the lock with an additional password.

If, as someone mentioned, "my little brother got on my account and locked all my characters" is a problem, a time release lock would be the better option. On the other hand, getting into a "my little brother got on my account and locked all my characters" situation in the first place probably requires user idiocy...

Inconvenience level is too high.

Inconvenience level is too high.

Also, only effective against keyloggers. Useless against the methods of account theft that worry me.

It's a budgeting limitation. Between the sheer volume of legitimate claims, and the extra work of sorting out fraudulent claims, support would need significantly more and more skilled people than it has now. They have the necessary data to do restores if they really wanted to, but not the staff.

The fact that you can be booted by a new login WHILE YOU ARE PLAYING has to end.

I forgot about that part...

That is complete horse-shit as a feature to begin with, and needs to be removed like yesterday.

If I'm logged in there is NO reason NONE that I should be kicked out, short of anet personally yanking my account as a ban or something. A new login attempt SHOULD alert support, but should NOT boot me out.

Fix that FIRST!!!

/endrant

It's 50/50 odds you're online and thief boots you versus thief is online and you boot the thief. So, it doesn't matter whether the policy is to boot current user or not.

Now, a smarter policy (which could be introduced along with IP blacklisting and whitelisting) would be to see if either login comes from the usual IP/MAC/hardware and boot the other one.

Also, as you mention, ANY instance of two people logging into the same account at the same time should kick off a report to support.

First of all, we don't know for sure what causes the increase of hacks. Whether it is at the server side at ncsoft or at the client side by the player. Or somewhere in between. If Ncsoft can determine the cause of it leaving all options open then this could be investigated further to determine additional security meassures.

On the other hand i'm astonished everyone is replying with all kind of technical solutions. I think that if there is indeed an increase in account thefts ArenaNet should consider to counterattack the source by cooperating with ISP's and police force in the originating country of the hack. In this case possible meaning making agreements with law inforcement in China to investigate and take appropriate legal actions. If countries as China are so untrustworthy that would mean that you target that cause and not compensating it with meassures at ncsoft or client side. If it is determined that this not possible then it is to be considered to take addtional technical security meassures.

What i am also wondering is if Aion, Lineage are also experiencing these hack problems. Those can be added to you're master account too. That would make the business case to implement a more expensive sollution more likely. The costs for the security meassures can then devided to more people.

Resume my monoloque. There is no fail proof sollution if we don´t know what the cause is. In the netherlands there has been, in relation to the criminal code, a lawsuit where people were succesfully prosecuted for stealing in game assets from a guy. Maybe that is a sollution to scare of those criminal organisations.

You've bought the game with the security that is already in place. To me that means that you've accepted the current level of security as "sufficient".

For me the current level of security is NOT sufficient and I am willing to pay for additional security measures. I am not willing to pay for anything else from A-Net or NCSoft without additional security measures being added.

For all you know, upier bought the game before the NCSoft master account was introduced. Account security is severely degraded by the NCSoft master account, but how incredibly bad it is didn't become widely known until some time after its introduction, and after plenty of people had already linked their accounts blithely assuming NCSoft wouldn't totally screw them. Well, they did....

No, we don't know the source of the attacks - and thats EXACTLY why I want some technical solutions.

Because I want to mitigate the damage if someone breaks into my account, despite all my precautions, because ANet or NCsoft has a vulnerability that is being exploited.

Even if they found the cause right this instant, I'd STILL want them to add the damage limitation stuff... for when the NEXT vulnerability is found and exploited, or indeed - in case I did something dumb by accident.

I'll be an old man before anything like that happens.

Meanwhile any exploits would continue and there'd STILL be no damage mitigation for the victims.

I don't know about Lineage, but a few google searches shows that Aion players are indeed experiencing these problems.

There is no fail safe solution even if we DO know what the cause is. You plug one hole, but how long til the next one is found?

That's why I want permanent character locks, so my main characters can never, ever be deleted... even if new vulnerabilities or exploits are found.

Agree with this^

They've said something to the effect of looking into solutions on the wiki (in a spot the majority of the playerbase will never be able to find it - Gaile's talk archives), but they won't admit to any problems other than the ones fansites supposedly have.What makes it even better is that we know it's not impossible, thanks to what's-her-name getting hacked, destroyed, and then restored once enough community pressure was put on... or something. Silly mesmers. We know restorations are possible now, though.

Please, don't put any ideas into the execs little heads...

As I understand the GW mentality, you pay extra for more storage-inventory and account-and you also pay extra for cosmetic things. I'm okay with paying extra for those.

But computer security is NOT a cosmetic issue...

It's something that concerns all players equally. Therefore, it should NOT be micro-transacted...

Restore stolen goods...I can see the loophole in this:

Me: 100 items value over 100ectos ***EACH*** on hand
Friend#1: Fakes a hack and transfer my 100 items over to Friend#2 (REAL life friends that doesn't give it back I can kick his ass...LOL....) and make it look like a legit sale
Me: Report hack to ANET
ANET: Restore 100 items EACH value over 100 ectos back to my account.

Results: Friend#1, Friend#2 and I have double what we had originally.

Of course you don't do this from the same public IP address and use proxy servers. I'm sure we all have friends that don't live in the same city as we do. You'll be stupid and deserve to get caught!!!!!!! if you do this from the same public IP address.

Repeat w/ new friends.

So, before we had 20 mini Mad King guard...now we have 21 mini Mad King guard..
Repeat...mini Mad King Guard becomes 1000+ in a few days or months.

See? EVIL RULES!!!

all I see is you getting banned as well as endangering others. you might get away with it once, but the way you're on about it...you aren't gonna dupe that easy, that many times, when dealing with real people.

and paying extra for security? you must be joking. I'll drop the game like a bad habit.

Let me be very clear and show you why gaming developers laugh at your petitions and threats of boycotts. Now Martin Kerstein will probably hate me for this (sorry!), and let it be noted that this probably isn't his current opinion of this specific problem so please don't read more into it then necessary.

Little bit of background, if anyone followed Modern Warfare 2 you would know that there was a huge threat of a boycott over no dedicated servers. People were extremely passionate about this. Let me show you Martin Kerstein's twitter in response to it:

So MW2 sold nearly 5 million copies on day one just in NA and UK. I see the boycott worked. Boy who cried wolf indeed... http://bit.ly/CHeda

i think it is a perfect picture for a tendency of internet behaviour . check this article: http://bit.ly/fKiPv

and as a follow up on my earlier MW2 posting: http://bit.ly/3oqrSP

Just for illustrative purposes here in case people don't click the links:



I think this demonstrates fully the opinion of gaming developers as a group about community petitions and boycotts. There were 140,000 signatures on their petition by the way.

Our goal on this forum is to provide constructive feedback. While I can appreciate your desires to do this in petition form I would rather have the community engaged in discussion. Many people also expressed that in the petition thread as well. This thread is going very well, there is the exchange of ideas, there are opinions, there is analysis of different security options, there are voices that are offering their feedback. Exactly what is desired on a forum. I count this thread very successful.

I hope people realize that hackers from China have hacked the Pentagon and stolen sensitive weapon information a few weeks ago.... i don't see how Arena Net and PlayNC stands a chance.