Poll: Account Security Solutions

Like I said, you're stupid and deserve to be caught if you can't think of other ways of duping through a fake hack or other loophole if ANET implements the restore feature.

And DUH!!!, not going to be that dumb to do it more than once per account per year. Why do you think people have 4 accounts??? LOL!!!!!!!!!!!!! and personally, I wouldn't do this on any rare and limited mini pets. I would rather do it on say a mini Dhuum since there is no set quantity like the mini Mad King Guard or a Crystalline Sword R9


Remember Friend #2 will keep his stuff because to ANET, it looks likea legit sale; a RANDOM person getting the item for free, drawing, contest, or at the right place and right time to buy.

ANET pulls Friend #2 inventory, he will argue back and said, "Hey, I bought that from a guy that was desperate for gold." or some other BS." If we want to make ANET really miserable. Transfer those items around 10+ time to different accounts times to make ANET spend more resource in the investigation.

So now ANET will have to spend at least an hour to review the log and see where and who it went to and for how much and reverse all that. Now, sounds easy and doesn't sound like much work, but multiply that by a factor of 1000 and ANET will be tied up reviewing logs and would have to put some resource into just reviewing the log. This of course, will cost ANET real money because the resource that could've been use for other things, is now use to sniff through logs to restore stolen goods and etc....

See?????????????

You're joking right? you do realize that many other well-known games have/had this sort of feature implemented and haven't been taken for a ride....

it was a storage thing brah.

As long as they prevent any security holes on their end, nothing needs to be done. I have never had any account for anything I have ever owned stolen, ever. Adding anything would only serve to annoy me and baby people who do something dumb.

I joke, u not. I am alive serious.

Let me point out a few things that indicate why this is totally irrelevant to the topic under discussion:

1) Distribution of sales

The specific issue you raise was with the PC version of the game. So the game sold 5 million copies on day one, eh? What proportion of those sales was to PC, XBox and PS3? Moreover, what would have been expected? The data you indicate is a useless and pointless refutation. Show me robust PC sales and I might agree with you if not for:

2) Hacking the game client

PC users found a way around the problem. Even if PC sales were robust, the fact of the matter is that PC users could expect that members of the community would find a way around the issue that concerned them. No such solution exists here.

3) Substitution effects

Where else were the COD4:MW2 purchasers going to go? I'd argue that they weren't going to substitute to L4D2 for a variety of reasons. Can we agree that the substitution threats to GW2 sales are Diablo 3 and Star Wars: The Old Republic, that Blizzard has satisfactorily demonstrated a commitment to inexpensive account security measures, and that Bioware is intelligent enough and sufficiently well funded to avoid NCSoft's mistakes here?

Assuming that what proved true in COD4:MW2 sales will apply to GW2 sales is foolish. There's no guarantee that the causal mechanism will play out the same way, and plenty of evidence that would suggest otherwise. ANet is the disadvantaged marketing player and simply cannot afford to alienate the existing player base. It really is that simple.

There are so many easy things that can be done. E.g make it so rare mats can never be salvaged from armor. Then there would be no point in stripping chars of thier armor for money. Any improvement would be welcome at this point. Put a temporary measure in place while the proper one is being fixed.

It was done before I.e reconnects taken away while the dupe was fixed. So why not do something now?

You can't compare EA and Anet. EA has hundreds of products over every gaming platform there is, Anet has just one product on a single platform.

If anet succeeds in isolating it's established fan and player base then quite simply GW2 starts from a very, very weak positon.

No company in this day and age can afford to ignore the wishes and concerns of it's customers, especially if that company has all it's eggs in one basket, EA may well be able to ignore the feelings of a few thousand people, Anet with it's single aging product imho just cannot(well it can, but you know what I mean)

Normally I would agree were the subject not so important We're not talking about if a skill should be changed, or wouldn't it be good if...

If we are getting daily reports of multiple account loss to the point where threads are having to be merged, If Guru is only a small proportion of the community who knows how many have been compromised game wide. Some may not even know they have been hacked for months.

This issue is so serious that I believe the 'we'll let you discuss it' approach is no longer valid. As an elite site you have direct contact and relationships with people in Anet we do not have.

On behalf of the community you, by proxy represent then I believe some sort of open letter to areanet CC'd to the gaming press is needed, followed up by updates as to the responses or not.

For an issue this serious and this destructive I believe standing by and just watching person after person post the same horrific thing is unacceptable,

I admire the job all of you do here, and over the years you have done a fantastic job for the community, but this time i firmly and totally believe you can and should do more.

My apologies if you are, but if so it has not been made public. In that case perhaps it's time it should.

Also, Infinity Ward cannot be compared to NCSoft let alone Anet. IW is through the roof right now, they sold so much copies of MW2 (including Console, well specifically Console), it's not even funny anymore. Anything they sell after that will become a sure hit.
NCSoft on the other hand should take complaints much more serious, they don't exactly drown in cash (they're not doing too bad either, but nothing compared to the big names out there).

What I'm trying to say is: pressuring NC (even if it is through Anet) will have a greater effect than trying to pressure IW. So I guess this thread has other means than pure discussion and suggestions.



Another thing that boggles my mind: Why did NC change their site in the first place. Were they really that dumb and neglected security just to save a few cents? Don't tell me they were really that ignorant

And if they were, they deserve a little payback, just enough to never make such a mistake again. All I know is that if this situation is not dealt with until GW2 or even gets worse, I will not bother getting GW2 (at least until I can be sure that my account is as safe as you would expect from an MMO).

These 2. Anet are able to add or remove items during a live server build such as with trades between NPCs or during Holidays with ToT Bags /Masks when in town and participating in the games such as the 9 Rings of AFKdom or Grenth vs. Dwayna.

For the S/W Solution, I was thinking of automatic Email confirmation for Email or Access changes. If you try to change the Password, then it is only changed AFTER you enter a pin or click a link which is sent to the registered Email. If you try to change the Email address of the account, the same happens, but a confirmation is needed from the old and the new address before anything is changed.

This is standard procedure with most games and Sites already, so I don't know why Anet/NCsoft don't use these basic company side security features. If for example the User has lost or forgotten his Email address, then there is always the possibility of getting help from Support via the CD Keys, character names or what ever else sort of information they randomly request. On a side note: There should also be a possibility of changing the registered address of the user in case the user moves house because this isn't really that uncommon nowadays, especially as many users are in the teens and move for college or out of hotel Mom for the first time.

I voted for SecurID. I have used a SecurID fob at work in its various forms for many years. These things are used by the biggest businesses and even by Government Departments to protect their information and I firmly believe that this would end account hacks period.

Several of the choices do not in anyway address the issues that have been exposed and discussed specifically by Martin Alvito in his well thought out and reasoned posts on the weaknesses in the PlayNC Master Account - specifically the fact that the site tells you if you guess things right, doesn't require a confirmation email or knowledge of the exisiting password, and then exposes all your linked usernames to the hacker.

I would also like to see a clear acknowledgement from ANet and or NCSoft that they have a serious problem and some form of in-game restitution for those of us who have recently had years of playing this game destroyed. I would not expect or even want this to become a long term policy as it is indeed open to abuse.

What has surprised me in both this thread and the closed petition thread was how many new people have posted saying they have been hacked. As we know that we (as in Guru members) only represent a tiny fraction of the community, there must be hundreds if not thousands of active players who never post anywhere who have suffered the same fate.

Theer must also be similar numbers of dormant accounts that have also been hacked that we won't ever find out about, or might only find out about in the coming months if the players decide to come back to the game.

I am also still astonished that there are still some people who still don't believe there is a problem, although they now seem to be in the minority.

This problem still seems to be escalating. The community is probably smaller than it ever has been, yet the number of players reporting hacking incidents is now higher than ever.

I have played Guild Wars for four and a half years and in all that time have never seen anything on this scale. There have always been occasional reports of accounts being hacked, but they could be explained by the usual keyloggers or shared accounts etc, but this latest problem seems to be much more than that. The majority of us who have been hacked recently are long term players, who if things such as keyloggers and weak passwords or poor personal security were to blame would have been hacked long ago.

You guys seemed to have missed my key point. I wasn't comparing MW2/EA with GW/Anet. I was showing you the overall opinion of game developers on petitions and boycotts. Not the facts or inconsistencies behind it.

It's how you framed the post. You started out with, "Let me be very clear and show you why..." rather than framing it as something like, "Game developers don't believe you. Here's the evidence they're using." The difference is subtle, but influences the responses you get.

In any event, the point that people are making is that while other game developers may indeed be able to ignore their community, doing so here would be fatal.

If ANet's looking for proof, they should ask the marketing department a simple question. In 2006-2007, what proportion of existing players purchased the expansions, and what proportion of players reporting getting hacked during that period purchased expansions? I'd bet that those proportions differ and that the difference is statistically significant.

Moral: account thefts cost you business, even when you cannot be held accountable for the thefts. When it's reasonable to hold the developer accountable, account thefts are poison.

Yea, you may be right about ES IW or other major Game companies. They can afford to scare away a few thousand players because a few thousand copies of 20 Million is not as bad as a few thousand of 2 or 3 Million players in total.
Anet have however listened to the Players that have screamed the most over the past.
Minion Masters were overpowered, you can only support X amount of Minions now
SR was overpowered, you can only get energy 3 times every 15 seconds.
UB was over powered, Anet nerfed UB 2 or 3 times.
CoP was overpowered, It got hit by the Nerfstick.
SF and a few more Farming Skills are overpowered, It is in the works with Anet.
These are only a few examples of what has changed in the last few years after the players complained. I really hope Anet listen to this and actually sit down with NCSoft to constructively work on a solution to the problem. They don't even need to brainstorm ideas much, because the player base is basically serving these to them on a silver platter. They only need to go to their system admins and give them the ideas and ask which ones are actually possible and which ones they can trash immediately because they're not worth the effort or the costs.

Edit: There is also a difference between players not getting their favorite servers or great graphics as opposed to account security for a product that is basically only physically on the Host servers. It makes the whole EULA rules void if the makers themselves cant even guarantee basic host side security for the things that do not break the EULA. Rules and responsibility run both ways. Security is not an issue that is solely the responsibility of the user.

Now heres a question for you in particular Inde. What do you think that could happen to you, if it turns out that the user security on Guru is too lax and users have come to harm through virtual loss? There must be a reason why you are always cracking down so hard on Spammers, Ad-Bots and insulting posts.

Yeah, ever since gaming went mainstream the biggest profits have come from the "casual gamer" demographic. You can totally ignore the serious, hardcore gamers and still make a fortune so long as you can keep the attention of that guy who buys every crappy movie tie-in game and a new version of Madden every single year. I get it. Lots of folks get it. This guy gets it and even draws cartoons about it. These guys too. MW2 telling the hardcore gamers to go jump in a lake and not having to pay a price for having done so is just one more example of a trend that's been happening for awhile now.

However, there's a huge distinction to be drawn between leaving out dedicated servers and letting Chinese RMT thieves steal accounts at will. Dedicated servers only matter to the hardcore gamers -- people who care about things like latency advantage, etc. The lack of dedicated servers hardly bothers the casual gamers. On the other hand, nobody is going to buy a MMO if they know their account would be subject to unpreventable theft. Not even casual gamers. If, starting tomorrow, every kid who works at Gamestop starting telling customers who came to buy Aion "I suggest you buy a different game; NCSoft has weak security and your account could be easily stolen and there's nothing you could do about it," sales would fall dramatically. The only reason that NCSoft's sales haven't fallen off a cliff, the only reason that NCSoft hasn't chosen to clean up its act, is that almost nobody knows. The vast majority of the potential customer base of causal gamers is totally ignorant of the problem. It's only a comparatively few hardcore people on the forums who grasp the size of the security problem -- a comparatively few people who can't even agree to be vocal about it. NCSoft can -- and probably will -- ignore us unless and until we become so vocal about their poor security that word gets out among the broader potential customer base.

Now, why I said we "might" be able to get their attention with a petition is that maybe, just maybe, someone at NCSoft can see the likelihood of progression from highly vocal forums to articles in the gaming press to the kid at gamestop whispering advice to avoid certain companies. And maybe this person would decide it's wiser to save face by fixing security before the company gets a widely-known reputation for bad security instead of after. Maybe.

The hell it is. In addition to the fact that we're polling a largely non-expert group about matter that require expert knowledge ("75% of Fox New viewers who responded to our poll think the Large Hadron Collider is a threat to all life on earth!!!"), we're rehashing a matter that's already been discussed to death. These ideas have been know for YEARS. They've been suggested for years. They've been not implemented for years. The only thing that distinguishes this thread from any other "suggestions for improving account security" thread from 6 months ago, or a year ago, or 3 years ago is the fact that NCSoft's faulty security is likely responsible for many of the recent account thefts. That's the elephant in the room. That's what we should be talking about.

So how many people have actually quit over account security issues? Do any of you have the hard data you need to support your positions? All I see is a lot of handwaving and baseless conjecture.

There isn't a single option in that poll that's really worth a damn. Even SecurID is vulnerable to trojans/MITM attacks. And for those of you who think you're immune to viruses - even official first-party drivers have been compromised by viruses (http://news.softpedia.com/news/Offic...s-122612.shtml). No security program or policy in the world matters if the user authorizes the program. And that's ignoring factors that are generally outside of your control (e.g., DNS cache poisoning).

LOL, I actually do really appreciate everyone's passion over this. But as you have so eloquently pointed out Chthon, we may be screaming at a wall. All we have is speculation. ArenaNet has tried to respond to the issue. Gaile Gray's talk page has been updated quite a bit over the last 2 months with their research on this issue. It's more then I have seen in a bit so you just have to be watching the right channels of communication they use.

Burst Cancel, I'm sure by now most of can indeed see the flaws with every choice. But I don't believe it should stop any company, whether it's a financial institution, retail, school, game, website or any other online portal from at least trying. We all know that basic fact that if you're connected to the web, you are vulnerable.

I meant not possible in the sense of not manageable. Not at all.

Can't get the data. And I don't blame ANet and NCSoft for concealing it.

But what we can say with confidence is that, compared to other websites on the web, the NCSoft website is five to ten years behind the times. So when we start observing droves of players complaining that their account was stolen via password reset at the NCSoft site, we can infer that the two are probably related.

If you can't appreciate this based on what has been said, do what I did: go to the website and try to figure out how it could be hacked. You'll quickly realize that an organized effort to do so would pay dividends. Just don't actually log into your PlayNC account unless you like risk.

We're not looking for impregnable security. Honestly, we just want the security to be competitive, so that hackers move on to more attractive and profitable targets rather than go after this game. As the industry leader, Blizzard answered the bell. But if NCSoft can't be bothered to follow, then there really isn't any sense in doing business with them further. If I'm going to be playing something online for an extended period of time, the account I use had better be secure.

And this is why I disagree with you Guru admins and moderators closing Shan's poll and closing all the "I've been hacked!" threads that have been popping up lately. Once a thread's closed it drops off the front page and the scale of the problem appears smaller than it actually is, whereas what we actually need to get anything done is to push it towards the bolded parts in Chthon's post. This problem is HUGE, guys, and deserves more attention than just this one open thread - until something is done about the NCsoft login procedure and/or other security measures are implemented.

They have been closed but they are not simply deleted. We have a very clear record of them in this thread here: http://www.guildwarsguru.com/forum/s...79#post4928279

Which is still on the front page.

None I'd wager. People don't stop playing a game they already bought over poor account security; they try to avoid buying a game with poor account security in the first place. Well I suppose you could count the people who had their accounts stolen and couldn't/didn't care to deal with support to get it back as having "quit."

1. While neither is particularly likely to be effective, screaming at a wall is better than whispering at it.

2. Where there's smoke, there's fire. I don't need to wait for Martin Alvito to figure all the details out and produce a working proof-of-concept to draw conclusions from the mounting body of circumstantial evidence. There is a very high probability that there exists a method of stealing GW accounts that bypasses or largely bypasses interaction with the user. There is a high probability that the NCSoft master account's password reset is a major weak point.

3. That gives me an idea. Why not try to give you a proof-of-concept? Would anyone, especially those who say "you can't prove the weak point is at NCSoft, so it's all speculation," like to volunteer for "Project Hack-A-Mate"? If so, PM me the name of the NCSoft account linked to your mule account (or even your main account), and I'll get some people together to try to break it.

4. I now think Shan is right about something. I also now think that's only half the story.

It's pretty clear to anyone who has ever browsed dev/commentary forums/blogs on this issue that threatening to leave an MMO community (not buy future releases or other boycotts) is about as effective as walking into a bank with a banana, pointing the banana at your own head, and then demanding one million dollars in unmarked Gummy Bears... sure, you might get a few laughs, but you won't be taken very seriously.

The numbers of the players threatening to walk is always far too low, the number of players who actually carry out the threat are insignificant. And in GW's case, they're looking more at new players to expand their base far more than player retention, or at least, they should be. Even for a smaller game (like GW) such threats could be, at best, chuckle worthy.

Why don't we start here with a Riverside thread urging people to not buy anything from the online and the ingame store?

True enough. A boycott isn't scary. The collective action problem is just too much to overcome. But the thesis that people who have been hacked are less likely to buy further content seems intuitive to me. The apparent contributory negligence on the part of NCSoft just makes purchases that much less likely. The role of trust in MMORPGs doesn't come up that often. It's possible to recover from breaching that trust; EVE managed to do so after that ugly incident with GM manipulation. But I guarantee you that incident cost them a substantial amount of money.

Call me crazy, but I just don't see why it's prohibitive for a cash-flush company to provide a quality, modern website with basic, well-understood data protections. You claim your game is a top-ten seller all-time? Act like it.

I'm sure almost no one does these days anyway. Inflicting a paper cut won't accomplish anything, or even signal how upset we are.

The main idea behind it was to gather all the info that points in the direction that using those stores is something that increases the risk to one's account. And then spread this information on all the forums.
This isn't so much about pissing all over A.Net. This is more about us knowing that is potentially unsafe behaviour and as users it's best to refrain from it.
The same way that people post info on new scams to prevent more from happening.

At the very least, i'd like to see some if not MOST of these implemented into GW2. Then they will have more buyers guaranteed. Everyone likes to feel safe right?

Account restoration and a new way of keeping track of where the money go is the only way to do this.

I know you Chthon so I think you already know that: such an action could not only get you into trouble from a legal standpoint, but it's also very likely to put some "bad" ideas (strong emphasis on the quotes around "bad") into the mind of some players who may not have had them otherwise. From experience, I know that it doesn't take a lot to turn a tech-savvy players into a script kiddie, once they've googled the right stuff. While there's no reason to be afraid to talk straight about security, there's a social component of a discussion on security that can get wrong very quickly.

I've worked around security for years and most stories where players try to push the company into "taking actions" (Anet/NCsoft already did) end up badly, with the company forced to take a stronger stance (which will annoy the many who are ok and for which the new measures won't improve security and WILL increase the cost of their products) and the players being very angry, even if nothing happened to them (e.g. they're angry over a principle). As I tried to explain in my Guru security guide, there's a fine balance between security and convenience, and security understanding and paranoia. I do not wish to stir more controversy into this thread but I want everyone to understand that this is a topic that's extremely difficult to discuss here.

I do know and acknowlege that this is a primordial issue, but I disagree that this is the way to do it. Such a thread creates more emotions than needed to be able to reflect correctly upon the problem at hand. While you and a few others clearly have a good understanding, I doubt that it's going to serve the purpose of educating people, it's more likely to scare them.

I also despise the attitude that consists in threatening via sales. Yes people should make informed opinions, but No sales or no sales is not a way to send a message "get your act together". If anyone at a Gamestop would say the words I've read here, Gamestop would be sued and NCsoft would suffer, making a big problem into a terribly huge one (e.g. it's a bit like becoming the "bad guys" who want to steal/harm NCsoft).

Players just want something done. The problems and weaknesses of the ANet/NCSoft security level are well known and well documented. Yet nothing is every done.

There are two areas here that need attention.

1) Make it harder to hack
2) Limit the consequence of the hack

Why doesn't ANet want to do either?

So in light of all the hacked accounts, whats Anet's official response?

Do we just not do business with NCsoft ever again? Thats the only solution im hearing. I dont think thats what they want, so what are they doing to fix this problem?

Yeap.

1.Try to wipe out all personal info from NCSoft
2. Change the email account that is tied into NCSoft to a different email address that is DIFFERNT from you'r GW's login email address.
This way, if they do a password reset, it's still not the real login info for your GW's account.
3. Remove any save CC, if any, info.
4. etc...

Basically, try to make the NCSoft account as useless as possible to the point where if you were to give your account info to someone, he/she couldn't do anything with it since it contains all false information.

That's the only reason why I'm trying to get my NCSoft's acct# so I can log into NCSoft; to wipe out as much info as I can or replace it w/ useless garbage:

First Name: First
Last Name: Last
Address: 123 Address
ZipCode: 90210
State: CA
Email: [email protected]

"ever again" is up to Anet. I won't be buying anything until I see changes in security with Guild wars/NCsoft. If they can't fix this, I have to assume everything new will be broken as well.

Thanks for the response, this was what I was looking for. So they cant change your guildwars passowrd without having your personal info? I dont have any credit card details except for my personal info on that site , I dont want to risk logging in to change stuff that wont help. Im staying far away from ncsoft as possible and will be warning everyone I know to stay clear of their games.

Its a shame, I was just about to give Aion a whirl. Dont want to risk my GW account though. Sorry NCSoft, get your **** together.

Updates from ArenaNet are in this thread:

http://www.guildwarsguru.com/forum/s...php?t=10410963

From that reading, seems like Fansites is another possibility. Again, do not ever use real info on forums, including Guru .

I started looking at all my postings and deleting my IGN after the sell/buy. Also, remember don't register on any fansite w/ the same email address you use to login w/.

Personally, I'm staying away from NCSoft or buying anything through NCSoft website, incuding Aion.

I rather buy the box from a retail store than online through NCSoft even if there is a special promotion.

@ Chthon: I have to agree with Fril that you probably don't want to go there.

As I see it, there are presently three problems to overcome:

1) Players are unaware of the identified problems with NCSoft accounts.

This has been a topic of somewhat muted debate for months, if not years. The volume of reports of accounts getting hacked via password reset using the NCSoft account, coupled with the fact that many of these reports cannot be explained well by the usual keylogger/trojan source of hacks, is what has pushed the topic onto the front burner. Most players were not following the original discussions about possible vulnerabilities. The last two weeks have changed that somewhat, but I suspect that the vast majority of players still are unaware. Hopefully, the word will spread.

2) Convince NCSoft/ANet that these problems will cost them more if left unresolved.

It will cost them resources to fix the issues that have been raised. That costs money. This is at the heart of why the problems exist in the first place. We want perfect security, but it costs too much to be feasible.

Many of you posting here are dancing around this issue. You suggest boycotts and announcements as the way to address this problem. Neither will work; there's ample evidence and quality economic theory to tell you otherwise. What NCSoft needs to understand is that hacks kill MMORPGs. It doesn't matter whether it's hacking the client to dupe/scam/etc. or hacking players' accounts to loot them. Such hacks undermine the reasons why many of you still you log in - to accomplish something in a virtual world. If you can't trust that your efforts won't pay off, you won't play or make future purchases.

Account thefts are even worse for an MMORPG, because players certainly aren't going to spend money to add things to their accounts when they fear having the account taken away (again). That undermines the revenue model.

Now, NCSoft might argue that GW is a dead game from which they derive no revenue, and that it therefore doesn't make sense to fix the problems. However, if these problems are left unresolved, then what is happening now will likely seem a child's prank compared to what will happen at the release of GW2. Delaying fixing these issues will only convince players that they cannot trust the company they are doing business with to care, and abusing that trust is likely to lead to lost future sales.

3) ANet's communications with us.

Gaile and others don't seem to understand that their communications are less than reassuring. Let me put this bluntly. The players cannot discriminate between the following motivations for the continued stance that hacks are our fault:

a) Gaile is being truthful, and ANet has valid evidence that proves that the NCSoft accounts are not a matter of concern.
b) Gaile is being lied to by the security staff or by managers relaying their communications.
c) Gaile is being told to lie by Legal, Marketing or both.
d) The people managing the security of NCSoft accounts are incompetent.

We know that admitting that the breaches in account security are the fault of ANet/NCSoft might be costly, so there are incentives to lie. We also know that the people in charge of NCSoft security, if incompetent, don't want to admit it for fear of their jobs. So there are incentives to lie there as well. In the absence of evidence that shows that the NCSoft accounts are not the problem, anything from a) to d) could be true.

If a) is true, I understand why you do not want to release such evidence for public consumption. However, you need to realize that in the absence of evidence, we're going to rationally believe that b), c), or d) could be true and that your protestations that a) is true are wasted effort. The evidence that we observe suggests that it very likely is not true.

Moreover, your past commentaries suggest that you do not understand the problem. You have posted on the wiki that your investigative strategy is to find the common thread that links the account thefts together. However, it is a virtual certainty that you have multiple individuals, likely with different strategies, attacking the integrity of game accounts in multiple ways. If you're looking for an archvillain behind it all, you're going to discard correct hypotheses about how accounts are being hacked due to evidence that doesn't fit your approach.

The combined effect is the impression that you don't understand the problem and don't care about your players. I know that this is not the impression that you wish to leave with us, but it is what I take away, and it appears to be what others are taking away judging from their posts.

1. In case anyone somehow came to doubt this, please remember: My opinions are mine alone and do not necessarily reflect the opinions of any other person or organization.

2.
Breaching an account that you have been given permission to access is not illegal. At least not in my country.

Given how many posts detailing the gaping hole sin NCSoft's security are already up, those ideas are already in people's heads.

I'm not particularly fond of it, but, since NCSoft/a-net is unwilling to even discuss the issue, what other tools do we have at our disposal?

You only say that because you're a silly British person. Such as case would not only be unwinnable in the US, it might even be considered frivolous and result in fee-shifting and sanctions for wasting the court's time. In the US, a defamation claimant must prove the falsity of the allegedly defamatory statement. Moreover, for pressworthy matters (and this is one), the claimant must not only prove the statement was false, but also that it was uttered with actual knowledge or reckless disregard for its falsity. Is NCSoft ready to prove their lax security isn't responsible for a large chunk of recent account thefts? (And that a person couldn't reasonably believe they were responsible given the available information?) After American-style discovery proceedings? I very much doubt that.

I chose Gamestop employees for my hypothetical because they, at least in my experience, have a tendency to offer their opinions on which products customers should buy, even if the customer doesn't ask for their opinion. By and large I find them somewhat helpful in this respect.

3.
I don't know.

4.
I don't know. For the sake of not wasting my money on something easily stolen, that's going to be my personal response. As for calling for it as a collective response, I don't much like the idea, but I don't see any other options. The status quo is unacceptable. NCSoft won't even listen to the community about the problem, much less make changes. Now we can either accept the unacceptable or we can walk away. What other choice have we?

5. This is my final post on this topic.

This thread highlights a problem I have with MMOs (and RPGs in general): "achievement". People put in a lot of work - even to the extent of doing things they don't even enjoy - for the sake of in-game "achievement" that is tied completely to an account stored and controlled by someone else. This achievement completely evaporates if the account is ever deleted or stolen, for any of a number of reasons (including something as mundane as the game servers shutting down). In contrast, when someone plays Street Fighter or Starcraft, the main benefit they're getting (aside from the joy of playing) is skill, and that's something that can't be taken away easily. Ultimately, that makes competitive games of skill a much more attractive entertainment option than games of time investment and "achievement".

It's clear that most posters on these sorts of threads are getting two things mixed up.

As i'm sure you know, security comes in two main parts.

Stopping 'bad' people getting in and
Stopping them creating havoc if they do.

In this case the first part belongs to Ncsoft, the second falls to Areanet.

The community seems to be merging the two, which in this case is two separate companies and getting two companies to agree to a change is hard let alone admit something is up.

Most efforts seem to be focussed on the first part, but as we've seen and has been demonstrated efforts to get this changed have failed.

As Gaile stated getting the first part fixed, is very hard and requires lots of effort, so focusing on the second part makes more sense. At least in the pre GW2 timescales.

It also brings in a degree of accountability that has not been there previously. I.e it's not us its them, it's not us but you. How can it be me, it's clearly you etc etc.

By focusing on the parts Anet can change we shift the ground from pointing fingers to helping out,

To put it simply Areanet needs to be persuaded that limiting malicious damage to an account once access has been gained is simply the most important thing they can be doing at the moment.

It's not the ideal solution, but in firefighting mode you limit the damage then go on to fix the issue.

The key message is not that their security is a has a weakness, but that damage limitation improvements need to be greatly improved and quickly. That is a subtle but key difference,

Implying there is a weakness here (even if there could be) simply puts a company in defensive mode and in such a state that change is less likely.

I believe these threads have been diluted by trying the change the apparently unchangeable(Gaile has been trying for years remember).

Forget about who or what's to blame. The message i believe the community should be sending is that for the moment damage limitation is the number one game improvement Anet should be making.

I think that the only stuff Anet can do is something like Anticheats in Counter Strike , some detection of bots, keyloggers with the game ... but it is also "tricky" . Security between client and NCSoft has 2 parts , if client did fine i think most of the problem is solved.
Imho , the only thing left is damage done by hackers and for that , the delete option is the best. Rest of them seem like an attempt to load some clients task on security to Anet/NCSoft ... looks kinda gray ish for me.

Yes.

That's why my #1 choice is the option to make a character permanently undeletable. I want my main characters to survive into GW2. Lost items would be annoying, but I don't have anything of any great rarity or value, and I could re-acquire the stuff I have.

My main characters though... if they were deleted, that would be game over for me - I couldn't face re-creating those. And I'd really have to think hard about GW2 if the same thing could happen there, regardless of precautions on my part.