Poll: Account Security Solutions

How difficult would it be to keep an electronic "watermark" on a person's account?

From everything I've read, these accounts are being hacked/stolen by others with different IP addresses, service providers, countries of origin etc.

I'm not up to date on network security, but surely there must be a way to verify that the account being logged into comes from the same computer?

If that's too difficult, then why not just have a backup? It can't be difficult to store an account's major details, like armor sets (or parts thereof) and other items in a simple .ini file on ANet's servers. Perhaps each account is backed up once a week, if an account hack is claimed, the person e-mailing or calling in has to provide their original CD-key? Once a person proves ownership, the account is reverted.

Or maybe there shouldn't be two companies both with security holes handling online transactions for real money if they can't handle game account hacks. In my time playing WoW, there were a couple of attempts to hack my account, and Blizzard was VERY aggressive in tracking down the culprit and restoring my account, even items!

Customer service and communication is an extremely important issue for any game developer, moreso for those that operate online games, especially those who handle online monetary transactions, AND ANet/NCSoft have failed miserably in this respect.

Came across this whilst browsing AionSource - note the bolded part, very interesting if true:

Source: http://www.aionsource.com/forum/aion...ml#post1898338.

I can one up you Mister Smartypants:

http://www.aionsource.com/forum/1891985-post55.html
http://www.aionsource.com/forum/1893963-post59.html
http://www.aionsource.com/forum/1866921-post6.html
http://www.aionsource.com/forum/1869464-post12.html
http://www.aionsource.com/forum/1870322-post16.html
http://www.aionsource.com/forum/1871263-post21.html
http://www.aionsource.com/forum/1871301-post22.html
http://www.aionsource.com/forum/1880617-post35.html
http://www.aionsource.com/forum/1886706-post1.html
http://www.aionsource.com/forum/1874486-post1.html
http://www.aionsource.com/forum/1835883-post1.html
http://www.aionsource.com/forum/1836024-post7.html
http://www.aionsource.com/forum/1836159-post11.html
http://www.aionsource.com/forum/1837768-post25.html
http://www.aionsource.com/forum/1841455-post34.html
http://www.aionsource.com/forum/1839199-post1.html
http://www.aionsource.com/forum/1897848-post1.html
http://www.aionsource.com/forum/1883220-post1.html
http://www.aionsource.com/forum/1662656-post1.html
http://www.aionsource.com/forum/1663958-post37.html
http://www.aionsource.com/forum/1668775-post39.html
http://www.aionsource.com/forum/1871436-post1.html
http://www.aionsource.com/forum/1868809-post1.html

You'll notice some overwhelming themes of "some IP from china" and "reset master ncsoft passwords" in those posts. That was just casually browsing the site for the last few days. But remember, according to ArenaNet, NCSoft DOESN'T have any security issues. *smirk*

It is worse than that. The NCsoft Master Account hub is referred to as having an added level of security! LOL! (see below) If you go to the Guild Wars support section and click on account security you are directed to Gaile's page that contains the below item:

-------------------------------------------------------------------------
http://wiki.guildwars.com/wiki/User:...count_Security
Keep your email secure.
If someone gains access to your email account, immediately change your Guild Wars user name and password. (If you can't get access for some reason, get in touch with support right away. If your game account is bound to an NCsoft Master Account, you are not able to change your Guild Wars user name but you can protect your account by changing your GW game password from within the NCsoft Master Account hub. And you can change the email address associated with your NCsoft Master Account (and your games) at any time. Many players feel that having an NCsoft Master Account adds another level of security to the game's security.
------------------------------------------------------------------------

How many more examples have to be provided by the community to prove that this is indeed a weak spot. At a minimum NCsoft should disable the password reset function.

One would think that the Master Acount hub password reset function was added to reduce the need for support personel to assist players in resetting forgotten passwords. This automated feature would likely save them money by reducing the amount of support tickets needing hands on intervention.

I wonder how that is working out for NCsoft? With an increase of hacked accounts accross NCsoft games linked to the Master hub, it seems like any cost reductions have not been realized by NCsoft due to the increase of tickets dealing with stolen accounts. Stolen account tickets have to be more time consuming/costly to deal with than password resets.

For all the added security ideas presented here, one is missing; disabling the reset feature at the NCsoft Master Hub. This is simple to accomplish, the cheapest and the quickest of any of the security measures presented. The only drawback would be that people in need of a password reset would have to open a support ticket and provide a cd key.

Do this for three months and see if the "my account was hacked" tickets are reduced. If a reduction, than the problem is identified and a long term solution should be researched and implemented. If not then publish the findings and tell everyone it is NOT the problem and continue to blame the users.

Edit: Not sure how hard it would be to require the input of a valid CD key when reseting the password at the Master hub ...any clues???

I can say that, in my case at least, this isn't a threat of a boycott. It's simply smart consumerism. I've bought many extras for the game from storage panels, to character slots, to gift accounts for family members so that they can play the game with me, but I won't spend more money on something that I don't feel is secure. Unless A-Net is willing to tell me that they and NCSoft are both working on the security issues I won't spend more money with them.

I am a person with discretionary income. I had planned to spend quite a few holiday dollars bringing my niece into the GW family play this season, but that won't be happening. Companies spend thousands of dollars on marketing advice and knowing how to appeal to their consumers. I'm just giving them the same information they pay for in other instances.

Gaile Grey has said on her support page that dealing with one hacked account is more costly for the company than the profit derived from several games sold. So, it makes business sense for them to increase security too.

I am willing to spend money on increased security features. I understand that the game/expansions/extras that I've purchased to date were purchased with the existing level of security.

Ok, I'm going to share some additional thoughts on this subject.

Whatever A-net/NCSoft does, they cannot in any way protect credentials that are used somewhere else.

So how can they improve GW security?
This is a hard question. For full security I would limit IP range and send out tokens. Or secure certificates. This is how many banking applications work (and some large games provide tokens).
Would I do this for a game like GW? No! It will never pay back, expenses are too high.
Sure, people say they will buy additional security. But that number is rather limited and would have additional support issues. From economics perspective this is a bad choice. For banking it works because banks need to pay stolen money back. Once prevented compromise and they have their investment back, easily. The worst that can happen with an online game is lost of trust of (a few) customers. Might sound harsh but it's true, specially for a pay once play 'forever' game.

Next step down would be a detection of strange behaviour.
This is hard to implement and might cause some latency issues at login for customers. Just check if the account is already logged in.
If not then log in. If logged in check IP address of user logged in and the new connection. If the same it's a reconnect, so proceed.
If the user is logged in and the IP is not the same, present a message on the screen for let's say 5 minutes. After time is up bring down old connection and enter from new IP (I forget to turn off game sometimes when visiting friends with my laptop). This would prevent kicking people from the game.

Within this detection some additional checking could be done.
I think it's against EULA to share accounts.
So A-net could make a check on someone logging in from IP A while previously logged in from IP B.
If IP A is located in the US and IP B in Europe it's very unlikely that the account can be accessed within 5 hours from both A and B.
This would limit the attack base to a region near the hacker/gold seller.
There are some ways to spoof IP addresses but I don't think those would work well for hackers/gold sellers, since they also need to make a profit.

The last thing is unusual behaviour from an IP address.
If a certain address uses a huge number of logins to various accounts it's suspect.

But we are talking about intrusion detection here which is a rather new field of work and many large businesses fail at it.
And I'm not sure where the responsibility lies, at A-net or NCSoft.



However, this is for the GW account.
This excludes the NCSoft account, which seems to be part of the problem from the various messages I see here.
We know one thing of it, the e-mail address cannot be changed. And it might be difficult to implement this. And it's out of reach for A-net for sure.

My first impression is that the NCSoft account must have been accessible to the hacker/gold seller. How would it be possible to request a password reset otherwise? (well I can think of some ways but I guess a-net is aware of those methods and covered them).

Given the address cannot be changed any implementation that requires feedback from the user would not work. I might register with [email protected] and the service they provide might discontinue. Or all of a sudden my free e-mail provider charges money and I change accounts because I don't want to pay.
So the e-mail address I used to register might not be accessible, meaning I cannot change the password even when I know the credentials.


But there are things that look doable.
For example, if a certain IP address accesses a high number of accounts or requests a reset for many passwords is suspect for sure.
Even if those requests are done over a long period of time.
Not that many people have 10+ accounts.
Problem here is that this is easily worked around with a proxy or something like TOR. The request goes to the original e-mail address, so it cannot be filtered on that either.

On the site of the NCSoft account not much can be done in short time. The master e-mail cannot be changed. Filtering is hard. Detection of suspect behaviour is hard. Just ask forum admins how hard it can be to keep certain people out and you know a little about fighting people who are not there to troll but are acually making money with what they do.

So for the NCSoft account responsibility is mainly with the user.
The link between this account and GW cannot be broken once made, it would mess up a lot.
Let's assume the e-mail address can be changed. Would this help?
Only if that e-mail address is not used anywhere else. Else it's just a matter of time before people will try to enter the account again.

What could help is if NCSoft would release tokens or certificates for their website. Their userbase is larger than only the GW users. Even ask a contribution, once a year or once every 3 or 6 months. Fail to pay and your account will be reverted to 'default' security. Pay again and your account will be linked to the token again. Don't drop the token in your milk or you cannot change your NCSoft stuff for a couple of days/weeks.
Knowledge is in the market, many companies issue tokens or certificates for websites, specially in the financial world.

Edit: this last part does not make the GW account more secure than it's now.
People can enter it already before they can reset the password. They reset to lock the legitimate user out, not to access the account!

They should use a unique log-in name, not email address.

They should also hold at least one character backup that is from before the last time the password is changed.

There is. All of which can be circumvented/are not secure enough. It's the first option in the poll, IP/MAC check. The IP check fails due to the fact many people have Dynamic IP's, might play from different computers and IP's can be spoofed. MAC adresses are slightly more secure and only provide a problem for people who play on different computers or have several accounts (if ANet checks 1 MAC/account). However, it is still possible for Hackers to find out the MAC address and spoof it, rendering that useless as well.
Block IP's from outside your country? Use a proxy.

Yeah...no. ANet stores all Data in a database using BLOBs. The problem here is likely the persistency and consistency. To put it simply, each "item" may only exist once. Suppose you find a "sword" and someone else finds the same sword with the same stats, it still wouldn't be the same sword to the Database, where each item would require a unique identifier. Now, if ANet restores the account, they can't just revert it back, as you might have traded with someone or the hacker traded your items, which would cause that "sword" to appear twice in the database. This likely wouldn't cause a crash, as ANet probably put in some security to prevent that from happening, but it still wouldn't be good. If account reverting was an easy thing to do, they probably would have implemented it already.

All i would want is Character sercurity, I don't care about Items that much. Yes is sucks that items are lost, but at least least you still have your character AND most important of all your HoM.
I can personally say if i was hacked, and my characters were deleted and i lost the thousands of hours of work on my HoM, i would not buy GW2, the stigma of losing so much would be too great.
I believe that should be a priority, seeing how we had 3 years of just working on the HoM before any hope of gw2.

That's a RSA token that rotates to a different six digit # every minute. You combine your unique 4 pin # + the RSA token # = password.

Even if someone has your pin #, they would not be able to break into your account because they also need the RSA token #. In addition, each RSA token is unique and ties into your account only. So grabbing and using someone elses RSA token # will not work for your account.


Lastly, only way to make ANET do anything about it is to voice your anger with

YOUR WALLET aka $$$. Until they see a big decline in sales and online purchases, they don't give a crap about you or the community because if they did, they would've disable the password reset already, right??????????????

Do you see the password reset being disable? No.
Do you see them modifying it so it requires an authentication that is sent to your register email address? No.

STOP BUYING ANYTHING RELATED TO ANET/GW/AION/ETC... UNTIL IT IS FIX!!!!!!
SPREAD THE WORD!!!!!!!!!!!!!!!

Well after reading the latest I went over and took all my billing info out of my Aion master account. And I had really wanted to see Aion's Christmas but instead I think I might be better off uninstalling GW and Aion and play EQ2 only.

And no way am I going near GW2.

Looking at the Poll now, it looks like the main concern is recovery and not prevention. Why is this?

Prevention method votes actually add up to show that prevention is more prefered.

And in any case, this is multiple choice poll. I, for one, voted for two prevention methods and one restore method.

Mostly because i realize that security is as strong as its weakest link: Plaync account and linked account password changes in recent 'hack wave'. If security feature can be bypased in similar way, they are pointless.

You can have "cia quality" password, ip lock and hw token generator, but if plaync allows you to change ip lock and hw token link the same way it allows password chage, well those features might as well not exist.

On the other hand, account restore would solve exactly what people want: Everyone is worried about loosing characters and all the hard work and progress first and foremost. You could have account breach, but it will not affect you.

You can fix (prevent) known risks. But you can never be sure that a new vulnerability will not emerge in future. Also, even people who are careful about security can make mistakes.

So it's good to have measures to limit damage as well

I'm more worried about recovery rather than prevention because at least that's a surefire guarantee of not losing your character due to your own or the company's carelessness, and is IMO the more realistic option when it comes to actually getting the current level of "security" changed - it's an additional extra that they could charge us for, rather than being something they'd have to spend time and money developing for free. As long as I'm guaranteed to have my main there to link to GW2, that'll do me where GW1 security is concerned.

GW2, on the other hand... I'm really not looking forward to having to link that to NCsoft to get rewards from GW1. I hope they come up with another way of sorting out the HoM.

Recovery options lend themselves to abuse by the unscrupulous, and tend to be expensive to implement as they would require a not insignificant amount of investigation work from the support staff.

I favor better account security, certainly an email confirmation BEFORE changing the password on your account, and probably the same for an attempted log in from outside of your geographic IP range. I really don't see GW2 going with an optional Token device, though it might be nice, I fear the expense of implementing it would make it unreasonable to expect.

I'm sure they'd be willing to tell that they are working on security issues, in just the same way they're willing to tell you we'll be getting skill balancing bimonthly (every two months). Talk is cheap, unfortunately.

Recovery and prevention work different.
Prevention is lowering the chance that something is going to happen.
Recovery means that when something happens it can be restored to the original situation (or something similar).
Adding a lock to the door will prevent someone from entering and stealing stuff. It will not prevent a fire to destroy the same stuff.
The right insurance will cover both loss by fire and by burglary.

So recovery deals with all situations in all circumstances while prevention will only lower the chance of something specific to happen.
This is why people prefer recovery and not prevention.

And in this case 'recovery' (which need'nt include item restoration) I.e preventing your account being trashed once someone bad has got in is firmly in the court of Anet not NCsoft....

You mean to say, Recovery options require no additional effort or inconvenience on behalf of the user, no extra security steps to worry about... if something goes wrong Big Brother will fix everything?

No. Take for example perfect world, which is a free to use (nothing to pay unless you want non game changing shinies)

Characters remain on the server for a week after you delete them. You are stopped from doing any account-sensitive actions (such as trading items or accessing storage) for about a minute after you log in, and you can put a separate password on the storage itself. Some of the more valuable items, are by default flagged as undroppable and untradable, and you have to go through a waiting period to unflag them.

All the above would help no end in the event of someone getting in. There's no need for big brother to fix anything for you.

As i've said before. There are simple changes that can be done to at least alleivate things but apart from changing the warning about account security from white text to red text nothing has been done, neither have threads like this and on other sites over the internet even been acknowledged by Anet.

Part of me thinks Anet would have been better spent sorting this issue out than signing a 1000 odd xmas cards. Bah Humbug

Those are all prevention methods, not recovery methods, with the exception of the deleted character staying on the server for a week, which is a bit of both.

Preventing account sensitive actions, flagging valuables so they can't be traded/sold/dropped etc... 100% Prevention, 0% Recovery. Unless recovery means something other than recovery?

I thought Recovery was "Compromised account restorations " getting your stuff back after it's been lost/deleted/stolen... you know, Recovering it.

Maybe it's some weird terminology that I'm not familiar with, in regards to MMOs.

I notice this morning that the GW login screen now has the "strong passwords" warning in bright red.

1. I don't remember that as being one of the options or suggestions in this poll.

2. I really hope they don't expect to get away with "There; we did something. The Warning is red. Now shut up and buy our stuff"

It's common knowledge that red text is a sure fire way to scare hackers away. That's the why the words 'Access Denied' is always in red in the movies.

LOL -
The problem with GW security is it seems the only people who ever see the "access denied" message are the true account holders after thier account has been hacked.

Account Security Solutions: Update Warning to Red Text.





Can close thread now guys its all sorted.

But on a serious note, I talked to 4 people in the last few days about the security issues. All guys that play quite a lot.
NONE of them was aware of the issue.

I think we, the users, REALLY need to be more aggressive about spreading the word about these issues. Because this seems to be the only thing we can currently do.
So is anyone up for creating a security thread - something that will contain all the information we have about this issue in one place? So that there is going to one definitive thread, that we can tell folks to read where one has all the info on what one should be doing and what one SHOULDN'T be doing in one place?

I LOL'd at the login screen now in red letters telling people to change their passwords regularly. As detailed on many threads now, the ncsoft website possibly, and the whole plaync account thing is horribly flawed and most likely the place where the hackers are gaining access to the accounts. So the people at GW just created a whole lot of new suckers who will change their password often at the plaync site and give the hackers some fresh meat. Yes, most will use the main login screen to change passwords regularly, but a certain percentage will be fed to the hackers through the ncsoft site. Just in time for Christmas.

The addition of a usable Login Name in place of the current username (your email account) would also be greatly appreciated...

Yeah, I'm testing something out.

I changed my GW password to something like this:

WoR9~`38&|$@~+!wWlo08$='qGV572H+;

Uppercase, Lowercase, a bunch of other non-number/alpha number and see if I my account still get hack. If it does, than ANET is wrong about using hard password.

Thank you for posting this poll. I have already forwarded this to the executive team. Please be assured that this issue is a top priority for us. The support team continues to investigate and monitor the issue, and take care of support requests, while relaying important data to the development team. The development team has been actively involved in developing solutions, but for security reasons, we can't go into the details of what those steps entail because it could compromise everything if that information was posted in public and the account thieves got a hold of it. This is of the utmost importance to us. There are a number of precautions you can take to try and protect your account, detailed here. Also please see this post which contains updated information from our support team.

Increasing password complexity at the game log in screen is meaningless if the NCSoft Master Account which controls linked accounts lacks the same or better password complexity or security precautions.

link

See, if I just flip that around, I could also say more than 50% of breached accounts did in fact have an NCMA according to the data you have just presented.

Glad to hear you're already on this and that something is being done.

I understand you can't say much if anything, but please, can you at least say whether or not anything is going to change with regard to the NCsoft end of it (EG requiring existing password before it's allowed to be changed!), or will the changes be on the ANet/GW side? I'd like to know for the sake of both my Aion and my GW accounts.

EDIT:
Also what about the Aion accounts that have been hacked with the same symptoms (email stating NCsoft password has been changed)? Increasing GW password complexity won't do anything for Aion accounts either. I really hope NCsoft is doing something as well as ANet.

Regardless of your response sounding like something coming from a machine, thanks for letting us know that you're not ignoring the issue.

Following Regina's link:

I have to admit to frustration here. This ground has been covered before:

We know that PEBCAKs are a significant security problem. Not all PEBCAKs will have an NCSoft Master Account. It follows that there will be (many) account thefts where the user does not have an NCSoft Master Account. The existence of PEBCAKs without an NCSoft Master Account does not disprove the thesis that accounts are being stolen using the NCSoft Master Account.

Attempting to use this evidence to back the assertion that NCSoft Master Accounts are secure is either wrongheaded or intellectually dishonest. If you are looking for a single variable to tie all of the account thefts together, you will never find it. Similarly, you cannot discard any variable simply because it does not tie all of the account thefts together. Accounts are almost certainly being stolen by multiple pathways.

You are unlikely to resolve this problem until you come to grips with the fact that the NCSoft Master Account is a probable pathway. I'm not asking you to come out and admit that such accounts are the security vulnerability. I'm asking you to either fix the apparent vulnerabilities directly, or make some changes to the GW client and password reset mechanism that protect players in the event of unauthorized access to an NCSoft Master Account.

EDIT: Just so it's clear what I'm talking about, you can do the following on the NCSoft website:

- Generate a valid list of usernames via automated attack (the site responds differently when you input a false username)
- Verify when you got one of the two security answers correct for resetting a password (site tells you)
- Crack the preponderance of valid accounts protected by the older birthday password reset mechanism in a matter of months by automated attack
- Attempt to input a password for a valid account as many times as you like

Once you gain unauthorized access, the NCSoft account displays the login username for the game account, and you can reset the game account password without any further information.

These aren't the only concerns. Others more qualified than I have commented on more efficient schemes for cracking the site than brute force, and there have been a decent number of reports of account thefts immediately following accessing the NCSoft Master Account. I'm not going to weigh in on those issues here; in the former case I don't know enough to evaluate claims, and in the latter it is difficult to discard the keylogger hypothesis.

EPIC FAIL

How about you listen to the results of the poll. It's pretty obvious what is needed.

I don't believe that there is failure or bad advice in the items in this list (linked above). Those are known and proven ways that you can get hacked. So that's still good, sound advice for players to follow. I do find it a little funny, however, that Regina says "...to help try to protect your account."

I think that the failure is in their belief that these are *the only ways* that you can get hacked.

Maybe they get it, though, and that they know that there are other vulnerabilities. They may not be able to say anything, or to help maintain their image, they know that they can't say anything about other vulnerabilities. It's not like they are going to point fingers at NCsoft, that's for sure!

Maybe I enjoy politician speak and corporate press release speak too much, but when I read Reginas comments I interpret parts of it as follows:

1) "The support team continues to investigate and monitor the issue, and take care of support requests, while relaying important data to the development team." My interpretation: this is at a very early stage and may or may not turn into a project.

2) "The development team has been actively involved in developing solutions, but for security reasons, we can't go into the details of what those steps entail..." My interpretation: Cover our a-- and make it sound like we are doing something, but dont say anything specific, stay generic, that can be interpreted any way people want. Koolaid drinkers who believe will thank us for doing something even if we havent done a thing! Note they have "developed" solutions. This is very different from "implementing." Also, developed solutions to what problem? This next part below gives me little hope.

Then I read Gaile saying: ".... nearly half did not have an NCMA at all. I hope that this information puts your mind at ease on any perceived "risk factor" regarding whether a game account is tied to an NCMA or not, for that truly does not seem to be an element in the current situation."

She gave us half of the relevant data by telling us more than 50% of hacked accounts had an NCMA, now break that majority down for us and tell us how many were accessed through the NCMA vs. GW Client. The fact that we were given no relevant data is confirmation to me that there is no solution in the works as they do not think that the passwords being changed through the master account is a problem.

All of that adds up to me thinking as I am reading this: "Omg, there aint nothing happening for a longggg time because this has just gone into corporate speak, C.Y.A. mode, with a dash of denial."

Hopefully I am just a paranoid schitzophrenic with some conspiracy theory delusions, but I dread logging on more and more each day cuz I know someone is out to get me and I do not think anyone in GW corporate-land is out to save us.

Rudimentary, common security practices that should be implemented immediately:

1) PlayNC accounts should not be capable of changing Guild Wars passwords without email verification from the user requesting the change. It's inconceivable that email verification for password changes hasn't been implemented, and it would have prevented the vast majority of hacking incidents reported in the hacked accounts thread. It certainly would have prevented mine.

2) IP checking. This is, again, so obvious it's appalling that it wasn't implemented from the outset. It's one thing for my account to be access and my password changed by, say, someone from the same state. It's another thing entirely for security to be so lax on PlayNC accounts that the system fails to notice that a Chinese IP its never seen before is changing my GW password.

There's really no excuse for these two not being implemented right now, for GW1. It's a bit more work, but we really also need:

3) Game accounts should be locked immediately (and automatically) upon receipt of a security breach report from the email account registered to the account. If I notice within 5 minutes of my account being violated that someone is in there that shouldn't be, I should be able to stop any further changes and kick the bastard out. I should have to wait six DAYS for support to get around to helping me, by which time I've been totally cleaned out.

For Guild Wars 2:

4) Account restoration is an absolute must-have feature. As a hacking victim myself I won't even consider buying Guild Wars 2 without it, because it's obvious that Anet/NCsoft can't perfectly secure our accounts, even if they took the above three steps, which leads me to my final request:

5) NCsoft and Anet need to TAKE SOME RESPONSIBILITY. This business of blaming the problem on forum security, on other games, on users, on anything and everything but NCsoft's own lax security practices just broadcasts the game and its players as good targets to hackers. Are some hacks a result of these things? Of course. Are all of them? Of course not. For both, a few simple security fixes could largely mitigate the danger, and the implementation of account restorations for Guild Wars 2 could make players feel genuinely secure, but none of that is ever going to happen as long as the company line is that everything is someone else's fault.

I had a fun run with Guild Wars, it's a genuinely great game. I'm saddened that I'll never be able to go back and enjoy the game again without the spectre of losing everything I work for hanging over my head. The reality is I'll never become invested in the game again because I know how easy it is to lose everything, and I've seen how disinterested support is in my concerns.

I'd like to buy and play Guild Wars 2, but without at least the changes I list above there's simply no way I can. If my GW2 account can be cracked via PlayNC as easily as my GW1 account was, there's no point in my purchasing or playing on a GW2 account in the first place.

http://wiki.guildwars.com/wiki/User_...ot_a_QQ_thread.

Read what Gaile just said, yesterday. "You will soon be hearing about this matter."

I look forward to what has to be announced.

What in the world is this:

Does anybody at all believe that Gaile Gray actually wrote that?