Poll: Account Security Solutions

I do. I also believe that the powers that be are handling this situation with a professionalism of the highest calibre. There IS method to the madness. although, by and large, it will go unappreciated.

Remeber that one attack can target bot account itself AND plaync account: Hacking forums gives you three things:

* Username, which possibly matches plaync account
* Email which possibly matches gw account
* Password which can match either of them.

This gives you two attack vectors: either directly loging to gw account OR log in to plaync account and change password.

EVen if plaync link is responsible only for half the hacks, well, that's half that could be prevented by using standartized password reset mechanics (confirmation url in email and requiring to enter old password along with new)

Glad to see hacked account epidemic finally gaining some steam after GWGurus deleted all the people complaining about getting hacked out of the blue for MONTHS.

It is great to see the community support these polls and threads despite critiscism from some folks that this does nothing. Anet have taken notice.

What is disappointing is that Anet have to take the community to band together to act on a really serious issue, gather the information and ideas we suggest and send it to NcSoft? Wow....and it has taken them how long to recognise the problems to act?

Truly disappointing and not in the slightest comforting to those who have been hacked already......lost everything and feel 'betrayed'.

Developers need to be proactive in security measures and not just reactive, it just shows that Anet and NcSoft need to sort out their development security policies and procedures in the climate of RMTs and security vulnerabilities, protect customers and not to see victims walking away from GW and GW2.

Great to see that they will annouce something, hopefully it will get done and not just false communication, promises and delays we are now use to seeing so much of lately.

Silver

I read Gailes 'you'll hear something soon' to mean Reginas forum post

We have NOT deleted them. The thread that contains all the recent hackings is still ON the front page of this forum and has not dropped off. I don't know if at this point people who continue to say this are actually even looking, or just drawing their own conclusions out of thin air. Considering the title of the thread is "Accounts Hacked".

http://www.guildwarsguru.com/forum/a...t10407405.html

Definitely true, although the sort of credential sharing that would permit a forum hacker to take down your GW or NCSoft Master Account falls in the PEBCAK category. There's a reason that I use a different username and e-mail for forums than I do for the game, and that doing so has been explicitly recommended by ANet and others repeatedly.

The forum hack is a problem, but it's unlikely that it's the sole explanation for the NCSoft Master Account hacks. The reports have been rolling in for months, and I doubt that the forum issue happened in July if it's just coming out now. But if Gaile/Regina/et al. can prove otherwise, then it's possible their story is accurate.

It would at least increase the degree of difficulty markedly if your information were captured via forum hack (adding an e-mail password that must be cracked), it would make you secure from anything short of a keylogger otherwise, and it would make the security of the NCMA itself an unimportant issue. Those are all significant benefits.

Haha, I just changed my password (based on the log-in annoucement) even though I don't share the password with anything else and now I can't log-in to GW.

I have the feeling I was just hacked while changing my password. Great Job, Anet!

Personally, I would far rather hear that The security team is actively involved in developing solutions instead of hearing that the development team is actively involved in developing solutions. Who is the head of your security team? Can we contact them directly or hear something from them directly? In the same way that I would check out an alarm company I was hiring to protect my business I'd like to know the credentials of your head of IT security.

Actually, I'm asking this for a reason. Rumor has it that there is no security team nor even an IT security specialist at A-Net; that Gaile Grey, who has no background in IT security, is in charge of security as well as filling the role of support liason. I'd like it very much if you could prove (or at least declare) that rumor false. Can you? Please?

Believe me or not: I was expecting this thread to turn into what the last post shows.

Gogogogo rumors, you're worth more than the hidden truth!

If by professional, you mean following an occupation as a means of making the most money possible, and therefore implicitly having no real regard for the player base, then yeah, you are dead on.

And you are dead right that we don't appreciate it.

*sigh* I've clearly stated in the post that it is rumor. However, the rumor that I heard came from what I consider to be a very credible and knowledgeable source. Because of that I started doing some checking and couldn't come up with any names related to security, so I thought I would ask outright.

To be honest I was a bit peeved when JR closed the other poll and started this one for the simple reason that I want a security expert making the decisions about security and not some community poll. I know how far my own ignorance of the topic extends, and I don't think I'm in the minority.

I know who the live team developers are, I know who the community team is, I know who several QA people are, I'm aware of Emily working on the wiki and website, and I even know the names of quite a few members of the Test Krewe. But, I have never heard a name mentioned in conjunction with a security team or department. I'm curious -- is there a security team or department?

And is there really a problem with asking the question?

I dare you to go out into the 'real world' of MMO's then come back with the same audacity. If you were/have/are dealing with any of the 'newer' releases of the past year or so, you'd really see what's going on.

The GW Community(Not All) doesn't realize what it has, what it is getting for a NON-SUBSCRIPTION game.

-Don't try to convince me you are playing a sub-based game ATM. If you are, and you come here an..I'm not even going to get into that pissing contest.

I don't see a GWbuddy proggy being sold ... if you know what that means.
and as far as security, NOTHING is infallible.

I was going to type up something long and thorough, but Martin pretty much said everything I was going to say. So +1.

Regina said right out loud that the support team is doing the investigations and the developers are working on solutions. What part of "we're not going to hire IT Security Specialists" did you guys miss?
Now, before we get into the details of these people's job descriptions, I would like to say I am not a chef, but I am also not going to go hungry and my Steaks are pretty damn good; I am not a ship's Captain, but I can paddle a canoe and get where I'm going.
Do we need a security team to press delete on the password reset function of a NCSoft master account? I doubt it. Can the skill-balance specialists create the enhanced security features listed in this poll? I doubt that too, to be honest, but I don't know enough about it to say.

The developers are working on solutions...

right after they fix XTH.

The "real world" of MMO lmao.
People paid for the game the same. The time and distrubtion of payment is different than MMO, but payment is payment nonetheless. Furthermore, decent account security is HARDLY asking for too much EVEN IF THE GAME WERE COMPLETELY FREE. This whole mess could have been solved IMMEDIATELY one by adding e-mail comfirmation. Instead, it has dragged on for weeks (months) without even letting the community what is going on (A.net blaming players) or what is being done to fix the problem (nothing). It is mostly on A.net (NOT NCSoft), if they have any stake in their reputation. If they don't, and believe they can make loads of money while forsaking their player base... well, they may be right and that is their decision.

But if so, I'm not going to stick around with a such a company. There are too many amazing games coming out to put up with an arrogant, unresponsive support team, and a ridiculously high, everpresent chance of getting hacked with zero restitution.
OMG orly??!?!/ Idid nawt noe dhat! TX for enlightening m3h!1 U arr uber-smrtz. Oh my god.

I am 72% computer illiterate. My account has not YET been hacked.

Question: Can I/Should I just delete my PlayNC account? It IS linked to my gw account, which is causing an undo amount of fear for me. I have no intention of using it any time soon. Frankly, I'm too paranoid to log in and see if there's a delete option.


My passwords are different for most of my internet accounts. The PlayNC, gw account, and email account all have different passwords. But the PlayNC and guildwars accounts are linked to the same email account.

My gw password is numbers, symbols, upper and lowercase letters. I have it written down because it is confusing as bleep, and was recently changed (by me). Now I'm even too paranoid to change that password again.

I'm no computer pro, but I have a Spyware seek and destroy, which I use to scan my computer multiple times a week. I have Norton anti-virus, which....hell, I don't know what the hell that does.

I've never bought gold for real money. I've never downloaded a texmod or anything else that I don't understand.

My point is: every time I check my email, or log into guildwars, I am paranoid that I'm going to find out I've been hacked.

What do I have to do to simply ease this paranoia?

If something in this post causes you to want to tell me I'm stupid for one reason or another....YES...I'm stupid.

Thanks.

Yeah but it's the same shit we hear all the time.

"We can assure you, we are looking into it and can assure you there is no security flaw."

Tired of..the..Bull....shit.

Yes the Guild Wars -Exclusive- carebears have NO CLUE. none. "real world" is just a user friendly term I've decided to use, as in, if you are playing GW exclusively and no other MMO/online game, you really haven't the foggiest. either way, you can still 'lmao'

yep.
yep.
It is and has been decent, it's just showing age as new tricks are being tried against the system(s)

Believe that if you want. that's your decision. not mine.

It goes like this. Anet isn't as dumb as people think. when the time is right, and IF/WHEN they feel like disclosing more information, well, you and I will both know.

Somehow, I think they'll manage. GW2 could prolly do without most of the trash players it's gonna get from GW1 anyhow. (not excluding myself on this claim either)

you say this to me, as if I care. That had to be directed at Anet/Ncsoft.
as far as too many amazing games, good luck in your ventures, may thee fair well.

GoO-GoO-GA-gA-Ga? see what I did there?

-after reading that last bit, reply as you must, but I'm done here.

You're adding subtext to my post where there is not. I know that you don't care and I don't care that you don't care because it was never my intention to get you to care. Now read that again until you understand it.

I simply stated facts: 1) A.net is being callous at best in their response to the situation. 2) I won't stick around if their behavoir continues. 3) You're a pretty massive schmuck if you stick around in an abusive relationship.

Now since were on the situation of not caring, let me state furthermore that I don't care if A.net cares. I have no ill-will towards them, and if they want to piss on their dedicated player base, that is their prerogative. It won't affect me in the least, because, as I stated, there are a large number of amazing games coming out, and I personally only have a limited amount of free time.

ZOMG. You win the forums. You are so successful and attractive now.

when I go to the doctor I want to make sure they have the credentials, when I have my car fixed I dont ask my sisters-best-friends-brothers-best-friend.
When I have the electrical system put in my new house I have an electrician do it, not my dad (who was a lawyer).
Having a spouse in the IT industry, I would feel a whole lot better knowing that the people writing the codes, doing the upgrades on the security have the qualifications to be doing such.
I was unaware that this may not be the case....I would have hoped that they actually had professionals doing these types of jobs.

I'm a long time player my account is well over 4 years old I believe its around 54-56 months old, I logged in today to check some of my younger characters for birthday gifts and realized my password had been changed. After spending an hour trying to remember my Play NC info I was finally able to change the passwords to something new. Upon logging in I found that pretty much everything that could be sold was gone from all my characters. total worth probably somewhere in the millions. I am always rediculously careful about everything I download and would never even dream of sharing my password wirth anyone so i really have no idea how this happened I have scanned my system with multiple security softwares and have found nothing. This leaves me to think that one of two things happened here. Either ANET's security was bad and someone hacked there way into my account that way or my account was somehow Brute forced.

Allowing that most likely this hacking was not my fault there should atleast be some way to restore what was lost.

As far as I'm aware nearly every other game can restore lost items. It seems fairly rediculous that ANET can't do so.

Basically I really wish there was the ability to restore lost items and such

Anet's jizz must taste like fine wine, the way some of you keep sucking them off.

Honestly, what the **** is wrong with you people? In what twisted, god-forsaken universe is this kind of account security situation okay?

LoL that reminded me to "restore system" ( i dont know if thats how windows names it in english version ) hahaha. Would be great thou , to create some "restoration points" .... not practical i guess.
Forth option still strong , undelete character option seems to be the best ¿?

Well, I'm not exactly sure what the best options are for prevention/recovery, I'll defer to the expertise of those who do that stuff professionally and seriously. Just like I won't administer my own cancer treatment regimen, I'll defer to the wisdom and expertise of my oncologist. And bear in mind, when I meant professional and serious, I didn't mean Jim-Bob's Bait, Tackle, Hot Wings, and Oncology out in east/west buttf*ck nowhere, I meant something along the lines of the specialists at the Memorial Sloan-Kettering Cancer Center or Johns Hopkins Hospital, since I'm on the east coast.


And I'm surprised that this hasn't come up, unless these types of posts are edited/deleted, but no one has mentioned the fact that NCsoft scores an F rating from the Better Business Bureau. I know there are a lot of criticisms of the BBB out there, and that data has to be taken with a grain of salt sometimes (not unlike our own determinations of merit-worthiness of some of the "complaints" from "consumers" we see posting on these boards). However, when you view NCsoft's competitor's ratings on the BBB, and see significantly better scores, and given a similar customer base (gamers, just generalizing here people, please bear with), you have to stop and assess for a moment whether or not there is an element of credibility to the scores they each receive. To ArenaNet's credit, they themselves score an A-, so it stands to reason that NCsoft is functioning as the boat anchor around the neck in this aspect, with respect to customer (dis)service.


I originally was looking for an email address for the NCsoft CEO Taek Jin Kim (never found it, but I did find a plenty of interesting phone numbers ) so that I could send a polite email/shittygram, to express some thoughts and concerns. You know, squeaky wheel getting the grease and all that, especially considering that it is apparent that the normal channels thru which we'd seek to have issues addressed and corrected are giant time wasters. This first tier support equivalent foolishness has gone on long enough. I'm not above going over/around/thru obstacles that are deliberately thwarting my attempts to have my particular problems resolved.

You'd be surprised how effective it can be when you have the attention of the person at the top, and are explaining to them why and how all their people that are supposed to be handling things aren't. Trust me, it's amazing how quickly something that you are led to believe is an impossiblility all of a sudden becomes reality when you are speaking to the right people.

I understand people's concerns, and sympathize with those who have had their accounts stolen. Many games have been targeted by hackers recently. They're using information taken from other games and other websites and trying that account information in Guild Wars and other games.

We have an entire team of developers who are continuing to work on this behind the scenes. This is a serious and important issue to us, and we are devoting a lot of resources to addressing the problem. While we are trying all we can on our side, a good way to protect your account is to change your password. As I noted before, the hackers are using account information that they have already harvested via keyloggers and other means, and trying it in Guild Wars and other games.

Damn it woman, stop failing and LISTEN. Look at the poll results.

There are many ways accounts are compromised, singling out one obvious one, which probably only accounts for a small proportion anyway is not going to solve the problem or address people's fears.

Limit the consequence of the hack, implement a no delete on characters, how hard is that?

Would you care to elaborate on what you are doing on your end to help our accounts be safer?

Saying to change our password is the only thing we can do in regards to the game itself since its the only obvious thing we can do, baring all the security we do normally with our PC's etc.

Pol

Totally agree.

What we see over and over is someone saying "I just got an email my password was changed". That means they (the hackers) didn't know the guild wars password - they got into NCsoft and changed it. Want to stop at least a big part of the game hacks? LISTEN TO US. Change it so they have to know the existing password, add email conformation before anything can be changed. JUST LISTEN TO US.

Thanks Regina,

The posts you've made yesterday and today are the first times I've ever heard that you're working on making changes. It's important to me, and I'm glad to know you're working on it.

I'd also love to know that at least one member of the "entire team" that you have working on it is an expert in security. Can you tell us that too?

easier option: REMOVE THE ABILITY TO CHANGE A GW PASSWORD FROM THE PLAYNC ACCOUNT. I bet its an easy button to delete, and doesnt need IT security credentials nor a "whole team of developers" to accomplish.

Just take the damn option away.

If we need our GW password changed, we can do it from GW. If we cant do it from GW, then it does not need to be changed. Period.

"but what if someone cant get into thier account, they havent played for months, theyve forgotten it, and need to change it from PlayNC?"
Too bad for them. They can call support. There's no reason for our accounts to continue to be at risk for that person in the meantime, and if they cant prove it's thier account then too bad for them.
PlayNC password reset needs to go, now.

UPSIDE FOR NCSOFT:
once the option to access GW passwords is no longer available through a plaync account, no more blame can be placed your way. If the only way to change a GW password is inside GW itself, then we once again know that every single hack is user fault, no matter what. We like that.

Quick question, and I'd accept a PM response that I swear to keep confidential: Was GWGuru the site that was hacked?

It is the ONLY Guild Wars fansite I use. You can google my username with "guild wars" and the results are empirical. The passwords are not the same, not even similar, to my GW or PlayNC account.

If it was not GWG that was hacked then explain yourself, ANet. Please explain why my PlayNC account information was changed and I cannot log in or recover either it or my GW account. I would love to know why I did not receive any email notification of the PlayNC account changes, too.

ANet claims to "have established and maintain reasonable security procedures to protect the confidentiality, security and integrity" of my personal information. The past few days have given me the distinct impression that this is a fallacy, and without improved security this game will plummet into obsoletion like so many others while the "I was hacked!" threads continue to grow.

From last month. I'll just copy and paste.

Announcement on Security

Here at GuildWarsGuru.com we have continually upgraded and adjusted our site, servers and even user profiles in order to better secure our users information. Our priority is providing you a protected environment, so you are able to use this website freely and without worry. For this reason, we have gone ahead and changed character names listed in your profile to private. Recent communication from ArenaNet has stated they feel the availability of character names could contribute to the risk of compromising accounts. We want to cooperate and also protect our users by proactively taking sensible security measures.

We appreciate some of you may feel inconvenienced by the change, as public IGN's are a useful feature and common to many gaming websites. We'd simply ask for your understanding, as no risk is too small at the cost of security.

We would also like to take this opportunity to firmly state that Guild Wars Guru has not been compromised in any way, nor is our security in question. We are in contact with ArenaNet. We routinely monitor and review our server logs and have security measures in place with regular updates. Any issues we may have had (and none have ever involved risk to usernames, emails or passwords) have been openly discussed with our users in our Site Feedback forum.

For your peace of mind, we would also like to clarify that had our security ever been breached the community would have been immediately and openly informed. We've also seen a number of accounts that have signed up on this forum just to post that they've had their account compromised. We are privileged and happy to be a voice of the Guild Wars community. If you have any questions or concerns please feel free to post those in our Site Feedback forum and I can address those.

Stating that, we would also like to remind our users to please read our Security Tips that have been available and to diligently protect their account information. [Guide] Security Tips for Guild Wars players

1. Saying "damn it woman" and insulting is a poor way to get a woman's attention.
2. This isn't WoW. There isn't a team of developers sitting around making new shit. You're lucky they even pay attention to these or any forums. ANet isn't going to stop on a dime and develop new security features because stupid people are using the same passwords on everything. The internet's been around for awhile, get savvy.

Thanks for the update Regina. I know you can't tell us what measures you are planning but a simple yes or no to the question below would solve a lot of anxiety.

Are you planning to implement damage limitation measures to guild wars 1 and 2?

As I said, a simple yes or no would really help

thanks

Reggie just got spanked!

Lets put it this way:
the folks at A.net need us to throw money at them so that they can feed their children. If they don't give us what we want, we won't be starving.

To Regina Buenaobra:
Why can't you just make it so when someone resets Guild Wars's password from NCSoft website, it sends an email asking to CONFIRM the password reset before actually doing it?

Short term: DISABLE the ability to reset GW's password until the above feature is implemented.


EDIT:
Just saw the Limited Edition Wintersday Costume Pack from NCSoft store. Unfortunately, I can't buy it because I don't have confidence that your website is secure enough. In the event my account ever get hacked, I'm out and retiring from GW. I don't want to grind titles again just for GWAMM title.

I'm trying to take heed of this warning and change my password, but I'm running into some difficulties.

I registered an NCsoft account, and attempted to add my Guild Wars account to it so I could change my password. However, it needs the "serial code." Where can I find this code?

I have become one of the group that advises against linking your account to ncsoft, it is starting to look like a possible security issue. Change the password in game instead.