"Please reset your password today!"

the ONLY site that I have ever used my gw password is for the stupid xth....if someone breaks into my account I will KNOW where the breach is!

Let us delink our gw from the dumb security poor master account and then I will feel safe again (as gw allows extra characters, different lengths, etc).

or fix their dumb site to allow SECURE passwords, geesh.

with all do respect, we need to make sure that it is truly legit, and not some super hacker, before we change our PW

What they mean is if you havent changed your GW password in a long time, change it. I'm positive its from ANET, if it was a super hacker...we'd all be hacked easier, they wouldn't bother waiting for us to change the passwords.

Btw.. I haven't gotten any such email.

Then again, dosent the red-text announcement look a little non professional? Read it again and think about it. If anet KNOWS they are SEEING hackers TRY to log into accounts, wouldn't they fix it and not say anything instead? C'mon...

I just changed mine like 2 weeks ago?

Should I change it now, wait a few days, or just not bother?

Also, any news on anet confirmation outside of login page?

*IMPORTANT EDIT:

Today, as many have already noted, we changed the in-game account security messaging to make it more noticeable. (Feedback given in an existing thread will be relayed to the Live Team.) More information on the subject of account security will be coming soon. -- Gaile 21:34, 15 December 2009 (UTC)

FROM REGINA's WIKI

Not to be the pessimist of the thread, but I love how they still claim that hackers are breaking into the accounts through obtaining passwords from "other games and websites", yet refuse to own up to the fact that is entirely possible and probable that it is an issue on their end... Not saying that they are wrong but, just trying to make it known that it may not necessarily be a result of outside websites and that you should be just as weary of the official websites as well.

With all due respect.

There's been a lot of hackings recently and people are trying to promote security. There's no reason for a hacker to change the login announcement. Even if there was, I'm sure that server admins would be aware of this breech and shut the servers down.

I'm happy that you're concerned about your security, but there's no reason to be illogical.

EDIT:

Exactly my point! Has Arena Net EVER used the red text? -And atm there is nothing on the main site about this... to me it looks like "WTB accounts"

Please change your password [today]! WTF is that all about i mean cmon.. unproffessional or what?.....

Its as if there demanding the password change, that isnt admin behaviour

Maybe something such as.

"Arenanet reccommend you to change your password, Due to Safety Measures"
but
"Please change your password today!" sounds too much of a demand, ill stick to my gut instinct and keep me current password

I love how anet is trying to blame other games for security issues when its clearly on there side of the end they are having some major security issues i doubt there is much you can do if you get hacked its just by random i don't think there is much anyone can do to prevent it.

That is actually how most cases of account theft are linked. People use similar information for games and forums, nothing you would expect. But if someone tries to find links, (and if they really can do it with ease) then succeeds, you put your account at risk. Some of the recent hacking's have also been linked to gold buying.

I know someone who posted his Guild Wars trial key information on another game forum like 3 or 4 years ago, his account at that point was a trial, and he was all "Meh, go ahead, it's a trial, try it out" Then out of nowhere his account was swiped 2 months ago. You honestly can't do something stupid like that (He never changed the password)

But I will admit the hacking's of late are weird, because they are not account thefts, instead account information is left unchanged, and your items of value are salvaged and traded quickly. (Which I hope ANet has been tracing)
I'm waiting for the official reply on the situation.

...
...

Yes, because someone could hack the entire game to put in a message. *facepalm*

There's no doubt that the red text is legitimate. It's in the wiki and update notes. A-net wants you to change your password. But, is that wise?

Well, on the one hand, the breach at a fansite is a FACT. If you used the same password for that fansite as your GW account, then you sure as hell had better change your password. Otherwise you're a sitting duck.

On the other hand, so far I've counted 3 stories on these forums of breaches following a login to the PlayNC account by a matter of minutes (2 unauthorized paypal accesses and 1 PlayNC/GW account theft). IF (note the emphasis on "if") these tales are true, then it would support a theory that the PlayNC site is compromised even more severely than previously thought. In that case, logging into the PlayNC site to change your password would be unwise.

Soooo, for now, my thoughts are: If you know you reused your GW password on a fansite, you'd better change it. You're 100% sure to lose your account sooner or later if you don't. If you have a strong password that's unique to GW, maybe best to stick with it for the time being.

Well, I changed my info. Passwords have always been different. I'm assuming it's legit and there's been some kind of security breech, or a lot of people getting hacked.

For the record, a person in our guild was hacked a few weeks ago. He did use the same password for another game account and it was hacked too.

All in all, I'm in agreement with Chthon. Use common sense.

If you know that there is a good chance of the same password being on a less secure game/site then change it.

Otherwise, leave it be... assuming it's a decent length and preferably Alpha-Nemeric and both Uppercase and Lower.

If you are wanting to anyway, but don't "need" to then give almost a week or so to ensure everything is locked down from any possible breaches.

If really paranoid and you know one of your mule accounts is more than likely safe and your regular account may not be (but you don't wanna change password yet) then you may want to put your "best goodies" you're not using there instead. Just a thought...

Alternatively, if you trust that Anet nor the client isn't somehow compromised, then by all means update to a better password soon. Probably wouldn't hurt, probably should have been done already, and here we're assuming that they have the best idea of how to help in the situation and if they say now, then now is what they need.

devil's advocate...
All this is of course assuming that someone didn't get Anet's password files/database records.(I highly doubt it however...) That is what probably actually happened on these other sites that were compromised though. I'm betting that's why they seem to be treating this more seriously than the "Hey, please change you password sometimes..." kinda notice. If Anet was one of the one's compromised then it may, in fact, be better to change it pronto while the hackers are compiling a list and cracking the data. Otherwise the advice still fits, though you may want to check the accounts on other sites for odd activity.

Anyway, length wise I'd recommend 13-15 characters to ensure making brute force not quite worth it.

Remember, a great password is useless if you type it into a less secure site without SSL or one with that's obvious they couldn't pay for a decent admin or security guy/team.

I am curious about why they are doing trades and salvages, but I imagine large transfer of monies are flagged in Anet's system already, whereas bulk salvages and trades not so much since would be a common occurrence for traders and such and could slip under the radar easier.

Can you tell I was going to do ISS at one time? Waaaay too much stress though. Anyway, I'm sure they'll keep us posted. I do have to laugh though, I was wondering about the message being fake myself.

They're simply asking to change your password so it is unique (i.e. you don't use it on for any other login)
Using the same e-mail & pass combination makes it easier for hackers

Stop over reacting, retard. It's in red text to simply get your attention...

Wow, seems like too many people have seen Conspiracy Theory.

ive seen red text from anet before its from anet their just trying to get ur attention but seriously its legit. as some1 said if it wasnt anet would have noticed and shut the servers down.
n/b i just thought id warn some people 2 guys in my alliance have had their accounts hacked and the only thing that both of them had on their comps which they both downloaded around the same time was that thing that allows you to open multiple guild wars windows at the same time..they said it was right after that their accounts were hacked and they have no other third party software. i dont know if it was this that did it because i dont use it and im not saying it is for sure but maybe its a possability since they both downloaded it and both got hacked? dunno jsut thought id warn some people in case they dont wanna take the chance

edit: my guild leaders jsut told me when we were talking about it that he heard something similar

Just changed my password, but I don't see why Anet is seemly forcing people to change their passwords. There must be something wrong, really wrong.