Update - Tuesday, December 22, 2009

Regina layin' down the law.

good fix, I like.

years too late, the thousands of accounts that got hacked because of their piss poor security is why i will never buy one of their products again.

Lol Regina, as community relations gal, you should know that the first rule is: "Never say anything that you can easily add the words YOU MORON to the end of".

Thus, "there is text in red letters that will shed light on this issue for you, YOU MORON!"



Thanks for the added security btw.

Regina, does GW have some sort of lockout policy in place?
I haven't seen anything like this myself, granted I may only have typed my password incorrectly, at most, 2 times in a row.
A process like this will easily stop brute-force attempts on accounts.

Obviously, you must have the relevant processes in place for recovering from a lockout, eg. contacting support, going through 'real' security questions, or even an auto-unlock after a period of time.

E-mails could be sent to the registered e-mail address about several failed login attempts, to alert the player and then contact Support to investigate.
etc etc etc.

Enough of an outcry, ANet will remove this feature in the future? In the next few days, find out what databases have been compromised, identify the hackers and then remove this char name feature to allow people who for some unknown reason forgot their character names.

Whats to say, that the hackers dont have the character names as well? In some cases the hackers would have access but the buyer of the account is locked out?

It's impossible to write anything then since you can put it at the end of any sentence, you moron. ha!

At any rate, anything additional for security is good regardless of how good. Even if players would need to enter something additional manually at each login they're still ingame faster than anything else out there.

You misunderstand. My point was, you couldn't forewarn players because doing so would help the hackers, how would it help the hackers?

My other point was, now that you added this, hackers have a reason to delete the players characters to delay getting the (near worthless to the owning player) account back.

You are also being inconsistent, you can't say anything but you can hint? And you can't reveal the exact nature to players to help then make their own choices, despite the fact that I am pretty sure the hackers know exactly how they are doing it, so why the secrecy?

Me thinks I am not the only one without all the data, I suspect ANet have very limited information on how this is all happening, hence the stupid and ineffectual advice given thus far.

I am also concerned that this bandaid measure, welcome as it is, is all you intend to do.

Meh, what do I know, I'm just a moron.

Well spoken. Outstanding.

Calm down Vert, remember Regina never actually called you moron, right?
Besode, "moron" doesn't flow naturally at the end of regina's post.

It was a freaking joke people! Geez.

It was me, not Regina, who said that. Flames > nil: please.

Any added security is helpful. No security is completely bulletproof, but this extra layer should decrease successful attacks, which is something we've all been crying about for years.

When it comes down to it, most posters on GwGuru are a bunch of whiners.

anyone notice the reconnect feature is gone with this update

Are you sure? In some cases it just doesn't give you the option to reconnect.

yeah just tested it out.. go in a mission and end gw- go back in and doesn't give you the option anymore

I find it sad you look down on people who dont remember ever single name. i am luck i remembered my main toons name. otherwise i wouldnt have been able to get back on. my 7 other girls where named in another language because i like to role play them pretending that they came from a certian county. thus some if not all are hard to spell. plus add in the fact didnt take in that some people have dyslexia. gg anet! one of my guildies has that. and it took her like 5-10 minutes to sign in.

And that explains why A.net requests Guru to remove character names from the profile page. Makes perfect sense.

Well I took it as a joke!

And while I know it wasn't Regina that said it, you must admit, there was a irritated condecending tone to her post.

What she doesn't seem to realise, is while I don't know all the data ANet has to go on, she also does not know all the information and knowledge I have about computer security.

And I'll tell you know, it's a lot, so when I see a bit of bandaid wrapped up in BS, spin, and condecending misinformation, I call it.

Its also a shame that the only way you can get much out of CS is to rattle their cage. Still, if that's what it takes

We all got it then.

Well, I have dced and reconnected during a vanquish this morning (gmt, after the update) without any problems.

lemme try again after this run.. might have something to do with putting in a character name that's not the same as the one your trying to reconnect

used to focus on the last character when you logged in.. but since update just goes to the one you put in the character name box

That dc/ rc at will thing was nerfed way back during that so called "mini duping affair". Its to prevent people from ever abusing that exploit again. Howeever; if you get a legit dc while in a match or in an instance you will be promted to rc.

aye I would say this is a bug.. if you connect back with the same character name in the security box, you can reconnect

if you use another name from a different character on the account, your session with the character you were just on is gone

If we accept the theory that at least some of the accounts currently being stolen had their username & password grabbed some time ago, but the thieves are just now getting around to looting them, it makes sense. If I were a thief given a few hours forewarning, I'd promptly write a bot to log into as many accounts as possible and grab a character name off them.

Given that a-net has expressed before their belief that thieves are still in the process of harvesting accounts from the fansite breach, it seems likely that they prevented some thefts by their secrecy.

Yes, they do. It's worth the trade though. If X = chance_of_account_theft * damage_from_account_theft, X has gone way, way down. And, at any rate, the solution is really obvious: WTB character locks!

Before everyone starts heaping on accolades and the devs injure their arms from patting themselves on the back, I'd be skeptical of blindly accepting that this countermeasure is going to solve all our problems.

As one who finds performing "root cause/failure analysis" reports useful, has the actual "root cause" been identified and corrected? Seems like we're treating a symptom, while maybe circumventing the issue and not actually patching any NCsoft vulnerabilities.

The new extra security question, on the surface, seems to have addressed the issue of preventing the hackers from logging into a compromised account. But it still doesn't prevent an unauthorized password reset, if I'm correctly understanding how a lot of the accounts were originally compromised. Unless I'm suffering from a major reading comprehension fail, that locked thread with all the "I've been hacked" posts shared a similar experience, most of them being related to their master account pw being reset.

I'm sure future hackees are thankful for this quick fix, and I'm sure the previously hacked are a bit pissed that it took as long as it did for any action to be taken, however, the outstanding issue of those unauthorized resets concerns me. Especially considering the fact that credit card info is tied to the master account. Playing with my money is like playing with my emotions, Smokey.

Firstly, its a welcome new feature, and although its to late for some, if it goes someway towards limiting attacks, or even preventing them in the future, then its a step in the right direction. But I think more can be done, and definatly needs thinking about for GW2.

Ive no suggestions, other than keep up the good work guys, ive enjoyed GW for 4+ years now, no other game comes close to have that said about it. And for the problems I have had, the support guys have been great, maybe not the quickest in the world, but they get there in the end, and id sooner have a detailed check which takes days rather than a yes sir heres your password reset approach.

So thumbs up from me

If you're having trouble remembering the characters on your account, we have a suggestion: check your screenshots in your GW folder. If you can find any of your character names in a screenie, then you can use that name for login. Even if you have multiple characters on multiple accounts, seeing character names might jog your memory. If you can't remember a character on your account for the life of you, and still need to write to support, give them as much info as possible, including your username and any character names you remember. Even partial names, a name that is close to a character name on your account, or a character you've deleted. If possible, try to contact support using the email account that is your Guild Wars account user name. It will help support establish that you are the owner of your account. Hope this helps.

On a side note, despite the mild inconvenience that this security measure does cause, most of the reactions have been positive, so we thank you for your understanding.

This character name confirmation is a visible security measure, to be sure, but I want to reiterate that this is not the only security measure we have implemented. As I have stated here and elsewhere, we have developed a number of methods to address the issue behind the scenes. In addition, it is not the only security measure we will implement in the future. The developers continue to work on additional measures to help safeguard accounts.

I agree it is a bad idea and many players with multiple mule accounts will not easily remember the name of one of their toons.

But it is a bad idea for more reasons than that. I have nine accounts, two of which I play actively and seven mules. GW Platinum Editions NIB are going on eBay for $US6.99 shipped, which is a lot cheaper than buying extra storage from the online store. I have spent most of today guessing the names of my mule toons and so far only one account is still MIA.

But when I was logged on it was lag city. I know it is festival time and lots of infrequent players are on for the holidays, but every thing seems to be in bog mode (just checked and my pings are 4 digits with a red light). I don't go looking for black helis but this may be ANET's lamo attempt to reduce server loads.

If I had any idea I needed to write down my toon names I would have done so long ago, and from the posts here lots of other peeps are in the same boat I am in.

I have sent an email to support, and got the bot reply back. But I will bet it will take at least a week for a real person to even read it. Then I will have to go through multiple DVD boxes and type in long meaningless key codes (how come everyone expects me to remember my toon names but no one expects me to remember my key code) hoping I dont make a mistake and wait for ANET to read another email and sort things out.

But what really makes this a bad idea is that guys like me that have bought several copies of GW are hurt the most. The guy with a single copy of GW can more easily remember the name of at least one toon than someone with multiple accounts.

Maybe some one can explain to me what kind of business model bashes their best customers and creates a situation where the least profitable customers can bash the best customers as well.

I doubt I will ever buy any more GW keys and that includes GW2.

Just as an aside I would love to see how the email to support spiked and how long it will take to clear out the backlog.

I just realized this was even more of a genius move on Anet's part than I initially gave them credit for. I doubt they WANT people to be using multiple accounts to farm the MPB, and this new update kinda gets in the way of accessing those extra accounts.

Genius. For at least awhile those with multiple accounts will be on the same playing field with those with only one who are farming the MPB.

EDIT: Muhahahha

Yea, I always take screen shots when I transfer stuff to my mules.

I have sent an email to support and got the bot response. Maybe you would like to estimate how long it will take to things sorted out. I have nine accounts and can send in nine key codes for my single mule account I cant remember the name of any toons on.

To you it may be a mild inconvenience but to me it is the straw that broke the camels back. Currently GW is in complete bog mode, my pings are 4 digits and the light is mostly yellow or red. I am not expecting to get a real response that will restore my account till after the first of the year. Prices in the online store are way out of line compared to what NIB stuff sells for on ebay. WalMart does not even stock GW, and it is often hard to find at Best Buys. And now I have to waste time guessing how I spelled the name of my mules.

Spin it however you want, but this is a real black eye for you guys. I will not be buying any more GW stuff, even if the price on ebay keeps falling.

Yea, real genius on ANET's part. Now lots of peeps who were buying their game will no longer buy it.

That means less income for ANET. We all know how fast the servers are and what great ping times they have; it is not like they need an upgrade or anything like that.

It really was a stroke of genius to PO your best customers and then have peeps in this forum cheer ANET on for doing it.

The value of your main character that you have played for over 4 years makes this not a good trade. I would be happier (much) with a no delete character option.

Bullshit, doing the farm on 2 accounts is enought, 3 is the maximum and you will only save 1 min every 2 runs on average.
The keyboard headroll names of a lot of farm bots on the other hand...

I find it mind bogling that some people are not able to remember the names of at least one of their characters per account.

Just shows you how most people don't put any effort into character creation and how extreme makeover credits can go for the price they do and have that sort of a demand.

It's pretty sad if you aren't going to buy GW2 simply because ANet added a security question at a time that hundreds of accounts were being stolen. But hey, if more security makes you less willing to buy a game, then so be it.

+1 to what Arkantos said.

And if you are QQ'ing over your decrease of mini drop chances due to the improvement of security, you need to re-evaluate what's more important, because if your account gets hacked it doesn't matter how many mini-Polar Bears you have, they'll be gone.

I like the added security measure, gives me a better feeling that my account is safe.

Esprit, I love your Avatar.

I had 4 accounts , 2 which i could remember easily and 2 new ones i bought for storage. Did have a mild panick when I couldnt remember the names but then realised I could just look in my guild list for them

I opened all 4 accounts and stuck them in a quarter of my screen each and filled in all teh account names and character names then took a screen shot and saved it so that hopefully I wont lose the info. I use the /email parameter to save the account name and now i can stick the character i want to play in the box and it opens up on that one which is quite nifty.

A good start to improving security but what is really needed is the ability to make a character UNDELETABLE. I dont really care about my epeen shit but im |<--this much-->| from my GWAMM and if that went for any reason i'd prolly just go back to wow rather than start again.

You guys seem to be missing the point.

I don't have a problem with better security.

As I have posted other places a log in screen like Runes of Magic uses completely bashes key loggers; something the current GW screen does not do if you are logging on to multiple accounts from the same machine cuz you have to retype the PW and toon name every time you switch accounts. So for me and other guys who have multiple accounts this is not really better security, just a PITA.

But whats even worse is that not only is security worse but it is implemented in a way that discourages peeps from having multiple accounts. Whatever your feelings about multiple accounts they do provide income for ANET. Anyone who has played GW for any length of time has seen it turn into lag city and stay in bog mode at times, especially when there is a festival.

Speaking of festival there are tons of guys who are not regular players, but will be on for the next couple of weeks and overloading the already overloaded GW support. So this so called security stuff comes at the most disruptive time.

It is not just this single thing, but lots of stuff. Like I posted earlier Walmart is no longer selling GW, it is often out of stock at Best Buys, prices are falling for NIB GW stuff on ebay, and the prices at the online store are way high.

I am still not convinced this is "strong" security", just more of a stumbling block to legit users who will have to go through a mind numbing session with support and probably miss most of winterfestival.

To me it is the wrong thing at the wrong time and ANET trying to spin it only makes matters worse.

I like how people somehow think that it's Anet's fault that they can't remember their own character names.

Its amazing how people are trying to troll an added security feature for the fact they can't even remember their character names, Maybe you should have used easier names before buying 10+ accounts to harvest zkeys.

It in no way discourages me from having multiple accounts and anyone who feels agrieved at being forced to remember an account name in order to play a game should really blame themselves rather than Anet.