plaync website takes a step backward in security

axe

axe

Wilds Pathfinder

Join Date: Sep 2005

Pwn Appetit [NJoy]

W/

Quote:
Originally Posted by Riot Narita View Post
Axe, how come you were always able to remember your NCsoft/PlayNC password, but not your game password?
Because it is linked to my email, so I would click, forgot playNC master, they send me an email, I log in, change the Master, change the game acct pass.

And yes I log in to the Master even less than GW, so I would forget that 99% of the time.

Riot Narita

Desert Nomad

Join Date: Apr 2007

Quote:
Originally Posted by axe View Post
Because it is linked to my email, so I would click, forgot playNC master, they send me an email, I log in, change the Master, change the game acct pass.

And yes I log in to the Master even less than GW, so I would forget that 99% of the time.
Ah, of course.

You know, I'd much rather they did something like that for GW passwords, than simply allow a new password to be set without knowing the old one.

eg. go to NCsoft master account, click "reset GW password", receive new password by email.

It would be better for people in your situation, and I'd find it preferable to what they just did.

axe

axe

Wilds Pathfinder

Join Date: Sep 2005

Pwn Appetit [NJoy]

W/

Quote:
Originally Posted by Riot Narita View Post
Ah, of course.

You know, I'd much rather they did something like that for GW passwords, than simply allow a new password to be set without knowing the old one.

eg. go to NCsoft master account, click "reset GW password", receive new password by email.

If your email address is dead, THEN you have to enter old password to set a new one.

If your email address is dead AND you don't remember old password... well, you'll still end up going to support. But it would still be better for people in your situation, and I'd find it preferable to what they just did.
That would have been ideal for my situation, and it was "kinda" how it worked with the PlayNC Reset thing, but it was an extra account, I suppose the idea behind the PlayNC is that you would have multiple PlayNC games all "conveniently" tied to one account.

For me I only ever had Guild Wars, and I will be getting GW2

As someone else stated, at this point (5 years) having original documentation is going to be rare. I learned from my own mistakes, and while I did like the ability to log in without support, having forgotten my pass. It wont be an issue for future games because I will keep all my receipts, keys, and I will use care when setting up my account initially. I cant be the only one out there though that got locked out legitimately.

Also having the "must know old pass" field, I basically just had to cross my fingers that I didnt get hacked, because if they changed my pass in game, I was locked out, and Support did mention to me that I would need to provide the information that I no longer have.

Tying the game to an email, also presents some risks, but as someone also stated, you just cant prevent hackers from getting in, if they really want to. Its a balance between convenience for the users and roadblocks for hackers. I just felt the need to voice my particular situation, since nobody else mentioned anything similar (maybe I was the only one :S )

Kattar

Kattar

EXCESSIVE FLUTTERCUSSING

Join Date: Mar 2007

SMS (lolgw2placeholder)

Me/

I had ignored this thread since I thought it was like all the other "omg qq anet suxxorz."

I really wish this thread had been what I'd thought it was.

Tullzinski

Tullzinski

Jungle Guide

Join Date: Mar 2006

Trying to stay out of Ryuk's Death Note

N/R

This is a shame that NCsoft has moved backwards after everyone fought to get the extra security implemented in the first place.

Bryant Again

Bryant Again

Hall Hero

Join Date: Feb 2006

What the hell, NCSoft?

At least I was lazy enough to not sign up for the free storage, but sheeit...

zwei2stein

zwei2stein

Grotto Attendant

Join Date: Jun 2006

Europe

The German Order [GER]

N/

Quote:
Originally Posted by Bryant Again View Post
What the hell, NCSoft?

At least I was lazy enough to not sign up for the free storage, but sheeit...
I wish I was lazy aswell

Karate Jesus

Karate Jesus

Forge Runner

Join Date: Apr 2008

Texas

Reign of Judgment [RoJ]

Me/

Quote:
Originally Posted by Bryant Again View Post
What the hell, NCSoft?

At least I was lazy enough to not sign up for the free storage, but sheeit...
I wish I had been lazy, too. This is baaaaad.

Well, not Aion bad....but bad.

Chthon

Grotto Attendant

Join Date: Apr 2007

I suggest we keep this thread on the top of the first page until there is an official response explaining why the hell they'd do something like this. And it had better be a damned good explanation...

MagmaRed

MagmaRed

Furnace Stoker

Join Date: Mar 2007

Our Crabs Know True [LOVE]

R/

Quote:
Originally Posted by Chthon View Post
I suggest we keep this thread on the top of the first page until there is an official response explaining why the hell they'd do something like this. And it had better be a damned good explanation...
You may get a response from an Anet staff person, but I have never seen or heard of an NCSoft employee using these forums. They are separate entities, and I see no reason for NCSoft to be using a GW Fan site. Would be nice to have Anet comment on it, but it wouldn't be 'official'. If you want something official, try contacting NCSoft or using their companies forums (if they have them, never looked into it).

cosyfiep

cosyfiep

are we there yet?

Join Date: Dec 2005

in a land far far away

guild? I am supposed to have a guild?

Rt/

It would be nice if one of the ncsoft people would make a comment on this, but as Magma pointed out.....probably wont happen since they would need to get 'official' whatever to even comment on this since they probably dont even think we know (or probably care).....or you will get something like 'its security issues that we wont discuss with the public' type reply......
good try B+

Jk Arrow

Jk Arrow

Lion's Arch Merchant

Join Date: Nov 2008

WI

Dark Phoenix Risin [DPR]

R/

Yep this pretty much just caused my secondary account to get hacked. Never shared the password with anyone but since I am not the original owner of it, I had no control over the email address. All that was needed is to click forgot password and I lost out on a storage account with 6 full toons.

I thought I would post my emails back and forth with arena.net cust service for those interested. Might help others in the future. I don't really care that the character names are listed since some gold seller probably now controls the account. Bottom line, if you did not create the account, you are screwed so make sure your valuables are on your main account. I don't expect to ever get this resolved.

Email chain starts at the bottom. I know far too many people that have been hacked that do not use forums or share passwords. The account security is definitely a problem.

JK



I can understand your concern with only being able to help the original owner of the game. But Anet is probably aware that many old time gamers have decided to leave the game and have fortunately been gracious enough to pass along their hard earned items and accounts to others rather than letting them sit out on the Internet to waste away.

I feel as though I have proven that I have been the rightful user of this account for some period of time, even naming characters and items that are in the inventory and where they are located. I even challenged the support team to pull ISP history of logins and trade archives which I know can be done as it was used to prove me innocent in a past and wrongful accusation of gold purchasing.

By ingoring the situation and focusing only on the rules set in stone, you are basically alllowing gold sellers to continue to operate. I may not be the original owner of the account but I used it within the guidelines of the agreement and have always followed the same ethical standards I follow in real life. The person or organization that hacked the account will create a bot that will farm and farm and sell more gold. I am sorry you feel compelled to follow your protocols to a "T" rather than look at each situation individually.

I have been a loyal fan of the Guild Wars franchise since I first began playing 29 months ago. This situation is causing me to think carefully about future buying decisions from this company. I am inclined to go elsewhere when the only response I get is "we are just following the rules". I sincerely hope the company can clear up security issues so other people (and I know far too many who have been already hacked) do not have to go through losing what they enjoyed working for.

Thank you for your time. Feel free to share this with anyone in your company that may want to read it.


Hello,

We are only able to assist the original owner and creator of the account with account issues. NCsoft master accounts and game accounts cannot be transferred from one person to another, and are meant to have only one owner for the life of the account. Can you please have the owner of the account contact us directly? We can assist them with this account. We look forward to hearing from them.

Regards,
GM ApplePython
The Guild Wars Support Team



Well since this account was given to me by a friend, I am not going to be
able to give you all of this data. Here is what I can give you:
Friend's name was Kevin C.
He lived in California.
The account has only Proph and Factions, it does not have NF or Eotn
although a trial key was used for NF as there are some chars with heroes but
they are no longer accessable.
The login name of the account is [email protected].
I can give you the password for the account up until yesterday upon your
request. It was the same as my other account ----------- until I
changed that out of fear of it getting hacked as well.
There were 6 characters on the account. K Diddy is a warrior, Ima Hurtcha
is a warrior with no armor, Lvl 20 monk, Lvl 2 female necro with name of
Free Stuff is Good or More Free Stuff (can't remember as I had 2 chars), Lvl
20 Ranger, and Lvl 20 Ele name is Ima Balla.
There are 3 storage panels, first one had mostly runes, others contained
stacks of mats, hero armors, as well as some other items. In the mat
storage pane, there were several stacks of 250 mats including parchment,
fur, and others.
Most of the chars were full of weapons, Ima Hurtcha was full of mostly
dedicated mini pets, the monk and necro had mostly weapon mods and
inscriptions.
The account was in the same guild as my main ---------.
If you check the login IP addresses, you will see since roughly Feb, 2008
the account logged in from a Wisconsin USA address, most always Milwaukee
area through Time Warner.
If you check the trade logs, almost 95% of all trades with this account took
place between my two accounts.
If you reference Incident: 090625-001295 created back on 6/25/2009 you will
see I referenced both accounts in my email regarding Xunlai House points.

I am hoping this is enough proof for you to see that this account has been
under my control for some period of time even though I did not initially
create the account. I did not know if I was ever able to change the
username on the account or I would have assigned it to a different email
address that I control. I can only assume that the email account it is
attached to was used to hack the account as I was the only person to know
the passoword and there were no 3rd party accounts (Guildwarsguru, wiki,
etc) affiliated with it.

Thanks for your time and please let me know if I can do anything else to
help restore the account. Thanks.


We will need you to verify ownership before any further assistance can be given. Please provide the following account information:

-- What first and last name did you use when you created the account?
-- What physical address did you use when you created the account?
-- What date of birth did you use when you created the account?
-- What are all the retail access keys currently registered to your Guild Wars game account? (Please include the retail access keys from each campaign.)
-- What is your Guild Wars login name?
-- What are the last 4 digits of the credit/debit card used to make any Guild Wars purchases online from us? (if applicable)

Regards,
GM ApplePython
The Guild Wars Support Team


Hello. My secondary account I believe is currently being hacked. Time is 10:49pm CST. The account name is:

[email protected]
Main character name is K Diddy

This was an account I was given by a friend. I had the same password as my main account which I never gave to anyone. I noticed it was logged at the same time as my main account which is:

------------
Main character is -----------

Hopefully you will be able to restore the account. Please let me know if you need anything else. Thanks!

Smarty

Smarty

Krytan Explorer

Join Date: Mar 2008

England

Me/

I received my first Aion spam email (at least I hope it was a spam email - if not I've somehow been flagged by the GSU for RMTing on an inactive account!) on the email address listed in my Aion NCsoft master account today. I've never had spam on that email address before. Coincidence? I hope so, but it seems fishy to me. Not at all happy with the idea that some creep's got into my account and found my email addy and other personal info - very glad I changed it all to fake details and deleted my payment info.

Don't you just love the timing of this latest bit of news, though? GW2 publicity goes into hype mode just as NCsoft demonstrate their complete untrustworthiness and their contempt for their paying customers. I want ANet to separate from them sooooo badly.

Chthon

Grotto Attendant

Join Date: Apr 2007

Quote:
Originally Posted by MagmaRed View Post
You may get a response from an Anet staff person, but I have never seen or heard of an NCSoft employee using these forums. They are separate entities, and I see no reason for NCSoft to be using a GW Fan site. Would be nice to have Anet comment on it, but it wouldn't be 'official'. If you want something official, try contacting NCSoft or using their companies forums (if they have them, never looked into it).
I'd settle for a clear, non-evasive answer from Regina.

Evil_Necro

Evil_Necro

Desert Nomad

Join Date: Nov 2005

川崎区、日本

currently guildless..

Rt/

oh.. that's why I can restore my forgotten password.................

should I be glad or worried now, I'm not sure...... >_>

SlipknotOFA

Frost Gate Guardian

Join Date: Dec 2005

Newport Ky

Order Of Fallen Angels

Mo/Me

Quote:
Originally Posted by Gennadios View Post
Does this have something to do with the recent rash of "I wanted to get back into GW after XX years of not playing, and don't remember my character names or password QQ" posts that Guru's been seeing lately, I wonder?
Even if they did forget they should know they did pay for the game you can go cry over there now QQ mommy and daddy need to talk

MithranArkanere

MithranArkanere

Underworld Spelunker

Join Date: Nov 2006

wikipedia.org/wiki/Vigo

Heraldos de la Llama Oscura [HLO]

E/

Maybe they want us to buy new accounts.

Poor naïve greedy *bleep*tards.

I wish ANet could separate completely from them, and just use Steam for distribution.
Steam: "the less bad of all DRM evils". XD

End

End

Forge Runner

Join Date: Jan 2008

Rubbing Potassium on water fountains.

LF guild that teaches MTSC (did it long ago before gw2 came out and I quit...but I barely remember)

N/A

Quote:
Originally Posted by Chthon View Post
I'd settle for a clear, non-evasive answer from Regina.
I lol'd...like that will ever happen on any topic...

maxxfury

Wilds Pathfinder

Join Date: Apr 2006

[DVDF] Gp

Me/A

Quote:
Originally Posted by End View Post
I lol'd...like that will ever happen on any topic...
Least she doesnt pretend to be a frog :P AND makes some effort...

Benderama

Benderama

Krytan Explorer

Join Date: Jul 2008

UK

[Rage]

Rt/

*applause* i love sarcasagasm %D

i remember i only joined playNC because of teh feature allowing anyone with an account to geet the password to an account not linked to plaync.
Yeah why not just stick with the e-mail your forgetten password thang?

Sierraa

Sierraa

Supastar~ ???

Join Date: May 2006

USA [GMT -7]

Sierraas Asian Harem [love]

Me/

Quote:
Originally Posted by Bob Slydell View Post
2) Your Character Name Slip out in forums (like Guru
My character names have nothing to do with my email OR password. If you're dumb enough to have [email protected] frediscool & Fred the Warrior, you probably deserve to lose your account. I truly fail to see the connection between my character names and email/password. :|

With that said, you should use a different password for you GW account as well as an email.

Broseiden

Broseiden

Ascalonian Squire

Join Date: Dec 2009

TXN

Quote:
Originally Posted by Sierraa View Post
My character names have nothing to do with my email OR password. If you're dumb enough to have [email protected] frediscool & Fred the Warrior, you probably deserve to lose your account. I truly fail to see the connection between my character names and email/password. :|

With that said, you should use a different password for you GW account as well as an email.
Uh... the whole point of letting your character name slip means that the "hacker" now knows your character name, which is another requirement in order to log into your Guild Wars account along with the email and password. It's just another chance you're taking.

Riot Narita

Desert Nomad

Join Date: Apr 2007

Quote:
Originally Posted by Sierraa View Post
My character names have nothing to do with my email OR password. If you're dumb enough to have [email protected] frediscool & Fred the Warrior, you probably deserve to lose your account. I truly fail to see the connection between my character names and email/password. :|

With that said, you should use a different password for you GW account as well as an email.
The problem is, if it's still possible to glitch into somebody else's NCsoft master account...

...then what NCsoft just did, is once again make your character name into your ONLY protection against random GW account theft. That and luck. Because if they glitch into your master account, they'll see your GW login (email), and they can change your GW password without knowing the old one. All that's left, is to find a character name.

So unless you feel lucky, you should protect your character names. Don't make it easy to trace your IGN through forum posts - especially if you used the same email for GW and for forums. (bear in mind, they may already know your email address from compromised forum sites)

Master account -> GW email -> Forum email -> forum name -> your IGN if you posted it -> you get raped.

Shayne Hawke

Shayne Hawke

Departed from Tyria

Join Date: May 2007

Clan Dethryche [dth]

R/

Makes me wonder why NCsoft doesn't have community people that browse forums like this, to address these kinds of issues instead of asking ANet to play messenger boy to our complaints.

Cuilan

Cuilan

Forge Runner

Join Date: Mar 2008

Me/

I'm just going to throw this out there.

Preventing people from playing at all or annoying them and security are often at odds with each other. Difficult forum registration is an example as it applies to sites with spam prevention, etc. Too much in either way never leads to anything good, so the only way to deal with it is adapt and find creative ways that don't ruin the game for everyone else.

Chthon

Grotto Attendant

Join Date: Apr 2007

Still waiting.....

coil

Krytan Explorer

Join Date: Aug 2007

hey regina/martin/emily/pierre yall gonna fix this or what?

End

End

Forge Runner

Join Date: Jan 2008

Rubbing Potassium on water fountains.

LF guild that teaches MTSC (did it long ago before gw2 came out and I quit...but I barely remember)

N/A

Quote:
Originally Posted by Shayne Hawke View Post
Makes me wonder why NCsoft doesn't have community people that browse forums like this, to address these kinds of issues instead of asking ANet to play messenger boy to our complaints.
I totally volunteer to get paid to troll...wait...if I work for them I probably wouldn't be allowed to post...nvm...on a side note +1 to this idea...

Sierraa

Sierraa

Supastar~ ???

Join Date: May 2006

USA [GMT -7]

Sierraas Asian Harem [love]

Me/

Quote:
Originally Posted by Riot Narita View Post
The problem is, if it's still possible to glitch into somebody else's NCsoft master account...
afaik that was solved when they updated their site. You're free to try it though.

Quote:
Originally Posted by Riot Narita View Post
...then what NCsoft just did, is once again make your character name into your ONLY protection against random GW account theft. That and luck. Because if they glitch into your master account, they'll see your GW login (email), and they can change your GW password without knowing the old one. All that's left, is to find a character name.
I personally don't think it was directly linked. I think that the random log in issue was just lumped into the many other issues that were brought up. In addition to adding the character name they updated their site. You had to know your old password in order to change it. Character names being your "only protection" is apparently recent and I certainly feel like it isn't your -only- protection. When you change your password you get an email.

Quote:
Originally Posted by Riot Narita View Post
So unless you feel lucky, you should protect your character names. Don't make it easy to trace your IGN through forum posts - especially if you used the same email for GW and for forums. (bear in mind, they may already know your email address from compromised forum sites)

Master account -> GW email -> Forum email -> forum name -> your IGN if you posted it -> you get raped.
Again. If you're dumb enough to use the same email/name/password for everything you probably deserve to get your account compromised. It's posted pretty much everywhere to use a different email/password for anything important. Even with your explanation I fail to see how they're going to magically guess that I'm "Green Tea Sierra" in game through my plaync account or my login information.

There's also a flaw in your chart. In your User CP you can adjust who can see what in your profile. You can also hide your email address from everyone but admins. I highly doubt someone is going to magically guess any of my info when none of it is related to each other.

Quote:
Originally Posted by Broseiden View Post
Uh... the whole point of letting your character name slip means that the "hacker" now knows your character name, which is another requirement in order to log into your Guild Wars account along with the email and password. It's just another chance you're taking.
Please see above.

Riot Narita

Desert Nomad

Join Date: Apr 2007

Quote:
Originally Posted by Sierraa View Post
afaik that was solved when they updated their site. You're free to try it though.
Why do you think it is fixed? Is that just an assumption? I haven't heard anything about it being fixed - if you have a source, please post it.

Even if it IS fixed, removing the "enter old password" requirement again... has set everybody up for maximum damage, the next time a master account exploit is found.

Quote:
Originally Posted by Sierraa View Post
In addition to adding the character name they updated their site.
NCsoft did no such thing.

It's A-Net who put in the character name requirement, for GW players - and thank God they did, because NCsoft wasn't stepping up at that time.

Aion players got nothing, they were left hung out to dry.

Quote:
Originally Posted by Sierraa View Post
When you change your password you get an email.
Yes. An email telling you your password has ALREADY been changed. What use is that?

The email tells you in effect: "somebody changed your password. If it wasn't you, then I'm afraid your account has just been emptied, and possibly your characters are deleted"

Quote:
Originally Posted by Sierraa View Post
Again. If you're dumb enough to use the same email/name/password for everything you probably deserve to get your account compromised.
Yes, everybody gets that.

The point is: character names are part of your account security now.
It's simply not good practice to give away ANY login information, anywhere.

There were people who randomly lost their accounts even though they DID EVERYTHING RIGHT. Unique passwords and email addresses everywhere, strong passwords, full and up-to-date security on their PC's, no dodgy downloads or visiting unsafe websites etc. And it still wasn't enough, because of NCsoft's failures - an aspect of security that we have no control over.

Protect the things you CAN protect. Don't rely on NC-soft, arena-net, guru, or anywhere else that is out of your control... to protect your information. Who knows what exploits may emerge that will let somebody put all the pieces together, or bypass some of them? It's happened before.

Quote:
Originally Posted by Sierraa View Post
There's also a flaw in your chart. In your User CP you can adjust who can see what in your profile. You can also hide your email address from everyone but admins. I highly doubt someone is going to magically guess any of my info when none of it is related to each other.
Several GW fansites have been compromised, including guru. Email addresses were stolen, and maybe forum names (not sure)... and who knows what else. In other words, when a site gets hacked, your CP settings aren't going to save you. The hackers are likely to see everything anyway.

But by all means - make whatever assumptions you want, take whatever chances you like with your character names. If you used different emails and screen names everywhere, the chances are slim that anyone can match an IGN you posted, to a GW account.

But personally, I'll take every precaution available to me. I don't want to take chances, no matter how small.

Bob Slydell

Forge Runner

Join Date: Jan 2007

I really don't know where to stand because I get mixed stories even by the people I trust.

I think there IS a problem with NC security, but that does NOT by ANY means dismiss the problem that people still make mistakes on their parts, which makes it looks really bad when a few people get hacked "for no reason" and some people get hacked "for a reason", and it inflates. As I said, I still think there is a problem, but that fact still does not dismiss that some people are at fault for losing their own accounts.

I for one, have gotten asked .. by a friend, who played guild wars once, never signed up for ANYTHING using his email, game related, and he kept getting emails saying his account password was reset. The gunny thing was, these weren't fake ones, they were the real deal. Someone managed to pull his information from somewhere, or managed to spoof it somehow to NC to get in. And I believe this.

But there are still some really stupid people out there who don't help the situation, which blow the situation up and out of proportion.

I'd seriously LOL though if some Guild was behind a lot of the "hacked accounts" and some of the stories we heard were fabricated just to make other players more paranoid and to make them click *anything* with NCsoft on it in their email inboxes, even skipping their instinct and clicking on fake NC email, to give some random stranger their information.

You gotta wonder though....because I've seen those faked emails, I think one was even posted here by someone, and the IP address has one or two octets exceeding 255, lmao.

Quote:
Originally Posted by Sierraa View Post
My character names have nothing to do with my email OR password. If you're dumb enough to have [email protected] frediscool & Fred the Warrior, you probably deserve to lose your account. I truly fail to see the connection between my character names and email/password. :|

With that said, you should use a different password for you GW account as well as an email.
Well, with due respect... I found your post to be a little smug. I take your response as if im firing shots at you for being bad at account security (which we know is false, I'm not accusing you) but it looked that way to me. Again..sorry.

But you ARE right, if your character name and other credentials are common, it's possible for a hacker to get you, if you're smart (as you said, and like I am at security) you should be fine.

I looked at it this way.

Say I'm a TOTAL jackass at account security (but I'm not), I could post an email here of mine for someone to contact me. If it's in the open or even in a PM, if it gets out, it gets out. Now, a hacker sees a potential victim. He can ASSUME my char name is "Bob Slydell" and that the email he has is my GW one. Then he can go on maybe assuming that I in some way an an Office Space fan................ crazy enough to name my password something like.. I dunno. Innitech123 or MichaelBolton ...bam he's in!!!!.

We all know people do that shit, that's all I tried to explain with my little "point #2" people can tag things together to get a clearer understanding of you, we all know this. I just wanna make sure you know thats what I meant.

The lucky hacker may have hit the jackpot in my little description, but luckily for me, in real life on one never figure out my credentials, unless Jesus returns and decides to take up GW account hacking.

betterjonjon

betterjonjon

Academy Page

Join Date: Jul 2006

Knights and Heroes [Beer]

Mo/

Quote:
Originally Posted by Bob Slydell View Post

The lucky hacker may have hit the jackpot in my little description, but luckily for me, in real life on one never figure out my credentials, unless Jesus returns and decides to take up GW account hacking again.
Just had to fix that little slip up there.

Martin Alvito

Martin Alvito

Older Than God (1)

Join Date: Aug 2006

Clan Dethryche [dth]

Quote:
Originally Posted by Bob Slydell View Post
I think there IS a problem with NC security, but that does NOT by ANY means dismiss the problem that people still make mistakes on their parts, which makes it looks really bad when a few people get hacked "for no reason" and some people get hacked "for a reason", and it inflates. As I said, I still think there is a problem, but that fact still does not dismiss that some people are at fault for losing their own accounts.
That is precisely the point we repeatedly attempted to communicate to the ANet community reps without result during the rash of hackings at the end of 2009. Some people are dumb about security, and they lose their accounts as a result. We can treat when errors happen as random. The number of hackings at any given time is thus a stochastic process, but the number of hackings should vary within a certain range. Once the number of reported hackings becomes sufficiently great, it's time to start looking for security holes on the ANet/NCSoft side.

Let me assure you that there are still a ton of flaws with the PlayNC site. It's about as secure as the website of a third-rate e-merchant. They just don't seem to get that doing business in the American market requires first class security. Their primary competitors understand.

I finally broke down and bought an unlinked account to store my valuables on during the account thefts, using an e-mail that I just don't use as the account name. But the fact that I had to take that step has made me unlikely to purchase GW2.

Quote:
Originally Posted by Shayne Hawke View Post
Makes me wonder why NCsoft doesn't have community people that browse forums like this, to address these kinds of issues instead of asking ANet to play messenger boy to our complaints.
If you're not going to take action anyway...

Tyla

Emo Goth Italics

Join Date: Sep 2006

Quote:
Originally Posted by zelgadissan View Post
I will, however, gladly play the game for now until I lose all my stuff from hacks.
I've recently found that problem. Recovering but eh, the hacking was because I was a retard and didn't think of my NCSoft stuff as needed initially, and as Gennadios said, for exactly that reason.

Chthon

Grotto Attendant

Join Date: Apr 2007

Still waiting. Lucy, you got some 'splaining to do!

Lord Sojar

Lord Sojar

The Fallen One

Join Date: Dec 2005

Oblivion

Irrelevant

Mo/Me

NCSoft is the worst online gaming company in history when it comes to security and transparency. They should be ashamed of this shit... Totally uncalled for, in every sense of the words....

Take a memo from Blizzard: Authenticators (mobile and stand alone)

Martin Kerstein

Martin Kerstein

Frost Gate Guardian

Join Date: May 2007

Heya,

Gaile posted an update on her support page on this issue:

In December of 2009, players raised concerns about the security of NCsoft Master Accounts. While we investigated those concerns, we added a second layer of security that required players to input their game password before making a change, even though they already had logged into their NCMA and had passed its security measures.

After extensive research, the Guild Wars and NCsoft teams were unable to identify any security breaches in the NCsoft Master Account system. This means that the delays that customers were experiencing related to account resets added no value from a security standpoint. We removed the second password requirement a few weeks ago. We have monitored daily for any upswing in stolen accounts and have seen no increase whatsoever. We will continue to monitor the situation and if we notice any adverse effects as a result of the change, we will address the issue immediately. Please see Gaile's Support Page for more detailed information.

Riot Narita

Desert Nomad

Join Date: Apr 2007

In other words:
"We decided to open the stable door.
This stops idiots from bumping into the closed door, when they want to pet the horse.
It also makes the stable-hand's job easier.
The horse hasn't bolted yet, so we'll leave it open.
If the horse ever does bolt, we might think about about closing it again. After the horse has gone."

Great plan /sarcasm

Edit: I seriously hope there will be no requirement to link GW2 accounts to an NCsoft master account - and the bad joke that NCsoft calls "security". eg. to get any goodies from our GW1 HoM's. Because if that's the case... if I buy GW2 at all - I will simply do without HoM goodies, even if I earned them. That won't be due to a temper tantrum, throwing my toys out of the pram - but because it will be the only sane choice available to me.

AuraofMana

Wilds Pathfinder

Join Date: Jun 2005

Georgia, US

Why the hell do you guys not have account activity tracing like WoW? If someone gets hacked on WoW, upon proving it to a GM, a quick rollback results in zero loss. GW doesn't offer the same service, so if you get hacked, you email support, wait a few days, and get the "these are the precautions you can take" crap. How does that help anyone?
If you have account tracing, you can rollback AND FIND OUT WHO HACKED YOUR ACCOUNT. Someone has to transfer your items to another account. If you know this it helps SOLVE the problem instead of letting the hacker run rampant.
So what if the hacker DELETED your characters as well? All those years of playing for nothing? How will you handle that then?
There are several reasons why WoW has more players, this is one of them.
Are you honestly going to assume your software and server is 100% safe? No software and server is 100% safe. Any freshman in CS Major will tell you that.
All these people get hacked and you just assume everyone is a retard that hands out his or her account info or download shady third-party apps? Great business approach imo, having terrible customer support on the only game your company depend on. Maybe I shouldn't hold my breath for GW2 if my account is just going to get hacked anyway.

Shanaeri Rynale

Shanaeri Rynale

Desert Nomad

Join Date: Aug 2005

DVDF(Forums)

Me/N

Sorry Martin, Thats a silly rationale.

No one has hacked us yet so we'll remove security until they do.

Imagine a bank saying 'we've tested our security and since no one has hacked us yet and passwords are such a pain to the customer we've decided to remove them from our online banking system'

For Guild wars 2... Please keep the character name check and add other features to stop accounts being hacked or trashed outside of the NCsoft layer..