Account Security Concerns

I know its been brought up before but I wanted to bring it up again hoping someone from arenanet answers. Since the game uses email accounts as your account name is there any kind of added security to back up the password? Email addresses are easy to find out unless someone has a special email address they created just for the game and don't give it out. And I don't think its right to ask people paying for a game to have to establish thier own accounts security. And once you have the account name someone with enough patience and time on thier hands(or a script to do it for them) can figure out a password. So there needs to be some kind of added security such as a "secret word" or some other idea to determine true ownership. So anything you can tell us to assure us our accounts will be safe is appreciated.

Unless I'm mistaken, it's not possible to see other players e-mail addresses in-game, right? I'm no hacker, but the only way that I would see people being able to access your account would be if they were able to determine your IP address, go around any firewalls on your computer, and access any of the vital information on your computer, or monitor what keystrokes you're making (I'm fairly sure that's possible?). Besides that, I would like to think at least that the security should be pretty good for the game, as long as you don't give out your e-mail address, or any other pertinent account information for some odd reason.

But hopefully Gaile can give you an official answer. Most likely I'll just end up having to put my foot in my mouth like normal

Yeah they can't find your email address unless you give it to someone really but email addresses are exchanged fairly freely. And in my opinion a paying customer shouldn't have to refrain from giving out thier email address to friends in game for fear of thier account security. There have been plenty of people in other games that have had accounts stolen from people they thought to be friends.

Wouldn't giving out your e-mail mean you only have yourself to blame? Just keep in touch through forums, ie, this place

Not in game not without much difficulty.

However, all someone would have to do is try to send you an MSN message here on these forums and bam there is your e-mail address, try it!

I myself find it very inconvenient to give out and maintain different e-mail addresses and prefer to use the same e-mail address for all games, all accounts everywhere (unless I change my name o_O).

Giving out your e-mail address really shouldnt be something that could compromise your account security (in an ideal world).

One reason that I'll never willingly give out my e-mail address, unless I have meet the person multiple times in real life and have known them for a good three or four months, and even then, I'd still be cautious about handing it out. I'm not willing to take the risk of having my account tampered with by anybody besides myself. As long as people are smart about it, there shouldn't be any problems.

Midnight Scorpion: That's why my MSN Messenger account and e-mail account listed on this site does not belong to the e-mail account that my Guild Wars account is linked to

The point is that email addresses aren't a piece of vital information that you would normally keep secret, ie social security number or drivers liscence number. It is a means for communication and so should be free to be given out to people you want to keep in touch with. You shouldn't have to keep your email secret, that defeats the point of having an email address.

Yes I guessed that, but that goes back to the OP stating that he thought it wasnt "right to ask people paying for a game to have to establish thier own accounts security." And creating a new e-mail address solely for the purpose of playing a new game (which fits the description) would be wise, however inconvenient

Just for the sake of arguement, you could always have multiple e-mail address. Right now, there are three different e-mail accounts which I use; I have one through my school, one through Hotmail, then another one through Gmail, which is my primary account and the one which is tied to my account. Lucky for me I didn't follow my naming theme like I had done for my Hotmail and AIM accounts, otherwise it wouldn't be too hard to pick up what the Gmail account is

Edit: You just snuck your reply in before mine Midnight

Maybe it's just because I'm strange, but I don't really view making another accuont as an inconvenience. Yes, it does take a couple of minutes to set up, but after that initial setup time, it only takes seconds to log in and not much longer to browse through your e-mails and check out what you have. Obviously I'm not saying that everybody who's concerned about account security should get multiple e-mail addresses, I'm just throwing things out there for discussion.

Exactly, in my opinion if your charging someone to play a game like this you should make sure that thier accounts are safe and secure. It is a good idea to create a seperate email account for it but you shouldn't be forced to do so in order to keep your account secure. I for one only use 1 email address and I don't want to have to maintain another one. When you pay for a service you shouldn't be inconvienenced by that service.

im shure you dont mean that social security and what not should be used, just that they should let you make your own acount name. i would have to agree with this. ive given my e-mail out countless of times to people i havent meet IRL, and i dont think that now i should be made to keep it *hush hush* just to play a game.(even a great game like gw)

I myself do use multiple e-mails (quite a few actually since I own several domains, maybe that's why it is such an inconvenience to me) and would recommend it to anyone playing any game regardless, however the notion that it is a better idea to make a new e-mail address rather than not is quite oft in my book.

A simple solution would be to use usernames, and require them to be of a certain form that would be hard to find out. I'm not an expert in this area, but i've seem it in action in some other games that have no problems with stolen accounts, etc.

For example, require that account names contain at least a minimum amount of alphanumeric characters, and must contain at least 1 number. Decline account names that match email addresses, i.e. if your email address is [email protected], your account name cannot be emailname. I feel this is a good way to secure quite a good few people who are very inclined to make their logins the same as their email.

By now i'm ranting, I'd get some official words instead.

I'm not suggesting that they change and not use email addresses for account names. They must have a reason for wanting to use them and more than likely don't want to change this close to release. I'm just asking that they provide some extra means of security. Or if there is one in place already let us know so that we can feel our accounts are safe. Because passwords just aren't enough. Need some method of retrieving our account if someone guesses our password and takes control of our account.

im guessing that they want your e-mail so that they can e-mail you on things pertaining to the game.

they could make and e-mail account needed, but let you make your own acount name for the game

Even if they know the email you're using for the game, the amount of time it would take to brute force a good password is mind-boggling. You can only get the password wrong 3 times before the game stops accepting attempts for a few minutes.

Considering that, the ANet servers will be old and collecting dust in an antique store before someone can brute force into your account.

I suppose this is what the OP was looking for, woohoo!

hmm didnt know that they had the three times rule. thats good enough for me

Didn't know about the 3 times rule either. Thats good but I think they could do a little more.

(Emphasis added by Sin.)

Please ask yourself...

How is it that ones account security, and for that matter the security of the information so referenced by that account, is not solely that person's responsibility? You think by purchase of a right of use agreement to use the executable code for a game it some how transfers some part of your responsiblity for your account's security on to them?

Please take responsiblity...

There is only one person in the world who will protect your interests, and that's you. This is not to say your account security isn't valued. It is to say it is valued for the purpose of assuring you have a positive gaming experience and nothing more--it is a balancing of interests between you and the gaming company, bank, etc.. Any further protections you must provide because they are your concern and rightfully so.

This is your opportunity...

Being careful about your email is Privacy 101. Having mutiple email accounts to facilitate that is just reasonable since it's your job to protect your stuff be it your family, car, credit card/bank/debit card account, or account in a computer game. Be thankful you have this much power over some aspect of your life or you might easily aid in the historic precedence of giving up that power for some specious belief that someone else would care for your property, your interests, as well as you do.

In a nutshell...

In short, think of it as layers. The internal layer do all they can internally. The external layer is yours, you can hand the would be malfeasor the key to test the internal layer, or make sure there is an even further external layer (another email) that may even expose the malfeasor's true intent.


*Please note: If any should take offence, my apologies as none was intended. Thank you for your time.

Could they not try to hack into your email, then request that Anet send you a new password via "I forgot my password."?

They chose to make the account names something that is commonly given out to other people. By making that choice they made accounts more vulnerable than they needed to be. That is why I feel it is not my responsibility to assure my accounts security. A normal account name isn't something you would go around telling to other people. So no big deal keeping it to yourself. But an email address is made to be given out to people so you can talk to them. So its not the most ideal method of keeping something secure.

Hack e-mail is a whole different ballgame.

As to Sin's response, I can agree.

However, this thread wouldn't exist in the first place, if e-mails had not been used as a measure for logging into the game. Not everyone is a hard-core secure-all-their-assets type person. The use of e-mail login would be a sort of indirect exploitation of the casual non-internet savvy user.

Change e-mail to login name and this thread could disappear forever.



Note: I'm not a pro at this kind of stuff, it's my honest serfish opinion.

Thanks midnight scorpion! Sure it can be abused, yet we do not know what other disclamers, suggestions, etc., will be in the final release via manuals and popup/help windows. Until then the threat really hasn't showed a cause for concern, as nothing has been said that anyone's account has been compromised.

As far as giving out an email or what a "normal" account name is, that's entirely relative to the situation. Having one free email somewhere for GuildWars is still having it to communicate with someone, just not everyone. And Silverthorn at no time is the security and privacy of any acount you call yours not your concern. There is no excusing yourself from responsibility for any property you call your own. Silverthorn please accept that responsiblity, I learnt it making mistakes too. We all did. How else does anyone become internet "savvy?"

Anyway, good luck with it! Understand it isn't that I am opposed to more internal account security, just not in lieu of our desire to pretend we don't have a self-imposed obligation by claiming ownership. I will make no further effort in regard to the matter.

Ok let me use an example to illustrate my point. What if your bank used your home phone number for your bank account number. Would you then find it acceptable to have to go out and get a 2nd phoneline to give out to people so you had 1 that was safe and secure for your bank account? Its not reasonable to expect people to do that.
A customer pays money to access the game. Some of that money should go to ensure that our accounts are safe without the player being forced to take extra steps on thier own to ensure its safety.
If you don't agree with me fine, but don't tell me I'm trying to shirk all responsibility because you have a different opinion on the matter.

I agree.. this is a security flaw/risk.

But we do not yet know what information will be rquired when we put in our full game key. It could be loging in will be different. I would like to see Gaile pop in and give some thought on this though. Email addresses are just too easy to get. And if you use a fake one to setup the account, and for some reason you forget your password, or lets say someone gets your email address and password through any means. How will they work out recovery, theres no way to tell if the person playing the account is the actual owner. Its not like they can cross reference you by using a credit card number since theres no paying by credit card. Kinda makes you wonder.. who has my email address...

wow nice illustration, well that means im back in it

i shouldnt have to give out personal info to play a game there i said it.

Silverthorn, you are shirking all responsiblity.

It is said and now for your example...

You are using a multi-jurisdictionally regulated busines as your example, one that, case in point to what I expressed about them balancing interests, is regulating your account not to protect you but to protect the national treasury and national economy. You may be surprised to find out but your email address and/or account in GuildWars should they be compromised, shall not effect the national economy of the United States. Obviously that would make it too easy for the terrorists huh?

What makes this so ridiculous is that the banks would use your phone number in a heartbeat if the effect of potential compromise of yours and everyone elses account would have no serious impact on the government and thus why they have a government telling them what to do and how to do it. Can you see how everyone is in it for their own interests and what you see as security is merely the balance of interests as it exists today?

You clearly are so busy wanting to off-load your responsiblity you can only stoop to demanding I don't state your obvious attempts to shirk all responsibility for what they are. Any and I mean ANY security measures to protect any information in any database, if not mandated by government, is merely a formality--done as a courtesy and actually in the interest of protecting that database holder's liability be it bank, credit card company, etc. Bank accounts have a tendency to carry liability because the deposit is your property even after it is in the bank, you legally are a creditor to the bank--they will extend you greater courtesy especially when presented with the goverment's desire they do so for other long-term potential impacts. A computer game does not carry that weight, especially one with no monthly fee and where free email addressess are available all over the internet. Most important is the computer account isn't generated by you having property to deposit, it is generated by you wanting to purchase into its use--The buyer is at the will of the seller by agreement; you have no property on deposit; the game isn't yours; no one owes you return of anything. Banks sell services in the interest of you trusting them with the deposit, that trust IS their product.

I know you would get another phone line and not even try to take on the bank if they started using your phone number because the value of their services and use of your deposit at your direction is far greater than the 50 dollars you paid for the game. Do you see at all that this idea they need more security is merely a convenience/inconvenience position on your part, an alibi to justify shirking your repsonsiblity because the value of the account is less than what you believe is the value of your trouble to get another email?

All I have been saying is your balancing of interests is to set aside the power you have and assume someone else should do it with the belief they'll watch out for you, when their interest is their own. Note again that I am not against more security, merely how you are making it necessary because of what you don't want to do. So now how is that not you shirking your responsibility? Being I did say I am not against futher security in the previous post, then the only way i could be disagreeing with you is in your shirking your responsibility.

Anyway, it appears you would rather hold what I am saying up as an argument against you. I am sorry you feel that way.

Meh Sin, i got about halfway through your post then got sick of reading. Your just posting to try and argue and I'm not gonna waste my time reading any more of your posts. I have a legitimate concern in my eyes. And its not your place to determine if its a valid concern or not. So how about you stop trying to argue and get in the way of someone trying to find an answer to thier questions. You've voiced your opinion so how about you just wait and see if someone from arenanet answers like the rest of us.