Mystic Spiral [MYST]

[Ertzi]

I just read this thread and got scared (comments are the scary part):

http://massively.joystiq.com/2012/08/29 ... -attempts/

Then I did some research and it turns out that many accounts have been hijacked already. I understand that most of the cases involve stupidity on behalf of the user of the account, but not always it seems.

Now, I know I might be paranoid with this, but I'm really worried about those "forced" hacks, so I just created a unique email address for GW2 as well as a unique, long-ass, strong password. Just to be safe.

Might be a good idea for someone else too, I dunno. I used my default email address before, which I have been using for years, and that is way too easy to get hold of. I really hope Anet gives us an authenticator soon. Better safe than sorry, especially if you plan to use credit card purchases.

This thread can be used to give any security advice for people, might be a good idea. I don't know much about that stuff myself, but any tips would be appreciated and promptly used. Let's hope I'm just fretting over nothing.

I apologize if a thread already exists on this subject.

EDIT -> ANet just released a statement, here it is in full in quotation marks (source IGN):

"We are aware that emails requesting a password change have been sent to players without their having requested them. As always we encourage our gamers to be vigilant on receiving emails related to game accounts. Anyone with concerns should not click links within these emails but can change their password via the official support site.

As with all NCsoft online services, security remains a priority. We will be rolling out an e-mail authentication service shortly, and have been working on additional security measures that we roll out in the near future."

Well, I am at least happy about the additional security measures in the near future.

[Tasha]

Thanks for posting this Ertzi. Unfortunately it nearly always follows that popular games come with gold sellers and hackers

Further info from Anet:

This is the current status of the most important issues we're tracking with Guild Wars 2 live service.

Account security - We're seeing an uptick in reports of account theft and attempted account theft. We believe hackers are using databases of email addresses and passwords stolen from other games and web sites, and pre-existing trojan horses, to search for matching Guild Wars 2 accounts which they attempt to compromise. To prevent this, we have temporarily disabled the "reset password" feature, and we're working to bring email authentication online. To protect yourself, please ensure that you use a unique password for Guild Wars 2 that you don't use for any other game, email account, forum or web account.

Email authentication - Email authentication is a feature that notifies you if someone tries to log into your account from a location you've never logged in from before. Thus, even if someone guesses your game password, he can't log in unless he also guesses your email account password. You can make email authentication even more secure by using an email provider that supports two-factor authentication, such as Google or Yahoo, and taking advantage of that. We're currently preparing email authentication and intend to deploy it in a phased rollout, starting on Thursday, August 30.

You can read the rest of the list here.

My top security tips would be those that ArenaNet have highlighted - a unique email address from a provider that has good account security and a unique password of decent length.

[noobonsteroid]

Guess I'll beef up the password a bit to add some security.
E-mail auth would be nice

[ku ku]

Arenanet have released a great little article about this, complete with a handy comic explaining good and bad passwords here: https://www.guildwars2.com/en/news/tips ... nt-secure/

[noobonsteroid]

that xkcd comic is gold, and quite correct, although I do tend to include 1 number and 1 ascii-character, just in case (and because some websites demand it).

[Ertzi]

That comic is brilliant. I happened to create pretty much what the comic suggests as my password for the very first time. Many words that make no sense. In three languages of course and containing ascii characters as well. "Force" that, you bastards.

[Ertzi]

Email authentication works again. I just visited my email service and clicked the old link that asked me to verify the email address, and this time I got a message saying "success". So if you want to add that one layer of security, but couldn't previously, like me, now is your chance.

[Faure]

Is email authentication standard on? I haven't encountered it yet, but then again, i only log on from my home. But i do want it to be turned on, so i know right away when someone got my log in info.

[noobonsteroid]

It was turned on automatically for me, I think (or I somehow already selected it before they actually added it).
When I logged in from my new place, I was asked to auth the login.

[Puppy]

Just got this email, and instantly changed my password, is there anything i can do to stop this in future, nothing has changed on my account as far i can see
"A log-in attempt from the following location is currently awaiting your authorization.

Address: 42.49.46.60
City: Lianbinxiang
Region: 11
Country: CN

This location is approximated based on information provided by your Internet Service Provider. If in doubt, deny the request and try again.
If you are certain this log-in attempt was not made by you, then someone else knows your log-in credentials and you should change your password immediately via Account Management."

[Tasha]

Changing your password isn't enough tbh. They'll now know that your email address is "good" and they've already got half of the information they need. If they can break into your email address, they can authorise those messages & get into your account. It also probably means your email is on a list from somewhere (stolen from a fansite or similar).

I suggest creating a new unique email address for GW2, switch the account to that and secure the email account. Best way of doing this is with a Google or Yahoo account, both of which have two-step verification on them, which requires anyone wanting to log in to your email address to enter a code sent to your mobile phone. Since they won't have that, they won't be able to get into your email even with the correct password.

[Ertzi]

I'm just happy that they finally added an option to delete saved credit card information from the gem shop. I bought 3 character slots at headstart, and it was horrible when I started hearing about the hacking attempts, knowing I had my credit card info up for grabs and couldn't do anything about it. Now I don't really give a crap if someone hijacks my account (well, this is of course hyperbole, I would be pissed), as they can't really do any significant damage. I'm always poor as hell in the game too because I craft my money away, so I wouldn't cry too much about losing it all. But boy, that credit card was haunting me.

[Puppy]

How do i go about changing my email address from my current one, i cant find any options on the account settings

[Timmeey]

I was wondering that myself and I think they disabled it again some time ago (not sure on that though)

[Ertzi]

ArenaNet wants you to change your password, in fact I think it will be mandatory soon. This is a good read about account security and I warmly recommend reading it if you haven't done so already.

https://www.guildwars2.com/en/news/mike ... -security/

EDIT -> Just changed ALL my important passwords into unique ones. Took over an hour, but now I feel pretty secure.