Curse

pumpkin pie · Dec 23, 2009, 02:13 PM // 14:13

after thinking for sometime, I am thinking how is this security procedure any different or how would it make the account more secure.

for instant
Key logger , does it not also key log what you type in the character's name field?

in worse case scenario, if someone's computer were hacked, how is adding another thing to key in during login any different from what we have before?

edited.

Anduin · Dec 23, 2009, 04:00 PM // 16:00

Quote:

Originally Posted by Hyperventilate

Yeah, no. I'm not joking. They told me it was a one-time leniency because of people having mule accounts that are not accessed often, and the update being so abrupt.

The hackers would still need to know my password and my e-mails for the accounts, plus the character names.

I don't feel strangely or oddly that they answered my request. The hackers would still need to know far more than just the e-mail or the character name.

At least they answered you. I am still waiting to hear from them. I can't log in, and I know my character's name.

Riot Narita · Dec 23, 2009, 04:01 PM // 16:01

Quote:

Originally Posted by pumpkin pie

after thinking for sometime, I am thinking how is this security procedure any different or how would it make the account more secure.

for instant
Key logger , does it not also key log what you type in the character's name field?

in worse case scenario, if someone's computer were hacked, how is adding another thing to key in during login any different from what we have before?

edited.

It (pretty much) stops people who broke into your NCsoft master account, where they can see your GW login ID and can change your ingame password without knowing your old one. And NCsoft master account security is weak, as shown by Chthon and Martin and others. The NCsoft master account doesn't show them your ingame character names so they'd have to do a lot of work to figure it out, and may not be possible at all for most accounts.

No, it's not going to stop keyloggers, or people who are able to remotely access/control your computer. However, that kind of security breach DOES fall into the "you were dumb, it's your own fault" category IMO. They are things we have some control over, we can do things ourselves to prevent them happening.

The NCsoft weakness was critical, because there was nothing we could do about it ourselves.

pumpkin pie · Dec 23, 2009, 04:47 PM // 16:47

Quote:

Originally Posted by Riot Narita

It (pretty much) stops people who broke into your NCsoft master account, where they can see your GW login ID and can change your ingame password without knowing your old one. And NCsoft master account security is weak, as shown by Chthon and Martin and others. The NCsoft master account doesn't show them your ingame character names so they'd have to do a lot of work to figure it out, and may not be possible at all for most accounts.

No, it's not going to stop keyloggers, or people who are able to remotely access/control your computer. However, that kind of security breach DOES fall into the "you were dumb, it's your own fault" category IMO. They are things we have some control over, we can do things ourselves to prevent them happening.

The NCsoft weakness was critical, because there was nothing we could do about it ourselves.

so in another word, ArenaNet is admitting that linking account to NCSoft master account is the cause?

i change my mind, not buying the costume pack

Miscreant_Moon · Dec 23, 2009, 05:11 PM // 17:11

You know, I am quite amazed at how many people have bought into the ArenaNet PR. I see time and time again now mentions of how this security feature was implemented because of "fansite hackings". When it's been quite thoroughly blown out of the water that a simple fansite hacking couldn't have yielded these type of results for accounts who were hacked into them. Even reading through the wiki I continue to see mention of this and I feel like standing up and giving the PR machine at ArenaNet a round of applause for so thoroughly deflecting, accusing, pointing fingers, and fumbling around in the dark as they have been while grasping at straws and just randomly accusing everyone and everything but the one single thing we ALL had in common. That we play this game.

I'm hoping this is a lesson for them and their future games that while yes, a lot of us can be dumb with our account security, the players aren't so stupid as to miss obvious and blatant security flaws with the game they play either. Or that we'll just blindly believe whatever copy and paste their lawyers and marketing people will throw out there. All while they bat their innocent eyes and hide under the cover of their company that they know the majority of players will just naively assume must have a shred of knowledge about what they're doing.

I'm hoping in the next few weeks we'll see a job posting at ArenaNet for someone who can manage and deal with security, rather then the anet team just stumbling around in the dark, googling for possible answers, and throwing together code for solutions they can patch on to their broken system.

Tullzinski · Dec 23, 2009, 06:11 PM // 18:11

Quote:

Originally Posted by pumpkin pie

so in another word, ArenaNet is admitting that linking account to NCSoft master account is the cause?

i change my mind, not buying the costume pack

This is what Gaile posted yesterday:

As you will have noted if you were playing within the last hour, we have instituted a new security measure for your account. And personally, I'm pretty darn happy about this! When you log into the game, you will be ask to supply the name of one of the characters on your account. "Why?" you may ask. Well, because nearly all of the accounts that have been stolen in recent months have been stolen by RMT (Real-Money Traders) who are getting access through external sources. And those RMTs will be very unlikely to know the names of characters on your account! Simple, eh? You give a name -- and remember to spell it exactly correctly, and to use proper capitalization -- and you will get access. If you have trouble or forget the names, support will be happy to assist you, of course.

Please head to the FAQ for more info. And if you have feedback, you're welcome to share it here. -- Gaile 03:01, 22 December 2009 (UTC)

They are still stating that it is external sources being used to get access. Once the RMTs got into the NCsoft account they would have a party since they could change passwords to all games that were linked. Now with the additional character name requirement the RMTs are screwed unless they also have your character names. It does them no good to concentrate on the NCsoft site to access Guild Wars.

Aion may be a different story. I was going through those forums the other day and the main concern for them has been the RMTs stealing accounts and botting with them. There have been massive amounts of bans going on over there.

Quote:

Originally Posted by Miscreant_Moon

Even reading through the wiki I continue to see mention of this and I feel like standing up and giving the PR machine at ArenaNet a round of applause for so thoroughly deflecting, accusing, pointing fingers, and fumbling around in the dark as they have been while grasping at straws and just randomly accusing everyone and everything but the one single thing we ALL had in common. That we play this game.

I think while you were "reading through the wiki" you missed the above comments from Gaile. The fact is that the RMTs were responsible. (and I thought I was over the top)

Miscreant_Moon · Dec 23, 2009, 06:31 PM // 18:31

Quote:

Originally Posted by Tullzinski

I think while you were "reading through the wiki" you missed the above comments from Gaile. The fact is that the RMTs were responsible. (and I thought I was over the top)

Yes, I guess if you believe the final excuse they settled on than that would be the case. I mean, screw the previous 3 months and their attempts to blame first off the players, than a trading site, than all other websites in general and THAN the RMT's.

Tullzinski · Dec 23, 2009, 07:09 PM // 19:09

Quote:

Originally Posted by Miscreant_Moon

Yes, I guess if you believe the final excuse they settled on than that would be the case. I mean, screw the previous 3 months and their attempts to blame first off the players, than a trading site, than all other websites in general and THAN the RMT's.

Everytime that there is a rash of hackings we always get blamed first.

V what he said below V

Chthon · Dec 23, 2009, 07:30 PM // 19:30

Quote:

Originally Posted by pumpkin pie

so in another word, ArenaNet is admitting that linking account to NCSoft master account is the cause?

That depends what you mean by "admitting." If you're looking for a public statement acknowledging that security flaws in the NCSoft Master Account are responsible for the increase in account thefts, it will never happen. However, actions speak louder than words, and a-net did implement a security feature aimed directly at solving the problem posed by NCSoft's crummy security.

Why can't they publicly say what everyone who's been paying attention already knows? Because NCSoft owns a-net, and NCSoft, for whatever misguided reason, has decided that the answer to this problem is stonewalling its games' communities. I'm sure that a-net implementing a fix against account theft via the NCMA, even while maintaining the official cover story, got a lot of undies in a knot over at NCSoft. Publicly stating that their parent company is to blame would be going too far.

As for their cover story,

Quote:

As you will have noted if you were playing within the last hour, we have instituted a new security measure for your account. And personally, I'm pretty darn happy about this! When you log into the game, you will be ask to supply the name of one of the characters on your account. "Why?" you may ask. Well, because nearly all of the accounts that have been stolen in recent months have been stolen by RMT (Real-Money Traders) who are getting access through external sources. And those RMTs will be very unlikely to know the names of characters on your account! Simple, eh? You give a name -- and remember to spell it exactly correctly, and to use proper capitalization -- and you will get access. If you have trouble or forget the names, support will be happy to assist you, of course.

Please head to the FAQ for more info. And if you have feedback, you're welcome to share it here. -- Gaile 03:01, 22 December 2009 (UTC)

It's a beautiful equivocation. From a-net's point of view, the NCMA counts as an "external source"...

pumpkin pie · Dec 24, 2009, 04:36 AM // 04:36

Quote:

Originally Posted by Tullzinski

This is what Gaile posted yesterday:

As you will have noted if you were playing within the last hour, we have instituted a new security measure for your account. And personally, I'm pretty darn happy about this! When you log into the game, you will be ask to supply the name of one of the characters on your account. "Why?" you may ask. Well, because nearly all of the accounts that have been stolen in recent months have been stolen by RMT (Real-Money Traders) who are getting access through external sources. And those RMTs will be very unlikely to know the names of characters on your account! Simple, eh? You give a name -- and remember to spell it exactly correctly, and to use proper capitalization -- and you will get access. If you have trouble or forget the names, support will be happy to assist you, of course.

Please head to the FAQ for more info. And if you have feedback, you're welcome to share it here. -- Gaile 03:01, 22 December 2009 (UTC)

They are still stating that it is external sources being used to get access. Once the RMTs got into the NCsoft account they would have a party since they could change passwords to all games that were linked. Now with the additional character name requirement the RMTs are screwed unless they also have your character names. It does them no good to concentrate on the NCsoft site to access Guild Wars.

Aion may be a different story. I was going through those forums the other day and the main concern for them has been the RMTs stealing accounts and botting with them. There have been massive amounts of bans going on over there.

I think while you were "reading through the wiki" you missed the above comments from Gaile. The fact is that the RMTs were responsible. (and I thought I was over the top)

this new feature still pretty stupid you know, it encourages players to buy in-game-gold, now they have a failed safe system, as for those people who would fall prey to RMT would no doubt have easily given up their in game name if these Thief were to ask for login/password/character name in the future.

scenario: What I remember reading is that RMT thief said give me your login and passwords so they can transfer the in game gold, (assuming thats correct)
now the scenario : RMT thief: give me your login, password and character name so I can transfer the in game gold

see its stupid if this feature is use to prevent RMT thief from stealing more accounts. they just use the same technic

I take half my thanks back for this security feature, remaining half thank is for trying, because it does not protect players that actually needed to be protected. instead you are trying to protect those players who violated the game rules of not engaging in RMT.

Quote:

Originally Posted by Chthon

That depends what you mean by "admitting." If you're looking for a public statement acknowledging that security flaws in the NCSoft Master Account are responsible for the increase in account thefts, it will never happen. However, actions speak louder than words, and a-net did implement a security feature aimed directly at solving the problem posed by NCSoft's crummy security.

Why can't they publicly say what everyone who's been paying attention already knows? Because NCSoft owns a-net, and NCSoft, for whatever misguided reason, has decided that the answer to this problem is stonewalling its games' communities. I'm sure that a-net implementing a fix against account theft via the NCMA, even while maintaining the official cover story, got a lot of undies in a knot over at NCSoft. Publicly stating that their parent company is to blame would be going too far.

As for their cover story,

It's a beautiful equivocation. From a-net's point of view, the NCMA counts as an "external source"...

I am pretty sure they would not admit it

cos then they have to give me back everything that was stolen.

Riot Narita · Dec 24, 2009, 12:00 PM // 12:00

Quote:

Originally Posted by pumpkin pie

this new feature still pretty stupid you know, it encourages players to buy in-game-gold

I don't understand how it encourages people to buy ingame gold? I certainly do not feel encouraged - it was a dumb idea before, and it still is?

Quote:

Originally Posted by pumpkin pie

see its stupid if this feature is use to prevent RMT thief from stealing more accounts. they just use the same technic

The feature is NOT to prevent RMT thieves stealing more accounts. It's to prevent people who eg. broke into your NCsoft master account.

There's nothing A-Net can do about players who are dumb enough to hand over their account/pw/character details to a RMT.

Axeman002 · Dec 24, 2009, 06:27 PM // 18:27

also if u browse through 'High End'...people willingly leave there ign to a seller..so this update has done 0 to help there prevention....so hopefully there guru email dosnt match there guildwars email or then they have one last hope...they dont figure out there password.

Riot Narita · Dec 24, 2009, 06:51 PM // 18:51

Quote:

Originally Posted by Axeman002

they have one last hope...they dont figure out there password.

If the thieves get in through the NCsoft master account, they don't need your password - they'll just reset it.

However it is extremely difficult for them to find out a character name for an account, even if someone posted it on the forums... there's no clue for them unless the same name was used for both the NCsoft account and the forum.

I suppose they could download the guru Members List and use that as their dictionary for a brute force attack.

So I guess:
1. Don't use any of your character names for your forum account
2. Don't use any of your character names, or your forum name, for your NCsoft master account.

Warvic · Dec 25, 2009, 04:39 AM // 04:39

wow good work, i rly like this idea. so long you keep ur names secret (not posting screens and trying to be leet) u be very safe i think.

HuntMaster Avatar · Dec 25, 2009, 05:33 AM // 05:33

About time this was implemented. Thanks.

Hyperventilate · Dec 25, 2009, 06:37 AM // 06:37

Quote:

Originally Posted by Warvic

wow good work, i rly like this idea. so long you keep ur names secret (not posting screens and trying to be leet) u be very safe i think.

How are people supposed to request in-game services via guru?

"I want a CoF Run, but I can't tell you who I am. Sorry."

... what.

enmyria · Dec 25, 2009, 07:08 AM // 07:08

Not to mention guild recruitment too.

"To find out more or to join, you may contact one of our officers, but we can't tell you their names!"

pumpkin pie · Dec 25, 2009, 07:17 AM // 07:17

that's because this is more for saving their (ncsoft) own asses they ours.

if NCSoft master accounts weren't being hack left and right you think they do anything at all.

if they had listen to me and admitted that NCSoft master accounts were being hacked, like half a year ago (timeline is a bit blurry, was right after claiming the storage pane), probably less people would have gotten their account name and password stolen.

just my two cents.

Axeman002 · Dec 25, 2009, 07:43 AM // 07:43

Quote:

Originally Posted by Hyperventilate

How are people supposed to request in-game services via guru?

"I want a CoF Run, but I can't tell you who I am. Sorry."

... what.

ever heard of a Private Message?...great thing thats implemented on a forum and guess what...its private too!

pumpkin pie · Dec 27, 2009, 02:38 PM // 14:38

This thread reminds me of something, that maybe should be looked into by ArenaNet.

NCSoft support Webpage. anyone ever send a support ticket to NCSoft Support and has key in their Character's Name will have they Character's nane and account tie together