Curse

Anakita Snakecharm · Dec 11, 2009, 02:13 AM // 02:13

From the poll, I voted for a No Delete option on characters/items.

However, there are also three additions I'd like to see:

*Require me to confirm through my e-mail account via clicking a secure link before allowing my password to be changed, rather than notifying me after the fact when it's already too late. This doesn't prevent hacking, but means that two separate accounts would need to be hacked to proceed, adding one more layer of protection.

*Require me to provide my old password before allowing my password to be changed unless I initiated the process with a lost password request. Even if I initiated it, I want it going through my e-mail rather than just my game account.

*Locking out the account for a designated length of time (perhaps 12-24 hours) after a specified number (perhaps around 5) of failed password attempts. This makes brute forcing a password a lot harder and a lot less worth the effort.

All this seems pretty basic to me, but I'd feel a lot safer if it was implemented.

sickle of carnage · Dec 11, 2009, 02:34 AM // 02:34

Quote:

Originally Posted by Hissy

Except the ones you're wearing!

Better then nothing at the cost of nearly nothing sounds worth it to me.

sirsterm · Dec 11, 2009, 02:35 AM // 02:35

I said this before with my account got hacked post but to be positive and not so negative like I was in the past I will say it again.

How about blocking all big items from being sold to NPCs. Does anyone really sell 7 black dyes to the Dye Trader? or sell stacks of Ectos to the merchant? If that action could be stopped then the next part would catch the rest.

Next 3 day grace period on big items! Any trade that is worth more then 100k would have a 3 days for the final trade to go threw. The items are locked in trade so nothing can be changed except for a cancel. If its a legit trade then the trade will go threw on the 3rd day.

I wouldn't mind waiting 3 days to get what ever I wanted, knowing that it would be mine in 3 days and the cost wouldn't go up cause its all locked in.

That would save a lot of accounts, seams like most of us find out that we been hacked within 2 days of event.

The only draw back would be the time it takes to give back our account control.

Shayne Hawke · Dec 11, 2009, 02:38 AM // 02:38

Quote:

Originally Posted by JR

Static IP/MAC/HW checking

No problems here, as long as we are able to select or create significant and difficult enough security questions.

Quote:

Strong password policy

I would like to choose how I build my own password, thanks very much. I firmly believe that passwords shouldn't even have any requirements on them such as character number, which characters to use where, words not to use, etc.

Quote:

SecurID authentication option

I have never heard anything bad about this idea, ever. Thus, I have no complaints against it.

Quote:

"NO DELETE/SALVAGE/TRADE" option on characters/items

I like the idea, but I'd rather they work on ways of stopping them from getting into the account altogether.

Quote:

Additional authentication for Xunlai storage access

Randomized point and click gui for password input

The first idea is ultimately inferior to the second here, and I fully support the second.

Quote:

Compromised account restorations

Restoration of at least items that were deleted through the trash been should be recoverable. Asking that ANet get better at retracing and redoing every single transaction that a hacker makes is just as futile as simply asking them to do their job better.

Quote:

No solution required

I understand that you included this option, just to be fair, but with the recent issues at hand, I doubt there's anyone in the game who would be bothered by extra security being put in place.

The only reason, I think, to choose this option is because you don't believe the problem really lies with ANet. For example, maybe the security needs tightened around NCsoft instead, as Martin seems to be stressing as of late.

Tullzinski · Dec 11, 2009, 02:39 AM // 02:39

Until something is figured out. NCsoft Master Hub password reset should be disabled in the interim. I would be interested in how many times the Master hub website would be is being hit by chinese IPs per day.

With a nod to Theocrat and the Blizzard Authenticator I would pay $6.50(or more) per Authenticator for my accounts.

Mireles · Dec 11, 2009, 02:44 AM // 02:44

Yes Arena Net lack of security is a big issue.... That being said... a minority of the community is also partly to blame... the reason the Chinese are so determined to steel your account is because real money can be made selling game currency and goods to others...

Along with increased security I propose the consequences to real world money transactions be raised to a permanent ban.

If nobody is paying real world money there is no incentive to steel accounts.

Dzjudz · Dec 11, 2009, 02:59 AM // 02:59

Other s/w solution:

- Being able to sever accounts from ncsoft master account; and/or
- Better password protection over there.

Broseiden · Dec 11, 2009, 03:16 AM // 03:16

Quote:

Originally Posted by Martin Alvito

On the "other" vote - There isn't much that's reasonable to ask or cost-effective regarding the game client itself. It compares well with its peers. Highly aggressive measures such as IP checking and SecurID authentication would be preferable. But I doubt that ANet would provide such costly measures for free, and I'm not convinced that we should expect such.

The NCSoft master accounts, however, have glaring security vulnerabilities. The following would make these accounts harder to defeat using automation and would protect us even in the event of unauthorized access:

- Let me delink my GW account from the PlayNC account (best)
- Force me to provide something additional to change my game passwords (existing PW, code from an e-mail sent to the login e-mail address, etc.)
- Do not EVER display the linked e-mail address that is my username
- Make the "change password" protections for NCSoft accounts themselves more secure
- Make it impossible to generate a valid list of actual NCSoft accounts via brute force
- Make it more difficult to brute force passwords (NO protections exist at present).

Everything after the first item is a garden-variety security measure that I fully expect to observe in any authentication system today. Do online retailer accounts display complete credit card information when it is saved? No. So why should unauthorized access to my PlayNC account give someone the ability to have all of my game login information?

If those things can't happen for whatever reason and ANet has to go it alone, then I'd support hardware verification, IP checking or SecurID even at a (one-time) cost to the user.

I'm not really crazy about the opinions in the polls, but I like Martin's ideas. I've followed you around in these recent topics about hacking and insecure accounts and really appreciate your well-thought posts.

I would hope for this issue to be addressed or cleared up by Anet or NCSoft. I ended up changing my email, password, and security questions and check my email every chance I get to make sure some greedy Chinese bot doesn't get grabby with my account.

Nerel · Dec 11, 2009, 03:24 AM // 03:24

Quote:

Originally Posted by JR

Static IP/MAC/HW checking

A static IP isn't available to every Guild Wars player around the world, indeed many are stuck with dynamic IPs and have no choice in the matter, this is also cumbersome for people who play from multiple locations (work, on the road, gaming at a buddies house and net cafes)

Hardware checking and to a lesser degree MAC verification are great if you only play on one system, and rarely make substantial changes to the system. People who game on Dells might like this option, Geeks will revile it.

The whole downloadable game client thing was meant to allow us to download and play Guild Wars from anywhere... and i seem to recall it was once popular in the Korean Net Cafe scene... IP/MAC/HW checking is an inconvenience in these cases.

Quote:

Originally Posted by JR

Strong password policy

Policy is never enough to save people from their own stupidity, Anet has been warning us on the log in screen about the needs for account security and strong passwords... that is enough, and as you mentioned, still vulnerable to key loggers, data intercepts (man in the middle attacks) and the like.

Quote:

Originally Posted by JR

SecurID authentication option

Not a bad idea, having to pay extra for basic account security seems a little odd though, and still vulnerable to man in the middle data intercepts even assuming they do manage to implement a SecurID system well, once the user's computer is compromised (no more difficult than it would be to get a key logger on there) this offers NO PROTECTION.

Quote:

Originally Posted by JR

"NO DELETE/SALVAGE/TRADE" option on characters/items

Instead of making the lock on characters/items something that can be toggled on and off (ie BYPASSED) make it time limited... lock a character for a day/week/month and it stays locked for that period, and there is nothing you can do to unlock it short of contacting support in the case of malicious locks.

etc.

Anakita Snakecharm · Dec 11, 2009, 03:45 AM // 03:45

Quote:

A static IP isn't available to every Guild Wars player around the world, indeed many are stuck with dynamic IPs and have no choice in the matter, this is also cumbersome for people who play from multiple locations (work, on the road, gaming at a buddies house and net cafes)

This. I have a dynamic IP. It would be a tremendous pain for me if the game stopped recognizing my computer every time I disconnected from the network.

That said-- forgive me if I'm ignorant about the tech, but even with the dynamic IP, my IP address doesn't seem totally random. It's within a certain range. So while it's not identical every session, it's still clearly from the same general geographic area.

Which makes me wonder about regional lockouts. What if I could set up my account to not allow a login from, say, outside of North America? If I was planning a major international trip and felt it was crucial to bring GW with me, I could always green light the region I was going to in addition-- it wouldn't have to be a permanent blackout.

I don't actually know how hard that would be, so it might be totally impractical and/or not really a big enough issue to deal with. But most of us most of the time would only be legitimately logging on from one region. I'd rather see that than something that checks exact IP.

jonnieboi05 · Dec 11, 2009, 03:45 AM // 03:45

I chose 1, 2, 5, 6, and 7. They sound very good and would be extremely beneficial to have.

Shanaeri Rynale · Dec 11, 2009, 04:05 AM // 04:05

Another poll should have been added. What priority should account security be given.
A. It's fine as it is
B. When they can get around to it
C. Drop everything

all this poll is doing is asking us how we would do anets/ncsoft job for them.
The when issue is as vital as how, if not more so.

**cosyfiep** · Dec 11, 2009, 04:24 AM // 04:24

yes to just about everything except the static IP thing----IP's can be covered up so that just wont work (and us dynamic people dont have choices).

I would pay for a fob---and it would be the last thing I would buy from them too.

Xenex Xclame · Dec 11, 2009, 05:50 AM // 05:50

My option isnt anywhere on the poll so ill state.

How about a simple confirming email sent to the email BEFORE letting anyone change the info, like every other password that you have to change.

Qaletaqa Hania · Dec 11, 2009, 06:06 AM // 06:06

What gets my vote:

1. Static IP/MAC/HW checking
3. SecurID authentication option

Other S/W solution:

- Confirmation e-mail asking you to confirm the password change before the password is actually changed for both the NCsoft master account and the game account(s) linked to that master account.

zwei2stein · Dec 11, 2009, 07:34 AM // 07:34

Quote:

Originally Posted by JR

Static IP/MAC/HW checking

Generally, MAC can be spoofed on hackers machine and easily retrieved from hackee machine, as are other hadrware signatures, but those are not as trivial.

IP address spoofing is not unheard of either, but it is a bit more problematic.

Problem is that you have to trust machine that runs it, and well, you can not trust it.

Strong password policy

[/QUOTE]

Too strong password policies usually tend to make users go into two modes:

a) reuse as much as possible

b) write credentials down.

a) is kind of problem that we faced lately, and well, it was disastrous and kind of triggered this thread.

Quote:

Originally Posted by JR

SecurID authentication option

This is fairly viable option, but do not be easily fooled by its foolproofness. Generally, this works by binding your account to machine id. Which is usually done on account mamagement web application.

This means that if someone can access that, they have shot at changing your securid binding to piece they own. Confirmation emails or support intervention can fix this, of course.

We worked on similar method: Bank acount is tied to cellphone number, if you want to make transaction, you will be sent SMS with authentication code for that transaction.

People still got hacked thou. How? Social engineering: Hacker simply called support and asked then to change cellphone tied to account (... I am desperate, i really need to pay rent now or i am evicted, etc, that kind of stuff ...). It worked.

This is still best method right after teaching users to be more responsible :-)

Quote:

Originally Posted by JR

"NO DELETE/SALVAGE/TRADE" option on characters/items

This is very much prefered, but there is issue: people flagging items/characters and then changing their mind.

If they can easily unflag, this feature would do little good, if unflagging is harder and requires, for example, support intervention, it is going to be cost prohibitive for ncsoft.

Quote:

Originally Posted by JR

Additional authentication for Xunlai storage access

This only protects part of account and not really part people are most worried about: Characters.

Quote:

Originally Posted by JR

Randomized point and click gui for password input

Bad option. Taking screenshot of onscreen keyboard layout is trivial if you expect this authentication method.

Quote:

Originally Posted by JR

Compromised account restorations

This is support nightmare and very prone to abuse.

upier · Dec 11, 2009, 07:42 AM // 07:42

Just to make this clear:
I will not be paying extra for sufficient security.

Lycan Nibbler · Dec 11, 2009, 08:26 AM // 08:26

None of the choices given. What I want to see is NCSOFT sorting out their security (pathetic for a "huge multi billion company").
Martin put it very well so I just +1 onto his suggestions.

Quote:

Originally Posted by Martin Alvito

On the "other" vote - There isn't much that's reasonable to ask or cost-effective regarding the game client itself. It compares well with its peers. Highly aggressive measures such as IP checking and SecurID authentication would be preferable. But I doubt that ANet would provide such costly measures for free, and I'm not convinced that we should expect such.

The NCSoft master accounts, however, have glaring security vulnerabilities. The following would make these accounts harder to defeat using automation and would protect us even in the event of unauthorized access:

- Let me delink my GW account from the PlayNC account (best)
- Force me to provide something additional to change my game passwords (existing PW, code from an e-mail sent to the login e-mail address, etc.)
- Do not EVER display the linked e-mail address that is my username
- Make the "change password" protections for NCSoft accounts themselves more secure
- Make it impossible to generate a valid list of actual NCSoft accounts via brute force
- Make it more difficult to brute force passwords (NO protections exist at present).

Everything after the first item is a garden-variety security measure that I fully expect to observe in any authentication system today. Do online retailer accounts display complete credit card information when it is saved? No. So why should unauthorized access to my PlayNC account give someone the ability to have all of my game login information?

If those things can't happen for whatever reason and ANet has to go it alone, then I'd support hardware verification, IP checking or SecurID even at a (one-time) cost to the user.

II Lucky Charm II · Dec 11, 2009, 08:45 AM // 08:45

you sure that these hacks were carried out by third party? I'm thinking that Anet is doing the "hack" by themselves to save the server's upkeep cost. By deleting items from an account, players are discouraged from playing the game and thus give up on playing. So what? That's less players on the server, meaning the cost to maintain the server will be lowered.

Notice, 3 years ago, the number of accounts hacked was relatively low. Why do these hacking incidents happen now, when the game is in its dying stage? Easy, the most logical answer is: Anet is carrying out these hacks.

Why do I suspect that Anet is doing this? I have 10 accounts ever since I started Guild Wars and I have only been playing on 1 account out of the 10 I bought. I do, occasionally, check on my other accounts but the time interval is somewhere around 4-5 months. From the time when Guild Wars was released to present time, I have never downloaded anything from any third parties and I don't have any viruses/malware/trojan/spyware on my computer. How can I be so sure about the state of my computer? Well, I only go through about 5 hard drives every 2 months since I reformat my computer so many times that it basically destroys my hard drives. Of course, I didn't care much about my hard drives since my family can afford new hard drives every 2 months. Anyhow, not until recently, 5/9 inactive accounts I have, were hacked. Hacked? How? I don't download anything and I reformat my computer every 2 weeks and change my password every 4 months for these accounts.

It's basically impossible to hack my Guild Wars accounts, but somehow, someone managed to hack them. I found it strange since no one else has access to my accounts, but Anet. Whatever the case is, I'm happy that I gave up on this game. I can now allocate my time to more useful things, like spending time with my friends on World of Warcraft ^.^

Solution: None needed since the game is dying. Adding additional security measures means anet has to hire better programmers and security experts, which won't happen for a dying game. Who would want to spend money on something that is going to be dead. Guild Wars 2 is good enough to attract old and new players without having to keep loyal players.

Cantos · Dec 11, 2009, 08:58 AM // 08:58

Quote:

Originally Posted by JR

Static IP/MAC/HW checking

This is used by some banks. If you try to access your account from an IP or MAC address that is foreign to that account (meaning you haven't used it before or haven't used it recently), then you are asked additional account security questions before access is allowed.

Similar to the IP/MAC address check, a hardware configuration check will compare some aspect of the hardware with which you are currently using to access the account. Additional security questions will be asked if the information is mismatched.

This is my favorite option but it would be way too hard for most people to get working. It would be nice to have a drop down list in my account settings that would say

Only allow logins to my account from: [COUNTRY]

This would be idiot-proof (you dont even have to know what an IP is, let alone whether you have a static or dynamic one), and reasonably robust.