Curse

isildorbiafra · Dec 23, 2009, 12:41 AM // 00:41

Besides I bet most of these multiple accounts have been bought ingame for botted/ leeched gold; and did not contribute one iota of income to anet. Get over it. I myself feel alot safer with the new security measures in place.

tom32304 · Dec 23, 2009, 12:43 AM // 00:43

Quote:

Originally Posted by Aldric

It in no way discourages me from having multiple accounts and anyone who feels agrieved at being forced to remember an account name in order to play a game should really blame themselves rather than Anet.

The problem is that after the fact I am told I should have remembered toon names; not account names. I have a note book with all the accounts and all the PW for the accounts. If I had had any idea I would be asked to remember the toon name I would have put that in the note book.

I blame ANET for not telling me I needed to remember the toon name.

But the real problem is that this will result in a black eye for GW. Anyone with an IQ above room temp knows this is not a real security feature, even Gayle said there are other "top secret double probation" security features ANET is not telling. This is just a stumbling block for legit users and a small loss for hackers who will just switch to an easier target.

Anyone who thinks this name your toon question is real security needs to take a computer course.

Zahr Dalsk · Dec 23, 2009, 12:43 AM // 00:43

Quote:

Originally Posted by isildorbiafra

Besides I bet most of these multiple accounts have been bought ingame for botted/ leeched gold; and did not contribute one iota of income to anet.

Any account which was sold for ingame gold obviously had to have been bought from ArenaNet in the first place, or there'd be no one to sell it for ingame gold.

Quote:

Originally Posted by Lihinel

Just shows you how most people don't put any effort into character creation and how extreme makeover credits can go for the price they do and have that sort of a demand.

Ok, now I'm in full support of this security feature. Why? The idiots who couldn't bother to spell their character names correctly will have a hard time logging in, and that makes me happy. Hooray ArenaNet!

Fay Vert · Dec 23, 2009, 12:46 AM // 00:46

People with multiple accounts have been putting more money in ANet's pockets.

Lest121 · Dec 23, 2009, 12:49 AM // 00:49

I can't log and i don't have my account link to NC soft what gives.......I haven't played in 18months all i do every month is check on my account to make sure it's not hacked, the password is so strong and so random it took me a few days to memorize it.

isildorbiafra · Dec 23, 2009, 12:58 AM // 00:58

[QUOTE=Zahr Dalsk;4989348] Any account which was sold for ingame gold obviously had to have been bought from ArenaNet in the first place, or there'd be no one to sell it for ingame gold. [QUOTE]

Not true. That account was bought by someone else who for whatever reason somewhere along the line decided to sell it. Be it because they quit the game or just wanted to make some cash. The fact the account was bought for ingame gold in no way adds money to anets pocket.

JordanH · Dec 23, 2009, 12:58 AM // 00:58

This change has really annoyed me because I'm a very casual user and I've logged on for the first time in approx a year to play. I really don't have a clue what I named my character and I presume support are closed or at limited capacity over Xmas.

Personally, I would sacrifice this little bit of added security to be able to log in without having to go through this tedious process. However, I understand how for many players, this is a needed security measure - I think this could have been implemented wayyyy better so that casual players don't lose out.

Chances are I'll probably miss all the Wintersday events unless their support team is a little more responsive...

Zahr Dalsk · Dec 23, 2009, 01:10 AM // 01:10

Quote:

Originally Posted by isildorbiafra

The fact the account was bought for ingame gold in no way adds money to anets pocket.

The ingame transaction itself, no. But the original acquisition of the account DID give ArenaNet money.

Lest121 · Dec 23, 2009, 01:14 AM // 01:14

Can log.........everything is there.......i may not play anymore while i wait for GW2 but i have accomplish a lot.

isildorbiafra · Dec 23, 2009, 01:18 AM // 01:18

Quote:

Originally Posted by Zahr Dalsk

The ingame transaction itself, no. But the original acquisition of the account DID give ArenaNet money.

Your right; but let me put it this way. If you go out and buy 10 used cars. Does that put money in the pocket of the car companys that build them? No; only the dealer makes money. The company gets zilch out of it. And the fact that you perchased those 10 cars on a later date in no way whatsoever influenced the original owners dicision to buy those cars in the first place.

HawkofStorms · Dec 23, 2009, 01:27 AM // 01:27

Quote:

Originally Posted by Esprit

I like how people somehow think that it's Anet's fault that they can't remember their own character names.

Agreed. You and Ark are right on the money on this.

This isn't a big deal. This is MUCH less controversial of a decision (hey, more security = good) then the introduction of microtransactions. Yet for some reason, people support that and are angry at this. Boggles the mind. People who are whining are just whining for the sake of whining.

Lucci_Slevin · Dec 23, 2009, 01:37 AM // 01:37

I originally posted this in its own thread but it was deleted because there are too many threads about this issue. I have been given permission to post this here.

I think I know the reason for this change.

There are theories of the hacks having been caused by trojans/keyloggers,brute forcing of the log-in or hacking of the NCsoft master account.

But I have been following the feedback from Anet over the past couple of months and I do not think any of those are the case. I know there is a sticky at the top but not everything is there.

I thought I would post the most important statements here in one thread so that people who may not have read them can see the how things transpired. And also to have this thread open for discussion.

Dates are at the end of the quotes(chronological order). A short blurb describes each quote.

On retrieving lost items.

Quote:

Sometimes -- very rarely -- we have a clear-cut path that enables us to return items. When we can, we do. Many people who read this page can attest to that, for I've talked to some of them personally and have returned the items they lost. But for most cases, it's simply not possible. Not because we don't care. Not because we don't try. But simply because we cannot do it in a fair and equitable way. -- Gaile 01:05, 3 November 2009 (UTC)

On brute forcing GW client

Quote:

There is a different kind of brute force prevention system in place. Instead of those irritating "You ran out of tries, please wait a lifetime to try again"

systems, the Guild Wars password system is set to take longer and longer to become available. It was explained to me a couple of years ago that this system does effectively the same thing: it prevents an automatic brute force program from working. The team felt this was more user friendly. However, I will pass along your concern and your suggestion to the team members I am writing this afternoon. -- Gaile 01:32, 3 November 2009 (UTC)

On brute forcing NCsoft site

Quote:

Update: I have been exchanging emails with a number of team members in two different states. One concern I took to the team was about not having "time outs" or other means of preventing brute forcing of passwords on the NCsoft site. Here is part of the answer that I received: "The account management secure site does indeed have velocity checks in place to prevent the brute forcing of master accounts. If too many attempts are made within a given period of time, the user will be temporarily blocked from making any further efforts to login. In addition, there are velocity checks on the action of attempting to change the passwords themselves." -- Gaile 20:10, 4 November 2009 (UTC)

Log-in info taken from a website.

Quote:

Fansite Security Breach

We learned today that one of the trading sites associated with Guild Wars may have experienced a security breach and its account database (including user names and passwords) may be in the hands of hackers. So far we have identified more than 20 Guild Wars account that appear to have been accessed by unauthorized individuals who may have been involved in the fansite's database breach.

Our security recommendations have never been more timely, particularly those that suggest that you always use a unique password for every single account that you own.

We have closed the game accounts of those involved in the account thefts. We will be watchful for further episodes. And we will be contacting the fansite owner to continue gathering information related to this incident. -- Gaile 21:48, 9 November 2009 (UTC)

On revealing which website that was.

Quote:

Hi KJ. I knew that question would arise. I've talked to the Community Team and at this point, they would rather we not mention a site name because we have not had a chance to interface with the site, or to gather all the info we need to confirm the matter with 100% certainty. Perhaps the site's name will be mentioned once we have more details, but at this point, anyone using the same password on any site -- fansite, forum site, trading site, social networking site, email site, whatever -- should change passwords so that each one is different. It shouldn't take a breach for all of us Internet users to keep security in the forefront of our minds, but this thread may alert a few more people to this very real issue and may help a few more folks increase their security. -- Gaile 22:05, 9 November 2009 (UTC)

Anet does more research. Note the part about vulnerable forum software.

Quote:

Hacked Accounts: Research Continues

We've seen comments on this page, on the Guild Wars Wiki in general, and on fan forums that show a rising concern about account thefts. And it's true that the number of hacked accounts has risen somewhat over, say, a year or two ago, even while it's not a major crisis. Security is of paramount importance to us, as we know it is to you. I wanted to give an update on what we've done and what we've learned so far:

* ArenaNet and NCsoft have taken a hard look at both game and network security, and no breaches have been discovered. We've worked independently and collaboratively to research the matter and will continue those efforts into the future.
* We've contacted fansites and let them know of certain database breaches that have taken place on fan forums and trading sites. Certain popular forum programs have security updates several times a year because they are targets for hackers, and as a result they experience security breaches from time to time.
* We've been in continued contact with a fansite that did experience a relatively-minor database breach. The site owner has made visitors aware of the problem and has taken steps to beef up security.
* We've interviewed a few hundred victims of account thefts about security matters, including their participation in external sites, their use of third-party programs including chat software and social media, how they use ArenaNet and NCsoft resources, and more than 30 others points of data.
* Tonight or tomorrow, I will be emailing a small number of players to interview them about a few questions related to security issues. These aren’t hacking victims, this time, but we feel the info they can give us will be invaluable in continuing our analysis of the whole issue. If you get an email that seems to come from me, it probably does. But feel free to ping me via this wiki email address to verify, if you wish to do so. And remember, I will not ask for your account credentials or other confidential information, nor will anyone else from ArenaNet or NCsoft. -- Gaile 04:04, 21 November 2009 (UTC)

Confirmation on the the breach.

Quote:

Update: 2 December 2009

We did confirm that one fansite had a security breach. The website owner has been very open and forthcoming about the issue. The webmaster posted on the site to let site visitors know about the situation and to urge site members to update their credentials in order to eliminate matching credentials on the site and on any game account.

We appreciate the fansite staff’s cooperation and believe that the enhanced security that the webmaster suggested will help prevent further breaches related to that site’s issue.

As mentioned previously, all fansites for which we have current contact information have been contacted by the Community Team to heighten their awareness of security concerns. -- Gaile 00:52, 3 December 2009 (UTC)

Research on possible Ncsoft site hacks.

Quote:

Update: 15 December 2009

I've noticed a number of comments about NCsoft Master Accounts and hacked game accounts. It appears that some players are assuming that there is a connection, that if you have an NCsoft Master Account (NCMA) you may be at increased risk of account theft. We have conducted extensive research on this factor, and I have data as current as this morning that shows that this does not appear to be true. Of a cross-sampling of accounts, nearly half did not have an NCMA at all. I hope that this information puts your mind at ease on any perceived "risk factor" regarding whether a game account is tied to an NCMA or not, for that truly does not seem to be an element in the current situation.

Today, as many have already noted, we changed the in-game account security messaging to make it more noticeable. (Feedback given in an existing thread will be relayed to the Live Team.) More information on the subject of account security will be coming soon. -- Gaile 21:34, 15 December 2009 (UTC)

The purpose of the recent update.

Quote:

TahiriVeila: Please read the text in red located on the right side of the login screen. That message says that hackers are trying to login to Guild Wars accounts using passwords stolen from other games and web sites. In other words, in this case, the hackers do not have character information. They have existing lists of passwords and emails that they are just trying in Guild Wars to see if they work. They aren't only using this in GW, but also other games. No account theft prevention measure is perfect, however this update will make accounts more secure in instances like this, where hackers have emails and passwords that they've harvested en masse, that they're trying to use in a lot of games, including Guild Wars. --Regina Buenaobra Image:User_Regina_Buenaobra_sig.png 20:06, 22 December 2009 (UTC)

I just wanted to show that Anet was on the case from the beginning, though they mostly posted on the wiki and not here. And that the more complex theories of the hackers methods were probably not the case. Most of the hacks were probably due to the database breach in the second quote.

I am aware that this thread has the potential to become a a witch hunt of GWG and GWO admins. Please be respectful. I would like for this thread to remain open so that people may read it and comment.

To Chicken To Die · Dec 23, 2009, 01:47 AM // 01:47

So what if I get drunk again and delete all my chars and close guildwars? I mean no chars is no charname?

Still this is unexpected and strange in the same way. People using the same passwords and fansites and forums are simply dumb. They are warned and if they still do... well that will teach them. I see the vision of people saying this helps. It has a benefit even tho getting 1 char name isn't that hard. I mean use the same nickname as the fansite and like 99% BINGO.

I would like to see this being an optional function. Choose not to use it and get hacked your problem.

Alesa · Dec 23, 2009, 01:49 AM // 01:49

Quote:

Originally Posted by Lucci_Slevin

wall of text

You say you've been following it and yet miss some of the key points that the players made. That NCSoft security is lax. That ArenaNet has let it go on far too long. That no one at this point even believes it was a fansite breech considering the wide variety of accounts that were hacked. That some people signed up on the forums to report being hacked. That people who reset their passwords were hacked within a matter of a few minutes... and a billion other points that anyone following along would have caught on to. But congratulations I guess on being able to quote ArenaNet and their great strides to blame the users.

On that note, I think this was a pretty clever thing that Anet did. I don't think it's escaped most users notice though that this was all on Anet's side and that NCSoft might still be vulnerable.

Martin Alvito · Dec 23, 2009, 01:57 AM // 01:57

Quote:

Originally Posted by Lucci_Slevin

I just wanted to show that Anet was on the case from the beginning, though they mostly posted on the wiki and not here. And that the more complex theories of the hackers methods were probably not the case. Most of the hacks were probably due to the database breach in the second quote.

Why are you believing the garbage that you are being fed?

This website had character names available as of a month ago. I'll bet that most users registered on both GWO and Guru used the same account names. If GWO was breached, the hackers had character names for a lot of accounts. This update does nothing to solve that problem.

However, the update does do quite a lot to deal with the NCSoft problem. Even if you crack an NCSoft Master Account and change the GW password, you can't gain unauthorized access to the account. So now there's no point in cracking the NCMA.

This is nothing more than a clever PR move. The hacks will stop and ANet can claim that their story is true, regardless of whether or not it is. But the official story just doesn't fit the facts. It may fit the facts of how some accounts were getting stolen without involving the NCMA. But it does not fit the facts for a lot of the observed hacks.

Lucci_Slevin · Dec 23, 2009, 02:03 AM // 02:03

Quote:

Originally Posted by Alesa

You say you've been following it and yet miss some of the key points that the players made. That NCSoft security is lax. That ArenaNet has let it go on far too long. That no one at this point even believes it was a fansite breech considering the wide variety of accounts that were hacked. That some people signed up on the forums to report being hacked. That people who reset their passwords were hacked within a matter of a few minutes... and a billion other points that anyone following along would have caught on to. But congratulations I guess on being able to quote ArenaNet and their great strides to blame the users.

On that note, I think this was a pretty clever thing that Anet did. I don't think it's escaped most users notice though that this was all on Anet's side and that NCSoft might still be vulnerable.

I know it is long but I wanted to show that they have have been responding and to show that this update has been in the works.

As for the other stuff you posted, there are a million different stories on the internet. Not to discount any of them, but it is something to keep in mind.

I just think the discussion is important.

Edit- Perhaps a user made compendium of the various stories would be useful in getting to the bottom of the situation?

Deviant Angel · Dec 23, 2009, 02:05 AM // 02:05

Quote:

Originally Posted by AngelWJedi

I find it sad you look down on people who dont remember ever single name. i am luck i remembered my main toons name. otherwise i wouldnt have been able to get back on. my 7 other girls where named in another language because i like to role play them pretending that they came from a certian county. thus some if not all are hard to spell. plus add in the fact didnt take in that some people have dyslexia. gg anet! one of my guildies has that. and it took her like 5-10 minutes to sign in.

I'm not trying to be insensitive, but may I ask how long it took your friend to sign in before yesterday? Some people refuse to make strong passwords for whatever reason, but I would hope that her password is more complex than any character name on her account. If her dyslexia is as bad as you're making it seem, chances are good that it was taking her 5-10 minutes to sign in anyway. Shall we whine about the fact that an email and password is required as well?

Unless she's also blind, I don't understand why the "remember account name and security question" option was ignored. Putting your login information into the shortcut is also an option. It shouldn't take her, or anybody, 5-10 minutes to sign in after using one of those.

As for everyone forgetting their character names... wth? I remember what I named characters in games that I played less than an hour. I guess it's easy for me since I don't consider Afdsgfsd Jdasfkdsf a name.

I swear that some of you live to complain.

I think this update was a step in the right direction. Having to type in a character name when I change accounts is a very minor inconvenience.

tom32304 · Dec 23, 2009, 02:14 AM // 02:14

And all of this thread so far still does not address my points.

GW sales are falling, the game is not stocked in many big stores, prices at the online store are sky high, NIB stuff is super cheap on ebay.

To make matters worse ANET now has some kinda name your toon security system and if you forgot the name of your toon you are stuck dealing with a slow to respond support system; oh yea all of this comes down when traffic is highest on the GW servers.

I am not so sure this will result in more revenue for ANET.

Curo · Dec 23, 2009, 02:14 AM // 02:14

I'm surprised to see so many people that actually don't know the names of their characters. You think that if you had enough time/money/items to buy other accounts and fill them up with mule stuff, you'd at least have names you can remember. I notice many users on GWG that leave little notes in their sell threads to remind themselves of which items are on which characters.

Sorry I guess I just can't understand having so many accounts that you don't even pay attention to the character names. Life must be good. I don't even have NF, and you people are complaining about having too many accounts. I don't think I've ever used this before on these forums, but now is a good time:

QQ

And good job ANet, we are glad to see some kind of step towards better security measures. It means that we here are not going unnoticed.

AngelWJedi · Dec 23, 2009, 02:21 AM // 02:21

Quote:

Originally Posted by Deviant Angel

I'm not trying to be insensitive, but may I ask how long it took your friend to sign in before yesterday? Some people refuse to make strong passwords for whatever reason, but I would hope that her password is more complex than any character name on her account. If her dyslexia is as bad as you're making it seem, chances are good that it was taking her 5-10 minutes to sign in anyway. Shall we whine about the fact that an email and password is required as well?

Unless she's also blind, I don't understand why the "remember account name and security question" option was ignored. Putting your login information into the shortcut is also an option. It shouldn't take her, or anybody, 5-10 minutes to sign in after using one of those.

As for everyone forgetting their character names... wth? I remember what I named characters in games that I played less than an hour. I guess it's easy for me since I don't consider Afdsgfsd Jdasfkdsf a name.

I swear that some of you live to complain.

I think this update was a step in the right direction. Having to type in a character name when I change accounts is a very minor inconvenience.

And i swear some people like to look down on those who state their opion. dont like it dont respond to it. <3 and here's a though. wont us posting our name in buy/sell/pc section hurt us now we need to use it when we sign it?

and please reread my post. unlike others who name their chair billy bob or sue smith i like to create cute and unquie names.