Curse

Age · Jan 26, 2008, 09:49 PM // 21:49

/Signed .I don't care as I know someone who had their account hacked twice and had to redo all their char again.I don't want that going through all camps again.

Kanyatta · Jan 26, 2008, 09:54 PM // 21:54

Quote:

Originally Posted by Age

/Signed .I don't care as I know someone who had their account hacked twice and had to redo all their char again.I don't want that going through all camps again.

Basically, read what Gaile said, if you are smart with your info, don't do anything against the TOS or EULA, you will be fine with your account.

IMO, if you are dumb enough to get phished or download a sketchy 3rd party program, you deserve to lose your account.

Tyla · Jan 26, 2008, 09:57 PM // 21:57

Quote:

Originally Posted by Kanyatta

IMO, if you are dumb enough to get phished or download a sketchy 3rd party program, you deserve to lose your account.

Agreed, you shouldn't have ANYTHING compensate stupidity.

The only thing that concerns me - is if one of my mates turn into a total divv, or someone guesses my Accname/Pass.

ManiSan · Jan 26, 2008, 10:05 PM // 22:05

/signed

And I've another suggestion: hide the account name (email) on logging screen. If some badguy install a keylogger on my computer he would be able to do a screen capture and then have both email AND password.
So, just hide our emails, there would be a big security boost.
And plz, dont say things as "the user made a fault because his firewall/antivirus/antirootkit/antispyware/windows update/etc wasnt up to date".
We're talking about Microsoft Windows. We, gw players, arent security professionals, and cant have a hack proof system. Just impossible, security != windows in my humble opinion. Do you have ever heard about 0 day exploit ?
Plz hide the email.

Account: *******************
Password:

Thanx

Age · Jan 26, 2008, 10:19 PM // 22:19

Quote:

Originally Posted by Kanyatta

Basically, read what Gaile said, if you are smart with your info, don't do anything against the TOS or EULA, you will be fine with your account.

IMO, if you are dumb enough to get phished or download a sketchy 3rd party program, you deserve to lose your account.

Gaile got that in before I got to post anyway I always keep my account safe as my pass words are in my head not written down and I am the only one who knows my account info.There isn't sole who does.I scan my system 3 times a week with spybot and keep my fire wall on.It seems like my accounts have been safe since playing from beta.I do know someone who had their account hacked twice.He lost everything.

Gaile Gray · Jan 26, 2008, 10:27 PM // 22:27

Nobody can see your password, it's always hashed, like ***************

I don't think it's practical or necessary to hide the user name, because that's a very small part of access. Your unique and complex password is by far the greater measure of security and unlike some password protocols, the one in Guild Wars allows a good number of symbols and numbers so you can make it very unique and very complex.

Consider: Players requested we save (in the log-in screen GUI) the name of the account that was most recently accessed, so that everyone could avoid having to input that user name every time. It was a nice little addition, and I think everyone approves. However, many people have multiple accounts (I have nine) and they need to see which account they're accessing. Therefore, in my opinion, hashed user names would not be practical and, again, I don't think that would be necessary.

ManiSan · Jan 26, 2008, 10:33 PM // 22:33

The password cant be seen. It can be keylogged.
The email cant be keylogged. It can be seen, thus captured by prtscreen (near f12 on my keyboard).
Both tasks can be done easely. Far more easiest than hacking our computers... And every day thousands of computers are infected by different kind of malwares.

Plz consider my suggestion farther.

ps: for multiple account users, generic hidden names "account 1", "account 2".., could be used. Many solutions to solve this problem. Ive heard so many stories about hacked account (especially in pvp, while you must join Vent/Ts servers and give away your IP to unknown administrators). Every time somthing unusual happends on my comp I ask myself "Will my account be still there ?".
With hidden accounts, it would be much more difficult to steal an account that way.

Gaile Gray · Jan 26, 2008, 10:35 PM // 22:35

Quote:

Originally Posted by ManiSan

The password cant be seen. It can be keylogged.
The email cant be keylogged. It can be seen, thus captured by prtscreen (near f12 on my keyboard).
Both tasks can be done easely. Far more easiest than hacking our computers... And every day thousands of computers are infected by different kind of malwares.

Plz consider my suggestion farther.

You're asking us to protect you from third party programs? That is not feasible, reasonable, or possible. Each player needs to protect himself or herself from malware, including downloading or attempting to use third-party programs that may contain trojans or keyloggers.

Age · Jan 26, 2008, 10:47 PM // 22:47

Quote:

Originally Posted by ManiSan

The password cant be seen. It can be keylogged.
The email cant be keylogged. It can be seen, thus captured by prtscreen (near f12 on my keyboard).
Both tasks can be done easely. Far more easiest than hacking our computers... And every day thousands of computers are infected by different kind of malwares.

Plz consider my suggestion farther.

ps: for multiple account users, generic hidden names "account 1", "account 2".., could be used. Many solutions to solve this problem. Ive heard so many stories about hacked account (especially in pvp, while you must join Vent/Ts servers and give away your IP to unknown administrators). Every time somthing unusual happends on my comp I ask myself "Will my account be still there ?".
With hidden accounts, it would be much more difficult to steal an account that way.

You do not need to give out your IP to any TS or Vent server admin all you need is the addy and or password to access the server.I wouldn't give out my IP to any one on the net especially in a game.

ManiSan · Jan 26, 2008, 11:16 PM // 23:16

"all you need is the addy and or password to access the server"

When i launch my Ts server i can use Etheral to know other players IP... Every admin can read the log files, thats common sense..

@Gaile: no, I, and most of us, dont use third party programs. Im talking about worms, like Blaster. It infected millions up-to-date computer by exploiting an OS vulnerability, in a few hours. Other worms still exists, and smart hijackers wouldnt send them "nowhere", but only to interesting targets (computer no owned by Symantec, with a GW player speaking on a Vent server...). Thats what I would do if I had a unknown worm and wanted to make money with... and keep it still unknown.
By the way, you arent bored to type and retype an email address each time you log another account ? A menu like the district choice wouldnt fit better ? Im sure you would love that update

Age · Jan 26, 2008, 11:42 PM // 23:42

Quote:

"all you need is the addy and or password to access the server"

When i launch my Ts server i can use Etheral to know other players IP... Every admin can read the log files, thats common sense..

That is only the admin but it can't do anything about hacking into a computer and i can see everyones IP on the board I Administrate and can trace it to their ISP.That is as far as it goes and the same applies to you.You can't trace it though I believe and ISP have safety protocols put in place.

Kendar Muert · Jan 27, 2008, 12:20 AM // 00:20

Quote:

Originally Posted by Mangione

About attention, I hope this will gain some, but:
does Anet ever looks in Sardelac, home of the wackiest ideas?

There is an old "we want more catacombs" thread, and Anet took some of those ideas directly from the thread and put them in EoTN. So yes, they do. posted above this- that should be plenty of evidence :P

/signed x3

Biostem · Jan 27, 2008, 12:22 AM // 00:22

I can't understand why people are trying to place responsibility for their own computer's security on ANet's shoulders. If your computer has a virus/worm/trojan, whatever, and it gets a hold of your logon info, it's the user's fault for not having appropriate security in place. If there's a vulnerability in Windows, then you should be complaining to MS and/or making sure to have all the updates.

The *only* suggestion I could make would be to have the game use a virtual keyboard, on-screen, to enter the pw with, thereby eliminating the ability of a keylogger to to grab it. I've seen some bank websites use this, and it seems to help. Either way, if someone can get into your account, regardless of whether they can delete your characters or not, they can still sell your items and transfer the gold...

Lawliet Kira · Jan 27, 2008, 12:23 AM // 00:23

Id love this, i would kill myself if anything happened to my ele

nbajammer · Jan 27, 2008, 12:37 AM // 00:37

Another thing people fail to realize is that if you don't use the remember my e-mail, you have to type it in every time and then it is in fact vulnerable to keyloggers.

Sadly, I'm with Gaile - take the necessary precautions to protect your account and nothing will happen.

/notsigned

Jamison0071 · Jan 27, 2008, 01:40 AM // 01:40

/signed

This feature would be very much appreciated, even if purely for peace of mind.

mmmkay i am bad · Jan 27, 2008, 02:14 AM // 02:14

/signed this would prevent my friend from deleting my chars to make pvp chars. =.=

Reason · Jan 27, 2008, 02:24 AM // 02:24

This would be a cool add on and I am sure people would use it since it is better to be safe then sorry. You could always just not share your account info or use and 3rd party programs.

Splitisoda · Jan 27, 2008, 02:25 AM // 02:25

im 50/50 on this.

It would be good since then I won't go back on my word. (My brain is normally on its dark side)

But if a person hacked ur account and just locked all ur chars ,then what would you really do?

pamelf · Jan 27, 2008, 02:27 AM // 02:27

/signed. bla bla bla 12 chars etc.