Account Security Concerns - Guild Wars Forums

Silverthorn · Apr 11, 2005, 04:07 AM // 04:07

I know its been brought up before but I wanted to bring it up again hoping someone from arenanet answers. Since the game uses email accounts as your account name is there any kind of added security to back up the password? Email addresses are easy to find out unless someone has a special email address they created just for the game and don't give it out. And I don't think its right to ask people paying for a game to have to establish thier own accounts security. And once you have the account name someone with enough patience and time on thier hands(or a script to do it for them) can figure out a password. So there needs to be some kind of added security such as a "secret word" or some other idea to determine true ownership. So anything you can tell us to assure us our accounts will be safe is appreciated.

William of Orange · Apr 11, 2005, 04:13 AM // 04:13

Unless I'm mistaken, it's not possible to see other players e-mail addresses in-game, right? I'm no hacker, but the only way that I would see people being able to access your account would be if they were able to determine your IP address, go around any firewalls on your computer, and access any of the vital information on your computer, or monitor what keystrokes you're making (I'm fairly sure that's possible?). Besides that, I would like to think at least that the security should be pretty good for the game, as long as you don't give out your e-mail address, or any other pertinent account information for some odd reason.

But hopefully Gaile can give you an official answer. Most likely I'll just end up having to put my foot in my mouth like normal

Silverthorn · Apr 11, 2005, 04:17 AM // 04:17

Yeah they can't find your email address unless you give it to someone really but email addresses are exchanged fairly freely. And in my opinion a paying customer shouldn't have to refrain from giving out thier email address to friends in game for fear of thier account security. There have been plenty of people in other games that have had accounts stolen from people they thought to be friends.

Kha · Apr 11, 2005, 04:19 AM // 04:19

Quote:

Originally Posted by Silverthorn

Yeah they can't find your email address unless you give it to someone really but email addresses are exchanged fairly freely. And in my opinion a paying customer shouldn't have to refrain from giving out thier email address to friends in game for fear of thier account security. There have been plenty of people in other games that have had accounts stolen from people they thought to be friends.

Wouldn't giving out your e-mail mean you only have yourself to blame? Just keep in touch through forums, ie, this place

Midnight Scorpion · Apr 11, 2005, 04:20 AM // 04:20

Not in game not without much difficulty.

However, all someone would have to do is try to send you an MSN message here on these forums and bam there is your e-mail address, try it!

I myself find it very inconvenient to give out and maintain different e-mail addresses and prefer to use the same e-mail address for all games, all accounts everywhere (unless I change my name o_O).

Giving out your e-mail address really shouldnt be something that could compromise your account security (in an ideal world).

William of Orange · Apr 11, 2005, 04:21 AM // 04:21

Quote:

Originally Posted by Silverthorn

There have been plenty of people in other games that have had accounts stolen from people they thought to be friends.

One reason that I'll never willingly give out my e-mail address, unless I have meet the person multiple times in real life and have known them for a good three or four months, and even then, I'd still be cautious about handing it out. I'm not willing to take the risk of having my account tampered with by anybody besides myself. As long as people are smart about it, there shouldn't be any problems.

Midnight Scorpion: That's why my MSN Messenger account and e-mail account listed on this site does not belong to the e-mail account that my Guild Wars account is linked to

Silverthorn · Apr 11, 2005, 04:23 AM // 04:23

Quote:

Originally Posted by Kha

Wouldn't giving out your e-mail mean you only have yourself to blame? Just keep in touch through forums, ie, this place

The point is that email addresses aren't a piece of vital information that you would normally keep secret, ie social security number or drivers liscence number. It is a means for communication and so should be free to be given out to people you want to keep in touch with. You shouldn't have to keep your email secret, that defeats the point of having an email address.

Midnight Scorpion · Apr 11, 2005, 04:24 AM // 04:24

Quote:

Originally Posted by William of Orange

One reason that I'll never willingly give out my e-mail address, unless I have meet the person multiple times in real life and have known them for a good three or four months, and even then, I'd still be cautious about handing it out. I'm not willing to take the risk of having my account tampered with by anybody besides myself. As long as people are smart about it, there shouldn't be any problems.

Midnight Scorpion: That's why my MSN Messenger account and e-mail account listed on this site does not belong to the e-mail account that my Guild Wars account is linked to

Yes I guessed that, but that goes back to the OP stating that he thought it wasnt "right to ask people paying for a game to have to establish thier own accounts security." And creating a new e-mail address solely for the purpose of playing a new game (which fits the description) would be wise, however inconvenient

William of Orange · Apr 11, 2005, 04:25 AM // 04:25

Quote:

Originally Posted by Silverthorn

The point is that email addresses aren't a piece of vital information that you would normally keep secret, ie social security number or drivers liscence number. It is a means for communication and so should be free to be given out to people you want to keep in touch with. You shouldn't have to keep your email secret, that defeats the point of having an email address.

Just for the sake of arguement, you could always have multiple e-mail address. Right now, there are three different e-mail accounts which I use; I have one through my school, one through Hotmail, then another one through Gmail, which is my primary account and the one which is tied to my account. Lucky for me I didn't follow my naming theme like I had done for my Hotmail and AIM accounts, otherwise it wouldn't be too hard to pick up what the Gmail account is

Edit: You just snuck your reply in before mine Midnight

Maybe it's just because I'm strange, but I don't really view making another accuont as an inconvenience. Yes, it does take a couple of minutes to set up, but after that initial setup time, it only takes seconds to log in and not much longer to browse through your e-mails and check out what you have. Obviously I'm not saying that everybody who's concerned about account security should get multiple e-mail addresses, I'm just throwing things out there for discussion.

Silverthorn · Apr 11, 2005, 04:29 AM // 04:29

Quote:

Originally Posted by Midnight Scorpion

Yes I guessed that, but that goes back to the OP stating that he thought it wasnt "right to ask people paying for a game to have to establish thier own accounts security." And creating a new e-mail address solely for the purpose of playing a new game (which fits the description) would be wise, however inconvenient

Exactly, in my opinion if your charging someone to play a game like this you should make sure that thier accounts are safe and secure. It is a good idea to create a seperate email account for it but you shouldn't be forced to do so in order to keep your account secure. I for one only use 1 email address and I don't want to have to maintain another one. When you pay for a service you shouldn't be inconvienenced by that service.

Manderlock · Apr 11, 2005, 04:31 AM // 04:31

Quote:

Originally Posted by Silverthorn

The point is that email addresses aren't a piece of vital information that you would normally keep secret, ie social security number or drivers liscence number. It is a means for communication and so should be free to be given out to people you want to keep in touch with. You shouldn't have to keep your email secret, that defeats the point of having an email address.

im shure you dont mean that social security and what not should be used, just that they should let you make your own acount name. i would have to agree with this. ive given my e-mail out countless of times to people i havent meet IRL, and i dont think that now i should be made to keep it *hush hush* just to play a game.(even a great game like gw)

Midnight Scorpion · Apr 11, 2005, 04:34 AM // 04:34

Quote:

Originally Posted by William of Orange

Just for the sake of arguement, you could always have multiple e-mail address. Right now, there are three different e-mail accounts which I use; I have one through my school, one through Hotmail, then another one through Gmail, which is my primary account and the one which is tied to my account. Lucky for me I didn't follow my naming theme like I had done for my Hotmail and AIM accounts, otherwise it wouldn't be too hard to pick up what the Gmail account is

Edit: You just snuck your reply in before mine Midnight

Maybe it's just because I'm strange, but I don't really view making another accuont as an inconvenience. Yes, it does take a couple of minutes to set up, but after that initial setup time, it only takes seconds to log in and not much longer to browse through your e-mails and check out what you have. Obviously I'm not saying that everybody who's concerned about account security should get multiple e-mail addresses, I'm just throwing things out there for discussion.

I myself do use multiple e-mails (quite a few actually since I own several domains, maybe that's why it is such an inconvenience to me) and would recommend it to anyone playing any game regardless, however the notion that it is a better idea to make a new e-mail address rather than not is quite oft in my book.

A simple solution would be to use usernames, and require them to be of a certain form that would be hard to find out. I'm not an expert in this area, but i've seem it in action in some other games that have no problems with stolen accounts, etc.

For example, require that account names contain at least a minimum amount of alphanumeric characters, and must contain at least 1 number. Decline account names that match email addresses, i.e. if your email address is [email protected], your account name cannot be emailname. I feel this is a good way to secure quite a good few people who are very inclined to make their logins the same as their email.

By now i'm ranting, I'd get some official words instead.

Silverthorn · Apr 11, 2005, 04:40 AM // 04:40

I'm not suggesting that they change and not use email addresses for account names. They must have a reason for wanting to use them and more than likely don't want to change this close to release. I'm just asking that they provide some extra means of security. Or if there is one in place already let us know so that we can feel our accounts are safe. Because passwords just aren't enough. Need some method of retrieving our account if someone guesses our password and takes control of our account.

Manderlock · Apr 11, 2005, 04:44 AM // 04:44

im guessing that they want your e-mail so that they can e-mail you on things pertaining to the game.

they could make and e-mail account needed, but let you make your own acount name for the game

Pharalon · Apr 11, 2005, 04:51 AM // 04:51

Even if they know the email you're using for the game, the amount of time it would take to brute force a good password is mind-boggling. You can only get the password wrong 3 times before the game stops accepting attempts for a few minutes.

Considering that, the ANet servers will be old and collecting dust in an antique store before someone can brute force into your account.

Midnight Scorpion · Apr 11, 2005, 04:55 AM // 04:55

Quote:

Originally Posted by Pharalon

You can only get the password wrong 3 times before the game stops accepting attempts for a few minutes.

I suppose this is what the OP was looking for, woohoo!

Manderlock · Apr 11, 2005, 04:55 AM // 04:55

Quote:

Originally Posted by Pharalon

Even if they know the email you're using for the game, the amount of time it would take to brute force a good password is mind-boggling. You can only get the password wrong 3 times before the game stops accepting attempts for a few minutes.

Considering that, the ANet servers will be old and collecting dust in an antique store before someone can brute force into your account.

hmm didnt know that they had the three times rule. thats good enough for me

Silverthorn · Apr 11, 2005, 04:59 AM // 04:59

Didn't know about the 3 times rule either. Thats good but I think they could do a little more.

Sin · Apr 11, 2005, 05:02 AM // 05:02

Quote:

Originally Posted by Silverthorn

I know its been brought up before but I wanted to bring it up again hoping someone from arenanet answers. Since the game uses email accounts as your account name is there any kind of added security to back up the password? Email addresses are easy to find out unless someone has a special email address they created just for the game and don't give it out. And I don't think its right to ask people paying for a game to have to establish thier own accounts security. And once you have the account name someone with enough patience and time on thier hands(or a script to do it for them) can figure out a password. So there needs to be some kind of added security such as a "secret word" or some other idea to determine true ownership. So anything you can tell us to assure us our accounts will be safe is appreciated.

(Emphasis added by Sin.)

Please ask yourself...

How is it that ones account security, and for that matter the security of the information so referenced by that account, is not solely that person's responsibility? You think by purchase of a right of use agreement to use the executable code for a game it some how transfers some part of your responsiblity for your account's security on to them?

Please take responsiblity...

There is only one person in the world who will protect your interests, and that's you. This is not to say your account security isn't valued. It is to say it is valued for the purpose of assuring you have a positive gaming experience and nothing more--it is a balancing of interests between you and the gaming company, bank, etc.. Any further protections you must provide because they are your concern and rightfully so.

This is your opportunity...

Being careful about your email is Privacy 101. Having mutiple email accounts to facilitate that is just reasonable since it's your job to protect your stuff be it your family, car, credit card/bank/debit card account, or account in a computer game. Be thankful you have this much power over some aspect of your life or you might easily aid in the historic precedence of giving up that power for some specious belief that someone else would care for your property, your interests, as well as you do.

In a nutshell...

In short, think of it as layers. The internal layer do all they can internally. The external layer is yours, you can hand the would be malfeasor the key to test the internal layer, or make sure there is an even further external layer (another email) that may even expose the malfeasor's true intent.

*Please note: If any should take offence, my apologies as none was intended. Thank you for your time.

Auh · Apr 11, 2005, 05:03 AM // 05:03

Quote:

Originally Posted by Pharalon

Even if they know the email you're using for the game, the amount of time it would take to brute force a good password is mind-boggling. You can only get the password wrong 3 times before the game stops accepting attempts for a few minutes.

Considering that, the ANet servers will be old and collecting dust in an antique store before someone can brute force into your account.

Could they not try to hack into your email, then request that Anet send you a new password via "I forgot my password."?

Apr 11, 2005, 04:07 AM // 04:07	#1
Silverthorn Ascalonian Squire Join Date: Apr 2005 Location: D/FW, Texas Guild: Dark Radiance Profession: Mo/N	Account Security Concerns I know its been brought up before but I wanted to bring it up again hoping someone from arenanet answers. Since the game uses email accounts as your account name is there any kind of added security to back up the password? Email addresses are easy to find out unless someone has a special email address they created just for the game and don't give it out. And I don't think its right to ask people paying for a game to have to establish thier own accounts security. And once you have the account name someone with enough patience and time on thier hands(or a script to do it for them) can figure out a password. So there needs to be some kind of added security such as a "secret word" or some other idea to determine true ownership. So anything you can tell us to assure us our accounts will be safe is appreciated.

Apr 11, 2005, 04:13 AM // 04:13	#2
William of Orange Krytan Explorer Join Date: Feb 2005 Location: La Crosse, Wisconsin Guild: Thousand Tigers Apund Ur Head, The Consulate	Unless I'm mistaken, it's not possible to see other players e-mail addresses in-game, right? I'm no hacker, but the only way that I would see people being able to access your account would be if they were able to determine your IP address, go around any firewalls on your computer, and access any of the vital information on your computer, or monitor what keystrokes you're making (I'm fairly sure that's possible?). Besides that, I would like to think at least that the security should be pretty good for the game, as long as you don't give out your e-mail address, or any other pertinent account information for some odd reason. But hopefully Gaile can give you an official answer. Most likely I'll just end up having to put my foot in my mouth like normal

Apr 11, 2005, 04:17 AM // 04:17	#3
Silverthorn Ascalonian Squire Join Date: Apr 2005 Location: D/FW, Texas Guild: Dark Radiance Profession: Mo/N	Yeah they can't find your email address unless you give it to someone really but email addresses are exchanged fairly freely. And in my opinion a paying customer shouldn't have to refrain from giving out thier email address to friends in game for fear of thier account security. There have been plenty of people in other games that have had accounts stolen from people they thought to be friends.

Apr 11, 2005, 04:20 AM // 04:20	#5
Midnight Scorpion Frost Gate Guardian Join Date: Mar 2005 Guild: None Profession: Mo/	Not in game not without much difficulty. However, all someone would have to do is try to send you an MSN message here on these forums and bam there is your e-mail address, try it! I myself find it very inconvenient to give out and maintain different e-mail addresses and prefer to use the same e-mail address for all games, all accounts everywhere (unless I change my name o_O). Giving out your e-mail address really shouldnt be something that could compromise your account security (in an ideal world).

Apr 11, 2005, 04:40 AM // 04:40	#13
Silverthorn Ascalonian Squire Join Date: Apr 2005 Location: D/FW, Texas Guild: Dark Radiance Profession: Mo/N	I'm not suggesting that they change and not use email addresses for account names. They must have a reason for wanting to use them and more than likely don't want to change this close to release. I'm just asking that they provide some extra means of security. Or if there is one in place already let us know so that we can feel our accounts are safe. Because passwords just aren't enough. Need some method of retrieving our account if someone guesses our password and takes control of our account.

Apr 11, 2005, 04:44 AM // 04:44	#14
Manderlock Wilds Pathfinder Join Date: Apr 2005 Location: TX Guild: Crimson ScS Profession: W/N	im guessing that they want your e-mail so that they can e-mail you on things pertaining to the game. they could make and e-mail account needed, but let you make your own acount name for the game

Apr 11, 2005, 04:51 AM // 04:51	#15
Pharalon Beta Tester Join Date: Jan 2005 Guild: Carebear Club	Even if they know the email you're using for the game, the amount of time it would take to brute force a good password is mind-boggling. You can only get the password wrong 3 times before the game stops accepting attempts for a few minutes. Considering that, the ANet servers will be old and collecting dust in an antique store before someone can brute force into your account.

Apr 11, 2005, 04:59 AM // 04:59	#18
Silverthorn Ascalonian Squire Join Date: Apr 2005 Location: D/FW, Texas Guild: Dark Radiance Profession: Mo/N	Didn't know about the 3 times rule either. Thats good but I think they could do a little more.