Curse

Linksys · Dec 10, 2009, 11:19 PM // 23:19

Quote:

Originally Posted by Theocrat

Tossing in my support, which comes as no surprise I'm sure.

Unfortunately, it appears that making accounts more secure is just too much of a nuisance. ArenaNet will not admit that they have a problem. NCSoft will not acknowledge or fix the problems that are incredibly obvious to anyone who has used their website.

We can hope, though.

Then what we need is attention to this problem in IGN.com and any video game magazines that see this as news. Ways to let consumers know before considering buying an ArenaNet or NC Soft game. Because right now if it's only on GW Guru, they may not be all that concerned. Usually Guru is something gamers later find their way to after playing for a while, I assume.

I also don't like how Anet will make people jump through hoops before doing something or admitting anything. They'll tell us that we downloaded some unauthorized program or gave our password away and that we need to scan our computers and check all the security. Which are valid points but there are people who testify to being hacked after already doing all that.

It's just like when GW first started, people were getting lagged. And Anet blamed our computers and video cards. They had people checking their computers and their internet connections and buying new video cards and more memory. Jumping through all these hoops. Then finally they admitted it's a server clog on their part.

Martin Alvito · Dec 10, 2009, 11:24 PM // 23:24

Quote:

Originally Posted by Meridon

May I suggest that once this thread dies a bit (let's say disappears from page 1), the petition, with all the names of those who signed along with suggestions, should be sent directly to Customer Support in an e-mail by a Guru Admin?

Account security threads are topped on GWO and Guru right now. They've noticed.

Quote:

Originally Posted by Linksys

Then what we need is attention to this problem in IGN.com and any video game magazines that see this as news. Ways to let consumers know before considering buying an ArenaNet or NC Soft game. Because right now if it's only on GW Guru, they may not be all that concerned.

Word of mouth is powerful in this business. Reviews matter a great deal, but players bring their friends (or ward off their friends) in many cases. The word will get around.

EDIT:

Quote:

Originally Posted by Kumu Honua

I would bet doughnuts to dollars that just like the "Modern Warfare" boycott, at least 80% of the signers in this thread would indeed purchase another NCSoft product even if nothing ever changes about the actual issue at hand.

Count me in the 20%.

Linksys · Dec 10, 2009, 11:28 PM // 23:28

I'll continue playing what I already have but won't buy anything more. Would that be considered a boycott? From further purchases?

My decision is not just from this issue. It's because I'm not interested in their other games or upgrades.

And there was the time when ordering from the ingame store meant being banned by error.

EDIT: This reply is in reply to another that was here a moment ago. It concerns the idea of a boycott.

Quote:

Originally Posted by Kumu Honua View Post
I would bet doughnuts to dollars that just like the "Modern Warfare" boycott, at least 80% of the signers in this thread would indeed purchase another NCSoft product even if nothing ever changes about the actual issue at hand.

Crippie its Tom · Dec 10, 2009, 11:35 PM // 23:35

/signed

12 char ftw

Zaxares · Dec 10, 2009, 11:38 PM // 23:38

/signed

I was one of the people whose NCSoft account got broken into. The NCSoft site only has a maximum 13-character length password, and it does not allow symbols. I imagine whoever did it simply brute-forced their way in, then simply reset my password to one of their choosing. As it happened while I was asleep, by the time I was aware of the intrusion, it was 13 hours later and the crooks had already been and gone (and gotten my account locked for 'gold selling' in the process).

I'm now trying to get my account unlocked by Support so I can get in and see what kind of damage has been done, but I've been playing for 4 and a half years, have 5 main PvE characters, and had an extensive collection of personal trophies, minipets and other mementos. All of it could be wiped out, simply because the NCSoft Master Account has piss-poor security compared to a lot of other sites.

At the very least, as somebody mentioned, you should be required to enter your CURRENT GW password to change your game password. Or if you've forgotten your password, your new password be sent to your e-mail address (requiring the hackers to have to break into a second account).

I don't blame ANet for this, since the fault lies with NCSoft, but I AM pissed that there's such a glaring weak spot in their security net. Something seriously needs to be done about this, before more innocent victims fall prey to it.

Meridon · Dec 10, 2009, 11:38 PM // 23:38

Quote:

Originally Posted by Martin Alvito

Account security threads are topped on GWO and Guru right now. They've noticed.

I can see that, but my point just happens to be in the part you didn't include in your quote of me

It's obvious they've noticed already, but that's not going to force them to reply. A ticket sent directly to Customer Support by a credited Guru admin probably will. That's the point of a petition anyway, to hand it in to whoever it's for

Grunntar · Dec 11, 2009, 12:04 AM // 00:04

Quote:

Originally Posted by Meridon

force them to reply

How is sending an e-mail *forcing* them to do anything? One click of the mouse by some flunky on the support staff, and it's digital trash...

X-Bomb · Dec 11, 2009, 12:06 AM // 00:06

/Signed
/Signed

twice - for both my accounts

Honestly I am very careful with my account security/passwords - everything. Infact I do not care enough for the game to go researching things and thus capturing spyware and key loggers etc

What really made me scratch my head is that I had not logged in for ages, yet last month 1 of my 2 accounts was mysteriously blocked by anet due to a hacker and lacking 1000k gold when returned to me. I seriously doubt a dormant account was hacked by a keylog or other such way. I use different passwords for my two accounts and had not logged in for ages.

Smarty · Dec 11, 2009, 12:09 AM // 00:09

Quote:

Originally Posted by Chthon

To rehash several years worth of suggestions:
1. Find and close whatever vulnerability is allowing accounts to be stolen directly through a-net/NCSoft.
2. Since NCSoft clearly can't get their act together, just let us sever our GW accounts from NCSoft.
3. If we must retain the connection to NCSoft, then at the very least: (a) Give us back the ability to change our usernames. (b) NEVER display the e-mail that is the GW username from within the NCSoft account. (c) Require the current GW password to be entered in order to change the GW password.
4. Give us the ability to blacklist and whitelist individual IP's and IP blocks. I want to blacklist all of mainland China from ever logging into my account and I want to be prompted for a second password to login from any IP other than my current one.
5. Give us a "last login attempt for this account was X hours ago from IP W.X.Y.Z" notification every time we log in so that we know when someone is after our account and can contact support preemptively.
6. Give us an optional character lock that is permanent or takes at least a week to remove.
7. Give us a customized item lock with the same traits.

I'll /signed to the original and /signed to the above too. I've been paranoid about the unchangeable-email-address-as-login rubbish for nearly as long as I've been playing GW and, whilst I haven't been hacked yet, with all the recent hackings I'm starting to think my fears of it happening to me one day too aren't just paranoia. Get NCsoft to sort it before it's too late please ANet, because if my GWAMM and his stuff winds up gone then so am I and all my/my family's future GW2 expenditure.

Anakita Snakecharm · Dec 11, 2009, 12:09 AM // 00:09

/signed

I haven't been hacked. I doubt anyone would bother hacking me because I'm a new player and it wouldn't be worth the effort for the contents of my account. I'm far from a prize target.

That said, the sheer number of reports makes me worry. Not to mention knowing that I wouldn't have to e-mail confirm before a password change, and that there's no lockout for failed password attempts. Overall, it's just not a secure enough situation for me to feel comfortable.

I'm still going to be playing the game, but I won't buy additional ArenaNet or NCSoft products for myself or anyone else unless there's some kind of resolution to this. Not so much even as a boycott, but because it's apparently such a crapshoot about whether my money would just be going down the drain.

Linksys · Dec 11, 2009, 12:14 AM // 00:14

We should also further stress that we should not buy gold from gold sellers. I'm sure the usual Guru member doesn't do that. But there are people out there still doing that. Imagine these sellers hacking accounts from the GW community and taking the gold and selling it to take money from other people in that community. It's worse than those scumbag solicitors that practically block store entrances to beg for money or signatures.

Turbo Ginsu · Dec 11, 2009, 12:17 AM // 00:17

/Signed for account #1
/Signed for account #2(Given to me by a "Since Beta" player after most of his friends left after being hacked)

This is a joke. Truly. Neverwinter Nights has better security, and it's damn near twice the age..Get your act together anet/ncsoft.

Curo · Dec 11, 2009, 12:22 AM // 00:22

/signed

Special emphasis on "this issue will affect our decisions to purchase further arena-net products".

Also I read through some of the posts here about NCSoft caring about nothing other than money. I personally would be willing to pay something like a $10 account insurance fee.

**Marty Silverblade** · Dec 11, 2009, 12:23 AM // 00:23

/signed

Given all the threads about people who have full anti-virus/firewall/all that stuff and don't do anything dodgy like buy gold who get hacked, it'd be nice for Anet to step up security.

eba · Dec 11, 2009, 12:32 AM // 00:32

/signed

definately needs to be addressed

Malice Black · Dec 11, 2009, 12:32 AM // 00:32

/proper job

<filler>

cognophile · Dec 11, 2009, 12:37 AM // 00:37

/signed

I've also become paranoid lately about having my GW stuff hacked. Installed Flashblock and Adblock Plus into Firefox, used the game interface to change passwords multiple times, stuff like that. If my GW stuff were hacked, I'd most likely just quit the game and not look back.

Rehnahvah Gahro · Dec 11, 2009, 12:40 AM // 00:40

/signed

From all I read it probably has to do with the ginormous security-holes at the NCSoft-Site. This whole Change your Password - Mess is a joke and whoever is responsible for that should get replaced by a monkey.

Just another reason to vow against the linking to the utterly useless NCSoft Master-Account (my account was linked in 2006 forcefully, like others I didn't want it and I have no advantage in Guild Wars from it).

If they want us to purchase NCSoft products (which this linking to a "Master-Account" is all about) there are other means to get our attention (other than forcing a link). Like the Aion Wing-Emote.

I know that I would not purchase GW2 if I would get hacked, not to get some kind of weired revenge or boycott anything, but because it would not be worth the effort to accumulate wealth ingame and only having a random chance of maintaining that wealth.

Long story short: If NCSoft refuses to react, ArenaNet should find a way to separate from NC and end the partnership (I know that Anet is a 100% owned subsidiary of NC, but there's always a way, say like "breaches of faith")

Trader of Secrets · Dec 11, 2009, 12:40 AM // 00:40

/signed of course for more security, who wouldnt, but i would like to know why account security is flawed in the first place or is it that people havent taken measures to protect their own stuff?

JR · Dec 11, 2009, 12:40 AM // 00:40

This petition suffers from a rather fundamental bias: Nobody is going to vote against better account security. As well written as the OP was, it has no constructive value.

A much more interesting and useful thread would be 'How could ArenaNet improve account security. What measures would be most ideal? Lucky for us, a thread like that has already gone up over on GWO. With Bellissima's permission, I've copied it over here.

For the sake of keeping the discussion in one place, I'll close this thread. If you want to vent your frustration about the current state of account security, I suggest you use Gaile's talk page.