Guild Wars Forums - GW Guru
 
 

Go Back   Guild Wars Forums - GW Guru > The Inner Circle > Sardelac Sanitarium

Notices

Closed Thread
 
Thread Tools Display Modes
Old Nov 30, 2009, 10:41 AM // 10:41   #1
Wilds Pathfinder
 
Turk The Legendary's Avatar
 
Join Date: Sep 2009
Location: Fissure of Woe
Guild: Club of A Thousand Pandas [LOD倧]
Profession: W/
Advertisement

Disable Ads
Default Guild wars security

Well as you all know many people lately have been complaining about getting hacked and losing all their stuff. But whats new people are dumb and give away their information and some are just unlucky. But I believe that a good idea for a guild wars update would be to install a pin for your bank such as the bank pins in Runescape or and pins required to log into Maplestory and other games like that. I am not comparing these games to guild wars IMO guild wars is much much better. This pin would of course be optional and can be set up by talking to the Xunlai Agent of the outpost you are in. The pin could be 4 numbers and would be touch sensitive so that if you had a keylogger it could not record your bank pin and alas all your items in your bank would still be safe and sound. Now i know what your thinking "If someone was dumb enough to give away their email address they could still get the pin sent to their email and the hacker could get it via that users email". This would be another original thing that could be edited by sending the pin to a seperate ncsoft email or another email all together which if you were smart would have another password. A simple change to keep all your items safe and keep hackers off of guild wars. Sorry for the long read just thought id post my opinion since i havent seen anything of this sort posted yet.
Post your opinions and have fun in GW and keep your email safe
Turk The Legendary is offline  
Old Nov 30, 2009, 11:40 AM // 11:40   #2
Wilds Pathfinder
 
mathiastemplar's Avatar
 
Join Date: Jun 2008
Location: Denmark
Guild: Jade Reapers [JD]
Profession: W/
Default

Sounds like a good idea to me, so I would def. /sign (not sure if I'd use it tho)
In general, ppl who get hacked/ are mostly fools who gave away their info tho... Either in "Anet-mails"(lol) or to "friends"..
Cheers=)
mathiastemplar is offline  
Old Nov 30, 2009, 12:32 PM // 12:32   #3
Ascalonian Squire
 
Join Date: Feb 2009
Location: United Kingdom
Guild: Cookie Rehab Clinic [LAME]
Profession: Mo/W
Default

The most valuable things on my characters are their armours and weapons which I wouldn't keep in my storage.

Nevertheless, this idea is still pretty legitimate. /signed
Little O B S I is offline  
Old Nov 30, 2009, 12:37 PM // 12:37   #4
Furnace Stoker
 
Join Date: Oct 2006
Guild: GWAR
Profession: Me/Mo
Default

I would go for the entering of all passwords by mouse not keyboard and would also have a separate password for deleting characters.

If you have let anyone know your account details then change them right now.
gremlin is offline  
Old Nov 30, 2009, 12:44 PM // 12:44   #5
Lion's Arch Merchant
 
Silmar Alech's Avatar
 
Join Date: Aug 2009
Location: Europe
Guild: Tom Son [TS]
Profession: E/
Default

Additional ingame passwords (such like a pin) are weak workarounds for the general security problem. Another password that can get lost: additional load on the support.

The worst design flaw in the Guild Wars authentication scheme is that the username is an email address. Email addresses are made for the public. You are known by your email address. You use it all over the internet. But if your email address is known, already half of the login information to your game account is exposed. If you connected your game account to an Ncsoft account, it became impossible to change your game login name. One simple mistake from my side (using the same password for some shady forum login as my ingame login) and I am screwed. Being able to change the game login name and being forced to not use an email address would be a bigger security improvement, in my opinion.

A touchpad that must be clicked on (i know them from pda/smartphones) is an interesting idea, but be aware that keyloggers also can intercept mouseclicks and would be able to record mouse click positions. If you know "the next 4 clicks are on a 9-dot pad that is 300x300 pixels", you can easily guess the clicked dots. And if you shuffle the numbers, many people will not be able to enter their pin any more. I, for example, don't really remember my pin numbers for my bank's automated teller machine. I remember the positions on the numpad instead. If my pin were "1234", I would not remember "1234" but something like "top left, next, right, first down".
Silmar Alech is offline  
Old Nov 30, 2009, 01:38 PM // 13:38   #6
Krytan Explorer
 
Join Date: Jun 2005
Location: European Union
Guild: ADL
Profession: E/
Default

It would suffice if your customized belongings would be as easy to restore as the festival hats and characters would not get deleted off the server, but able to be retrieved later. Favorite loot safe, title safe, money can be replaced the easiest. People carry around 1000h of achievements, they rarely still own 1000h of loot in transferable objects.

Beyond that anything that is just between the user and the server can be broken (layers of passwords, secret mouse gestures, encrypted authentication files) or limits the user's ability to play GW from multiple machines at best (even a MAC address can be forged).

Even if you start handing out Anet created one use PGP encrypted passwords to the user, once the player side is compromised, security is gone. Best thing is to prevent the hooliganism of destroying and dismantling accounts and make stealing and inefficient method for accelerating the unlocking of rewarding mechanism in the game. I bet you would be able to charge more for that feature than for any army of hairdressers.

$5 for making a character impossible to delete and giving him a festival hat maker for all his customized loot and armor? Type /age and you know you wouldn't mind having that.
4thVariety is offline  
Old Nov 30, 2009, 01:41 PM // 13:41   #7
Desert Nomad
 
Bristlebane's Avatar
 
Join Date: Jan 2008
Profession: Mo/
Default

Clicking on a rune character from 4x4 shuffled runes aftr your login would also work. since runes are shuffled, you can't record it with a key/mouselogger. 16 runes itself doesn't give much security, but in combination with your regular login, it's still way safer than now.

A keylogger now and you're screwed. with the runes the hacker only have 1/16 chance after breaking your original login, and a failed rune would lock your account for at least an hour and send you an email someone is attempting to access your account. Any failed attempts would then "encourage" you to change your password immediately.
Bristlebane is offline  
Old Nov 30, 2009, 02:30 PM // 14:30   #8
Desert Nomad
 
Join Date: Apr 2007
Default

Quote:
Originally Posted by 4thVariety View Post
$5 for making a character impossible to delete and giving him a festival hat maker for all his customized loot and armor
I want that. And I'd pay for it. They should give you a free character slot with every delete-lock purchase. In other words, you'd ALWAYS have at least one unlocked slot... therefore bypassing the whole support issue of people who want to re-roll a character but can't delete any. Don't understand why they don't do this. Surely it can't be hard? They don't have to touch anything in-game, consider balance etc. You'd think it was easy money for them.

Everything else is gravy... not that bothered about items or equipment, I don't have anything valuable. But it'd still be a nuisance if I had to re-equip my characters, so I'd still welcome any security crumbs that fell off a-net's table.

/signed

Last edited by Riot Narita; Nov 30, 2009 at 02:38 PM // 14:38..
Riot Narita is offline  
Old Nov 30, 2009, 03:55 PM // 15:55   #9
Imma Firin Mah Rojway!
 
Zodiac Meteor's Avatar
 
Join Date: Aug 2008
Location: At the Mac Store laughing at people that walk out with anything.
Profession: E/Mo
Default

This has been said:
here.
Zodiac Meteor is offline  
Old Nov 30, 2009, 07:41 PM // 19:41   #10
Forge Runner
 
Join Date: Jan 2007
Default

No need for this, we need people to take better care of their accounts, thats what we need.
Bob Slydell is offline  
Old Nov 30, 2009, 07:43 PM // 19:43   #11
EXCESSIVE FLUTTERCUSSING
 
Kattar's Avatar
 
Join Date: Mar 2007
Guild: SMS (lolgw2placeholder)
Profession: Me/
Default

Quote:
Originally Posted by Zodiac Meteor View Post
This has been said:
here.
Yep.

Closed.
__________________
All seems lost now, but still we must fight on.
Kattar is offline  
Closed Thread

Share This Forum!  
 
 
           

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 08:06 AM // 08:06.


Powered by: vBulletin
Copyright ©2000 - 2016, Jelsoft Enterprises Ltd.
jQuery(document).ready(checkAds()); function checkAds(){if (document.getElementById('adsense')!=undefined){document.write("_gaq.push(['_trackEvent', 'Adblock', 'Unblocked', 'false',,true]);");}else{document.write("