Curse

Refyused · Sep 16, 2006, 01:10 AM // 01:10

" If you have feedback to provide regarding the integration of accounts into the PlayNC website, we strongly recommend that you post your feedback on the various community forums. "

This is the response I got from PlayNC when I inquired about having my PlayNC account deleted and/or disassociated with my Guild Wars playing account. For those unfamiliar; you are unable to change your Guild wars e-mail address if it's integrated with your PlayNC account (ie: if you've looked at the guild wars online store). This is supposedly done for "increased security for your account" - all it really is, is stupid.

I know a person (many of you know them too) who's Guild Wars account was hacked due to somebody gaining access to his PlayNC account after 69 failed attempts. SIXTY NINE! Where's the account freeze/lockout after 5 failed attempts? So you're telling me, that if you know somebody's PlayNC login, you can simply sit there all day until you guess the right password (or use programs to help you crack it)?!

This is why account integration is stupid:

It allows anyone who may gain unauthorized access to your PlayNC account to see your Guild wars login name (e-mail address). It's displayed in big letters on the main page of the Account Management control panel.
Most people use the same password for the two, so from there, said person would very likely be able to login to your Guild wars account and steal it.
Furthermore, they can lock you out of your OWN PlayNC account once they have access, thereby impeding your ability to regain your Guild wars account as well.
It does not grant users the right or ability to CHANGE their Guild Wars login name. In fact, it completely disables it.
What if you forget your password, and for some reason or another no longer have access to the e-mail account associated with your PlayNC/GW account? Then you're up shit creek with no paddle, because you can't reset your password!

Use some common sense, and I'm sure you can see why this needs to change, and it needs to change NOW. this on top of the fact that your personal AND billing information is visible there. If I could ask the people who designed this whole FUBAR system, I'd ask them what the hell they were thinking when they did it.

I'm sure some of you can cover things I didn't, as I'm pressed for time at the moment and only have time to list a few reasons.

Note: If you disagree, that's fine. Don't be rude about it, and keep your childish flaming to yourself, as all flames and the people who do it will be dealt with as per our forum rules.

UPDATE

Quote:

Someone at 196.202.4.229 attempted to reset your PlayNC Master Account password for account "XXXXXXXX". This attempt was unsuccessful. If you did not attempt this change, please contact support immediately at [email protected].

It seems that it wasn't 69 failed login attempts, but 69 password change requests. In my opinion, that's even more pathetic and ridiculous than allowing an unrestricted number of login attempts. Get your shit together PlayNC.

Tsunami Rain · Sep 16, 2006, 01:13 AM // 01:13

in case you're wondering, that would be me he is referring to.

TESAmadeus · Sep 16, 2006, 01:26 AM // 01:26

The worst thing is that people will use the same password for a lot of websites email addy's etc

but the thing even more distrurbing is the fact people use things like bank account pin numbers on all there cards and on there passwords (so they don't forget them :?

best advice is have different passwords for every online transaction whether it be play.com, amazon.com, GW online store the list goes on (don't save a list of passowrds on your hard drive either)

Malice Black · Sep 16, 2006, 01:49 AM // 01:49

Hmm that is disturbing, mine is connected as well...I'd think I'd rather have them seperate.

Soldat · Sep 16, 2006, 03:11 AM // 03:11

/agrees

Knightsaber Sith · Sep 16, 2006, 03:16 AM // 03:16

-not to flame or anything; but that sure isn't a suggestion.....

Refyused · Sep 16, 2006, 03:38 AM // 03:38

Here's the suggestion: Take out the integration BS.

Inde · Sep 16, 2006, 01:59 PM // 13:59

And here's a thread from Batou of Nine who was also affected by this:

http://www.guildwarsguru.com/forum/s...php?t=10045465

Numa Pompilius · Sep 16, 2006, 03:16 PM // 15:16

This doesn't surprise me in the least.

The PlayNC website is buggy as hell, and in the end I opted not to trust it with any CC information or real contact information.

I'll tell you one thing, though: 69 attempts before they cracked the password to me suggests they've got a list of passwords from somewhere, and were systematically trying them out. Make of that what you will.

trialist · Sep 16, 2006, 03:57 PM // 15:57

I actually stopped myself multiple times when i tried to sign up to access the online store as i am extremely perculiar about leaving my personal info online. For some reason, there was a nagging suspicion about how secure the setup is and i cancelled multiple times halfway through filling up the forms. Now that i have seen this, i'm actually glad i did not sign up for the online store. Kinda hard to believe that someone could actually try 69 times to hack your account and not have any action done to stop it. Makes you wonder what would actually trigger some action?

AJM · Sep 16, 2006, 04:49 PM // 16:49

This is important stuff! I'm really worried now! This is a terrible system, and it badly needs to be changed. I say we sticky this thread and start a petition, then steer everyone possible towards it. Since this is an NCsoft issue, not just an ANet issue, we'll need everyone we can get!

Refyused · Sep 16, 2006, 06:39 PM // 18:39

Updated original post.

Minus Sign · Sep 16, 2006, 11:06 PM // 23:06

about passwords: use a word you are farmiliar with and a series of random numbers with a signifigance to you alone (nickname+mother's birthday, gamehandle+your zipcode backwards, etc). For my gaming email and password, I use this system. With added protection from spyware monitoring programs to protect against keyloggers and other junk (AdAware is still free folks; get it...now) I feel comfortable saying my gaming email or its accounts won't be hacked soon. Never can tell though...Victims always think they're safe.

/signed. If the NCSoft security network is even half a bunk as this thread suggests, I don't want my Guild Wars account anywhere near it.

Quote:

Originally Posted by Refyused

(ie: if you've looked at the guild wars online store)

Hmm...so does that mean that accounts that have used the online store may be at risk due to this shotty setup at NCSoft? What other factors should we be aware of for possible intrusion?

Loviatar · Sep 17, 2006, 12:24 AM // 00:24

Quote:

Originally Posted by Minus Sign

With added protection from spyware monitoring programs to protect against keyloggers and other junk (AdAware is still free folks; get it...now) I feel comfortable saying my gaming email or its accounts won't be hacked soon. Never can tell though...Victims always think they're safe.

?

NO, NO, NO

in the latest round of testing spyware removers both AdAware/ Spybot continued to slide way down.

they are now junk compared to the top rated pair.

AdAware/Spybot rated 2.5/3.0 out of 5 and missed the keyloggers and rootkits

Spyware Doctor/Spysweeper both got the keyloggers and Spyware Doctor also got the rootkits however SD is much faster

if you use AdAware/Spybot you are only fooling yourself on removing the next gen spyware

TheGuildWarsPenguin · Sep 17, 2006, 01:01 AM // 01:01

I use teh microsoft antispyware, Adaware, spybot, that yahoo antispy, and norton and they all phailsauce'd at getting one keylogger.

Griev · Sep 17, 2006, 01:09 AM // 01:09

/signed in blood

Neo Nugget · Sep 17, 2006, 01:21 AM // 01:21

ON Topic:Yeah i dont like the intergration.........not the best idea......ever........

Quote:

Originally Posted by Knightsaber Sith

-not to flame or anything; but that sure isn't a suggestion.....

Off topic-I have read about 50 of your posts and they either say the words"not to flame"Or You critisize.Just saying,...........not to flame or anything.

Knightsaber Sith · Sep 17, 2006, 03:46 AM // 03:46

I say not to flame you when someone does something blatantly wrong like post in the wrong section, suggest something that's come up countless times before, or just said something lacking even the most basic of common sense. I say not to flame you as otherwise some people will freak out and start an all out flamefest war. And I'd say I've only said that ten times at the most. I just find it really annoying when people can't even post a thread in the right section so I'm definitely going to let them know; and no I don't just want to get my post count up.....

scamPOR · Sep 18, 2006, 11:42 PM // 23:42

This has happened to me also (account lost).... very disappointed.

Minus Sign · Sep 19, 2006, 12:52 AM // 00:52

Actually, I use the spyware detector that came with my anit-virus/firewall combo Loviatar. I continue to reccomend AdAware because its free to use and not on a trial period. DL once, you have it until you don't want it any more.

last I heard, the two you suggest do not offer a long term usable fully free version.

I prefer everyone get some protection over none.

Thanks for the clarification, however. If you don't mind, PM me those studies; I like to learn.

@Knightsaber Sith: the implication/suggestion of this thread should be abundantly clear and pertinent to Guild Wars players. A security breach has been found by players, reported to Anet and NCsoft, and is persistent. By adding it to this suggestion sub-forum, its very existence is a healthy kick in the ass to Anet to fix this before rumor creates a backlash of fear from players and (worse) potential reprisals from the more unscrupulous among us.

Short tax version: Anet, fix this. We know about it. Since you read these forums, you know we know about it. So if it persists, we will balme YOU.