Security Suggestions - Blue Tracker

#1 - Aug. 30, 2014, 10:12 a.m.

Security Suggestions for GW2 Accounts

Further to a reply from one of the GMs earlier today, he suggested that I post some of the ideas I had, after being hacked for the fourth time recently. I would like all to post any further ideas and any pros or cons to any of the suggestions.

One of the problems of being hacked for the first time is that the original e-mail from Anet with your game code is stolen/copied and then deleted from your e-mails – giving them ‘ownership’ or ‘proof of’. So, when you do send in a ticket to Support, this information is not available to you.

I suggest a more robust multiple layer system, much like Online Banking. The choice of Mother’s Maiden Name, Pets Name, First School, etc should be used. Also a 5 digit number, whereby every time a choice of two of those digits is used. In addition, a memorable name should also be included. All of this is pretty standard for Online Banking. Maybe, Anet could supply (at a price) a calculator authenticator (such as Barclays Bank use).

One of the main attractions to hackers is the ‘high-end’ armours, bags, weapons, mini-pets and other collectables. There should be an option, whereby the player can soul-bound or account-bound these items. This would have a two fold effect, in not only protecting the items, but the economy as well, should the account be hacked. At the very least this option should be available at the Exotic, Ascended and Legendary level. At least the original Guild Wars had the option of account-binding the mini-pets and some armours.

Please do not use this thread as a rant about hacking or that its your fault for having lax security etc etc. This thread needs to be constructive ………………. we maybe able to change things. Thanks.

Gaile Gray

#5 - Aug. 30, 2014, 3:07 p.m.

tolunart.2095:
Seera.5916:
They should have free choice security questions and answers. That way players can put in questions and answers that they are highly sure only they know.

One problem with this is that many personal details are shared through social media and a little digging can turn up common answers like pets names and where a person grew up. Others enter nonsense answers like “first pet’s name:” “broccoli,” then forget the answers because they don’t match the questions. So either your just as vulnerable or you end up contacting support to talk your way around not knowing the security answers.

It’s approximately as secure as requiring info like credit card identifiers (Mastercard, exp 2019, -1234) and account authorization numbers, character names etc. but it’s not more secure than anything they do now.

Thank you for this post. What you’ve said is correct! Player-created questions ("Was that my 2nd grade Teacher, or my 7th Grader teacher? And how did she spell her name name?) are frequently forgotten, requiring interaction with Customer Support. General questions (Where did you go to school?) are easily answered through info would-be account thieves obtain through the Internet. While there are different opinions, most security experts seem to lean away from random or personal questions because that system is not sufficiently effective at enhancing personal security.

As to other points in the initial post:

The idea of selling “dongles” or authentication devices certainly has been reviewed, but I do not know that such an option will be offered now or in the future.

I will see what I can learn about “optional soul-binding” or “optional account-binding” but from what I recall in conversations a long while ago, that may not be feasible for one of several reasons.

As for guild banks, please read my recent post on this subject. Unfortunately, guild bank passwords would not prevent most of the incidents of guild bank looting. (I’m sure it’s something that the team has and will examine, but there are drawbacks, as that post points out.)

Unique account names? Also easily forgotten, also requiring CS help, also requiring account verification.

Data shows that *authentication helps a great deal, especially mobile authentication. It’s not flawless, but it’s extremely effective at reducing account thefts.*

I want to make clear that most accounts are stolen through the compromise of an e-mail account. In those cases, the victim is in much greater trouble than the misuse of a game account. So you should look at security for your e-mail account as your first and best protection against game account seizure (and a whole lot more).

Ask yourself this about your e-mail account:

Do you have mobile auth on your e-mail account?
If not, can you get it?
Is your game receipt or other revelatory e-mail stored on your account? Have you considered deleting those mails as protection against someone else getting that personal information? (Remember, you could print and save, or move that information to a secure place that is not as likely a target as your e-mail account.)
Are you reusing passwords? That is, are you using the same password for your game somewhere else? Anywhere else?
Is your password as secure as it might be? Is it easily guessable, or only a slight variation from others you use? (Please read this article for help in selecting a solid password.
Are you up on the latest info about security? Did you know we update our extensive and valuable security article to help provide the latest info on that subject.
Are you taking advantage of security software? See this article for tips.

Gaile Gray

#10 - Sept. 5, 2014, 5:12 p.m.

Correct. An NCAccount or NCMA will not be of assistance with Guild Wars accounts.

Gaile Gray

#12 - Sept. 8, 2014, 12:47 p.m.

Please see my post [url=https://forum-en.guildwars2.com/forum/support/account/Security-Suggestions/first#post4351580]above. Substitute “PIN” for “password” and you’ll see why there are drawbacks, i.e., it’s not the perfect solution. That’s not to say it won’t be considered, simply that it’s not the be-all and end-all that some may believe.