13 replies to this topic

[Khalija]

After last night's patch, a lot of users were curious as to why they weren't prompted to enter their authentication code before logging in to Guild Wars 2. Mike Lewis was there to let people know that they implemented their "remember this network" feature last night and that if you had already selected it before it was in place, it would automatically use that setting:

Quote

Hi all,

First and foremost: please be aware that your accounts are still protected by the mobile authenticator at this time.

Here’s what has happened:

• We have been developing a “remember this network” feature for the mobile authenticator in line with the same feature used by email authentication
  
• This feature became active tonight during the planned maintenance updates
  
• For any account which has already selected to remember a network, the mobile authenticator will respect your existing settings
  
• This means that if you are logging in from a location that you permitted via email authentication, the mobile authenticator will not currently prompt you for a secondary code

Your account is still covered by the authenticator for logins from unverified locations.

This is the result of an oversight on my part and I’d like to apologize for any uncertainty and worry. We’ve double checked the systems and authentication is working correctly for unverified logins.

Unlinking the authenticator was temporarily disabled due to a configuration accident; this has been corrected and should work again.

For the moment we do not have a user interface for editing your “remembered” network locations. As a result, please be very cautious when selecting to allow new locations from the emails (or, in the near future, from the mobile authenticator login screen).

Thanks for bearing with us while we get the rest of the mobile authenticator features ready to go. [Source]

[Goroke]

Oh thank god they made this change. As much as I would have loved to protect my account, having to plug in the code every single time I tried to log in was just too much of a hassle, especially since I disconnect here and there and have to log in more than once.

[Union]

This is great news! I've been wondering if/when ANet would implement this feature. Well done.

[Tr3LoS]

I was surely been waiting for this. When I wasn't asked for the code today I though that this was implemented.

Thumbs up!

[wetwillyhip]

On a "remembered network" I still get prompted by the google authenticator to input the code every single time I login to the game or the GW2 website! I "remembered" my apartment location ages ago.  WTF is going on....  Anyone else having this problem?

Edited by wetwillyhip, 07 November 2012 - 07:09 AM.

[_Sorel]

wetwillyhip, on 07 November 2012 - 07:08 AM, said:

On a "remembered network" I still get prompted by the google authenticator to input the code every single time I login to the game or the GW2 website! I "remembered" my apartment location ages ago.  WTF is going on....  Anyone else having this problem?

this might be how your ISP setup your internet connection. especially if you have a dynamic ip address from your DHCP server. you would be getting a new IP address everytime your router resets or when the old one expires. this causes the authenticator to detect your new ip address as a different location and would prompt you will security options.

[Righteous]

This SUCKS.
This is not two-factor authentication. It's 1.05-factor authentication.

They should NOT have dumbed this down because some people don't really take security seriously, and are too lazy to enter the mobile authentication code every time. Those kind of people should stick to email-authentication-on-a-change-of-location instead.

Or if they really felt they had to dumb it down this way, they should have built the UI for editing remembered locations (and put it in place) FIRST, so that those of us who want maximum security can kill all saved locations, and receive the mobile authentication prompt every time.

Edited by Righteous, 07 November 2012 - 02:10 PM.

[Tzu Qui Jinn]

Why not add the character name feature that was in the first game?

[Righteous]

Tzu Qui Jinn, on 07 November 2012 - 03:38 PM, said:

Why not add the character name feature that was in the first game?

Because character names should not be part of your account security.

You shouldn't be giving away 1/3 of your login details every time you post your character name in public, and people shouldn't get 1/3 of your login details just by seeing you in game.

They only did that in GW1 because they had to do something to stop thieves who were glitching into other people's NCsoft master accounts - from there the thieves could see your email address for GW1 login, and set a new GW1 password without knowing the old one. You were shafted, no matter how good your password was, or how safe your internet practices were. Your only protection was blind luck.

So, ArenaNet had to add a login requirement that could not be seen/changed from the NCsoft Master Account. Quickest and easiest was character names. It was a bandaid not a proper solution.

BTW, your email address shouldn't be part of your login security either, but we're stuck with that now

Edited by Righteous, 07 November 2012 - 04:29 PM.

[Loperdos]

Thanks for this post, I was actually wondering this myself, after noticing that my authenticator wasn't prompting every time when I was playing anymore.

Righteous, on 07 November 2012 - 01:42 PM, said:

snip.

Or if they really felt they had to dumb it down this way, they should have built the UI for editing remembered locations (and put it in place) FIRST, so that those of us who want maximum security can kill all saved locations, and receive the mobile authentication prompt every time.

This.
I really like the idea of having the option to put in the authenticator every time I log in, plus it gives the user more access to security features, including if they make a mistake in remembering a location (IE if they logged in from an internet cafe or something of the sort).

[prince vingador]

sorry to ask but,i only have the email authenticator,what MOBILE AUTHENTICATOR are u guys talking about? U guys use mobile phone as authenticator?

[Khalija]

prince vingador, on 09 November 2012 - 04:18 PM, said:

sorry to ask but,i only have the email authenticator,what MOBILE AUTHENTICATOR are u guys talking about? U guys use mobile phone as authenticator?

https://forum-en.gui...-Authentication

[Righteous]

prince vingador, on 09 November 2012 - 04:18 PM, said:

sorry to ask but,i only have the email authenticator,what MOBILE AUTHENTICATOR are u guys talking about? U guys use mobile phone as authenticator?

As you can see from the link Khalija posted, it's designed around Google Authenticator built into smartphone apps.

But you don't have to have a smartphone:

-You can use a USB key instead eg. YubiKey

-Or a Windows application, gauth4win - although you need to be careful with that (gauth4win stores your secret key in plain text, in the Windows registry of the PC you run it on)

Edited by Righteous, 10 November 2012 - 12:42 PM.

[Righteous]

UPDATE! It is now possible to remove "Remembered" networks in the Security tab of your account settings! FINALLY!

Those of us who take our account security seriously... can now remove all Remembered networks, and have TRUE 2-factor authentication (authentication prompt at every login).

And those who don't take their security seriously, still have the option to remember networks - and only get the authentication prompt when someone attempts login from a network/location that is sufficiently "new".

Everybody wins.

Edited by Righteous, 04 February 2013 - 03:13 PM.