Jump to content

  • Curse Sites
Help
- - - - -

"Remember This Network" for Authenticator Users

arenanet

  • Please log in to reply
13 replies to this topic

#1 Khalija

Khalija

    Leaf on the Wind

  • Administrators
  • Curse Premium
  • 4152 posts
  • Profession:Mesmer
  • Server:Jade Quarry

Posted 06 November 2012 - 07:51 PM

Posted Image


After last night's patch, a lot of users were curious as to why they weren't prompted to enter their authentication code before logging in to Guild Wars 2. Mike Lewis was there to let people know that they implemented their "remember this network" feature last night and that if you had already selected it before it was in place, it would automatically use that setting:

Quote

Hi all,

First and foremost: please be aware that your accounts are still protected by the mobile authenticator at this time.

Here’s what has happened:
  • We have been developing a “remember this network” feature for the mobile authenticator in line with the same feature used by email authentication
  • This feature became active tonight during the planned maintenance updates
  • For any account which has already selected to remember a network, the mobile authenticator will respect your existing settings
  • This means that if you are logging in from a location that you permitted via email authentication, the mobile authenticator will not currently prompt you for a secondary code
Your account is still covered by the authenticator for logins from unverified locations.

This is the result of an oversight on my part and I’d like to apologize for any uncertainty and worry. We’ve double checked the systems and authentication is working correctly for unverified logins.

Unlinking the authenticator was temporarily disabled due to a configuration accident; this has been corrected and should work again.

For the moment we do not have a user interface for editing your “remembered” network locations. As a result, please be very cautious when selecting to allow new locations from the emails (or, in the near future, from the mobile authenticator login screen).

Thanks for bearing with us while we get the rest of the mobile authenticator features ready to go. [Source]


#2 Goroke

Goroke

    Pale Tree Seedling

  • New Members
  • 2 posts

Posted 06 November 2012 - 08:58 PM

Oh thank god they made this change. As much as I would have loved to protect my account, having to plug in the code every single time I tried to log in was just too much of a hassle, especially since I disconnect here and there and have to log in more than once.

#3 Union

Union

    Asuran Acolyte

  • Members
  • 106 posts
  • Location:EB
  • Guild Tag:[CRNG]
  • Server:Stormbluff Isle

Posted 06 November 2012 - 09:17 PM

This is great news! I've been wondering if/when ANet would implement this feature. Well done.

#4 Tr3LoS

Tr3LoS

    Fahrar Cub

  • Members
  • 28 posts
  • Location:Home
  • Guild Tag:[GRC]
  • Server:Aurora Glade

Posted 07 November 2012 - 02:41 AM

I was surely been waiting for this. When I wasn't asked for the code today I though that this was implemented.

Thumbs up!

#5 wetwillyhip

wetwillyhip

    Asuran Acolyte

  • Members
  • 124 posts
  • Location:Los Angeles, CA
  • Profession:Elementalist
  • Guild Tag:[INC]
  • Server:Jade Quarry

Posted 07 November 2012 - 07:08 AM

On a "remembered network" I still get prompted by the google authenticator to input the code every single time I login to the game or the GW2 website! I "remembered" my apartment location ages ago.  WTF is going on....  Anyone else having this problem?

Edited by wetwillyhip, 07 November 2012 - 07:09 AM.


#6 _Sorel

_Sorel

    Pale Tree Seedling

  • New Members
  • 9 posts
  • Server:Darkhaven

Posted 07 November 2012 - 07:22 AM

View Postwetwillyhip, on 07 November 2012 - 07:08 AM, said:

On a "remembered network" I still get prompted by the google authenticator to input the code every single time I login to the game or the GW2 website! I "remembered" my apartment location ages ago.  WTF is going on....  Anyone else having this problem?

this might be how your ISP setup your internet connection. especially if you have a dynamic ip address from your DHCP server. you would be getting a new IP address everytime your router resets or when the old one expires. this causes the authenticator to detect your new ip address as a different location and would prompt you will security options.

#7 Righteous

Righteous

    Sylvari Specialist

  • Members
  • 513 posts

Posted 07 November 2012 - 01:42 PM

This SUCKS.
This is not two-factor authentication. It's 1.05-factor authentication.

They should NOT have dumbed this down because some people don't really take security seriously, and are too lazy to enter the mobile authentication code every time. Those kind of people should stick to email-authentication-on-a-change-of-location instead.

Or if they really felt they had to dumb it down this way, they should have built the UI for editing remembered locations (and put it in place) FIRST, so that those of us who want maximum security can kill all saved locations, and receive the mobile authentication prompt every time.

Edited by Righteous, 07 November 2012 - 02:10 PM.


#8 Tzu Qui Jinn

Tzu Qui Jinn

    Golem Rider

  • Members
  • 2736 posts
  • Location:Eternal Battlegrounds Jumping Puzzle
  • Guild Tag:[CAMP]
  • Server:Sanctum of Rall

Posted 07 November 2012 - 03:38 PM

Why not add the character name feature that was in the first game?

#9 Righteous

Righteous

    Sylvari Specialist

  • Members
  • 513 posts

Posted 07 November 2012 - 04:27 PM

View PostTzu Qui Jinn, on 07 November 2012 - 03:38 PM, said:

Why not add the character name feature that was in the first game?
Because character names should not be part of your account security.

You shouldn't be giving away 1/3 of your login details every time you post your character name in public, and people shouldn't get 1/3 of your login details just by seeing you in game.

They only did that in GW1 because they had to do something to stop thieves who were glitching into other people's NCsoft master accounts - from there the thieves could see your email address for GW1 login, and set a new GW1 password without knowing the old one. You were shafted, no matter how good your password was, or how safe your internet practices were. Your only protection was blind luck.

So, ArenaNet had to add a login requirement that could not be seen/changed from the NCsoft Master Account. Quickest and easiest was character names. It was a bandaid not a proper solution.

BTW, your email address shouldn't be part of your login security either, but we're stuck with that now -_-

Edited by Righteous, 07 November 2012 - 04:29 PM.


#10 Loperdos

Loperdos

    Sylvari Specialist

  • Members
  • 539 posts
  • Profession:Thief
  • Guild Tag:[THF]
  • Server:Sanctum of Rall

Posted 09 November 2012 - 03:15 PM

Thanks for this post, I was actually wondering this myself, after noticing that my authenticator wasn't prompting every time when I was playing anymore.

View PostRighteous, on 07 November 2012 - 01:42 PM, said:


snip.

Or if they really felt they had to dumb it down this way, they should have built the UI for editing remembered locations (and put it in place) FIRST, so that those of us who want maximum security can kill all saved locations, and receive the mobile authentication prompt every time.

This.
I really like the idea of having the option to put in the authenticator every time I log in, plus it gives the user more access to security features, including if they make a mistake in remembering a location (IE if they logged in from an internet cafe or something of the sort).

#11 prince vingador

prince vingador

    Vanguard Scout

  • Members
  • 496 posts
  • Server:Anvil Rock

Posted 09 November 2012 - 04:18 PM

sorry to ask but,i only have the email authenticator,what MOBILE AUTHENTICATOR are u guys talking about? U guys use mobile phone as authenticator?

#12 Khalija

Khalija

    Leaf on the Wind

  • Administrators
  • Curse Premium
  • 4152 posts
  • Profession:Mesmer
  • Server:Jade Quarry

Posted 09 November 2012 - 08:22 PM

View Postprince vingador, on 09 November 2012 - 04:18 PM, said:

sorry to ask but,i only have the email authenticator,what MOBILE AUTHENTICATOR are u guys talking about? U guys use mobile phone as authenticator?

https://forum-en.gui...-Authentication

Feel free to PM me if you have a question regarding moderation, want to leave some feedback, or just want to chat!


#13 Righteous

Righteous

    Sylvari Specialist

  • Members
  • 513 posts

Posted 10 November 2012 - 12:35 PM

View Postprince vingador, on 09 November 2012 - 04:18 PM, said:

sorry to ask but,i only have the email authenticator,what MOBILE AUTHENTICATOR are u guys talking about? U guys use mobile phone as authenticator?
As you can see from the link Khalija posted, it's designed around Google Authenticator built into smartphone apps.

But you don't have to have a smartphone:

-You can use a USB key instead eg. YubiKey

-Or a Windows application, gauth4win - although you need to be careful with that (gauth4win stores your secret key in plain text, in the Windows registry of the PC you run it on)

Edited by Righteous, 10 November 2012 - 12:42 PM.


#14 Righteous

Righteous

    Sylvari Specialist

  • Members
  • 513 posts

Posted 04 February 2013 - 03:03 PM

UPDATE! It is now possible to remove "Remembered" networks in the Security tab of your account settings! FINALLY!

Those of us who take our account security seriously... can now remove all Remembered networks, and have TRUE 2-factor authentication (authentication prompt at every login).

And those who don't take their security seriously, still have the option to remember networks - and only get the authentication prompt when someone attempts login from a network/location that is sufficiently "new".

Everybody wins.

Edited by Righteous, 04 February 2013 - 03:13 PM.






Also tagged with one or more of these keywords: arenanet

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users