32 replies to this topic

[QuackzMcDuck]

So today I was greeted in my email box with an email that saved my 60$ purchase. But now I'm wondering if there is anything else I can do to protect my account other than changing my password?


I guess what I'm wondering is, is the authenticator in a good enough and reliable enough state to use? Or does it break frequently with updates and should I steer away from it until it's officially released? (and if there is anything else you know of that I can do to protect my account I'd appreciate it)

[edited title to better reflect the question - Arduin]

Edited by Arduin, 08 November 2012 - 11:47 AM.

[Trei]

Change your email too.
Make one just for gw2.

[Stovokor X]

Don't have similar type of password for web sites or other games.

If risk of keystrokes being logged, you probably have to clean malware / virus regularly

Haven't heard / encountered any issues with Authenticator since it was released.

[omar316]

During the initial phase of hacked accounts and stuff, I did get such mails frequently.

1st thing I did is make sure the password for my game account is different from my email.
Usually thats what they'd try to do. If your game account and email account login are the same then you'd be in big trouble.

If you know that this
A) Is a broken message from the login server you can ignore it without worries
<- B ) If this is a legit hack and asshat tried to login the consolation is he needs to get authorisation from the above link.
- You should change the password
C) Personally I did have problems with the 2 factor authenticator, game keeps crashing and randomly kicking me off, or I'll be using the AH/Guild functions fine then gives me the there is a problem with the authentication server message.

It never hurts to have more security, but really depends on how much inconvenience you are able to tolerate.

Edited by omar316, 07 November 2012 - 06:22 AM.

[QuackzMcDuck]

Stovokor X, on 07 November 2012 - 06:21 AM, said:

Don't have similar type of password for web sites or other games.

If risk of keystrokes being logged, you probably have to clean malware / virus regularly

Haven't heard / encountered any issues with Authenticator since it was released.

I know I'm not keylogged so that isn't how they got it. Let's just say my password was easy to guess and I knew it was, I just didn't change it. And does Anet allow you to change your email associated with the account?

Edited by QuackzMcDuck, 07 November 2012 - 06:24 AM.

[XgreatArtist]

God...china hackers. They really want to destroy the world eh? First the pentagon, now this.
But back to the topic: i myself was really thankful to anet for implementing the email authen system because it saved my account from being ended up in some china person(not that i hate china since i am chinese...but still).

Here is what you can do to further protect:
1. As the hacker already had your account, the email authen prevented him /her from getting into it. This means they knew all your details. I suggest you change your gw2 login email to a totally new email, never used anywhere except for guild wars 2. THIS IS very important! Because, hackers tend to hack fansites to steal info, and if somehow the info matches the ingame info, then booya, they got your account
2. Password should be long and complicated. Dont put ilovepizza or jessicaisasexygirl because these are easy to crack. Put something like 1g9jnxw8ffa
3. never give your account to anywhere, whether it is your uncle, mom, sister, dog, bicycle, next door slu- neighbour.
4. Dont go into an internet cafe to play gw2.

note: if you have facebook or similar social site account, it is better not to use that email. This is because like in point 1, i said that hackers may get your info(email in this case) from your facebook account. I dont know how they do it but hackers are smart.

However, there are still cases of hacking even though those people did the things i have mentioned. But that chances are really slim. Or they have done something wrong like leaving their ID and Password on the classroom table for 1 whole day...

Edited by XgreatArtist, 07 November 2012 - 06:27 AM.

[Demon Slaya Of God]

I use the authenticator. Seems solid. No problems from what i can tell.

[XSevSpreeX]

As others said, have a password that is different from other sites you use. If you really feel like you need more security after that then change your e-mail address for GW2 also.

[QuackzMcDuck]

XSevSpreeX, on 07 November 2012 - 06:34 AM, said:

As others said, have a password that is different from other sites you use. If you really feel like you need more security after that then change your e-mail address for GW2 also.

How do I do this? I don't see this option on Guildwars2.com.

Edited by QuackzMcDuck, 07 November 2012 - 06:40 AM.

[Neo Nugget]

Demon Slaya Of God, on 07 November 2012 - 06:26 AM, said:

I use the authenticator. Seems solid. No problems from what i can tell.

Same. The 6 digit code required to login changes every 30 seconds, so as far as I know that makes things much more difficult for people trying to get into your account.

[CTH444]

A good password uses both capitol and lowercase letters as well as special characters and numbers. For example M#214cY$fg564. This may seem like a stupid password but combining upper and lower case as well as numbers and special characters greatly helps you. This is the type of password combination we use in the US Army. Try it out

[QuackzMcDuck]

Neo Nugget, on 07 November 2012 - 06:40 AM, said:

Same. The 6 digit code required to login changes every 30 seconds, so as far as I know that makes things much more difficult for people trying to get into your account.

Well the fact that it isn't secure enough isn't my concern. As stated above by someone else, I have also heard of people being randomly disconnected from the game who use the authenticator.

[Neo Nugget]

QuackzMcDuck, on 07 November 2012 - 06:44 AM, said:

Well the fact that it isn't secure enough isn't my concern. As stated above by someone else, I have also heard of people being randomly disconnected from the game who use the authenticator.

That was happening during the Halloween event, but was fixed a few patches later. I haven't heard of any similar problems resurfacing since then.

[RabidusIncendia]

CTH444, on 07 November 2012 - 06:44 AM, said:

A good password uses both capitol and lowercase letters as well as special characters and numbers. For example M#214cY$fg564. This may seem like a stupid password but combining upper and lower case as well as numbers and special characters greatly helps you. This is the type of password combination we use in the US Army. Try it out

Heh, this comic comes to mind whenever I hear about really complicated passwords: http://xkcd.com/936/

Edited by RabidusIncendia, 07 November 2012 - 06:58 AM.

[QuackzMcDuck]

Neo Nugget, on 07 November 2012 - 06:52 AM, said:

That was happening during the Halloween event, but was fixed a few patches later. I haven't heard of any similar problems resurfacing since then.

Ah well regardless I've decided to give it a try. I figure 60$ and my combined playing time on all of my characters is more than worth a few mishaps with the authenticator here and there.


EDIT: Maybe I'm missing something, but I wasn't prompted anywhere in the login process to enter any codes..I logged into Guildwars2.com and the game client itself and wasn't prompted for a code...Did I do it wrong?

Edited by QuackzMcDuck, 07 November 2012 - 07:06 AM.

[QuackzMcDuck]

Yeah I don't know where you enter this code, but none of the places that you can login at with your guildwars information are prompting me for a code.

[Demon Slaya Of God]

QuackzMcDuck, on 07 November 2012 - 07:02 AM, said:

Ah well regardless I've decided to give it a try. I figure 60$ and my combined playing time on all of my characters is more than worth a few mishaps with the authenticator here and there.


EDIT: Maybe I'm missing something, but I wasn't prompted anywhere in the login process to enter any codes..I logged into Guildwars2.com and the game client itself and wasn't prompted for a code...Did I do it wrong?

If you are logging in from an Ip address alrdy recognised as trusted, it will no longer ask for the code. However if u log in from else where, it will. Take's some of the inconvenience away, while still keeping your account safer.
http://www.guildwars...nticator-users/ explains it a bit better.

Edited by Demon Slaya Of God, 07 November 2012 - 07:53 AM.

[Lady Rhonwyn]

Demon Slaya Of God, on 07 November 2012 - 07:52 AM, said:

If you are logging in from an Ip address alrdy recognised as trusted, it will no longer ask for the code. However if u log in from else where, it will. Take's some of the inconvenience away, while still keeping your account safer.
http://www.guildwars...nticator-users/ explains it a bit better.

Ahhh, that was why I didn't have to enter my code anymore!  I was already wondering if they had finally implemented that "remember my network" setting but couldn't find anything about it at that time.

[Valkaire]

RabidusIncendia, on 07 November 2012 - 06:57 AM, said:

Heh, this comic comes to mind whenever I hear about really complicated passwords: http://xkcd.com/936/

It's funny because correcthorsebatterystaple is probably equal on a security level with the random caps/numbers passwords as well as being easier to remember

[Leriel]

CTH444, on 07 November 2012 - 06:44 AM, said:

A good password uses both capitol and lowercase letters as well as special characters and numbers. For example M#214cY$fg564. This may seem like a stupid password but combining upper and lower case as well as numbers and special characters greatly helps you. This is the type of password combination we use in the US Army. Try it out

Where would this password get me in?

[Biz]

I only gotten about 2-3 password change emails since lanch never something like this. As for authenticator... you are asking if you should place a second gate infront of the door you allready keep shut... how could that be a bad thing. Unless that new gate is only thing that keeps people from walking in, since clearly they have the adress and the correct key allready -.-

[Butcher]

Create a google email, add phone verification to the email (link it to your home phone), then link that email to your GW2 account.

Now no one can hack your account unless they pick up your phone in your house.

[Dasryn]

Butcher, on 07 November 2012 - 10:38 AM, said:

Create a google email, add phone verification to the email (link it to your home phone), then link that email to your GW2 account.

Now no one can hack your account unless they pick up your phone in your house.

you can do this with Yahoo as well, because google is not the best thing in the world. . .

[Shadowrose]

what's the authenticator?

and like someone said, upper and lowercase help.

[Trei]

XSevSpreeX, on 07 November 2012 - 06:34 AM, said:

As others said, have a password that is different from other sites you use. If you really feel like you need more security after that then change your e-mail address for GW2 also.

Well, it seems I was ahead of myself there.

I went to the gw2 site trying to find out the steps for doing so to post it as a followup to my earlier post, but uh...   Yeah I couldn't quite figure just how to do it.

I believe the service may not be available currently.

[Paken Kai]

XgreatArtist, on 07 November 2012 - 06:24 AM, said:

2. Password should be long and complicated. Dont put ilovepizza or jessicaisasexygirl because these are easy to crack. Put something like 1g9jnxw8ffa

This isn't entirely correct.

It's the length of the password that makes it secure, not the characters that it contains. Granted, throwing in some unusual characters makes it more secure as well, but alphanumeric doesn't cut it.

In your examples "jessicaisasexygirl" is actually more secure than "1g9jnxw8ffa" because of the simple fact that it has more characters for the "hacker" (in quotes, because it's probably actually a script doing it) to guess and will take slightly longer to discover.

An extremely secure password would be a quote or sentence with proper punctuation (preferably more than just a period at the end). It would be simple to remember and have a lot of characters.

[AngryTom]

I use the Google authenticator that is linked to by Arenanet, sure it takes an extra 15 seconds to login, having to read numbers and type them out, but I feel safer knowing my phone is locking out china hackers.

[Ixelbyte]

I've heard (like Paken Kai) that for passwords its better to have an easy to remember sentence with symbols and numbers than a short complicated password that is hard to remember, and it makes sense. Brute-force hacking programs don't guess combinations of words... they go through every possible combination. The longer your password is the longer it'll take. And if it has to try symbols and numbers on top of letters its going to take even longer, to the point where its no longer worth it.

For example, GuildWars2012&That*Shtuff is better than aosK82@. Its easy to remember, long, and has symbols, uppercase and lowercase letters, and numbers.

Of course it doesn't matter how strong your password is if the hacker just datamines for it or something, which is probably how most people get hacked >.>

[Butcher]

Rickter, on 07 November 2012 - 12:11 PM, said:

you can do this with Yahoo as well, because google is not the best thing in the world. . .

I have a Yahoo account as well, but I found that google was a much better choice for my GW2 email for many reasons. The main reason being ease of access.

[CTH444]

Leriel, on 07 November 2012 - 09:24 AM, said:

Where would this password get me in?

Hopefully no where!! lol