surf dtoid with 
Rising (10+)
People you follow
Everyone knows having a separate password for everyone is unreasonable so usually the best thing to do is just have security layers in passwords, using worthless passwords for worthless sites and going up with a better password the more important it is.
alternatively you could use something like the 3th letter in the title of what it is as the 6th letter in your password this way you have unique passwords you can still remember and while you can hack it by looking for variants on your default password which has already been hacked it is not the easiest way and noone will do it unless they know what they are looking for.
alternatively you could use something like the 3th letter in the title of what it is as the 6th letter in your password this way you have unique passwords you can still remember and while you can hack it by looking for variants on your default password which has already been hacked it is not the easiest way and noone will do it unless they know what they are looking for.
To the scammers behind this go eat a horse dick and find something better to do rather than being scum.
Just use 1pass or LastPass and you can have a unique strong password for everything. Problem solved.
It's unfortunate, but this is always going to be the case with any online game, particularly the massively popular ones. Though I was a bit shocked at how quickly it started (I read news of hacks during the headstart weekend before launch).
It all comes down to personal responsibility. It's the best you can do. Pick a strong, secure, unique password and apply common sense to any email you receive that claims to be about your account. Pay attention to ArenaNet's social media feeds for alerts, warnings, and news.
It all comes down to personal responsibility. It's the best you can do. Pick a strong, secure, unique password and apply common sense to any email you receive that claims to be about your account. Pay attention to ArenaNet's social media feeds for alerts, warnings, and news.
Scammers and gold farmers have always been a big problem with GW. I suppose they think it's big enough to worth bothering with whilst being less of a hassle than WoW.
While I agree about the general security standby of, "Don't use the same password for everything," it would have been nice to have two-pass authentication. Even TOR, a game most GW2 fans like to put down, had this at launch.
LESSON # 1:
Do not sign up for some game related forum with your same email address and password as your game login.
Don't even use the same email address. You can create one Gmail address for forums, that will never match any of your game logins.
In this day and age, I don't know why anyone would restrict themselves to just one email address for everything. If your bank statements are going to the same address you game with, then that is a fail.
Do not sign up for some game related forum with your same email address and password as your game login.
Don't even use the same email address. You can create one Gmail address for forums, that will never match any of your game logins.
In this day and age, I don't know why anyone would restrict themselves to just one email address for everything. If your bank statements are going to the same address you game with, then that is a fail.
Account was stolen last wednesday, have yet to even get a non automated response from Arena.net security. Unique password used on account, somehow I don't think the 28000+ accounts stolen since launch are from just password phishing.
I was quite surprised at the lack of two pass authentication for GW2. This is pretty much a standard feature these days.
"Do not under any circumstances use the same password for Guild Wars 2 as you do for your email account." - Is EXACTLY what a friend of mine did, a friend of mine who works as technical support for an internet provider.
Oh, did I also mention he had been using that same password for past MMOs, websites, and even his PSN and Ebay accounts? Yeah, never letting him forget about this one LOL.
Oh, did I also mention he had been using that same password for past MMOs, websites, and even his PSN and Ebay accounts? Yeah, never letting him forget about this one LOL.
New MMO comes out that maybe even slightly hot enough to get a lot of subs, then you should susspect this activity to happen in some way.
Seriously don't make shitty passwords/account security. Protect your credit info.
Seriously don't make shitty passwords/account security. Protect your credit info.
Arenanet can place the blame solely on users all they want but the early account compromises are just as much their own fault as far as I'm concerned. They had zero web security in place that would limit an attacker from running down a compiled list of email addresses. A single computer could bot through thousands upon thousands of password reset attempts looking for the confirmation that an account exists for that email and that the password reset request had been sent. There wasn't a single system in place to even attempt to slow this process with x failed attempts or something. Anet's response to all of the password reset emails was complacency. "If you didn't request it, just ignore it guys! It totally doesn't matter that the attackers just confirmed your login against their lists!" Eventually, Anet wised up closed down password reset for awhile.
But that wasn't enough. Next the attackers went into an active account and then botted through the process of changing the email address associated with that account using the same lists. This time they just looked for the "that email is already in use message." Anet had to remove THAT service for awhile.
For accounts that were compromised there's the whole issue of the email change confirmation being sent to the new email address, with nothing but a "someone (hopefully you) changed your email address" note sent to the old email after success. The "(hopefully you)" part is the real kicker, considering that in one of the earlier game status updates, they gave a number around 20,000 compromised accounts and climbing. An attacker can completely hijack a game account without ever needing access to anything but the game account.
My account hasn't been compromised, though I know some who have gotten close with the password reset attack. Keep in mind that the lists these attackers were running with were not solely sourced from shitty community sites/forums and such. The big guys have been experiencing more and more attacks, with Blizzard being a very recent success for attackers. In every case in my personal group of friends, that first few days of password resets were people using the same email address that they had used on Battle.net. The one that came very close to losing his own account had used the same Battle.net password that he had never thought to change after the fact since his GW2 account had existed prior to the Bnet attack. He was lucky that the botting was successful enough that the attackers couldn't keep up with getting in game with the accounts that the bots had already fully hijacked with new emails and passwords. Since his account was linked with GW1, he was able to jump into his NCsoft master account and change the email and password back from there.
In all cases, there is certainly blame on the user for silly security practices like using the same email/password combination. Still, Arenanet's security team apparently never thought to stop and ask the guy in the ski mask, the guy that's entered the building empty handed and left the building with sack full of loot a hundred times today, where he's finding all these wonderful toys.
Honestly, in any system that uses an email address as your login, you shouldn't be satisfied to only use a different password. Especially when most email providers allow you to use email tags/subaccounts. If you play MMOs and use gmail, make an MMO account and sign up for Blizzard games with email+bnet@gmail.com. Okay, GW2 came out, use email+anet@gmail.com, etc. This way you're creating a unique login per game to go with your unique password per game while still having a central email for MMOs (which you can now filter even easier). If you're exceptionally worrisome, you don't have to be blatantly obcvious with your tags so that when attackers wise up to these shenanigans, they won't find your GW2 account by changing the +bnet tag they stole from battle.net to +anet, or +gw2, etc. Make the Arenanet tag +mariokart just to fuck with them.
But that wasn't enough. Next the attackers went into an active account and then botted through the process of changing the email address associated with that account using the same lists. This time they just looked for the "that email is already in use message." Anet had to remove THAT service for awhile.
For accounts that were compromised there's the whole issue of the email change confirmation being sent to the new email address, with nothing but a "someone (hopefully you) changed your email address" note sent to the old email after success. The "(hopefully you)" part is the real kicker, considering that in one of the earlier game status updates, they gave a number around 20,000 compromised accounts and climbing. An attacker can completely hijack a game account without ever needing access to anything but the game account.
My account hasn't been compromised, though I know some who have gotten close with the password reset attack. Keep in mind that the lists these attackers were running with were not solely sourced from shitty community sites/forums and such. The big guys have been experiencing more and more attacks, with Blizzard being a very recent success for attackers. In every case in my personal group of friends, that first few days of password resets were people using the same email address that they had used on Battle.net. The one that came very close to losing his own account had used the same Battle.net password that he had never thought to change after the fact since his GW2 account had existed prior to the Bnet attack. He was lucky that the botting was successful enough that the attackers couldn't keep up with getting in game with the accounts that the bots had already fully hijacked with new emails and passwords. Since his account was linked with GW1, he was able to jump into his NCsoft master account and change the email and password back from there.
In all cases, there is certainly blame on the user for silly security practices like using the same email/password combination. Still, Arenanet's security team apparently never thought to stop and ask the guy in the ski mask, the guy that's entered the building empty handed and left the building with sack full of loot a hundred times today, where he's finding all these wonderful toys.
Honestly, in any system that uses an email address as your login, you shouldn't be satisfied to only use a different password. Especially when most email providers allow you to use email tags/subaccounts. If you play MMOs and use gmail, make an MMO account and sign up for Blizzard games with email+bnet@gmail.com. Okay, GW2 came out, use email+anet@gmail.com, etc. This way you're creating a unique login per game to go with your unique password per game while still having a central email for MMOs (which you can now filter even easier). If you're exceptionally worrisome, you don't have to be blatantly obcvious with your tags so that when attackers wise up to these shenanigans, they won't find your GW2 account by changing the +bnet tag they stole from battle.net to +anet, or +gw2, etc. Make the Arenanet tag +mariokart just to fuck with them.
@triptych --- I agree with you 100%.
Here's a link to my ordeal
http://www.destructoid.com/blogs/Xaeius/customer-service-hell-in-guild-wars-2-234600.phtml
Here's a link to my ordeal
http://www.destructoid.com/blogs/Xaeius/customer-service-hell-in-guild-wars-2-234600.phtml
For several years now, I've been waiting/hoping for Areanet to offer two step authentication, either as a mobile app or actual physical device.
(It comes as a surprise to me, that FFXIV has a two step authenticator but Guild Wars doesn't.)
(It comes as a surprise to me, that FFXIV has a two step authenticator but Guild Wars doesn't.)
Given that battle.net authenticators have been around for years, wouldn't it have been reasonable to package similar things in with GW2 retail purchases and create a download link to an app for online purchases?
Installing my authenticator on my phone was pretty quick and easy and I haven't been hacked since. I believe this data isn't anecdotal and those with authenticators are much less likely to be hacked than those without.
Installing my authenticator on my phone was pretty quick and easy and I haven't been hacked since. I believe this data isn't anecdotal and those with authenticators are much less likely to be hacked than those without.
Holy shit, whoever is doing this are some serious social dregs. Like actual mouth breathing, basement dwelling, neck beard sporting pieces of shit. Who has the time or will to do this shit? There is no potential for gain. These fucks need to get tossed out of their parents basements and introduced to a "grow the fuck up or die of starvation and exposure" situation.
follow
