Guild Wars 2 devs addressing account hacks, bots

The ArenaNet dev team has been spending a lot of time on Reddit recently discussing Guild Wars 2. Now, a list of issues with the game and the status of fixing said issues has appeared on the site.

28

ArenaNet is going to great lengths to ensure the quality of the game experience in Guild Wars 2, including disabling key features to combat the rising number of account hacks and provide ways for players to secure their hard-earned gear and cash.

The dev team took to Reddit again to explain issues with the game and what they are doing to fix them. The post explained that email authentication for password changes is in the works to aid in account security to battle the growing number of account hacks seen since the game launched. The developer believes the hacks are occurring because of emails and passwords stolen from other games and trojan horses placed on victimized computers. In-game mail was also disabled to prevent the looting of hacked accounts..

An issue with the party and guild system and the overflow world feature is also being addressed, while the developer also announced plans to immediately start the three-day banning of "casual" botters. A second offense could result in a permanent ban. It was also revealed that trading post feature was in maintenance and still being tested.

An ArenaNet developer was on Reddit earlier this week talking to players about why it was suspending accounts, including providing specific examples of chat or name abuse.

ArenaNet co-founder Mike O'Brien told Time that the player enjoyment trumps game sales: "If we got to a point where sales continued to be off the charts, and it threatened the experience that players are having with the game, then we'd just turn off sales."

Be sure to follow our playthrough of the game with our ongoing Guild Wars 2 diary series.

Contributing Editor
From The Chatty
  • reply
    August 30, 2012 9:00 AM

    John Keefer posted a new article, Guild Wars 2 devs addressing account hacks, bots.

    The ArenaNet dev team has been spending a lot of time on Reddit recently discussing Guild Wars 2. Now, a list of issues with the game and the status of fixing said issues has appeared on the site.

    • reply
      August 30, 2012 9:01 AM

      They really don't support an authenticator? That shit should be standard for online games now.

      • reply
        August 30, 2012 9:29 AM

        No email authentication for password changes really mystifies me. That should be there at launch for any MMO.

        • reply
          August 30, 2012 9:39 AM

          It is. I've got a few from hacker fucks. I think they're talking about something like SteamGuard.

          • reply
            August 30, 2012 9:59 AM

            I don't think its email authentication though, they just send an email when a password change is attempted, not to authorize whether you were the one doing it. I got 6 emails that someone tried to reset my password, nothing in it to say, YES this was me go ahead with it.

      • reply
        August 30, 2012 9:33 AM

        BS. What online games have it that make you believe it should be standard?

        • reply
          August 30, 2012 9:43 AM

          Did you happen to miss the D3 fiasco?

        • Zek legacy 10 years
          reply
          August 30, 2012 11:14 AM

          It certainly should be a standard in major MMOs(i.e. GW2) and games with real money markets(i.e. GW2).

        • reply
          August 30, 2012 11:16 AM

          Is this a joke or did you just forget to say "LOL don't include the largest mmo out there and diablo."

        • reply
          August 30, 2012 11:30 AM

          world of warcraft and diablo3 would be two pretty obviously answers.

        • reply
          August 30, 2012 11:38 AM

          I happen to actually know stuff about computer security.

      • reply
        August 30, 2012 9:57 AM

        It not a big deal, really its not necessary at all. Basically all you need is a regular password, a issued password from the company and a user name.

        As for changing your password as long as the request is sent to your email and they issue you a renewall password(GUID like, note this will not revoke your old password) which it is required to enter for the password change request( in the UI to change your password) and is also usable to login to the system(duel purpose for forgot your password req) then your chances of getting hacked is close impossible or rather no worth it for a hacker.

        The only reason people get hacked in my opinion is week passwords or stolen data that has the password and data that is not encrypted properly.



      • reply
        August 30, 2012 10:59 AM

        They'll have a mobile authenticator, but it's still being worked on.

      • reply
        August 30, 2012 11:15 AM

        Authenticator or not, you can't always protect users from themselves. Using a secure, unique password is all the security you really need.

        • reply
          August 30, 2012 11:28 AM

          This ^^^ and a proper forgotten password system.

        • reply
          August 30, 2012 12:40 PM

          False. WoW/Diablo accounts are more valuable than stolen credit card numbers. A secure password you only use for a single service is not secure and will be stolen.

          • reply
            August 30, 2012 2:02 PM

            I understand the value of the accounts. A password long enough to resist brute force attacks is vulnerable only to a) insecure storage/handling by the service provider and b) a compromised client system. I'm willing to accept the chance of one of those things happening so long as it's confined to a single service when it does.

            • reply
              August 30, 2012 3:23 PM

              Yeah, it's the 2nd part. Do you use a web browser? If yes then the client may be compromised. You know how seemingly every week Firefox, Adobe Everything, Java, Chrome, etc all have security fixes? Those are the exploits used to steal passwords. It doesn't even require visiting shady sites.

      • reply
        August 30, 2012 1:36 PM

        maybe for 8-year-olds. among adults there's not much excuse for being shit at passwords.

        • reply
          August 30, 2012 1:54 PM

          No, it's for everyone. This is about minimizing the risk of a compromise and two factor authentication remains one of the best ways to do it even if you have good password habits.

          Good password habits will prevent your stuff from being compromised due to other web services being hacked, but won't protect you if you get some kind of trojan or keylogger. Unfortunately, the only way to completely protect yourself from those is to never connect a machine to the internet, which you've obviously not done if you're playing an online game.

          Virus scanners, firewalls, and "good browsing habits" won't necessarily protect you from them, either. Fresh releases of MMO's are also prime targets for this shit, so two-factor authentication should be a given.

        • reply
          August 30, 2012 1:58 PM

          Update everyone who has had their account hacked is 8 years old.

    • reply
      August 30, 2012 9:33 AM

      Well that explains why mail wasn't working last night but it doesn't explain how items I tried to put in the guild bank vanished.

    • reply
      August 30, 2012 9:52 AM

      Sounds like the account problems are mostly due to pre-existing lax in computer security and people re-using easy or common passwords.

    • reply
      August 30, 2012 12:17 PM

      The email authenticate thing is now active.

    • reply
      August 30, 2012 12:20 PM

      wait what is happening with account hacking?

      i got a change password email yesterday that I didn't initiate

      • reply
        August 30, 2012 12:24 PM

        I think you get notified if someone even tries to change the password, I had 6 emails yesterday morning that someone was attempting to change my password.

        As long as you can still login to your account they weren't successful in changing it.

        I created a new email account and generated passsword after that.

        • reply
          August 30, 2012 12:29 PM

          i've got a keepass generated password, so I'm probably good. but still. bah.

      • reply
        August 30, 2012 2:12 PM

        I got one too. Just logged into the website now to make sure all was well. Havent jumped into game yet as I am at work, but atleast my password hasnt changed

      • reply
        August 30, 2012 2:46 PM

        the password reset doesn't fail silently (it will tell you an email address wasn't found.)

        i bet there's a lot of bots hammering away to see which email addresses are valid and which aren't right now.

      • reply
        August 30, 2012 3:27 PM

        I got one the other day also.

    • reply
      August 30, 2012 1:03 PM

      I wish there was an MMO that was all just bots, with open API to program against.

      • reply
        August 30, 2012 1:45 PM

        Haha like crobots but MMO style? Or the even older Apple ][ Robotwars game. That would actually be pretty interesting.

        • reply
          August 30, 2012 4:59 PM

          Seriously, you could play by hand if you want. But its like empire building that can be done through api. I remember microsoft launched a project like that long ago, but the graphics were awful even for the time.

          I would totally be down.

      • reply
        August 30, 2012 10:13 PM

        I think there was some spaceship game like this that came out a couple years ago. I remember them talking about it on Idle Thumbs

    • reply
      August 30, 2012 6:48 PM

      [deleted]

      • reply
        August 30, 2012 6:49 PM

        [deleted]

        • reply
          August 30, 2012 6:53 PM

          Hacks and bots only get 3 days!

          • reply
            August 30, 2012 8:03 PM

            [deleted]

            • reply
              August 30, 2012 9:07 PM

              Did you really think they would let you guys keep all that? REALLY?

              It was an obvious error, people aren't getting the ban-hammer for buying a few items, they are getting banned for exploiting the heck out of an error instead of REPORTING the bug.

              This isn't a play by ArenaNet to make people pay for the game twice, its them sending a message:

              If you act like an asshole, try to break the economy, use exploits, and behave in a way that causes the toxic community of several online games you will be dealt with.


              ArenaNet is basically telling the people that got banned "We don't think your a good enough human being to play our game." They don't want your money, they want you removed from the community.

              • reply
                August 30, 2012 9:41 PM

                They don't want your money

                but... they already got it O.o

                • reply
                  August 30, 2012 10:15 PM

                  As previously stated; the intent of banning is not to get someone to buy a second copy of the game.

      • reply
        August 30, 2012 8:47 PM

        If an ATM was dispensing 20s instead of 5s, what would you do?

      • reply
        August 30, 2012 9:38 PM

        Chef Exploiters got perma-bans as well.

    • reply
      August 31, 2012 5:20 AM

      What do you do if your account email got changed? That'd be handy info to put in this article.

Hello, Meet Lola