Jump to content
  • Sign Up

this isnt the pentagon

Meabeye.8304

By Meabeye.8304
in Account & Technical Support

 Share

Recommended Posts

Meabeye.8304

Meabeye.8304

Posted
Posted

How about a simple WARNING -- YOU HAVE USED THIS PASSWORD BEFORE!! Instead of FORCING ME to make up a BS password that I will NEVER remember when I change passwords because all the ones I would USUALLY USE have already been used and it WONT let me reuse them, even though I UNDERSTAND THE RISK!

Warn me, and then let ME ME ME decide if I want to use that password or not. Instead I have to make up something... Then when I get on my laptop a few days/weeks later, I cant remember what it was changed to, so I have to make up ANOTHER NEW BS password....

Stop the insanity. Let ME ME ME decide if I want to re-use it.!.!.!.!

Link to comment
Share on other sites
Seera.5916

Seera.5916

Posted
Posted

Unfortunately, due to the number of people who use the same password everywhere, ANet is very unlikely to do this.

It just invites people who just had their accounts stolen to go back to using the same password that lost them access to the account previously.

The many suffer for the few.

What you could do is if you've got an email that you know is secure and preferably not the one associated with your Guild Wars 2 account, in your contacts you could put just enough information to jog your memory about the password you use or the whole password if you feel like it.

The other option is as soon as you change your password on one computer, immediately log onto the other device and save the password.

Link to comment
Share on other sites
Meabeye.8304

Meabeye.8304

Posted
  • Author
Posted

Or, you know, you could do just as I said... Post a warning, and if the fools get their account hacked then so be it.

As for writing it down.. I drive a truck. so 2 weeks from now, when I finally get time to sit down and play, I can look to try to find the piece of paper I scribbled the new password down on. Or... You know, you could do just as I said... Post a warning, and if the fools get their account hacked then so be it.

Or is that just too damn simple?

Link to comment
Share on other sites
Linken.6345

Linken.6345

Posted
Posted

@Meabeye.8304 said:Or, you know, you could do just as I said... Post a warning, and if the fools get their account hacked then so be it.

As for writing it down.. I drive a truck. so 2 weeks from now, when I finally get time to sit down and play, I can look to try to find the piece of paper I scribbled the new password down on. Or... You know, you could do just as I said... Post a warning, and if the fools get their account hacked then so be it.

Or is that just too kitten simple?

Correct its not that kitten simple, because the person can say I did not see the warning now help me get my account back even if I lost it 50.000 times.

Link to comment
Share on other sites
Seera.5916

Seera.5916

Posted
Posted

@Meabeye.8304 said:Or, you know, you could do just as I said... Post a warning, and if the fools get their account hacked then so be it.

As for writing it down.. I drive a truck. so 2 weeks from now, when I finally get time to sit down and play, I can look to try to find the piece of paper I scribbled the new password down on. Or... You know, you could do just as I said... Post a warning, and if the fools get their account hacked then so be it.

Or is that just too kitten simple?

The more players who get their accounts hacked the longer support takes to handle all of the tickets they get because of the increased volume. I'm just fine with ANet doing logical steps like this to reduce their load. Because of the people who refuse to change their password after getting their account hacked.

You could text it to yourself. You could save it as a phone contact. You could have a file on Google Drive with passwords to sites you use. There are a bunch of ways to store your password in such a way that you get access to it later on that would keep it secure.

Link to comment
Share on other sites
  • 2 weeks later...
Meabeye.8304

Meabeye.8304

Posted
  • Author
Posted

https://www.nbcnews.com/tech/tech-news/thousands-guild-wars-2-accounts-hacked-flna985019

Rule number 1 for ANY GAME is do NOT NOT NOT make the e mail address a part of the login system. I havent a clue why you would. THAT is the weak point right there. I create a character. I meet someone. Hey I want to chat with you on this subject outside the game, whats your e mail address.... Step 1 of being hacked is accomplished. Step 2 run an auto password cracker on it. Doesnt matter WHAT your password is, or HOW MANY TIMES you change it - they can still hack into it, because it is linked to your E MAIL ADDRESS.....

DUH!

Now post all the rebuttables you want to this, but the point is, once they have your e mail address, which you CAN NOT change, they CAN hack you....

So WHY make the password so damn hard to control when the real weak point of being hacked ISNT changeable?

Link to comment
Share on other sites
Ayrilana.1396

Ayrilana.1396

Posted
Posted

@"Meabeye.8304" said:https://www.nbcnews.com/tech/tech-news/thousands-guild-wars-2-accounts-hacked-flna985019

Rule number 1 for ANY GAME is do NOT NOT NOT make the e mail address a part of the login system. I havent a clue why you would. THAT is the weak point right there. I create a character. I meet someone. Hey I want to chat with you on this subject outside the game, whats your e mail address.... Step 1 of being hacked is accomplished. Step 2 run an auto password cracker on it. Doesnt matter WHAT your password is, or HOW MANY TIMES you change it - they can still hack into it, because it is linked to your E MAIL ADDRESS.....

DUH!

Now post all the rebuttables you want to this, but the point is, once they have your e mail address, which you CAN NOT change, they CAN hack you....

So WHY make the password so kitten hard to control when the real weak point of being hacked ISNT changeable?

Don’t use the same email to communicate with people.

Link to comment
Share on other sites
Meabeye.8304

Meabeye.8304

Posted
  • Author
Posted

Personally I dont. I used to have issues with that in WoW though. Anytime I had a problem, I would e mail it from my "real" e mail address which they always responded "this isnt the email account associated with this game account", and then I would have to tell them (yet again) that the account I used for the game is a BS e mail account I made just for that purpose and it wasnt really used for anything.......

But then, anyone that has gotten their accounts hacked I would bet $$$ to doughnuts DID use their real e mail addresses.... But this isnt the point of this entire thread either.

But the point being, which you ignored, WHY MAKE THE PASSWORD A 1 TIME SHOT when the REAL hole in the login is the e mail account?

Link to comment
Share on other sites
Healix.5819

Healix.5819

Posted
Posted

@"Meabeye.8304" said:Rule number 1 for ANY GAME is do NOT NOT NOT make the e mail address a part of the login system. I havent a clue why you would. THAT is the weak point right there. I create a character. I meet someone. Hey I want to chat with you on this subject outside the game, whats your e mail address.... Step 1 of being hacked is accomplished. Step 2 run an auto password cracker on it. Doesnt matter WHAT your password is, or HOW MANY TIMES you change it - they can still hack into it, because it is linked to your E MAIL ADDRESS.....

They use the email because it's simpler and easier for people to remember. If they would have used a username instead, those people would have still been hacked because they used the same username/password everywhere. In your scenario of giving out your email, that would still compromise your account if they used usernames, because your email is always going to serve as a backdoor/recovery option.

Nobody is brute forcing your password, and even with your password compromised, they would still need access to your email, 2FA or have enough of your personal information to phish support.

You can change your email through support.

Link to comment
Share on other sites
djmasa.9123

djmasa.9123

Posted
Posted

You could also just use 2FA like Google Authenticator to protect your account. That's what I did on day 1 of playing GW2. They're never going to get my authenticator, so even if by some chance they did get my password, they'd never get in. sure, a little inconvenience for account security. no big deal.

Link to comment
Share on other sites
Tukaram.8256

Tukaram.8256

Posted
Posted

I use a password safe, had it for many years. It keeps an encrypted file for all my passwords. All I need is one password to open it (I can use any password I want, as it is on my local PC, not online). Once the encrypted file is open, I can find all the ridiculous passwords that sites make me use.

Link to comment
Share on other sites
WorldofBay.8160

WorldofBay.8160

Posted
Posted

hmm i do hate that "you have used that password before" stuff as well but because of security concerns.it basically means that my old inactive password is remembered and stored. if there happenes to be a breach the hackers don't have just 1 password connected to my e-mail, but multiples. from that data they can see a pattern that tells them whether i use a password manager or not and if not how i build my passwords to use that information on other more valuable accounts i might have. therefore there is a lot more information to get and even information on other passwords even if each and every password i use is unique. all for a stupid hint that i should not re-use my passwords in a certainly not critical part of my life.

Link to comment
Share on other sites
Rob oh One.8472

Rob oh One.8472

Posted
Posted

@"WorldofBay.8160" said:hmm i do hate that "you have used that password before" stuff as well but because of security concerns.it basically means that my old inactive password is remembered and stored. if there happenes to be a breach the hackers don't have just 1 password connected to my e-mail, but multiples. from that data they can see a pattern that tells them whether i use a password manager or not and if not how i build my passwords to use that information on other more valuable accounts i might have. therefore there is a lot more information to get and even information on other passwords even if each and every password i use is unique. all for a stupid hint that i should not re-use my passwords in a certainly not critical part of my life.

This isn't correct, they do not store/remember the old passwords they store the HASH/Salt. To keep it non technical your password is translated into a long string of characters for storage in a one way conversion. E.G if you have the password you can find the Hash, but you cannot (without great difficulty) find the password from the hash.

https://docs.oracle.com/cd/E26180_01/Platform.94/ATGPersProgGuide/html/s0506passwordhashing01.html#:~:text=Hashing%20performs%20a%20one%2Dway,back%20into%20the%20original%20password.https://security.stackexchange.com/questions/63060/storing-old-password-history-and-information

Link to comment
Share on other sites
WorldofBay.8160

WorldofBay.8160

Posted
Posted

@Rob oh One.8472 said:

@"WorldofBay.8160" said:hmm i do hate that "you have used that password before" stuff as well but because of security concerns.it basically means that my old inactive password is
remembered
and
stored
. if there happenes to be a breach the hackers don't have just 1 password connected to my e-mail, but multiples. from that data they can see a pattern that tells them whether i use a password manager or not and if not how i build my passwords to use that information on other more valuable accounts i might have. therefore there is a lot more information to get and even information on other passwords even if each and every password i use is unique. all for a stupid hint that i should not re-use my passwords in a certainly not critical part of my life.

This isn't correct, they do not store/remember the old passwords they store the HASH/Salt. To keep it non technical your password is translated into a long string of characters for storage in a one way conversion. E.G if you have the password you can find the Hash, but you cannot (without great difficulty) find the password from the hash.

i know the technicalities and if you know them too then you know that the hash is not gonna save you, just making it a lot more work.

Link to comment
Share on other sites
keenedge.9675

keenedge.9675

Posted
Posted

@Seera.5916 said:

@Meabeye.8304 said:As for writing it down.. I drive a truck. so 2 weeks from now, when I finally get time to sit down and play, I can look to try to find the piece of paper I scribbled the new password down on. Or... You know, you could do just as I said... Post a warning, and if the fools get their account hacked then so be it.You could text it to yourself. You could save it as a phone contact. You could have a file on Google Drive with passwords to sites you use. There are a bunch of ways to store your password in such a way that you get access to it later on that would keep it secure.

I put all of mine in a simple .txt file in the game folder. I've never lost it yet.

Link to comment
Share on other sites
Meabeye.8304

Meabeye.8304

Posted
  • Author
Posted

@keenedge.9675 said:

@Meabeye.8304 said:As for writing it down.. I drive a truck. so 2 weeks from now, when I finally get time to sit down and play, I can look to try to find the piece of paper I scribbled the new password down on. Or... You know, you could do just as I said... Post a warning, and if the fools get their account hacked then so be it.You could text it to yourself. You could save it as a phone contact. You could have a file on Google Drive with passwords to sites you use. There are a bunch of ways to store your password in such a way that you get access to it later on that would keep it secure.

I put all of mine in a simple .txt file in the game folder. I've never lost it yet.

Yeah, wonderful - if you even read my 2nd post, you would have noticed that I mentioned 2 computers....

I dont want a way to remember a new password. I dont want to put yet another password into it with an authenticator. I want to use the password I WANT to use, even if I have used it before. PERIOD!

As I said, this isnt the Pentagon. I dont need a super-secret 87 character encrypted password that God himself couldnt crack. I just dont care. There is nothing in this account that I care if I lose. Its a GAME. I JUST DONT CARE!!!

Let me say that again for clarity. I DONT CARE, its just a GAME.

It just isnt worth the hassle to keep coming up with new ones all the time. Its MY game. I bought it. Let ME decide HOW I WANT TO SECURE IT.!.!.!

Once more, for effect:

Let ME decide HOW I WANT TO SECURE IT.!.!.!

Link to comment
Share on other sites
Linken.6345

Linken.6345

Posted
Posted

@Meabeye.8304 said:

@Meabeye.8304 said:As for writing it down.. I drive a truck. so 2 weeks from now, when I finally get time to sit down and play, I can look to try to find the piece of paper I scribbled the new password down on. Or... You know, you could do just as I said... Post a warning, and if the fools get their account hacked then so be it.You could text it to yourself. You could save it as a phone contact. You could have a file on Google Drive with passwords to sites you use. There are a bunch of ways to store your password in such a way that you get access to it later on that would keep it secure.

I put all of mine in a simple .txt file in the game folder. I've never lost it yet.

Yeah, wonderful - if you even read my 2nd post, you would have noticed that I mentioned 2 computers....

I dont want a way to remember a new password. I dont want to put yet another password into it with an authenticator. I want to use the password I WANT to use, even if I have used it before. PERIOD!

As I said, this isnt the Pentagon. I dont need a super-secret 87 character encrypted password that God himself couldnt crack. I just dont care. There is nothing in this account that I care if I lose. Its a GAME. I JUST DONT CARE!!!

Let me say that again for clarity. I DONT CARE, its just a GAME.

It just isnt worth the hassle to keep coming up with new ones all the time. Its MY game. I bought it. Let ME decide HOW I WANT TO SECURE IT.!.!.!

Once more, for effect:

Let ME decide HOW I WANT TO SECURE IT.!.!.!

No since it cost anet money in man power to get your account back and restored every time your hacked due to refuseing to change password.

Link to comment
Share on other sites
Seera.5916

Seera.5916

Posted
Posted

@Meabeye.8304 said:

@Meabeye.8304 said:As for writing it down.. I drive a truck. so 2 weeks from now, when I finally get time to sit down and play, I can look to try to find the piece of paper I scribbled the new password down on. Or... You know, you could do just as I said... Post a warning, and if the fools get their account hacked then so be it.You could text it to yourself. You could save it as a phone contact. You could have a file on Google Drive with passwords to sites you use. There are a bunch of ways to store your password in such a way that you get access to it later on that would keep it secure.

I put all of mine in a simple .txt file in the game folder. I've never lost it yet.

Yeah, wonderful - if you even read my 2nd post, you would have noticed that I mentioned 2 computers....

I dont want a way to remember a new password. I dont want to put yet another password into it with an authenticator. I want to use the password I WANT to use, even if I have used it before. PERIOD!

As I said, this isnt the Pentagon. I dont need a super-secret 87 character encrypted password that God himself couldnt crack. I just dont care. There is nothing in this account that I care if I lose. Its a GAME. I JUST DONT CARE!!!

Let me say that again for clarity. I DONT CARE, its just a GAME.

It just isnt worth the hassle to keep coming up with new ones all the time. Its MY game. I bought it. Let ME decide HOW I WANT TO SECURE IT.!.!.!

Once more, for effect:

Let ME decide HOW I WANT TO SECURE IT.!.!.!

Unfortunately, there are enough who aren't as secure with their stuff that ANet has decided that if you have to change your password, you can't reuse it. The few ruining it for the many. It isn't going to change. Figure out how to deal with it.

Link to comment
Share on other sites
TinkTinkPOOF.9201

TinkTinkPOOF.9201

Posted
Posted

@WorldofBay.8160 said:

@WorldofBay.8160 said:hmm i do hate that "you have used that password before" stuff as well but because of security concerns.it basically means that my old inactive password is
remembered
and
stored
. if there happenes to be a breach the hackers don't have just 1 password connected to my e-mail, but multiples. from that data they can see a pattern that tells them whether i use a password manager or not and if not how i build my passwords to use that information on other more valuable accounts i might have. therefore there is a lot more information to get and even information on other passwords even if each and every password i use is unique. all for a stupid hint that i should not re-use my passwords in a certainly not critical part of my life.

This isn't correct, they do not store/remember the old passwords they store the HASH/Salt. To keep it non technical your password is translated into a long string of characters for storage in a one way conversion. E.G if you have the password you can find the Hash, but you cannot (without great difficulty) find the password from the hash.

i know the technicalities and if you know them too then you know that the hash is not gonna save you, just making it a lot more work.

As someone who has experience here, nothing will save you. If someone with enough resources targets you, they are going to get in. However most hacks are not targeted, but go after low hanging fruit. Also if you "know", then you know that hashes are almost NEVER cracked, because you would have to break the encryption algorithm of the hash AND know the salting that is being used. When sites are hacked and hashes are exposed, the accounts hacked out of that are because of weak passwords, as that is the low hanging fruit, you can run tables and dictionary attacks with a few mutations and get back thousands of simple passwords people used, as with few exceptions, guessing the password will be FAR easier than trying to break the encryption. This is why using good long passwords matter so much and why not reusing passwords is a good idea, as password dumps are everywhere on the internet, making this process even easier.

@Meabeye.8304 said:How about a simple WARNING -- YOU HAVE USED THIS PASSWORD BEFORE!! Instead of FORCING ME to make up a BS password that I will NEVER remember when I change passwords because all the ones I would USUALLY USE have already been used and it WONT let me reuse them, even though I UNDERSTAND THE RISK!

Warn me, and then let ME ME ME decide if I want to use that password or not. Instead I have to make up something... Then when I get on my laptop a few days/weeks later, I cant remember what it was changed to, so I have to make up ANOTHER NEW BS password....

Stop the insanity. Let ME ME ME decide if I want to re-use it.!.!.!.!

Because of support, as others have said, it's an extra load on them to deal with and to be honest, is good security. You have to understand that hacks don't just drain an account, those bots you see in PvP? The map chat spammers, the DM spammers for gold? Hacked accounts. Anyone on your friends list or in your guild? Now very open to being scammed, because as far as they know, it's you. This happens VERY fast, these people have a process and even scripts they follow when they finally get into an account. From your point of view it's a simple thing, but from anets view, it's a support nightmare, not just your account, but anyone else they might have scammed by the time it's reported and then you are dealing with more upset people, account rollbacks etc etc.

Link to comment
Share on other sites
Carnius Magius.8091

Carnius Magius.8091

Posted
Posted

@Tukaram.8256 said:I use a password safe, had it for many years. It keeps an encrypted file for all my passwords. All I need is one password to open it (I can use any password I want, as it is on my local PC, not online). Once the encrypted file is open, I can find all the ridiculous passwords that sites make me use.

There is a Windows and Android program called Password Safe. it lets you sync password databases between devices. It will read from a cloud also

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
GuildWars2.com
ArenaNet

©2020 ArenaNet, LLC. All rights reserved. All trademarks are the property of their respective owners.

ESRB - Teen
×
×
  • Create New...