Discussion: Command Line Option Changes [Merged]

[Boref.9156]

How do i uncheck -autologin in lb. it is automatically activated in the last builds and cant be unselected.

[Malice Wonder.6713]

@"Gaile Gray.6029" said:

As stated here, we have no objections to players using multiple accounts, when that use follows the proscribed limitations. The change today was decidedly not a means of trying to limit or halt multi-boxing, nor was it developed as a means of inconveniencing those who play with multiple accounts. If you are inconvenienced, we're sorry. But security > convenience, as I'm sure you'll appreciate.

But it DOES seriously inconvenience the players who give you money for multiple accounts. Who thought it was acceptable to take away functionality without offering a functional and secure replacement?

[Merendel.7128]

@Vegeta.2563 said:

@"mtpelion.4562" said:

Yes, I can do that with KeePass.

1. Open the program/browser I want to log into
2. Right click on the KeePass entry for the account I want to log in as and select "auto-type"
3. Watch as KeePass enters my username and password and logs me in

The only hiccup is when people either use a 2 stage username/password setup, or insert things between the username and password fields in the tab order, but that's not a fault of KeePass but of the inconsiderate incompetents who don't know how to design a proper UI and KeePass does have some options to help you get around those (similar to coding a macro just for that program/site to ensure that your data is being transferred properly).

The problem is.. you can't right click on the gw2 launcher :(

Theres a global hotkey for initiating auto type with keepass, default is CTL + Alt + A. add "Guild Wars 2" as a tag in each of your account entries. Make sure in your advanced options for autotype you have checked "An entry matches if one of its tags is contained in the target window title"

Once you have those options set when you have the launcher open hit your hotkey and it should bring up a diolog to select which entry you want to use for this specific window. For example mine shows "GW2 main" and "GW2 secondary" select the one you want and hit enter and it handles the login. you will have to have your keepass database open to make use of this setup.

That said this is kinda obnoxious as I still have to log the accounts in one at a time instead of just hit launch on LB and have both launch at the same time. Frankly if the devs wanted to improve security they should have just added native multi account and multibox support so we dont have to use 3rd party programs to do this. If anything forceing extra steps like this made things less secure.

[Vegeta.2563]

@Boref.9156 said:How do i uncheck -autologin in lb. it is automatically activated in the last builds and cant be unselected.

If you are using the latest version, just remove the email and password from the saved account. If you want multiple clients, just clone that account a few times, and launch them at once.. and put in your info manually if you wish.

[Vegeta.2563]

@Healix.5819 said:

@"Vegeta.2563" said:Yep just can't run more than 1 client like this.

You can. See the

other thread

on how to do it without actually moving around Local.dat (or alternatively using a program to do it).

How does that program actually work though exactly?

[Malediktus.9250]

@"Eowin Of Rohan.2619" said:Guys, it's true that it was a security issue, and that obviously not everyone doing it was aware of the risk (just look at the reddit thread, there is literally a guy saying "had no problem for 4 years, therefore it's 100% safe" ... typical guy knowing nothing about IT security).

That said, if -like me- you have several alt accounts that don't require max security and that you want to start easily, it's still possible to do it. As Gaile said, you can use the "remember password" check. How to work with several accounts ?

• type "%APPDATA%" in the address bar of your file explorer (if you launch your alt account with another windows account, change that in the address bar after). Go to Guild Wars 2 folder. You'll find Local.dat. That's the file where the login+password got saved.
• Copy it and name the copy "local.dat.account1" (for example)
• Start gw2 again, this time use and save another account's login+password.
• Now you have local.dat.account1 with the first account saved, local.dat with the second account saved ... copy this one and name the copy "local.dat.account2"
• Repeat as many times as needed
• Create a .bat file that takes an account number as parameter, copies local.dat.accout[number] to local.dat, then starts gw2.exe (with or without runas, depending on what you did before with autologin). I'm not going to post it here, not sure if forum rules allow it. Pretty easy to create.
• Change all your autologin shortcuts so they just start "yourscript.bat account_number"

Done. It takes some time on the first day, but now it's just as before, except with more security !Well, there is a slight difference, you have to click "login" and "play" buttons. Unfortunately, "-nopatchui" doesn't seem to work anymore, even with credentials saved in local.dat.

1. I don't need more security for my alt accounts.
2. wastes disk space and SSD write cycles (we are talking about 30 accs here, so roughly 1GB of SSD space wasted)
3. still takes longer than the old way

[Pifil.5193]

@"Gaile Gray.6029" said:I'm really sorry that some of you are unhappy with this change. I'd like to reiterate that the decision was based solely on our concerns for player security. Theories about alternative motivations for the change are completely baseless.

I notice at least one person state that those who used the system were fully aware it was an "at your own risk" situation, and that every user would be aware of any security risks that they were taking on. I have to dispute that. I don't believe that everyone knew of the risks, nor that every single user willingly accepted them. It would be provably inaccurate to state, "I knew it was risky, therefore every other user knew that, too."

I knew the risks and I knew exactly what I was doing when I explicitly created a number of shortcuts to access each of my accounts. This is a terrible change and is typical of the kind of "change first consider players never" attitude being show recently.

[Kyranna.1730]

Please restore it, it's a very useful and convenient functionality.

[Healix.5819]

@"Eowin Of Rohan.2619" said:

• Create a .bat file that takes an account number as parameter, copies local.dat.accout[number] to local.dat, then starts gw2.exe (with or without runas, depending on what you did before with autologin). I'm not going to post it here, not sure if forum rules allow it. Pretty easy to create.

fyi, it's not that simple, unless you want the game to patch every time you launch it, since Local.dat needs to be updated with each patch. If you want to do it this way, you'll want to link it to the dat you want instead of copying it:mklink /H "Local.dat" "Local.1.dat"

Alternatively, if you want to be able to launch multiple accounts, you'll need to use this method:setlocalset userprofile=%appdata%\Guild Wars 2\Account%1start Gw2.exe %*

... and have your Local.dat files saved to %appdata%\Guild Wars 2\Account%1, where %1 is for example -1 for your 1st account, which would be used with the batch file like this:Gw2.bat -1

@Vegeta.2563 said:How does that program actually work though exactly?

See the batch above for a basic idea.

[Ryan.6951]

This is poorly thought out. Now instead of using unique strong single application passwords for each individual account, you are incentivising me to use one common easy to type password.

We all know that's counterproductive to increasing security.

Good intentions, bad implementation, awful communication, and even worse security consequences.

Do you have any devs who use something like lastpass, or are interested in security in general? Anyone could have weighed in on this and explained to the rest of the team why removing user options and forcing them to manually enter passwords for potentially dozens of different account always inevitably leads to password sharing; which then INEVITABLY leads to password compromise.

[Karaha.3290]

@Cronos.6532 said:

@"Gaile Gray.6029" said:I'm really sorry that some of you are unhappy with this change. I'd like to reiterate that the decision was based solely on our concerns for player security. Theories about alternative motivations for the change are completely baseless.

I notice at least one person state that those who used the system were fully aware it was an "at your own risk" situation, and that every user would be aware of any security risks that they were taking on. I have to dispute that. I don't believe that everyone knew of the risks, nor that every single user willingly accepted them. It would be provably inaccurate to state, "I knew it was risky, therefore every other user knew that, too."

As stated

here

, we have no objections to players using multiple accounts, when that use follows the proscribed limitations. The change today was decidedly

not

a means of trying to limit or halt multi-boxing, nor was it developed as a means of inconveniencing those who play with multiple accounts. If you are inconvenienced, we're sorry. But security > convenience, as I'm sure you'll appreciate.

Is it safe to swap out the encrpyted file that stores the currently saved username/password in the launcher with that of another account?

Having ways to make it safe, is't the problem and isn't the point.The point is that there were an unsafe way, that's the point.

[arukAdo.2047]

multiboxing is very marginal, they wouldnt go trought that if it was the problem, they would just unallow it, the thing is people who have xx accounts just to get login rewards and so forth, well those people are probly not marginal in numbers and pissed off by the change, it could be motivated by security but like it was pointed out, this will decrease it since for convenience many will just use the same password

[ElderNewt.5840]

Soo what option are we going to get given for us to store passwords and stuff then? I mean this was a feature for soo long it's a real kick in the teeth if you don't offer something else.

[Malediktus.9250]

GW2 has one of the worst launchers of all games I ever played. Just unacceptable that you remove this without providing an alternative

[fatihso.7258]

Yup, that's it. You finally pissed me off! Well done!!!

[LucianDK.8615]

Probably should be seen as a way to wean people of doing multiboxing.

[Andreakos.5934]

-SNIP-

Edited June 24, 2021 by Andreakos.5934

[ShadowSpirit.6934]

As much of a pain as it is, I don't think many of you realise just how complicated implementing a secure password system actually is, or where liabilities for stolen information can lie even if it's stored on your machine. I do have to side with arena net on this I'm afraid. And being behind a firewall on a "password protected pc" isn't a valid level of security. Any muppet can Google how to break a windows password and do it in 5 minutes... I carry out penetration testing as part of my job, and it's scary just how vulnerable so many people, companies and pieces of software are.

[Healix.5819]

@"LucianDK.8615" said:Probably should be seen as a way to wean people of doing multiboxing.

This change basically only adds a 5s delay to starting an account. The problem is that they did it without warning, so there's a lot of misinformation going around. If they would have said they would eventually remove it back when they "bugged" it in October, and had a warning every time you launched using -nopatchui, there wouldn't have been a problem today.

[Kezika.7692]

@Shikigami.4013 said:The inconvenience will be countered by people giving all their accounts the same password so they never have to change it anymore when logging into different accounts.This does not improve security.

You literally can't, their system doesn't allow any account to have the same password as another account has or has ever used. Once a password has been set to a GW2 account it is dead for any other GW2 account forever.

[Healix.5819]

@Kezika.7692 said:You literally can't, their system doesn't allow any account to have the same password as another account has or has ever used. Once a password has been set to a GW2 account it is dead for any other GW2 account forever.

You can have the same password on multiple accounts. What you can't use is a blacklisted password - a password that was used on a compromised account or is on ArenaNet's personal list of weak passwords.

[Shikigami.4013]

@Healix.5819 said:

@Kezika.7692 said:You literally can't, their system doesn't allow any account to have the same password as another account has or has ever used. Once a password has been set to a GW2 account it is dead for any other GW2 account forever.

You can have the same password on multiple accounts. What you can't use is a blacklisted password - a password that was used on a compromised account or is on ArenaNet's personal list of weak passwords.

That is correct, I already did change the password to be all the same and it took me just a few minutes. If I could change my email as well I would just change all of them to 1@mydomain, 2@mydomain, 3@mydomain etc....

[fatihso.7258]

@Kezika.7692 said:

@Shikigami.4013 said:The inconvenience will be countered by people giving all their accounts the same password so they never have to change it anymore when logging into different accounts.This does not improve security.

You literally can't, their system doesn't allow any account to have the same password as another account has or has ever used. Once a password has been set to a GW2 account it is dead for any other GW2 account forever.

Can you tell me how I am having same password for 2 of my accounts right now?

[Ryan.6951]

@Kezika.7692 said:

@Shikigami.4013 said:The inconvenience will be countered by people giving all their accounts the same password so they never have to change it anymore when logging into different accounts.This does not improve security.

You literally can't, their system doesn't allow any account to have the same password as another account has or has ever used. Once a password has been set to a GW2 account it is dead for any other GW2 account forever.

What? No. This is not accurate.

Anet stores hashed passwords (we assume) and because of the way they're calculated you cannot re-create the original entered password from the hash. Ergo, you cannot confirm any 2 passwords are the same, or stop the same password from being used on multiple accounts.

Also, I have had multiple accounts with single shared passwords at one point.

[Zaraki.5784]

@"Gaile Gray.6029" said:I'm really sorry that some of you are unhappy with this change. I'd like to reiterate that the decision was based solely on our concerns for player security. Theories about alternative motivations for the change are completely baseless.

I notice at least one person state that those who used the system were fully aware it was an "at your own risk" situation, and that every user would be aware of any security risks that they were taking on. I have to dispute that. I don't believe that everyone knew of the risks, nor that every single user willingly accepted them. It would be provably inaccurate to state, "I knew it was risky, therefore every other user knew that, too."

As stated here, we have no objections to players using multiple accounts, when that use follows the proscribed limitations. The change today was decidedly not a means of trying to limit or halt multi-boxing, nor was it developed as a means of inconveniencing those who play with multiple accounts. If you are inconvenienced, we're sorry. But security > convenience, as I'm sure you'll appreciate.

Any chance this will be reverted back? I'm very unhappy with this change, I loved how auto-login worked, people not liking it had still the option to disable it.