Discussion: Command Line Option Changes [Merged]

[YtseJam.9784]

Pretty sure everyone that is entering their username and password in a shortcut are aware that anyone can see it, so they know what they are doing. If this is because people are using 3rd party launchers and put their username and password there, on a 3rd party app, and getting their accounts stolen, then that's on them. That said, I really hate this change and IDK why after 6 years ANET all of the sudden cares about security, when this is a feature that has existed for so long. Yeah call me lazy, but I like clicking on my shortcuts to launch my accounts. If you guys removed this cause of security issues, you should have done something better as a replacement, i.e. Let the launcher remember more than 1 username/password combination stored securely and let us select from them. You could even let us save them in the UI and then just include the -email in the command line and it would try to load it from an existing securely stored one. There are so many ways this could have been improved, but just removing it without an alternative seems like the lazy approach and just ruins user experience.

[ArmoredVehicle.2849]

Following this change I've re-adjusted my launch scripts to select a specific "Local.dat" file per account, at least that way I won't have to retype my username and password every time I change accounts.

Even though I managed, it doesn't mean I'm happy with the changes, launching the game directly to character select was quick and straight to the point.

[Salt.1697]

I dont like the "new secure" feature . Pls take it back or just create a real secure feat (u know your batch data ? no ? great ) for ppl who need it & make achoise . Thanks a lot :)

[Sharen Graves.1276]

I don't believe Anet actually thinks that we where not fully aware of at your own risk. For 6 years they have beat "at your own risk" in our heads for any 3rd party software. For years every time a new one pops up some one asks if they can use it., Anet never says yes or no directly and always signs it.... "use at your own risk" with a link to the EULA. Only exception was ARC the last few years.

Was patching till I read this.... just closed it out not worth my bandwidth now. Reasons like this is why my play time has went from 30 hours a week to just 2.

[iwanpompier.5612]

thanks to this change also no more -nopatchui so the game takes much longer to load now

[schokelmei.8271]

Wait.. this isn't a bug but another one of that "great ideas" by Anet?You are kidding me, right?I don't even have many alts, but it's annoying to have to relog through those accounts and type email and passwort over and over again, especially for people that don't use "xy123" as passwords.I'm not sure if I want to type something like "Nx3"5`79p-iPJRa6\?-(NrCuhLx(z@" many times per day.

[Neural.1824]

Taking my statement back for now.. going to see where this goes.

[Kaz.7065]

well I just submitted tickets on all 4 of my accounts.More as a protest then actually expecting them to change anything.Thing is I've been getting bored the last couple months and been cutting my play time back accordingly.This might be the last straw though and might kick me over to ESO.Shame cause I really enjoy the game and all the people I have met within it.

[OutOfOrder.3719]

I'm sure this was a stealth hit to stop botters from ruining the game. I'm sorry logging onto multiple accounts is now more time intensive.

[Healix.5819]

@iwanpompier.5612 said:thanks to this change also no more -nopatchui so the game takes much longer to load now

I timed it, it takes about 8 seconds longer (5 of which is due to the delayed auto play). If you also want to count patching, it takes roughly 9 seconds for each additional account to update its Local.dat file.

Fun fact, I just had to accept the user agreement on an account that is a few years old, since it had previously always bypassed the launcher.

[zellurs.8601]

@"YtseJam.9784" said:Pretty sure everyone that is entering their username and password in a shortcut are aware that anyone can see it, so they know what they are doing. If this is because people are using 3rd party launchers and put their username and password there, on a 3rd party app, and getting their accounts stolen, then that's on them.

This is actually a point I hadn't considered, my first thought after seeing that this was an intentional change on the part of the dev team made me think of what third party options are out there. I had gw2buddy awhile back but didn't really need the multibox functionality so I stayed with my shortcuts. Not sure if gw2buddy is even working now, but my point is that by making this decision, anet is inadvertently pushing people towards third parties who can fill the void. And if there isn't one currently, there will be one eventually. Personally I'd like to take my own responsibility for my security instead of having to download some software based off of good word of mouth to circumvent an otherwise laborious login process. It's kind of insulting that I had a quick way to log into my account and my alts taken away from me based on "security" when I've been using this process for as long as I've been playing GW2.(which is a long time). My post history may not reflect that, but it should also indicate how strongly I feel about this decision.

[Jakkari.9238]

@"ShadowSpirit.6934" said:As much of a pain as it is, I don't think many of you realise just how complicated implementing a secure password system actually is, or where liabilities for stolen information can lie even if it's stored on your machine. I do have to side with arena net on this I'm afraid. And being behind a firewall on a "password protected pc" isn't a valid level of security. Any muppet can Google how to break a windows password and do it in 5 minutes... I carry out penetration testing as part of my job, and it's scary just how vulnerable so many people, companies and pieces of software are.

It isn't complicated at all. All password managers use some form of hash system to encrypt your data. If they really were interested in only security, they would update the -email and -password commands to only accept hashes of the data. This feels more like they just want you to use their launcher so they can flash you a message for 5 second before you login.

[Lillis.9473]

@"Gaile Gray.6029" said:I'm really sorry that some of you are unhappy with this change. I'd like to reiterate that the decision was based solely on our concerns for player security. Theories about alternative motivations for the change are completely baseless.

I notice at least one person state that those who used the system were fully aware it was an "at your own risk" situation, and that every user would be aware of any security risks that they were taking on. I have to dispute that. I don't believe that everyone knew of the risks, nor that every single user willingly accepted them. It would be provably inaccurate to state, "I knew it was risky, therefore every other user knew that, too."

As stated here, we have no objections to players using multiple accounts, when that use follows the proscribed limitations. The change today was decidedly not a means of trying to limit or halt multi-boxing, nor was it developed as a means of inconveniencing those who play with multiple accounts. If you are inconvenienced, we're sorry. But security > convenience, as I'm sure you'll appreciate.

The convenience would be restored if you allowed the -local command line parameter to work. This was meant to allow users to point to a specific local.dat but never worked properly so was removed. If people could point each shortcut to a different local.dat, with the credentials stored inside, then this problem would go away. That the credential parameters were removed with no alternatives and, worse, no notice is disrespectful.

[Naeleen.7601]

@"gebrechen.5643" said:Wait.. this isn't a bug but another one of that "great ideas" by Anet?You are kidding me, right?I don't even have many alts, but it's annoying to have to relog through those accounts and type email and passwort over and over again, especially for people that don't use "xy123" as passwords.I'm not sure if I want to type something like "Nx3"5`79p-iPJRa6\?-(NrCuhLx(z@" many times per day.

Save all account credentials in a notepad file and copy/paste from there to login with each. Since you feel confident and secure enough, go with that method.I'm not supporting the change they made in any way; was also making use of it. And their perception of security is void anyway, all you need is an authenticator app, and to authorize your IP address for each account via the website or official launcher just ONCE.

[ixiduffixi.6384]

Whoever thought this was a reasonable solution is incompetent and should be replaced. Plain and simple. Find the guy who decided it was okay for it to remain in Guild Wars 1.

[yahoo.4752]

gg anet..... to destroy my favorite game :'( :'( :'(and now what am I doing? with my 10 accounts

[Kyranna.1730]

Someone suggested earlier using KeePass to somewhat automate the login process in the absence of the command line arguments that have been disabled. I did this for my many accounts, and while not perfect, it does make it faster in that I don't have to type in the user ID and password manually for each account. Have KeePass running, start the launcher, click on the account entry in KeePass and the hotkey to autopopulate the launcher fields, and that's that. You can set the launcher to autostart after a successfully authentication, which adds 5 seconds to the process.

Still very much would like to have the command line arguments back, though...

[Susy.7529]

Ehy, maybe I've missed something but it's working as always for me, I just have to click LOG IN and in 5, 4, 3, 2, 1, 0 it auto.logins and starts.Edit: nvm I just read you're referring to alt accounts mail/pass. Didn't even know there was a possibility to store those informations.

[Ana.2415]

@"Gaile Gray.6029" Please add the option in the launcher to store the email/password of multiple accounts and not only from one, or give an alternative solution to be able to autologin+multibox and alert people of the "risk".

It's not fair for the people that bought multiple accounts. Now I have all my mails and passwords in a notepad to copy-paste. That's even more risky that using the commands.

[Pifil.5193]

@Jakkari.9238 said:

@"ShadowSpirit.6934" said:As much of a pain as it is, I don't think many of you realise just how complicated implementing a secure password system actually is, or where liabilities for stolen information can lie even if it's stored on your machine. I do have to side with arena net on this I'm afraid. And being behind a firewall on a "password protected pc" isn't a valid level of security. Any muppet can Google how to break a windows password and do it in 5 minutes... I carry out penetration testing as part of my job, and it's scary just how vulnerable so many people, companies and pieces of software are.

It isn't complicated at all. All password managers use some form of hash system to encrypt your data. If they really were interested in

only security

, they would update the -email and -password commands to only accept hashes of the data. This feels more like they just want you to use their launcher so they can flash you a message for 5 second before you login.

It'd be relatively easy to allow us to generate API keys tied to our Authorized IP addresses and allow us to log in with that username and key (which would effectively be a hashed password) but why add functionality when it's so much easier to delete it.

[CuteBrunetteGamerGirl.4327]

I disagree with the change and it's annoying, my several accounts information are even more vulnerable now that I have to keep them in a notepad named "gw2 alt acct info" on my desktop. Hopefully I don't accidentally paste them into chat ingame due to having to copy/paste to log in.

[Mireles Lore.5942]

Did they remove -nopatchui as well or is it just bugged?

[Healix.5819]

@Mireles Lore.5942 said:Did they remove -nopatchui as well or is it just bugged?

-nopatchui works fine (for example -image -nopatchui to patch while invisible), it just doesn't do what you're expecting it to. It never worked with the credentials stored by the launcher, only those passed through by -email -password (which is now disabled).

[Mireles Lore.5942]

@Healix.5819 said:

@Mireles Lore.5942 said:Did they remove -nopatchui as well or is it just bugged?

-nopatchui works fine (for example -image -nopatchui to patch while invisible), it just doesn't do what you're expecting it to. It never worked with the credentials stored by the launcher, only those passed through by -email -password (which is now disabled).

So pretty much useless because it has no way to receive credentials? Wonderful.

[Healix.5819]

@Mireles Lore.5942 said:So pretty much useless because it has no way to receive credentials? Wonderful.

If that's all you were using for, yes. Currently, the only way to automatically login to character select is by remembering your email/password on the launcher, checking the auto play box (automatically clicks play after 5s) and using the -autologin option (automatically clicks login when the email/password is remembered). This adds roughly 8 seconds to the time it takes to login, compared to using -email -password -nopatchui. To be clear, it's no longer possible to skip the launcher and go directly into character select.