Oct 12

11

2-Factor Authentication now in beta

ArenaNet have now released 2-factor authentication for beta testing (using Google Authenticator).

If you wish to add this to your account for improved security, some warnings first:

  1. THIS IS STILL IN BETA: there are already a few reported issues on the forums (particularly in relation to scanning the QR Code to set it up).
  2. If you already use the Google Authenticator app for other logins (e.g. email, etc), DO NOT SCAN THE QR CODE at the moment – set it up manually. The Scanned QR Code is currently REPLACING THE SECRET on ALL other authentication tokens, which could lock you out of your other accounts.
  3. It supposedly is working fine when entered as a new account to the Google Authenticator manually rather than through scanning the QR code.
  4. This IS NOT COMPATIBLE with the “-nopatchui” command line option. You MUST be able to see the login/patch screen to be able to enter the current 6-digit authentication code, which means that if you enable this you will likely lose the ability to (reliably) see the mumble overlay. Given a choice, I personally prefer the increased security ;). If you do not remove the “-nopatchui” from the command line, you will end up with the black screen prior to character selection as currently happens when you try to log in when the login server is down and will be unable to load further.

Having said that, the instructions to set this up are available at the official forums:
Beta Feature: Mobile 2-Factor Authentication

The issues thread. This is worth a skim read first to see what – if any – issues people are having.
Bug Report Thread for 2 Factor Authentication

Links for getting an authenticator program on your phone:

I’ve added the code to my accounts, and forum/website seems to be working properly with it. I’ll test game login tonight when I get home ;).

Sep 12

26

Twilight Arbor

Posted on: by Melana | 1 Comment

Hi everyone,

We’re currently trying to put together parties for doing the Twilight Arbor dungeon explorable mode on Friday (or Saturday) evening. This dungeon needs characters level 55 or above for the Explorable modes – and people need to have done the Story mode first to be able to do the Explorables.

So to facilitate unlocking Explorable mode for people that haven’t done Story Mode yet, we’re gathering sign-ups of people that need the Story Mode dungeon and people who’d be willing to redo it to help guild members through.

Story Mode sign-ups: Event – Twilight Arbor: Story Mode
Explorable Mode sign-ups: Event – Twilight Arbor: Explorable Mode

If we can’t fill a party for Friday night for Explorable Mode, it’ll probably be shifted to Sat night instead. If that happens, we can also do the Story Mode version Friday night/Saturday during the day to unlock it for people needing it.

Sep 12

21

ArenaNet on Account Security

Posted on: by Melana | No Comments

Ok, this is WELL worth reading in full: https://www.guildwars2.com/en/news/mike-obrien-on-account-security/

I’ll summarize it here:

  1. ArenaNet are going to add the ability to use the Google Authenticator (does NOT require a gmail account to be able to use it) to account logins. They expect to have this available in about 2 weeks. They were originally going to do their own, but since the Google one is already well supported on multiple platforms and already well tested, in the interests of getting 2-factor authentication as fast as possible they’re dropping their own and moving to the Google Auth.

    We know customers also want a native implementation of two-factor authentication, and we want it too. This is an area where we should act faster as a company, and we’re going to. We had our own homegrown implementation of smartphone two-factor authenticator in testing, but we’re going to pull it back and instead integrate Guild Wars 2 with Google Authenticator, which already has robust authenticator implementations on most major smartphone platforms. We expect to roll this out in the next two weeks.

  2. ArenaNet have evidence from logs that the people trying to break into GW2 accounts are using email+password lists obtained elsewhere (fan sites, the BattleNet hack a month or so ago, Steam forum hack a year or so ago, etc). Most of those combinations don’t have any account associated with the password, many of them used “good” passwords, but some of those lists are turning up matches and when they do…account is exposed. Unfortunately, a lot of these exposed accounts ALSO used the same password for their email account too, so the hacker was then able to log into the player’s email account to click the link in the email to authenticate their login…

    So keep in mind, if you ever see an unexpected email asking you to validate a login attempt from a location where you’re not playing from, that means a hacker already knows your account name and password!

  3. ALL passwords used in those email+password hack attempts are being added to a blacklist, so that they cannot be used by any Guild Wars account in future. This doesn’t affect existing accounts.

    The rate of account hacking was about 1.5% for accounts created before this blacklist was in place, and is about 0.1% for accounts created after.

  4. ArenaNet are requesting that people change their GW1/GW2 password now to a unique one for their account. When they do, the back-end will ensure that the new password is NOT currently one already listed on the blacklist, and will add the OLD password for the account to the blacklist so that it cannot be reused. Since you can use up to 100 characters in a guild wars password now, they’re suggesting using a full passphrase (with punctuation) when you create a new password.

    This all leads to the following request. All existing customers, please change your password. When you change it, the system won’t allow you to pick your previous password, or any password that we’ve seen tested against any existing or non-existent account. Thus, after changing your password, you’ll be confident that your new password is unique within Guild Wars 2.

Please DO go and read the article. They’re not just blaming users (you used an easily guessed password, you had a key logger, etc – that stuff that has often been said in the past), but are looking at the situation reasonably and doing what they can to minimize risk both to your GW accounts AND to other accounts you may own.

Database Breaches

We’ve seen some players theorize that hacked accounts were due to a Guild Wars database breach. We have very strict blocks in place to keep network attacks from reaching our customer databases, and a team constantly monitoring for any signs of intrusion, and we’re confident that there has been no such breach.

We take security very seriously. Perhaps you can tell from this blog post. And of all the things we protect at ArenaNet, we protect our customers’ data most of all.

Companies like Blizzard and Valve presumably also had a commitment to security, yet they ultimately suffered breaches of their account databases. One day will we become such a target that a hack attempt will finally overwhelm our defenses?

If that ever were to happen, we’d be up-front with you about it, and we’d take immediate steps to ensure that it didn’t lead to widespread account hacking. And here’s something else to think about. Because we’re requiring all Guild Wars 2 players to use unique passwords for Guild Wars 2, there’s actually nothing a hacker can steal from Guild Wars 2 to help attack other games or web sites. Using unique passwords benefits you both ways. In general, making a commitment to use a unique password for each account you care about is the best way to protect yourself, not only from being hacked today, but also from being hacked as the result of any future security breach of any company you deal with.

Sep 12

19

Don’t open the final storyline quest rewards just yet…

Posted on: by Melana | 5 Comments

http://www.reddit.com/r/Guildwars2/comments/103a4x/for_the_love_of_kittens_hold_off_on_completing/

The 5 loot bags you get as a reward for the final story line quest are currently bugged – usually giving level 20-50 blues and greens (which for level 80 is pretty poor). It has been confirmed that this was NOT intended by ArenaNet, so hold off on opening those rewards for the moment until it is fixed. (Maybe even hold off on completing the story mission in case they change from loot bags to something else in fixing this).

Sep 12

17

Legendary Recipes & Screenshots

Posted on: by Melana | 1 Comment

They’ve worked out the recipes/ingredients required for legendary weapons, and have screenshots of most of them.

In GW1 terms, the work involved in getting these look to be a combination of getting GWAMM, Obsidian Armor, and a Tormented Weapon. So they’re definitely long-term goals if you’re interested in one.

Link to Thread with recipes: http://www.guildwars2guru.com/news/780-the-recipe-for-crafting-your-legendary-including-screenshots/

(more…)

Sep 12

14

Game Status Update – Sep 14th

Posted on: by Melana | No Comments

New Game Status Update from ArenaNet:

04:05, 14 September 2012 (UTC)

Account Security
Hackers have lists of email addresses and passwords stolen from other games and web sites, and collected through spyware, and are systematically testing Guild Wars 2 looking for matching accounts. To protect yourself, use a strong, unique password for Guild Wars 2 that you’ve never used anywhere else! If your current password isn’t unique to Guild Wars 2, change it today! Do not under any circumstances use the same password for Guild Wars 2 as you do for your email account.
We now have a database of passwords used in hack attempts, and we don’t allow users to choose those passwords. We require each new password to be a unique password that has never before been used or tested. New users are thus protected from accidentally using a password that hackers already know, and we strongly encourage existing users to change their passwords to ensure that they too are protected.
See this article for more tips on choosing good passwords and keeping your account secure.
Customer Support
Our customer support team is prioritizing hacked accounts and other blocking login issues over other types of support requests.
To reset a password or disable email authentication on your account, follow these instructions. Be sure to read all security guidelines before performing either of these steps.
We’re temporarily disabling account name changes for accounts with validated email addresses. Thus, users with validated email addresses whose accounts are hacked will in most cases be able to recover their own accounts using the reset password functionality linked above.
Game Updates
Check the forum links below for details on recent game updates.
The September 14 update will be deployed tonight at midnight Seattle time.
Gem Store Update
We updated the gem store to enable players to delete their credit card on file, as well as to add additional security measures to prevent unwanted use of credit cards.
Reporting exploits
If you discover an emergency game-breaking or economy-breaking bug, do not exploit it, but please notify us immediately at this email address: exploits (at) arena (dot) net. You may also use this email address to report suspected security vulnerabilities. Thank you to everyone who has sent reports. However, note that we cannot respond individually to emails to this address.
Worlds & Overflow
We’re increasing world capacity as necessary to handle all the new players coming into the game.
During this initial surge of high concurrency, and especially while most characters are low-level and thus playing in the same starting areas, it’s common for players to be directed to overflow servers. To play with a friend on a different overflow server, form a party together, then right-click on the friend’s portrait in the party list and click “join”. We expect the use of overflow servers to naturally subside as players spread out more through the world.

Sep 12

14

Magic Find + Gathering Weekend

Posted on: by Melana | No Comments

Hi everyone,

We’ve got boosts for increased Magic Find and improved Gathering planned to be active this weekend – see the event planner for details.

We’ve now unlocked:

  • all the long-term (24h-72h) Economy guild boosts
  • the second build queue
  • the Guild Emblem (not yet designed)
  • the Guild Armourer
  • the long-term general (24h) PvE/PvP influence boosts

We’ll try to keep the main boosts active over the course of each weekend since that’s when the majority of people are able to log in, with an occasional mid-week boost (we ran the Magic Find boost during the week for most of this week) when we have the influence to afford it.

The next things planned are:

  • Guild bank (50 slot shared bank space for all guild members) – needs 1000 influence
  • Guild weaponsmith (can get weapon skins with the guild emblem on them) – needs 5000 influence for Politics 3 + 1000 influence for the Weapons Contract.

Anyone have anything in particular they’d like to see built/unlocked that hasn’t been mentioned, please do let us know.

In terms of gaining influence, we appear to receive:

  • 10 influence per character that is representing the guild that logs in each day (even if they only log in and then back out again!) – we managed to have “33 members logged in” a few days ago even though there’s only 18 actual members in the guild roster, hence why I believe it’s per character. This added up to 330 influence just for people logging in ;).
  • 2 influence per event completed by a character
  • 20 influence when 2 guild members complete the same event together, or complete a storyline quest together

Sep 12

11

Game Status Update – Sep 10th

Posted on: by Melana | No Comments

Catching up on the latest game status update from ArenaNet:

07:28, 10 September 2012 (UTC)

Account Security
Hackers have lists of email addresses and passwords stolen from other games and web sites, and collected through spyware, and are systematically testing Guild Wars 2 looking for matching accounts. To protect yourself, use a strong, unique password for Guild Wars 2 that you’ve never used anywhere else! If your current password isn’t unique to Guild Wars 2, change it today! Do not under any circumstances use the same password for Guild Wars 2 as you do for your email account.
We’ve observed hack attempts against hundreds of thousands of accounts that don’t even exist. To protect those people in case they purchase Guild Wars 2 and create an account, we will now disallow customers from picking passwords that we’ve previously seen used in a hack attempt.
See this article for more tips on choosing good passwords and keeping your account secure.
Customer Support
Our customer support team is prioritizing hacked accounts and other blocking login issues over other types of support requests. We’re currently responding to prioritized support tickets within 48 hours, and will soon be responding within 24 hours.
To reset a password or disable email authentication on your account, follow these instructions. Be sure to read all security guidelines before performing either of these steps.
Game Updates
Check the forum links below for details on recent game updates.
There is no game update scheduled for September 10.
Reporting exploits
If you discover an emergency game-breaking or economy-breaking bug, do not exploit it, but please notify us immediately at this email address: exploits (at) arena (dot) net. You may also use this email address to report suspected security vulnerabilities. Thank you to everyone who has sent reports. However, note that we cannot respond individually to emails to this address.
Worlds & Overflow
We’re increasing world capacity as necessary to handle all the new players coming into the game.
During this initial surge of high concurrency, and especially while most characters are low-level and thus playing in the same starting areas, it’s common for players to be directed to overflow servers. To play with a friend on a different overflow server, form a party together, then right-click on the friend’s portrait in the party list and click “join”. We expect the use of overflow servers to naturally subside as players spread out more through the world.

Sep 12

7

Game Status Update – Sep 7th

Posted on: by Melana | No Comments

Today’s status update from ArenaNet

04:45, 7 September 2012 (UTC)

Account Security
Hackers have lists of email addresses and passwords stolen from other games and web sites, and collected through spyware, and are systematically testing Guild Wars 2 looking for matching accounts. To protect yourself, use a strong, unique password for Guild Wars 2 that you’ve never used anywhere else!
When accounts are hacked and then used for botting or spamming ads for gold sales, we ban the accounts until we can return them to their rightful owner. If you login and see the message, “this account has been permanently banned for a violation of the User Agreement,” and you’re not a gold seller, it’s likely that your account was hacked. Please contact customer support using the instructions below.
If you see email authentication messages in your inbox asking you to approve a login that you didn’t initiate and from someplace you don’t recognize, that’s a sign that a hacker knows your account name and password, and is only being prevented by the email authentication feature from accessing your account. You should immediately change your password to a new, unique password that you’ve never used anywhere else.
Customer Support
Our customer support team is prioritizing hacked accounts and other blocking login issues over other types of support requests.
Hacked accounts – If you submit a support ticket for a hacked account, ensure it is properly prioritized by following these instructions. We’re resolving prioritized hacked account tickets within 72 hours. If you have an older hacked account ticket that has not been resolved, it may not be properly prioritized, or the ticket may not contain enough information for us to address it quickly. Please update your existing ticket, clearly state that this is a hacked account ticket, and provide as much information as possible, including your account email address, your account display name or character names, and your 25-digit Guild Wars 2 serial code.
Email authentication – Email authentication allows you to approve or deny each login attempt from a new location. With this feature, hackers can be prevented from logging into your account even if they guess your password. However, some customers are finding email authentication messages filtered by their email provider or are otherwise having difficulty receiving these messages. Tomorrow we will provide a secure method for customers who are having trouble with email authentication to disable it on their accounts. We ask that you use this new self-help system, and only submit a support ticket if that doesn’t work for you.
Password resets – Tomorrow we will provide a secure method for customers who have lost their passwords or whose passwords aren’t working to reset their passwords. We ask that you use this new self-help system, and only submit a support ticket if that doesn’t work for you.
Support forums – The official support forums are now online, and we have a new forum for players helping other players.
Last Night’s Update
  • We largely resolved the capacity constraints with parties and guild functionality, which were causing symptoms such as party members not appearing on the map, parties not staying together as they travelled between maps, and guild manipulation not working. Note that, while capacity constraints are now addressed, there are still some specific issues we’re working on with parties and guilds. In particular, there’s an issue with parties not staying together as they travel into dungeons, which we plan to address tonight.
  • We fixed issues with the storyline steps “Fury of the Dead,” “Grisly Shipment,” and “In The Ruins.”
  • We changed the downed mode camera to maintain a more consistent distance taking race into account.
Tonight’s Update
  • We’ll fix the issue with parties not staying together as they travel into dungeons.
  • We’ll fix issues with the storyline steps “A Light in the Darkness,” “Estate of Decay,” “Explosive Intellect,” “Rumors of Trouble,” “The Lost Chieftain’s Return,” and “Tribunes in Effigy.”
  • We’ll add an option to stop queueing for your home world, for players who want to remain on an overflow server indefinitely without being asked.
  • We’ll add an option to report an account for sending spam or otherwise inappropriate in-game mail.
Coming Soon
  • Some players’ monthly achievements didn’t correctly reset on September 1 at 00:00 GMT. To allow those players to collect the next monthly reward, we will reset the monthly achievement of any player who is already at 100% for the month as of tomorrow night’s update.
  • We’re working on a fix for PvP tournament rewards.
Trading Post
Trading Post item and gold delivery was slow for part of the day today due to a network connectivity issue between data centers. Delayed gold and items are being delivered; check your “pick up” tab.
Gem Purchases
We found some cases where players didn’t receive items after purchasing them on the gem store. We have records of all occurrences and are in the process of refunding gems to all affected players. Note that refunded gems will simply be added to your account’s gem balance.
Reporting exploits
If you discover an emergency game-breaking or economy-breaking bug, do not exploit it, but please notify us immediately at this email address: exploits (at) arena (dot) net. You may also use this email address to report suspected security vulnerabilities. Thank you to everyone who has sent reports. However, note that we cannot respond individually to emails to this address.
Worlds & Overflow
We’re increasing world capacity as necessary to handle all the new players coming into the game.
During this initial surge of high concurrency, and especially while most characters are low-level and thus playing in the same starting areas, it’s common for players to be directed to overflow servers. To play with a friend on a different overflow server, form a party together, then right-click on the friend’s portrait in the party list and click “join”. We expect the use of overflow servers to naturally subside as players spread out more through the world.
Next software updates
The next software update will be tonight at midnight Seattle time. We don’t expect significant downtime tonight, but the game may be unavailable for 20-60 minutes during a software update.