Posted Fri, Sep 21, 2012 by Martuk
If you’ve been a part of the online gaming world for any substantial length of time, everything that’s in Mike O’Brien’s new Guild Wars 2 blog should pretty much go without saying. ArenaNet’s boss took to the web this week to discuss account security in a new blog and how players can help safeguard their accounts from theft. Over the last few years, several developers have had their account databases breached, busted, burned and plundered for account details; this alone should clue most people that have been around and part of this unfortunate process into keeping a unique password for each of their gaming accounts. After all, if you use the same login details for all of your accounts, it only takes a breach of one for you to lose them all.
“So unfortunately, if the lesson you’ve learned from security advice through the years is to pick a single complicated password, memorize it, and then use it everywhere, that’s exactly the wrong lesson for today’s security environment. To keep accounts on different sites secure in today’s environment, you need to use a unique password for each account.”
O’Brien also touched on what ArenaNet has available to help keep your account secure with two-factor authentication and email authentication, but even with those you could still be at risk if you’re using the same password. ArenaNet has also been building a blacklist of passwords that hackers have been trying to crack on accounts that have yet to be created yet with details they obtained elsewhere, so if players using those credentials make an account, they won’t be able to use the compromised passwords. Now that’s forward thinking.
Since we’ve been observing hackers constantly scanning accounts that don’t even exist yet, waiting for someone to create those accounts, we obviously want to make sure that if those new customers do join the game, they don’t use the password that the hackers are waiting for. Thus we’re building a blacklist of all the passwords that hackers are scanning for — it’s already at 20 million passwords and growing — and we’re preventing new customers from choosing any of those passwords. (The blacklist contains passwords only, not account names.)
Check out O’Brien’s full blog to learn how you can better protect your Guild Wars 2 account.
Source: Mike O’Brien on Account Security