Tips for Keeping Your Guild Wars 2 Account Secure

by The Guild Wars 2 Team on August 29, 2012

Now that Guild Wars 2 has launched, we want to ensure your time in Tyria is as fun and safe as possible. Unfortunately, there are people out there who work hard to gain access to online game accounts in order to commit fraud. The security team at ArenaNet is working on a number of measures to help protect your account, but there are some steps you can take to make your account as secure as possible, including:

  • Always use a strong password that is unique to your Guild Wars 2 account.
  • Set up Guild Wars Account E-mail Authentication when it becomes available.
  • Whenever possible, only check your e-mails from a trusted device.

Let’s discuss each of these in a little more detail.

Always use a strong password that is unique to your Guild Wars 2 account

The single biggest threat to account security we observe at ArenaNet is hackers attempting to log in to accounts using databases of usernames and passwords they’ve attained from other games and online services that have been compromised. Unfortunately, if you use the same account name and password across multiple games or services, you make yourself vulnerable to this type of attack.

A very simple way to avoid your account being compromised with this method is to use a strong password that is unique to your Guild Wars 2 account. An ideal strong password is as long and unpredictable as possible. Four or five random but unrelated words can strike a nice balance between strength and memorability (as this humorous xkcd comic explains: http://xkcd.com/936/). This is the single best way to avoid this type of attack.

Set up Guild Wars Account E-mail Authentication when available

Guild Wars Account E-mail Authentication is a new feature that we’ll be introducing to Account Management that will provide you with extra security by requiring you to verify every login request from a new location with your e-mail account.

Whenever you attempt to login from a new location, we will send an authentication request e-mail that contains both a description of where you are logging in from, and a link you click to authenticate the login request. We decided to implement this as a mechanism that anyone can benefit from, since it’s free and easy for anyone to sign up for a secure e-mail account. Keep in mind, when you click on your authentication request e-mail, we will never ask you to enter any login information. Verification requests are only sent after you attempt to login, not before.

See the Account E-mail Authentication article in the Guild Wars 2 Knowledge Base for detailed instructions on how to take advantage of this feature.

Whenever possible, only check your e-mails from a trusted device

If you are playing from an untrusted location using Guild Wars Account E-mail Authentication, you can further reduce your risk by only checking your e-mails on your Smartphone. That way, even if the machine you’re using is compromised, hackers will not be able to gain access to your e-mail account. As a result, they will be unable to authenticate login requests, even if they have access to your account name and password.

Of course, if you have reason to believe your account credentials have been compromised, change your password from a trusted location.

In closing…

While none of these individual steps will ever fully protect your account from being compromised, they will significantly reduce your risk. Using one or more of these tips will help reduce the chance your account will be compromised.

Stay safe Tyrians, and we’ll see you in game!