Account security is one of the most important aspects of owning an account in an online digital world. It’s pretty hard to enjoy a game if someone takes control of your account, sells off all your stuff, and sets you all the way back to square one. This is why understanding and practicing good security habits is not only a good way to protect your game account, but all of your online accounts.
The good news is that almost all the tools you need to protect your account from hackers are already available for you to use! Even if you’re taking a break from the game, these tools will continue to protect your account, information, and in-game progress so you never have to think about it. Our goal is simple: to give you total control over your account at all times!
Below, you will find several steps you can take to protect your account. While we recommend reading through everything to get a feel for the methods and tools at your disposal, you can also use these links to jump straight to each section:
- Your Password: The first, critical step in securing your account
- Protecting Your Account with Authentication
- ArenaNet Security Measures
- Signs Your Account Has Been Compromised
- TL;DR: The Quick Tips
- More Information
Your Password: The first, critical step in securing your account
The old approach of choosing a single complicated password, memorizing it, and then using it for all of your accounts no longer works in today’s modern security environment. Hackers have evolved with the technology of the online world, and can now use tens of thousands of IP addresses to test millions of possible name-and-password combinations at a time. They usually acquire these account details by hacking less secure game or website databases, stealing them using malicious software such as keyloggers or Trojans, or by social engineering players into using their credentials on an unsafe website (such as when buying gold).
This is why the first rule of account security comes down to this simple practice:
Use a unique password for every online account you care about and want to keep.
You may want to consider using a reputable password manager program to remember all of your unique passwords. Some programs will even help you come up with strong passwords, though you'll also find several articles with tips on how to create a password right here on the help site:
Protecting Your Account With Authentication
Authentication (also known as "two-factor authentication") is an extra layer of security that prevents unauthorized individuals from accessing or tampering with your ArenaNet account. An account protected with an authentication tool not only requires the correct login email and password to access, but requires a unique security code whenever a login attempt is detected from a new location or unknown network. This gives you total control over when and where your account is accessed, and lets you intervene if it's ever from a place you don't recognize.
There are three authentication tools to choose from and use to protect your account:
- Email Authentication: This form of authentication uses your email address to keep your account secure in the event that a hacker learns your account name and password. It is the most basic form of authentication.
- SMS Authentication: This type of authentication sends your security code via text message whenever a login is detected from a new or unknown network.
- Authenticator App: This type of authentication uses a downloadable app—such as Google Authenticator—on a device such as a cell phone or tablet to deliver your security code.
You can learn more about each authentication option in this article.
ArenaNet Security Measures
While you protect your account with a strong password and authentication, we’re also taking steps to protect your information from hackers.
Password Blacklisting
For our players’ protection, we maintain a blacklist of passwords that includes data from two sources:
- Any passwords that hackers have ever used or attempted to use in Guild Wars 2.
- Any passwords previously used on your account.
Passwords added to this blacklist cannot be used by anyone creating an account or updating their password. This list of “known” and compromised passwords already exceeds 20 million entries, and the process has reduced the hacking rate of newly created accounts from about 1.5% to ~0.1%. This process also means that you can be confident that your new passwords are unique to your Guild Wars 2 account—at least as long as you don’t use the password anywhere else!
For suggestions on how to choose a strong, secure password, take a moment to read this article.
Database Security
Occasionally, players speculate that their account information has been stolen by hackers accessing the Guild Wars or ArenaNet account database. The reality is that we have very strict protections in place to keep network attacks from ever reaching our customer databases, including a team that constantly monitors for any signs of intrusion. We’re confident that there has been no such breach of our database, and we are diligent about preventing one from ever happening in the future.
Remember: the best way to protect yourself is to choose a unique password for each account you own. This means that if there is a security incident that compromises any of your other online accounts, your Guild Wars account will still be safe.
Signs Your Account Has Been Compromised
In almost every instance where a game account has been compromised, we’ve found that the email account has also been compromised. Hackers will often try to mask their activities to prevent you from realizing that they have access to your email account. They may even intercept authentication requests, accept their own login session, and then delete the emails in order to access your game account.
While playing the game, there are a few things to watch for that would suggest someone is trying to access your account:
- If you are repeatedly kicked from the game with an error message that suggests that another user has accessed your account, change that password to your account right away!
- If you receive emails that your account has been accessed from an unfamiliar location, DO NOT approve these requests; instead, change your account password right away!
- If you notice unknown IP addresses on your Account Security page, it is possible that someone has your login details. Reset your password right away!
Whether you’re noticing oddities with your email account, on the account page, or while you’re playing the game, follow these tips to ensure that your account is secure:
- Protect your email account with a strong, unique password.
- Don’t store your serial code in your email archive. Instead, write it down and store it somewhere safe. You can even use a password manager program to store your code.
- If you think your account has been compromised, contact our Customer Support Team using a different (secure) email account.
- Our team will be happy to help you change to a new, secure email address once you verify ownership of the account in question.
TL;DR: The Quick Tips
If nothing else sticks, here are the most important tips for you to keep in mind:
- Select a strong password: Choose a unique password for every online account you own. Do not use variations of the same password; make sure that each one is distinct, and never use the same password for both the game and your email address.
- Watch out for suspicious emails: Hover over the hyperlinks in emails to ensure that they redirect to the official guildwars2.com or arena.net site. This article contains several examples of English-language phishing attempts that we've seen.
- Avoid social engineering traps: If someone claims to work for ArenaNet or NCSOFT and asks for your password, do not tell them your password. We will never ask you for your password.
- Avoid trojan horses and spyware: Don’t download software, open files, or open email attachments from a source you aren’t 100% sure about. Malicious software can install a key-logger on your system to record and transmit your passwords.
- Keep your email secure: Use a strong, unique password for your email, too—one that you’ve never used (and will never use) anywhere else.
More Information
- For more information about Account Security, you can read Mike O’Brien’s blog post on account security.
- For information on Email Authentication, please see this article.
- For details of the Two-Factor (Mobile) Authentication system, please see this article.