Latest Support Updates

[GWO NewsBot]

First up many of you may have received a reset password email today, I know I did, but fear not it’s a glitch and you canke delete the mail: A further lengthy support notice regarding the high volume of support tickets has also been posted

More...

[harniq]

I'd like to point out the character limit for passwords has been raised to 100. I strongly recommend making use of that new limit. After all "wH4t^v!r" is easier to crack than "111111111111111111111111111111111111" and more difficult to remember. I personally recommend using a sentence that no one can guess, with strict punctuation. This way it starts with a capital and ends with a. Use whatever you want, a line from your vows, a random line from a random song, glorify yourself or glorify your god of choice. Just make sure you will remember.

[Lady Rhonwyn]

I'd like to point out the character limit for passwords has been raised to 100. I strongly recommend making use of that new limit. After all "wH4t^v!r" is easier to crack than "111111111111111111111111111111111111" and more difficult to remember. I personally recommend using a sentence that no one can guess, with strict punctuation. This way it starts with a capital and ends with a. Use whatever you want, a line from your vows, a random line from a random song, glorify yourself or glorify your god of choice. Just make sure you will remember.

Actually, that's the worst type of password. The best password is completely random string of decent length, without any words that can be found in a dictionary...

[BladeDVD]

I believe harniq is actually correct, though I'm no internet security expert:

https://www.guildwars2.com/en/news/t...ccount-secure/

A very simple way to avoid your account being compromised with this method is to use a strong password that is unique to your Guild Wars 2 account. An ideal strong password is as long and unpredictable as possible. Four or five random but unrelated words can strike a nice balance between strength and memorability (as this humorous xkcd comic explains: http://xkcd.com/936/). This is the single best way to avoid this type of attack.

Only his suggestion includes case change and punctuation (assuming GW2 allows non-alphanumeric characters)


xkcd comic:

[Viti Ligo]

I believe harniq is actually correct, though I'm no internet security expert:

harniq is right in a way that you can produce decent passwords that way, but Lady Rhonwyn has a point in her post too. Using only words in password makes it weaker than a password of equal length of random characters. Because in that case you can use dictionaries to help guessing. Using totally random characters, however, makes password impossible to remember for most people.

So my suggestion is that you use words or sentences but replace some characters using a rule that you can remember.

[Lady Rhonwyn]

harniq is right in a way that you can produce decent passwords that way, but Lady Rhonwyn has a point in her post too. Using only words in password makes it weaker than a password of equal length of random characters. Because in that case you can use dictionaries to help guessing. Using totally random characters, however, makes password impossible to remember for most people.

So my suggestion is that you use words or sentences but replace some characters using a rule that you can remember.

I use KeePass to remember my passwords for me. My limit at remembering passwords is about 10. And I've at least 10 times as many passwords....

[thulsey]

Also, with a pass phrase, the tool used to break would need to know not just how many characters, but how many words in total to use a dictionary effectively.

Say my password is Workflow Share Bookmarks Read Later.

By the grace of divine intervention a computer has concluded that yes, the first character in the password is a 'W'. It proceeds from there.

Ok, it's figured out 'Workflow' and maybe a few years later it gets all the way to Workflow Share Bookmarks Read...

It's got to go all the way through all the words each time. It takes a while. Now what if you added random numbers/characters in the words?
W0rkfl0w Sh4r3 B00km4rk5 R34D because you all have excellent l337 sk177z yo! <-- good passphrase, btw.

TL/DR;

Use both methods for extra safe sauce!


Related, I've read about lists of email addresses and passwords being taken from other games that have been compromised in the past.

Want to up the ante on making this more difficult? Change your email address.

If you use gmail - add a '+' and a word after your username.

yourName@gmail.com works as always, yourName+someRandomWord@gmail.com works just as well. Ever notice you never see dick.jones1965@gmail.com addresses? Because if your name is taken up to a certain point, it's taken period.

Anyway, this is a neat trick I use to trigger rules on emails from specific sites ( hi, incgamers!) and it's also a way to make sure that an email account name isn't the same on two games. yourName+anet@gmail.com is easy to remember...

Now, if they're targeting you specifically, this is useless because it's easy to spot the + in the address, but if they're just going through lists and lists of pilfered addresses, this is a deterrent, and coupled with a unique, good password, it should make you pretty secure.

And none of what I just mentioned is difficult to remember.

But you bet I use a password manager for everything.

[Alaris]

After all "wH4t^v!r" is easier to crack than "111111111111111111111111111111111111" and more difficult to remember.

It really depends on what the cracking algorithm uses. I would assume intelligent cracking to make it more efficient, which would probably run all passwords of a single character of various lengths before totally random strings. It would also test for sentences and random words before totally random strings.

Why?

Because most people don't use random strings as passwords.