ArenaNet talks security in Guild Wars 2

Account security has been a hot topic in the world of Guild Wars 2 between the hubbub about the email verification system and the woes of hacked accounts. It's been such a hot topic that ArenaNet President Mike O'Brien wrote up a big ol' post about it.

O'Brien began by reiterating one of the golden rules of account security: Use a strong and unique password for any account that you don't wish to have compromised. He pointed out that simply having a strong password does you almost no good if you've got the same password with the same email used for an account elsewhere -- if one such account is compromised, they all are. The same rule of having a unique password applies to the email account you use for authenticating your GW2 login attempts: the email authentication system can only protect you if your email is secure. Fans of two-factor authentication will be pleased to hear that Guild Wars 2 will have a two-step authentication system soon. "We had our own homegrown implementation of smartphone two-factor authenticator in testing, but we're going to pull it back and instead integrate Guild Wars 2 with Google Authenticator, which already has robust authenticator implementations on most major smartphone platforms. We expect to roll this out in the next two weeks."

But that's not all! ArenaNet is also building a password blacklist (which is 20 million passwords long and growing) that blocks all passwords for which hackers are already scanning. According to O'Brien, "the rate of account hacking was about 1.5% for accounts created before this blacklist was in place, and is about 0.1% for accounts created after." This announcement comes with the request that existing customers change their password so that the blacklist protects them as well.

Read O'Brien's full post on the GW2 news page.