This week’s Community Concerns is all about Guild Wars 2, primarily questions about emails you may have received from ArenaNet regarding attempts to access your account. Guild Wars 2 utilizes a security method of email authentication whenever you attempt to log in from a new computer. Aside from being an excellent incentive to keep your passwords unique to each account, this method also acts as an early warning system that someone somewhere, has your password, and that you should change it immediately.
The top question I receive on this topic is how to know if these emails are legitimately from ArenaNet. The answer is that you should always assume that these emails are legitimate, change your password and possibly even run your anti-virus program just to be safe if you receive one. Never click on the authorization link unless you are explicitly expecting the email (you logged in and the game blocked you) because if the email is not legitimate, you will end up at a fake website and expose your computer. If the email is legitimate, all you accomplish is to authorize a thief to log in and ransack your account. You have nothing to gain and everything to lose by clicking the authorization, again unless you are explicitly expecting contact.
The second most asked question is how to know if the email is real when you do actually have to authorize your computer. If you receive two emails at the same time and both are asking for authorization, close the client and wait a few minutes, then log in again and the system will email you again. There is roughly a .00001% chance of a fake authorization just happening to be sent to you as you log in for real, and if you are blocked and receive only one email with your location details, you can safely assume that it is legitimate.
This is what the email looks like. Make sure to doublecheck the city, region, and country, before authorizing.
A log-in attempt from the following location is currently awaiting your authorization.
Address: [IP Address]
This location is approximated based on information provided by your Internet Service Provider. If in doubt, deny the request and try again.
If you are certain this log-in attempt was not made by you, then someone else knows your log-in credentials and you should change your password immediately via Account Management.
For security purposes, we alert you each time your account is accessed from an unrecognized location. To authenticate this log-in attempt, please click the link below:
com/login/allow?token=[string of numbers & letters]&request=[string of numbers and letters]
Need help or have questions about your Guild Wars account? Visit our support site: http://en.support.guildwars2.
–The ArenaNet Team