if the person truly hacked everything then even a second PW would not help. .

Indeed,if that player was hacked to that extent,I don't see how a second password or pin might help.
My personal opinion is,that it's just another password,it might load the login servers a lot.
I like the idea of better security though,maybe a token based login might be a better idea?
I'd like to see some more feedback on this though,good luck with it.

anyway in my server already 2 my friend was been hacked. wartune must do something. and surelly another players in my server was beet hacked.

i think the idea of anti hack measures is good, maybe lacking some real prevention but its a start.
There are different ways to hack, keyloggers, hacking mail etc etc. I think a 2nd pw could prevent a bit of hacking. maybe it doesnt do anything, but cant hurt to give it a shot right?

How about this:
each item can be given a security lock, this lock on a item has a fixed pw and in order to sell it the pw must be filled in to remove the lock. However this lock goes away after 2 weeks for example, so only after weeks after the lock has been removed the item can be sold.

This gives the owner the proper amount of time to get his account back and secure his account and stuff

Hello.
Studies show that most of the times,when an account is hacked,it has nothing to do to where the account was.
Hackers often infect computers with keyloggers that grab your passwords.So,if you would get such a thing,it would have nothing to do with Wartune,it would have everything to do with your computer security.
I am generally game for better security,since you can't ever have enough of that,but in this case,if you can't identify a breach in the log-in servers,it would be hard to prevent it or add extra security.

A little friendly R2 advice! Many times issues of "hacked accounts" are due to 2 problems, while both stem from the same problem. Personal accountability.

Now let me explain what I mean here. First, a lot of players tend to share accounts, something we highly discourage. While we don't actively seek out and terminate account sharers, we can and do take action when those cases arise. I AM NOT SAYING WE ACCEPT THIS, BUT WE DON'T ACTIVELY SEEK ACCOUNT SHARERS. The problem comes when an in-game friend, someone who you've shared an account with, feels threatened due to your strength, upset because you didn't do an MPD with them, they leave guild and want to ruin the competition, or countless issues I've seen. Daily. This is the main reason we discourage account sharing: whether you recharge or play for free, you put in time and effort into your account. Giving out your account means you don't understand the risk until something bad happens. We encourage all players to be the sole holder of account information. Period.

The second, rarer case, is legitimate hacking as the OP has stated (something we sincerely hope he has stopped doing ^_^). We actively discourage third-party links not approved by R2Games to protect our players. If you access any site outside of our network, you are assuming the risk that something bad can, and very well may, steal your information. Hacked currency sites, bots, third-party programs to access the game, etc. etc. etc. etc. The list goes on and on of malicious tools. Plain and simple: if it's not R2 or R2 approved, don't use it. This means that you are in the clear if you truly are hacked, something we hope all players can honestly claim.

Now, I'm not saying "it's all your fault". We've explored ways of ensuring security, but the above 2 can eliminate 95% of all hacking cases we see on a daily basis. There's always more a company can do to protect its users, but that goes for both sides of the fence. Keep your information to yourself and don't use external links and we'll continue to come up with ideas and work on feasibility and implementation.

I am glad to see there are good moderators here, it encourages me to come back and play once again this game next year.

Very often, account-sharing is an alternate for players to stop the game althogether. The minimum time you need to play this game to stay competitive is 5-6 hours per day, but most top players play a lot more. The problem is, to stay competitive, you not only need a lot of time, but you need money as well - and most players can get that by working. So 8+ hours working, 6 hours playing, 7-8 hours of sleep - there is time needed for traveling, shopping, family, eating, bath etc. the math just don't work out.

So unless you work with computer (I'm lucky with that, I'm here all day), you are FORCED to share account. It's okay to say in ToS etc that account sharing is not recommended, and any harm from that is the players' responsibility: but you shouldn't say it is some kind of violation!!!

Account "hacking" is a very basic problem in other games, especially where trading is allowed. (Here, fortunately, it isn't.) So instead of saying, "don't share your account, if you lost anything, its your problem" you should do the very same thing every other game in the industry does: put up a smooth an easy process to restore accounts. Make a backup each day, if someone's items, astrals etc "disappear" then roll back to the last backup he had everything. He will still lose some stuff (what he gained meanwhile) but not all. And since trading is not possible, people can't exploit this option either. You can even charge some balens for this and limit how many times you do it for one person.

I was shocked to read the story of a whale here who spent an insane amount of money, and then lost all his items, and he did NOT get a rollback. With that in mind, anyone who spends money on this game should think twice, since he have to know if he gets into trouble, he wont get help.

And for you, it cost nothing: you have a customer who spent thousands of dollars, got an accident - you press a button, he is happy and keeps playing (and surely will be careful with sharing in the future).

As always, wise comments from you Fherlayt.
But this one worried me... I invested money and time on this game last few years... I sttoped and intend now to come back and play again in a brand new server... I just got scared about the case you related (the "whale" that lost his items). I would like to hear from R2 mods (I know they DO NOT have all the info the developers have... but maybe they can try to ask =) )

And then there are people who did get their character (fully or partly) restored, rendering your argument moot.

What would you like to hear from us, exactly? Why someone didn't get their stuff back? That's between R2 and that person. We wouldn't be told why even if we asked.

Thank you Esme, what I would like to know is exactly what you just answered in the former part of your last post.
I am glad to know that action is possible.

And please, do not get me wrong: different from many people posting here, I do respect and admire your work and the work of the other moderators.
Kind regards.

if every player didn't got his account back, his argument is still valide

I'm sorry, but I read the post about Astaroth who paid a lot (100.000+ USD?) lost everything, and he wont get help. I read the topic even after months, and he still did not get help. In my sane mind, I could not came up with a reasonable explanation why he did not get a rollback, and why someone else did. If he would be my customer, he would have to at least murder a close relative of mine to get help denied. And when you read that a 100k USD customers character is not restored, you wonder what happens when some "small" fish with a 1k USD payment (or god's forbid, only 100 USD) gets hacked. So honestly, that was not a good PR for your company.

it was more the way how it happend, but i agree with you, r2 made a solid statement about how they treat their customers. in the end not r2 nor 7road or whoever had the guts to tell him he wont get anything back.
I think i saw a new way to lock items (?) after patch or sth, dont have patch yet but saw screenies. i do believe that 72 hours is still quite short to protect items.

btw: esme and other mods arent part of r2, they are the the few warriors who stand between the an army of massive angry consumers and the city of r2:P so its not their company as you mention in your last sentence.