I made a quick update today to better secure player accounts and characters. You can use any OTP Compatible app, such as Google Authenticator or Authy to set this up.
Once OTP is configured on your account, you will no longer be-able to use password authentication to log in to either the website account or any character you created. When logging in, enter your usual username, and then as your password, enter in the 6 digit OTP from your preferred Authenticator app. The same goes for your character accounts as well.
This feature entirely prevents password guessing, as players whom enable this feature will no longer have a password, but other use a OTP, or otherwise called One-time password each time they log in.
Be careful though, as soon as you activate this, your password is no longer valid and can longer be used to sign-in to either the website or any character you might have on your account. Be sure to scan the QR code as soon as you click the Activate button, or you might be going through a very lengthily password reset process as a result.
At the moment, you cannot deactivate OTP authentication once it is activated, and using either the change password or reset password features will not re-enable password authentication! I may update the password reset flow to also disable OTP during a password reset so that you can regain access to your account if you either forget to scan the QR code, or misplace the app holding the OTP authentication code.
This feature is also only available to current closed beta players. Once the open beta rolls out soon, this feature will be available on all accounts.