Pages: 1 [2] 3 4 :: one page |
|
Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Azureite
|
Posted - 2010.10.13 12:15:00 -
[31]
I don't even understand the point of changing this. Anyone who doesn't either out of habit or paranoia sprinkle capital letters in their password is just going to make the first letter in their PW the required capital.
It won't make a single PW in the entire game more difficult to figure out, because the capital will always come at the beginning.
|
Buck Marui
Caldari State War Academy
|
Posted - 2010.10.13 12:17:00 -
[32]
Edited by: Buck Marui on 13/10/2010 12:20:58
Originally by: Paknac Queltel
Originally by: Buck Marui And it never occured to them to use the industry security standard of sentences?
People tend to take words like 'password' literally, unfortunately.
I do so prefer sentences. Easy to remember, easy to type, typically harder to read over the shoulder of someone typing it in...
But of course, some idiot will have put a maximum limit on password length "so they won't forget it as easily".
FFFFFFFUUUUUUUUUUUUUUUUU!!!
hehe I think you misunderstood, you dont actually use the sentence
You use certain letters of a sentence, so when someone says whats the password to "server" you can say something like "the grass is greener" and the password would be "tgig" obviously very simple there but you get the idea.
obviously this is further secured by using upper case and numbers in the sentences, also using a convention that only the people who need to know actually know, so you wouldn't just use the first letter of each word seriously.
This way you can openly tell someone the password and anybody overhearing would still not understand it. |
Paknac Queltel
Swords Horses and Heavy Metal
|
Posted - 2010.10.13 12:22:00 -
[33]
Originally by: Buck Marui hehe I think you misunderstood, you dont actually use the sentence
You use certain letters of a sentence, so when someone says whats the password to "server" you can say something like "the grass is greener" and the password would be "tgig" obviously very simple there but you get the idea.
Ah, that makes sense.
You know we once had someone working for us who had her current city of residence and some date as her password? She still wrote it down and taped the paper to her monitor. No password remembering scheme will help regular users. - Paknac Queltel
|
Dirk Swan
|
Posted - 2010.10.13 12:24:00 -
[34]
Its his account. Let him do what he wants with it.
|
Muul Udonii
Minmatar THORN Syndicate Controlled Chaos
|
Posted - 2010.10.13 12:24:00 -
[35]
I changed my password to 'Password1' then posted that on the forums. Now I can't get into my account and have lost all my assets. What's going on with that? Is it a bug?
Need moar account security nao plz!
(yes, it's sarcasm)
|
Buck Marui
Caldari State War Academy
|
Posted - 2010.10.13 12:29:00 -
[36]
Originally by: Paknac Queltel
Originally by: Buck Marui hehe I think you misunderstood, you dont actually use the sentence
You use certain letters of a sentence, so when someone says whats the password to "server" you can say something like "the grass is greener" and the password would be "tgig" obviously very simple there but you get the idea.
Ah, that makes sense.
You know we once had someone working for us who had her current city of residence and some date as her password? She still wrote it down and taped the paper to her monitor. No password remembering scheme will help regular users.
Haha, and to tape it to the monitor... HAHA |
Guilliman R
Gallente Northstar Cabal R.A.G.E
|
Posted - 2010.10.13 13:59:00 -
[37]
Originally by: Buck Marui
Originally by: Paknac Queltel
You know we once had someone working for us who had her current city of residence and some date as her password? She still wrote it down and taped the paper to her monitor. No password remembering scheme will help regular users.
Haha, and to tape it to the monitor... HAHA
You'd be sad if you know how many people actually do that in offices.. ------
|
Mr Kidd
|
Posted - 2010.10.13 15:05:00 -
[38]
Edited by: Mr Kidd on 13/10/2010 15:16:57 Edited by: Mr Kidd on 13/10/2010 15:06:24 CCP ought to allow the use of all 255 ANSI characters. That would make for some secure passwords.
Quote:
You know we once had someone working for us who had her current city of residence and some date as her password? She still wrote it down and taped the paper to her monitor. No password remembering scheme will help regular users.
It is impractical to expect people to remember every password for every site/system/program that requires it. These days it's too voluminous. And as we get older our abilities to remember "secure" passwords becomes increasingly difficult. Those of you in your teens, twenties and early thirties may not be able to empathize, but it's true. My best advice is for users to write down their passwords but, keep it on their person in a wallet or purse. Keeping a password list in electronic format, even with password managers, is a single point of epic failure. A physical list of passwords with just enough information to remind you what they're for, imo, is a better option. Most hackers will never have physical access to you or your belongings. My passwords for things I deem requiring "secure" passwords are generally over 10 character longs with letters, numbers, case. That's over a dozen complex passwords. There's no way I can remember them all, especially those that I use maybe once a month.
Another advantage of having a physical list of passwords is if lost or stolen, you'll know it and relatively quickly compared to an electronic format that may have been compromised, copied and distributed with little to no evidence for you to detect the breach.
|
De'Veldrin
Minmatar CareBears on Fire The Obsidian Legion
|
Posted - 2010.10.13 16:40:00 -
[39]
Originally by: Guilliman R
Originally by: Buck Marui
Originally by: Paknac Queltel
You know we once had someone working for us who had her current city of residence and some date as her password? She still wrote it down and taped the paper to her monitor. No password remembering scheme will help regular users.
Haha, and to tape it to the monitor... HAHA
You'd be sad if you know how many people actually do that in offices..
The part that kills me is that people think replacing characters in a word with numbers that look like a letter are secure.
P@55w0rd really isn't that hard to figure out - really. --Vel
|
Tippia
Sunshine and Lollipops
|
Posted - 2010.10.13 16:51:00 -
[40]
Edited by: Tippia on 13/10/2010 16:55:01
Originally by: De'Veldrin
Originally by: Guilliman R
Originally by: Buck Marui
Originally by: Paknac Queltel You know we once had someone working for us who had her current city of residence and some date as her password? She still wrote it down and taped the paper to her monitor. No password remembering scheme will help regular users.
Haha, and to tape it to the monitor... HAHA
You'd be sad if you know how many people actually do that in offices..
The part that kills me is that people think replacing characters in a word with numbers that look like a letter are secure.
P@55w0rd really isn't that hard to figure out - really.
Meh.
There's always the I-wrote-it-down-feint password scheme:- Pick three letters.
- Pick a short sentence (with proper capitalisation and punctuation).
- Write said sentence down on the monitor post-it.
- When entering a password, use that sentence, but always skip the three letters picked in step 1.
You now have a reasonably complex, not-quite-dictionary-attackable password that is essentially only three letters long. ùùù ôIf you're not willing to fight for what you have in ≡v≡à you don't deserve it, and you will lose it.ö ù Karath Piki |
|
Buck Marui
Caldari State War Academy
|
Posted - 2010.10.13 17:30:00 -
[41]
Edited by: Buck Marui on 13/10/2010 17:33:55
Originally by: Tippia You now have a reasonably complex, not-quite-dictionary-attackable password that is essentially only three letters long.
which is easily brute forced, and/or guessed especially since you used correct punctuation.
But I get your meaning
Oh wait nevermind I didn't get your meaning
You mean to use the sentence and not the 3 letters.
Bit long-winded I think though |
Tippia
Sunshine and Lollipops
|
Posted - 2010.10.13 17:34:00 -
[42]
Edited by: Tippia on 13/10/2010 17:36:40
Originally by: Buck Marui which is easily brute forced, and/or guessed especially since you used correct punctuation.
Yes, but the hope is that people will notice the post-itÖ with the neat "Password:" written on ità
àstill, you're right. Even so, since you're writing it down anyway, you can mess up both spelling and punctuation (or just use gibberish) ù the actual password is in the three letters, not what's written on the note.
Quote: Bit long-winded I think though
Yes. And good luck if you lose the post-it. ùùù ôIf you're not willing to fight for what you have in ≡v≡à you don't deserve it, and you will lose it.ö ù Karath Piki |
John B'dlam
|
Posted - 2010.10.13 17:36:00 -
[43]
Originally by: Buck Marui Edited by: Buck Marui on 13/10/2010 17:31:16
Originally by: Tippia You now have a reasonably complex, not-quite-dictionary-attackable password that is essentially only three letters long.
which is easily brute forced, and/or guessed especially since you used correct punctuation.
But I get your meaning
There's also the old look-over-the-shoulder. Specifically avoiding certain keys can be obvious, if you happen to be doing it wrong.
But let's be honest, those of us who have even a semidecent system for remembering our unique passwords aren't the target. It's Jimmy and Jane down at HR who use the same password for everything and write it on a post-it under the keyboard that are.
|
Induc
Amarr
|
Posted - 2010.10.13 17:44:00 -
[44]
Originally by: Dirk Swan Its his account. Let him do what he wants with it.
Yes, but it's CCP's time when he comes screaming later wanting his hacked characters reimbursed.
|
Ocih
Amarr The Program Controlled Chaos
|
Posted - 2010.10.13 18:05:00 -
[45]
U need to think in MMO terms. Make the password people rage and
LOCK THE CAP BUTTON ON TO MAKE YOUR PASSWORD1 |
Barakkus
|
Posted - 2010.10.13 18:09:00 -
[46]
Originally by: Manackel Ever think that maybe it's because it's harder to guess your password when there's a mixture of upper and lower case letters, numbers and symbols?
Notrly
Originally by: captain foivos Who would recruit someone named Barakkus?
Wait a minute...
|
Mr Epeen
|
Posted - 2010.10.13 18:10:00 -
[47]
Lets see...
Two bank cards Three credit cards Two cellular providers One ISP Four Email accts EVE acct Five or six other games Dozens of forums
50 or so passwords to remember. Is it any wonder people write them down, keep them simple, or use the same one for everything?
Biometrics FTW! Passwords are so last century.
Mr Epeen
|
Barakkus
|
Posted - 2010.10.13 18:12:00 -
[48]
Originally by: Mr Epeen Biometrics FTW! Passwords are so last century.
This tbqfh.
Originally by: captain foivos Who would recruit someone named Barakkus?
Wait a minute...
|
KarumbaK
Amarr Hedion University
|
Posted - 2010.10.13 18:29:00 -
[49]
Originally by: Mr Epeen Lets see...
Two bank cards Three credit cards Two cellular providers One ISP Four Email accts EVE acct Five or six other games Dozens of forums
50 or so passwords to remember. Is it any wonder people write them down, keep them simple, or use the same one for everything?
Biometrics FTW! Passwords are so last century.
Mr Epeen
Generally I use the same passwords but with different variations, such as diff numbers, or symbols to replace parts... works pretty well Never Stop |
Cory Sopapilla
Minmatar Kiroshi Group
|
Posted - 2010.10.13 18:35:00 -
[50]
It could always be worse. I find the ones who try to be the most "secure" with rules are the ones easiest to brute force if someone on the outside knows the rules. Do you have any idea how many possibilities are ruled out when it can't be more than 2 letters, 2 numbers, 2 shift-key chars in a row and must be 8 chars or more? It's like lowering the lottery #s from 1-52 to 1-20.
Must contain at least one capital letter is fine. IMO, use more than one though and don't make it spell some 'l33t' word. And 12345 is no longer safe after Spaceballs announced it for use on luggage ;)
Seriously though, so many people use the same password and username everywhere that it doesn't even matter what you use. Eventually they'll sign up for some 3rd party website for game info on a certain game and just hand it to them.
|
|
Stick Cult
|
Posted - 2010.10.13 19:03:00 -
[51]
Edited by: Stick Cult on 13/10/2010 19:05:52
Originally by: KarumbaK
Originally by: Mr Epeen Lets see...
Two bank cards Three credit cards Two cellular providers One ISP Four Email accts EVE acct Five or six other games Dozens of forums
50 or so passwords to remember. Is it any wonder people write them down, keep them simple, or use the same one for everything?
Biometrics FTW! Passwords are so last century.
Mr Epeen
Generally I use the same passwords but with different variations, such as diff numbers, or symbols to replace parts... works pretty well
I do too, but then things like this "you must have one capital letter" mess things up big time.
For example, I say I started with password. I've used it to register for about half a dozen things. Oh, this website wants me to use a number. Ok, now I'll use password1 for everything. Now I've used THAT for half a dozen things. Oh, now this website wants a capital letter. Time for Password1. Now I've used that in half a dozen things. Now I need to have at least x characters. Time to change it again. And it goes on.
Now I've got accounts/things that need passwords in a few dozen places, but with different variations. Most of my things now use various variations (lol) of the same password, BUT I HAVE NO IDEA WHICH ONE GOES WHERE! It usually comes down to thinking "hmm.. about what year did I register this account?" or just plain guessing.
Please, let me secure my account myself. kthxbi
/me jumps on the "get-rid-of-password-requirements-bandwagon"
edit: And yes, this has led to me having a text document on my desktop full of passwords. And things I could never remember like my Eve APIs and various IP addresses...
Originally by: CCP Tuxford my bad. Rest assured I'm being ridiculed by my co-workers.
|
Paknac Queltel
Swords Horses and Heavy Metal
|
Posted - 2010.10.13 19:03:00 -
[52]
Originally by: Mr Epeen Biometrics FTW! Passwords are so last century.
Please do press your password on everything you touch. - Paknac Queltel
|
Cat o'Ninetails
Caldari Rancer Defence League
|
Posted - 2010.10.13 19:04:00 -
[53]
I was wondering if this would be more secure:
md5("Barclays[, EVE, Lloyds, Paypal, whatever]" + "password");
Means generating it everytime but an md5 function is not hard lol.
When I code and I need to store passwords etc, I tend to pre-salt with a long "randomish" code common to whatever it is I'm doing, information, then post-salt with a word like "userpass" or something:
so your password ($p) "fluffy" would be: $presalt = "fkjgfdlkjglfdkjglkjdflg"; $member_pass = md5($presalt.$p."member");
or something
x
EVE Garden |
Barkaial Starfinder
Minmatar The Kairos Syndicate Transmission Lost
|
Posted - 2010.10.13 19:20:00 -
[54]
you really dont have to remember a lot of passwords.. you just need a personal system to integrate something not too obvious from where the password is being used, to your complex "invariable" password which you could change every 3 months.
i could share my methods but..
|
Dr Neba
|
Posted - 2010.10.13 19:43:00 -
[55]
I think its a great feature, it has stopped me from login in when i am drunk lol |
Crias Taylor
GoonWaffe Goonswarm Federation
|
Posted - 2010.10.13 19:46:00 -
[56]
Stop sucking at passwords.
http://www.watchguard.com/info/budlogsin.asp
|
Barakkus
|
Posted - 2010.10.13 21:35:00 -
[57]
Originally by: Cat o'Ninetails I was wondering if this would be more secure:
md5("Barclays[, EVE, Lloyds, Paypal, whatever]" + "password");
Means generating it everytime but an md5 function is not hard lol.
When I code and I need to store passwords etc, I tend to pre-salt with a long "randomish" code common to whatever it is I'm doing, information, then post-salt with a word like "userpass" or something:
so your password ($p) "fluffy" would be: $presalt = "fkjgfdlkjglfdkjglkjdflg"; $member_pass = md5($presalt.$p."member");
or something
x
You do realize md5 is very easy to crack right? You're better off using Blowfish.
Originally by: captain foivos Who would recruit someone named Barakkus?
Wait a minute...
|
Scorpyn
Inimical Eclipse
|
Posted - 2010.10.13 23:22:00 -
[58]
When a program I used a while ago changed the maximum password length from 32 to 20 I was the only one to complain...
I'm not sure how long the eve passwords can get, but I think the maximum number of characters used to be 64 or something like that, so they can get quite long iirc.
|
Cat o'Ninetails
Caldari Rancer Defence League
|
Posted - 2010.10.13 23:27:00 -
[59]
Edited by: Cat o''Ninetails on 13/10/2010 23:31:24
Originally by: Barakkus
You do realize md5 is very easy to crack right? You're better off using Blowfish.
i think collisions are more of a worry than a crack
it was just an idea anyway and hashing is different from encryption lol :)
x
edit, i'll just tack this on: why are spaces disallowed? for instance "i am cat and hate pirates" is a stronger password than "iamcatandihatepirates" though both are weak in my example, but hope my point is clear enough. sentences are quite good passwords imo but as i demonstrated above i am terrible at security lol
EVE Garden |
Tippia
Sunshine and Lollipops
|
Posted - 2010.10.13 23:29:00 -
[60]
Originally by: Barakkus You do realize md5 is very easy to crack right? You're better off using Blowfish.
Why would you want to use a cipher for hashing? They serve two rather different purposesà ùùù ôIf you're not willing to fight for what you have in ≡v≡à you don't deserve it, and you will lose it.ö ù Karath Piki |
|
|
|
|
Pages: 1 [2] 3 4 :: one page |
First page | Previous page | Next page | Last page |