Pages: 1 2 3 4 :: [one page] |
|
Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Shade Millith
Caldari Macabre Votum Morsus Mihi
|
Posted - 2010.10.13 10:06:00 -
[1]
Edited by: Shade Millith on 13/10/2010 10:08:00 Finally after quite some time, I've decided to change my password. Don't often do this with anything, as I usually don't care.
Went to change my password, and got this.
"Your password must: Contain at least one uppercase letter"
I'm seriously getting sick of more and more restrictions being placed on what I can and can't use as my password. First it was just abcdefg, now it's abcd3fg, now it's Abcd3fg.
It's getting bloody stupid. Back off and let me have what I want as my password. ------------------------
|
Cpt Advile
|
Posted - 2010.10.13 10:11:00 -
[2]
I know dude... it's the governments.. the system is flawed ...like yesterday I went to my local bank to liberate my bank account from the password cruse, but they were on to me... told me I couldn't do it... I ended up being thrown out by the security.. damn it's a password conspiracy! -------------------------------------------- Captain: Scotty, boost amarr laser power... CCP Scotty: I cannot' change the laws of physics. (Stay tuned for next episode where we pre-nerf ur boost) |
Lanu
0utbreak
|
Posted - 2010.10.13 10:13:00 -
[3]
So whats your accountname again?
|
gfldex
|
Posted - 2010.10.13 10:16:00 -
[4]
Keyloggers have a problem with the space key. Don't you know that?
|
Paknac Queltel
Swords Horses and Heavy Metal
|
Posted - 2010.10.13 10:19:00 -
[5]
Originally by: gfldex Keyloggers have a problem with the space key. Don't you know that?
Man, I wish I could use the tab key in passwords. - Paknac Queltel
|
Manackel
|
Posted - 2010.10.13 10:20:00 -
[6]
Ever think that maybe it's because it's harder to guess your password when there's a mixture of upper and lower case letters, numbers and symbols?
Ever think that maybe CCP are doing it for YOUR ACCOUNT PROTECTION?
You'd complain if your account was hacked and you'd left your password as it was before, just simple lower case wording. At least now there's a slightly lower chance of that happening.
Mack
|
Buck Marui
Caldari State War Academy
|
Posted - 2010.10.13 10:23:00 -
[7]
Originally by: Shade Millith Edited by: Shade Millith on 13/10/2010 10:08:00 Finally after quite some time, I've decided to change my password. Don't often do this with anything, as I usually don't care.
Went to change my password, and got this.
"Your password must: Contain at least one uppercase letter"
I'm seriously getting sick of more and more restrictions being placed on what I can and can't use as my password. First it was just abcdefg, now it's abcd3fg, now it's Abcd3fg.
It's getting bloody stupid. Back off and let me have what I want as my password.
People like you just invite account stealers, you shouldn't be allowed to use the internet, you clearly do not know how. |
Artemis Rose
Clandestine Vector
|
Posted - 2010.10.13 10:35:00 -
[8]
They do it for own protection.
Seriously. How could you whine about that?
*** Currently Playing: Trolls from Outer Space Current Equipment: VISAcard chain mail, +2 Amulet of Epic Whine, Self Banstick +2 WTB: +666 E-peen killboard stats |
Chainsaw Plankton
IDLE GUNS IDLE EMPIRE
|
Posted - 2010.10.13 10:39:00 -
[9]
Originally by: Artemis Rose They do it for own protection.
Seriously. How could you whine about that?
because it is annoying and I thought my password was good enough without it.
|
Artemis Rose
Clandestine Vector
|
Posted - 2010.10.13 10:43:00 -
[10]
Originally by: Chainsaw Plankton
Originally by: Artemis Rose They do it for own protection.
Seriously. How could you whine about that?
because it is annoying and I thought my password was good enough without it.
Just make it Password1 rather than password.
*** Currently Playing: Trolls from Outer Space Current Equipment: VISAcard chain mail, +2 Amulet of Epic Whine, Self Banstick +2 WTB: +666 E-peen killboard stats |
|
Chainsaw Plankton
IDLE GUNS IDLE EMPIRE
|
Posted - 2010.10.13 10:46:00 -
[11]
Originally by: Artemis Rose
Originally by: Chainsaw Plankton
Originally by: Artemis Rose They do it for own protection.
Seriously. How could you whine about that?
because it is annoying and I thought my password was good enough without it.
Just make it Password1 rather than password.
Password1, hmm I'm going to have to remember that for next time!
and I like my passwords with letters numbers and symbols, just not capital letters
|
Cat o'Ninetails
Caldari Rancer Defence League
|
Posted - 2010.10.13 10:51:00 -
[12]
i had to change my password to Hunter2 lol
x
EVE Garden |
Furb Killer
Gallente
|
Posted - 2010.10.13 11:04:00 -
[13]
Originally by: Artemis Rose They do it for own protection.
Seriously. How could you whine about that?
Quote: Ever think that maybe it's because it's harder to guess your password when there's a mixture of upper and lower case letters, numbers and symbols?
The chance someone guesses your password when it is something easy as "kittens" is astronomically small. If my pass is "kjlsaghl" it does not contain any uppercase or special characters while the chance someone guesses it is 0.
Yes if you want to protect your encrypted HDD you want at the very least something that wont turn up in a dictionary attack, and preferably also a long pass with special stuff in it. But brute forcing your eve login is just not an option for hackers.
Generally stealing account logins are done by keyloggers, phising sites, sites inviting stupid people (ie: look here who blocked you on msn) and random sites where they just hope you use same login as on the account they want to steal (for example i make a new site like eve-central where you got to make a login, and i just hope it is equal to your eve login). Against none of these methods it will matter if you take a stronger pass. And again, brute forcing an internet login is not an option.
|
Sadayiel
Caldari Silver Snake Enterprise Against ALL Authorities
|
Posted - 2010.10.13 11:09:00 -
[14]
this reminds me of the film Avalon when the protagonist introduces her password.. that's for sure a safe password
You know what the chain of command is? It's the chain I go get and beat you with 'til you understand who's in ruttin' command here. |
Arkanor
Gallente Ixion Defence Systems
|
Posted - 2010.10.13 11:14:00 -
[15]
Edited by: Arkanor on 13/10/2010 11:16:16
Originally by: Cat o'Ninetails i had to change my password to Hunter2 lol x
You do realize when you post your password on here it shows up as ******* right?
On a related note, I think there was a study (yeah don't quote me on this) on forcing password restrictions like this. It tends to make people choose easier passwords, making accounts even easier to hack. Personally it just annoys the **** out of me.
|
Theron Iyayora
|
Posted - 2010.10.13 11:17:00 -
[16]
I've concluded that account safety precautions are poppy****. Back in another MMO I had the longest and most ridiculous password you could ever dream of. I had it wrote down and it took me 2 minutes just to type the damn thing in, until I realized I could type it in to a document and use copy/paste to put it in.
Anyway, quit that game 2 year ago, and now when I check out my character on something similar to what EVE has in EVE gate, I see that it has been active for 1 and a half years, is on another server (have to pay to do that) and is constantly updating the gear. My computer has good security (no crap free firewalls/AV) and I know what I'm doing, never told PW or UN to anybody, never went to any shady websites, never downloaded any addons claiming to be mods for the game, nothing like that. Still got "hacked".
I think if you have good security and don't do anything to increase your chances of getting hacked like downloading "mods" that OMG ADD 100 ZEROS ON TO YOUR MONEY BALANCE" and don't tell ANYBODY your UN/PW, then you still have a chance to be hacked whether your password is insane or mundane. It's just luck.
|
Paknac Queltel
Swords Horses and Heavy Metal
|
Posted - 2010.10.13 11:21:00 -
[17]
Originally by: Arkanor On a related note, I think there was a study (yeah don't quote me on this) on forcing password restrictions like this. It tends to make people choose easier passwords, making accounts even easier to hack. Personally it just annoys the **** out of me.
It also makes it easier on those that try to brute-force it (idiots who try to brute-force passwords over a network do exist). When there must be 6 characters, at least one capital and at least one number, many passwords will have a capital at the start, 4 lowercase letters, then a number. - Paknac Queltel
|
Noun Verber
Gallente
|
Posted - 2010.10.13 11:28:00 -
[18]
isn't 'princess' or something one of the most common ones too?
|
Cat o'Ninetails
Caldari Rancer Defence League
|
Posted - 2010.10.13 11:36:00 -
[19]
Originally by: Noun Verber isn't 'princess' or something one of the most common ones too?
dag nabbit...
x
EVE Garden |
Shade Millith
Caldari Macabre Votum Morsus Mihi
|
Posted - 2010.10.13 11:49:00 -
[20]
Edited by: Shade Millith on 13/10/2010 11:51:31
Originally by: Manackel Ever think that maybe it's because it's harder to guess your password when there's a mixture of upper and lower case letters, numbers and symbols?
Ever think that maybe CCP are doing it for YOUR ACCOUNT PROTECTION?
You'd complain if your account was hacked and you'd left your password as it was before, just simple lower case wording. At least now there's a slightly lower chance of that happening.
Mack
Then let that be MY choice.
My passwords are secure enough without being babied. gdkgneilfyas or gdkgn3ilfyas or Gdkgn3ilfyas. It turns the chance to bruteforce it from "Absolutly minute" to "absolutly minute" to "absolutly minute". All for more buttons for me to remember.
Originally by: Buck Marui People like you just invite account stealers, you shouldn't be allowed to use the internet, you clearly do not know how.
No, it's people like you that can't secure your own account without having your hand held, because you clearly don't know how. ------------------------
|
|
Planetarian
Gallente Covert Operations Inc.
|
Posted - 2010.10.13 11:53:00 -
[21]
Once again my troll radar overheated and blew up ! /Planetarian |
Manackel
|
Posted - 2010.10.13 11:56:00 -
[22]
Originally by: Shade Millith Edited by: Shade Millith on 13/10/2010 11:51:31
Originally by: Manackel Ever think that maybe it's because it's harder to guess your password when there's a mixture of upper and lower case letters, numbers and symbols?
Ever think that maybe CCP are doing it for YOUR ACCOUNT PROTECTION?
You'd complain if your account was hacked and you'd left your password as it was before, just simple lower case wording. At least now there's a slightly lower chance of that happening.
Mack
Then let that be MY choice.
My passwords are secure enough without being babied. gdkgneilfyas or gdkgn3ilfyas or Gdkgn3ilfyas. It turns the chance to bruteforce it from "Absolutly minute" to "absolutly minute" to "absolutly minute". All for more buttons for me to remember.
'Cause having to remember a few extra buttons really is a terrible thing. Fair enough it's your choice, I just think it's silly to complain that CCP are trying to do their part in keeping your accounts secure.
|
Kendon Riddick
|
Posted - 2010.10.13 11:57:00 -
[23]
Originally by: Planetarian Once again my troll radar overheated and blew up !
dont troll the trolls
oh wait....
|
Efraya
Minmatar
|
Posted - 2010.10.13 11:59:00 -
[24]
Non-Dictionary word with extended ascii characters FTW! Signature removed for not being EVE related. Zymurgist |
Dagny Bronstein
|
Posted - 2010.10.13 12:01:00 -
[25]
Edited by: Dagny Bronstein on 13/10/2010 12:07:13
Originally by: Arkanor You do realize when you post your password on here it shows up as ******* right?
LOL
*runescape flashback*
edit: "the let it be my choice" - people tend to make stupid decisions when you give them the opportunity to do so and CCP's customer support staff has to deal with the fallout resulting from bad passwords. (And unless you cannot trust your roommate - who already has the possibility to steal all your other RL stuff - there wouldn't be a drawback to enforcing so complex passwords that most users will write them down and stick the note to their monitor.)
|
Paknac Queltel
Swords Horses and Heavy Metal
|
Posted - 2010.10.13 12:03:00 -
[26]
Originally by: Manackel 'Cause having to remember a few extra buttons really is a terrible thing. Fair enough it's your choice, I just think it's silly to complain that CCP are trying to do their part in keeping your accounts secure.
Security theater isn't security. - Paknac Queltel
|
Buck Marui
Caldari State War Academy
|
Posted - 2010.10.13 12:06:00 -
[27]
Originally by: Shade Millith No, it's people like you that can't secure your own account without having your hand held, because you clearly don't know how.
Haha, as much as I appreciate your wild speculation based on nothing, youll forgive me if I don't take anything you say seriously right?
Haha |
Vaerah Vahrokha
Minmatar Vahrokh Consulting
|
Posted - 2010.10.13 12:07:00 -
[28]
Those who introduce those ever more intricate password schemes have not true security experience.
There is an easily met thresold beyond which security becomes counter-productive.
I worked for a para-military company for years, when they started enforcing stronger passwords people started writing them on post-its sticked on the monitors. Once the direction forbidden those post-its, they started writing Excel sheets with their and their whole departments passwords writen on them. Shortly after some of those started getting randomly spread in emails. A disaster, the maintenance guys had to constantly monitor people so they would not do stupid things. All of this because someone decided that letting people use "password" as password was unsafe but Password1 was perfectly good and strong security. - Auditing & consulting
When looking for investors, please read http://tinyurl.com/n5ys4h + http://tinyurl.com/lrg4oz
|
Buck Marui
Caldari State War Academy
|
Posted - 2010.10.13 12:09:00 -
[29]
Originally by: Vaerah Vahrokha Those who introduce those ever more intricate password schemes have not true security experience.
There is an easily met thresold beyond which security becomes counter-productive.
I worked for a para-military company for years, when they started enforcing stronger passwords people started writing them on post-its sticked on the monitors. Once the direction forbidden those post-its, they started writing Excel sheets with their and their whole departments passwords writen on them. Shortly after some of those started getting randomly spread in emails. A disaster, the maintenance guys had to constantly monitor people so they would not do stupid things. All of this because someone decided that letting people use "password" as password was unsafe but Password1 was perfectly good and strong security.
And it never occured to them to use the industry security standard of sentences? |
Paknac Queltel
Swords Horses and Heavy Metal
|
Posted - 2010.10.13 12:14:00 -
[30]
Originally by: Buck Marui And it never occured to them to use the industry security standard of sentences?
People tend to take words like 'password' literally, unfortunately.
I do so prefer sentences. Easy to remember, easy to type, typically harder to read over the shoulder of someone typing it in...
But of course, some idiot will have put a maximum limit on password length "so they won't forget it as easily".
FFFFFFFUUUUUUUUUUUUUUUUU!!! - Paknac Queltel
|
|
Azureite
|
Posted - 2010.10.13 12:15:00 -
[31]
I don't even understand the point of changing this. Anyone who doesn't either out of habit or paranoia sprinkle capital letters in their password is just going to make the first letter in their PW the required capital.
It won't make a single PW in the entire game more difficult to figure out, because the capital will always come at the beginning.
|
Buck Marui
Caldari State War Academy
|
Posted - 2010.10.13 12:17:00 -
[32]
Edited by: Buck Marui on 13/10/2010 12:20:58
Originally by: Paknac Queltel
Originally by: Buck Marui And it never occured to them to use the industry security standard of sentences?
People tend to take words like 'password' literally, unfortunately.
I do so prefer sentences. Easy to remember, easy to type, typically harder to read over the shoulder of someone typing it in...
But of course, some idiot will have put a maximum limit on password length "so they won't forget it as easily".
FFFFFFFUUUUUUUUUUUUUUUUU!!!
hehe I think you misunderstood, you dont actually use the sentence
You use certain letters of a sentence, so when someone says whats the password to "server" you can say something like "the grass is greener" and the password would be "tgig" obviously very simple there but you get the idea.
obviously this is further secured by using upper case and numbers in the sentences, also using a convention that only the people who need to know actually know, so you wouldn't just use the first letter of each word seriously.
This way you can openly tell someone the password and anybody overhearing would still not understand it. |
Paknac Queltel
Swords Horses and Heavy Metal
|
Posted - 2010.10.13 12:22:00 -
[33]
Originally by: Buck Marui hehe I think you misunderstood, you dont actually use the sentence
You use certain letters of a sentence, so when someone says whats the password to "server" you can say something like "the grass is greener" and the password would be "tgig" obviously very simple there but you get the idea.
Ah, that makes sense.
You know we once had someone working for us who had her current city of residence and some date as her password? She still wrote it down and taped the paper to her monitor. No password remembering scheme will help regular users. - Paknac Queltel
|
Dirk Swan
|
Posted - 2010.10.13 12:24:00 -
[34]
Its his account. Let him do what he wants with it.
|
Muul Udonii
Minmatar THORN Syndicate Controlled Chaos
|
Posted - 2010.10.13 12:24:00 -
[35]
I changed my password to 'Password1' then posted that on the forums. Now I can't get into my account and have lost all my assets. What's going on with that? Is it a bug?
Need moar account security nao plz!
(yes, it's sarcasm)
|
Buck Marui
Caldari State War Academy
|
Posted - 2010.10.13 12:29:00 -
[36]
Originally by: Paknac Queltel
Originally by: Buck Marui hehe I think you misunderstood, you dont actually use the sentence
You use certain letters of a sentence, so when someone says whats the password to "server" you can say something like "the grass is greener" and the password would be "tgig" obviously very simple there but you get the idea.
Ah, that makes sense.
You know we once had someone working for us who had her current city of residence and some date as her password? She still wrote it down and taped the paper to her monitor. No password remembering scheme will help regular users.
Haha, and to tape it to the monitor... HAHA |
Guilliman R
Gallente Northstar Cabal R.A.G.E
|
Posted - 2010.10.13 13:59:00 -
[37]
Originally by: Buck Marui
Originally by: Paknac Queltel
You know we once had someone working for us who had her current city of residence and some date as her password? She still wrote it down and taped the paper to her monitor. No password remembering scheme will help regular users.
Haha, and to tape it to the monitor... HAHA
You'd be sad if you know how many people actually do that in offices.. ------
|
Mr Kidd
|
Posted - 2010.10.13 15:05:00 -
[38]
Edited by: Mr Kidd on 13/10/2010 15:16:57 Edited by: Mr Kidd on 13/10/2010 15:06:24 CCP ought to allow the use of all 255 ANSI characters. That would make for some secure passwords.
Quote:
You know we once had someone working for us who had her current city of residence and some date as her password? She still wrote it down and taped the paper to her monitor. No password remembering scheme will help regular users.
It is impractical to expect people to remember every password for every site/system/program that requires it. These days it's too voluminous. And as we get older our abilities to remember "secure" passwords becomes increasingly difficult. Those of you in your teens, twenties and early thirties may not be able to empathize, but it's true. My best advice is for users to write down their passwords but, keep it on their person in a wallet or purse. Keeping a password list in electronic format, even with password managers, is a single point of epic failure. A physical list of passwords with just enough information to remind you what they're for, imo, is a better option. Most hackers will never have physical access to you or your belongings. My passwords for things I deem requiring "secure" passwords are generally over 10 character longs with letters, numbers, case. That's over a dozen complex passwords. There's no way I can remember them all, especially those that I use maybe once a month.
Another advantage of having a physical list of passwords is if lost or stolen, you'll know it and relatively quickly compared to an electronic format that may have been compromised, copied and distributed with little to no evidence for you to detect the breach.
|
De'Veldrin
Minmatar CareBears on Fire The Obsidian Legion
|
Posted - 2010.10.13 16:40:00 -
[39]
Originally by: Guilliman R
Originally by: Buck Marui
Originally by: Paknac Queltel
You know we once had someone working for us who had her current city of residence and some date as her password? She still wrote it down and taped the paper to her monitor. No password remembering scheme will help regular users.
Haha, and to tape it to the monitor... HAHA
You'd be sad if you know how many people actually do that in offices..
The part that kills me is that people think replacing characters in a word with numbers that look like a letter are secure.
P@55w0rd really isn't that hard to figure out - really. --Vel
|
Tippia
Sunshine and Lollipops
|
Posted - 2010.10.13 16:51:00 -
[40]
Edited by: Tippia on 13/10/2010 16:55:01
Originally by: De'Veldrin
Originally by: Guilliman R
Originally by: Buck Marui
Originally by: Paknac Queltel You know we once had someone working for us who had her current city of residence and some date as her password? She still wrote it down and taped the paper to her monitor. No password remembering scheme will help regular users.
Haha, and to tape it to the monitor... HAHA
You'd be sad if you know how many people actually do that in offices..
The part that kills me is that people think replacing characters in a word with numbers that look like a letter are secure.
P@55w0rd really isn't that hard to figure out - really.
Meh.
There's always the I-wrote-it-down-feint password scheme:- Pick three letters.
- Pick a short sentence (with proper capitalisation and punctuation).
- Write said sentence down on the monitor post-it.
- When entering a password, use that sentence, but always skip the three letters picked in step 1.
You now have a reasonably complex, not-quite-dictionary-attackable password that is essentially only three letters long. ùùù ôIf you're not willing to fight for what you have in ≡v≡à you don't deserve it, and you will lose it.ö ù Karath Piki |
|
Buck Marui
Caldari State War Academy
|
Posted - 2010.10.13 17:30:00 -
[41]
Edited by: Buck Marui on 13/10/2010 17:33:55
Originally by: Tippia You now have a reasonably complex, not-quite-dictionary-attackable password that is essentially only three letters long.
which is easily brute forced, and/or guessed especially since you used correct punctuation.
But I get your meaning
Oh wait nevermind I didn't get your meaning
You mean to use the sentence and not the 3 letters.
Bit long-winded I think though |
Tippia
Sunshine and Lollipops
|
Posted - 2010.10.13 17:34:00 -
[42]
Edited by: Tippia on 13/10/2010 17:36:40
Originally by: Buck Marui which is easily brute forced, and/or guessed especially since you used correct punctuation.
Yes, but the hope is that people will notice the post-itÖ with the neat "Password:" written on ità
àstill, you're right. Even so, since you're writing it down anyway, you can mess up both spelling and punctuation (or just use gibberish) ù the actual password is in the three letters, not what's written on the note.
Quote: Bit long-winded I think though
Yes. And good luck if you lose the post-it. ùùù ôIf you're not willing to fight for what you have in ≡v≡à you don't deserve it, and you will lose it.ö ù Karath Piki |
John B'dlam
|
Posted - 2010.10.13 17:36:00 -
[43]
Originally by: Buck Marui Edited by: Buck Marui on 13/10/2010 17:31:16
Originally by: Tippia You now have a reasonably complex, not-quite-dictionary-attackable password that is essentially only three letters long.
which is easily brute forced, and/or guessed especially since you used correct punctuation.
But I get your meaning
There's also the old look-over-the-shoulder. Specifically avoiding certain keys can be obvious, if you happen to be doing it wrong.
But let's be honest, those of us who have even a semidecent system for remembering our unique passwords aren't the target. It's Jimmy and Jane down at HR who use the same password for everything and write it on a post-it under the keyboard that are.
|
Induc
Amarr
|
Posted - 2010.10.13 17:44:00 -
[44]
Originally by: Dirk Swan Its his account. Let him do what he wants with it.
Yes, but it's CCP's time when he comes screaming later wanting his hacked characters reimbursed.
|
Ocih
Amarr The Program Controlled Chaos
|
Posted - 2010.10.13 18:05:00 -
[45]
U need to think in MMO terms. Make the password people rage and
LOCK THE CAP BUTTON ON TO MAKE YOUR PASSWORD1 |
Barakkus
|
Posted - 2010.10.13 18:09:00 -
[46]
Originally by: Manackel Ever think that maybe it's because it's harder to guess your password when there's a mixture of upper and lower case letters, numbers and symbols?
Notrly
Originally by: captain foivos Who would recruit someone named Barakkus?
Wait a minute...
|
Mr Epeen
|
Posted - 2010.10.13 18:10:00 -
[47]
Lets see...
Two bank cards Three credit cards Two cellular providers One ISP Four Email accts EVE acct Five or six other games Dozens of forums
50 or so passwords to remember. Is it any wonder people write them down, keep them simple, or use the same one for everything?
Biometrics FTW! Passwords are so last century.
Mr Epeen
|
Barakkus
|
Posted - 2010.10.13 18:12:00 -
[48]
Originally by: Mr Epeen Biometrics FTW! Passwords are so last century.
This tbqfh.
Originally by: captain foivos Who would recruit someone named Barakkus?
Wait a minute...
|
KarumbaK
Amarr Hedion University
|
Posted - 2010.10.13 18:29:00 -
[49]
Originally by: Mr Epeen Lets see...
Two bank cards Three credit cards Two cellular providers One ISP Four Email accts EVE acct Five or six other games Dozens of forums
50 or so passwords to remember. Is it any wonder people write them down, keep them simple, or use the same one for everything?
Biometrics FTW! Passwords are so last century.
Mr Epeen
Generally I use the same passwords but with different variations, such as diff numbers, or symbols to replace parts... works pretty well Never Stop |
Cory Sopapilla
Minmatar Kiroshi Group
|
Posted - 2010.10.13 18:35:00 -
[50]
It could always be worse. I find the ones who try to be the most "secure" with rules are the ones easiest to brute force if someone on the outside knows the rules. Do you have any idea how many possibilities are ruled out when it can't be more than 2 letters, 2 numbers, 2 shift-key chars in a row and must be 8 chars or more? It's like lowering the lottery #s from 1-52 to 1-20.
Must contain at least one capital letter is fine. IMO, use more than one though and don't make it spell some 'l33t' word. And 12345 is no longer safe after Spaceballs announced it for use on luggage ;)
Seriously though, so many people use the same password and username everywhere that it doesn't even matter what you use. Eventually they'll sign up for some 3rd party website for game info on a certain game and just hand it to them.
|
|
Stick Cult
|
Posted - 2010.10.13 19:03:00 -
[51]
Edited by: Stick Cult on 13/10/2010 19:05:52
Originally by: KarumbaK
Originally by: Mr Epeen Lets see...
Two bank cards Three credit cards Two cellular providers One ISP Four Email accts EVE acct Five or six other games Dozens of forums
50 or so passwords to remember. Is it any wonder people write them down, keep them simple, or use the same one for everything?
Biometrics FTW! Passwords are so last century.
Mr Epeen
Generally I use the same passwords but with different variations, such as diff numbers, or symbols to replace parts... works pretty well
I do too, but then things like this "you must have one capital letter" mess things up big time.
For example, I say I started with password. I've used it to register for about half a dozen things. Oh, this website wants me to use a number. Ok, now I'll use password1 for everything. Now I've used THAT for half a dozen things. Oh, now this website wants a capital letter. Time for Password1. Now I've used that in half a dozen things. Now I need to have at least x characters. Time to change it again. And it goes on.
Now I've got accounts/things that need passwords in a few dozen places, but with different variations. Most of my things now use various variations (lol) of the same password, BUT I HAVE NO IDEA WHICH ONE GOES WHERE! It usually comes down to thinking "hmm.. about what year did I register this account?" or just plain guessing.
Please, let me secure my account myself. kthxbi
/me jumps on the "get-rid-of-password-requirements-bandwagon"
edit: And yes, this has led to me having a text document on my desktop full of passwords. And things I could never remember like my Eve APIs and various IP addresses...
Originally by: CCP Tuxford my bad. Rest assured I'm being ridiculed by my co-workers.
|
Paknac Queltel
Swords Horses and Heavy Metal
|
Posted - 2010.10.13 19:03:00 -
[52]
Originally by: Mr Epeen Biometrics FTW! Passwords are so last century.
Please do press your password on everything you touch. - Paknac Queltel
|
Cat o'Ninetails
Caldari Rancer Defence League
|
Posted - 2010.10.13 19:04:00 -
[53]
I was wondering if this would be more secure:
md5("Barclays[, EVE, Lloyds, Paypal, whatever]" + "password");
Means generating it everytime but an md5 function is not hard lol.
When I code and I need to store passwords etc, I tend to pre-salt with a long "randomish" code common to whatever it is I'm doing, information, then post-salt with a word like "userpass" or something:
so your password ($p) "fluffy" would be: $presalt = "fkjgfdlkjglfdkjglkjdflg"; $member_pass = md5($presalt.$p."member");
or something
x
EVE Garden |
Barkaial Starfinder
Minmatar The Kairos Syndicate Transmission Lost
|
Posted - 2010.10.13 19:20:00 -
[54]
you really dont have to remember a lot of passwords.. you just need a personal system to integrate something not too obvious from where the password is being used, to your complex "invariable" password which you could change every 3 months.
i could share my methods but..
|
Dr Neba
|
Posted - 2010.10.13 19:43:00 -
[55]
I think its a great feature, it has stopped me from login in when i am drunk lol |
Crias Taylor
GoonWaffe Goonswarm Federation
|
Posted - 2010.10.13 19:46:00 -
[56]
Stop sucking at passwords.
http://www.watchguard.com/info/budlogsin.asp
|
Barakkus
|
Posted - 2010.10.13 21:35:00 -
[57]
Originally by: Cat o'Ninetails I was wondering if this would be more secure:
md5("Barclays[, EVE, Lloyds, Paypal, whatever]" + "password");
Means generating it everytime but an md5 function is not hard lol.
When I code and I need to store passwords etc, I tend to pre-salt with a long "randomish" code common to whatever it is I'm doing, information, then post-salt with a word like "userpass" or something:
so your password ($p) "fluffy" would be: $presalt = "fkjgfdlkjglfdkjglkjdflg"; $member_pass = md5($presalt.$p."member");
or something
x
You do realize md5 is very easy to crack right? You're better off using Blowfish.
Originally by: captain foivos Who would recruit someone named Barakkus?
Wait a minute...
|
Scorpyn
Inimical Eclipse
|
Posted - 2010.10.13 23:22:00 -
[58]
When a program I used a while ago changed the maximum password length from 32 to 20 I was the only one to complain...
I'm not sure how long the eve passwords can get, but I think the maximum number of characters used to be 64 or something like that, so they can get quite long iirc.
|
Cat o'Ninetails
Caldari Rancer Defence League
|
Posted - 2010.10.13 23:27:00 -
[59]
Edited by: Cat o''Ninetails on 13/10/2010 23:31:24
Originally by: Barakkus
You do realize md5 is very easy to crack right? You're better off using Blowfish.
i think collisions are more of a worry than a crack
it was just an idea anyway and hashing is different from encryption lol :)
x
edit, i'll just tack this on: why are spaces disallowed? for instance "i am cat and hate pirates" is a stronger password than "iamcatandihatepirates" though both are weak in my example, but hope my point is clear enough. sentences are quite good passwords imo but as i demonstrated above i am terrible at security lol
EVE Garden |
Tippia
Sunshine and Lollipops
|
Posted - 2010.10.13 23:29:00 -
[60]
Originally by: Barakkus You do realize md5 is very easy to crack right? You're better off using Blowfish.
Why would you want to use a cipher for hashing? They serve two rather different purposesà ùùù ôIf you're not willing to fight for what you have in ≡v≡à you don't deserve it, and you will lose it.ö ù Karath Piki |
|
Lady Parity
|
Posted - 2010.10.14 01:56:00 -
[61]
damn they had this uppercase bull**** on when you created new accounts BUT you could fortunately change the password to lower case.
I dont get all this security tbh, lets be real here doesnt matter if your password is "76876HJHKhkhkjhYIUYIUYbjb66767868" all it will take is a simple keylog on your comp to steal it or do CCP truly believe the increase amount of 'hacks' have been because guessing account names AND passwords is really easy -.-
|
alittlebirdy
|
Posted - 2010.10.14 02:34:00 -
[62]
Good to know, won't waste time trying to change mine then, really is a joke, I don't need some ******* company trying to "protect my account" wanta protect my account, hey lets get a free AV with our eve subs ;) not a ****ing cap needed in the password.
Die in a fire ccp, you are already close.
|
Syphon Lodian
Gallente Fabled Enterprises
|
Posted - 2010.10.14 02:42:00 -
[63]
Of all the things to ***** about.
You knuckleheads will complain about anything.. seriously.
What is wrong with you all? -------------------------------------------------- |
Lady Parity
|
Posted - 2010.10.14 02:56:00 -
[64]
When you click on a link from these forums you see
WARNING!
Hackers are spamming our forums with links leading to key-loggers/Trojans and then ruining the accounts of players that navigate to those links.
The increased security on password changing is pretty lame imo
|
Kesshisan
Minmatar
|
Posted - 2010.10.14 02:56:00 -
[65]
Originally by: John B'dlam There's also the old look-over-the-shoulder.
This is why I use Dvorak.
Seriously, though, typing in a password on a Dvorak keyboard using a Qwerty setup, or vice-versa, is an amazing way to have easy-to-remember passwords which mos people cannot figure out, even if they're reading over your shoulder.
For example I used to use "Iwishiwasanoscarmeyerweiner" as my password on an old bbs. If I were to be sitting at a Qwerty keyboard layout, but start typing like I'm using a Dvorak layout, that now translates into: "G,g;jg,a;als;iaomdtdo,dgldo" It's easily memorable, the key strokes are quick to type (because I know Dvorak), and good luck using a dictionary attack to figure out that one!
|
illford baker
STK Scientific IT Alliance
|
Posted - 2010.10.14 03:43:00 -
[66]
all these passwords and stuff, can't we use biometrics? fingerprints, retina and stuff.
|
FatherAzreal
|
Posted - 2010.10.14 04:12:00 -
[67]
Originally by: Kesshisan
Originally by: John B'dlam There's also the old look-over-the-shoulder.
This is why I use Dvorak.
Seriously, though, typing in a password on a Dvorak keyboard using a Qwerty setup, or vice-versa, is an amazing way to have easy-to-remember passwords which mos people cannot figure out, even if they're reading over your shoulder.
For example I used to use "Iwishiwasanoscarmeyerweiner" as my password on an old bbs. If I were to be sitting at a Qwerty keyboard layout, but start typing like I'm using a Dvorak layout, that now translates into: "G,g;jg,a;als;iaomdtdo,dgldo" It's easily memorable, the key strokes are quick to type (because I know Dvorak), and good luck using a dictionary attack to figure out that one!
Great plan, just make sure no one you know reads this post.
|
Mire Stoude
The Undesirables
|
Posted - 2010.10.14 04:24:00 -
[68]
Originally by: Mr Kidd Edited by: Mr Kidd on 13/10/2010 15:16:57 Edited by: Mr Kidd on 13/10/2010 15:06:24 CCP ought to allow the use of all 255 ANSI characters. That would make for some secure passwords.
Quote:
You know we once had someone working for us who had her current city of residence and some date as her password? She still wrote it down and taped the paper to her monitor. No password remembering scheme will help regular users.
It is impractical to expect people to remember every password for every site/system/program that requires it. These days it's too voluminous. And as we get older our abilities to remember "secure" passwords becomes increasingly difficult. Those of you in your teens, twenties and early thirties may not be able to empathize, but it's true. My best advice is for users to write down their passwords but, keep it on their person in a wallet or purse. Keeping a password list in electronic format, even with password managers, is a single point of epic failure. A physical list of passwords with just enough information to remind you what they're for, imo, is a better option. Most hackers will never have physical access to you or your belongings. My passwords for things I deem requiring "secure" passwords are generally over 10 character longs with letters, numbers, case. That's over a dozen complex passwords. There's no way I can remember them all, especially those that I use maybe once a month.
Another advantage of having a physical list of passwords is if lost or stolen, you'll know it and relatively quickly compared to an electronic format that may have been compromised, copied and distributed with little to no evidence for you to detect the breach.
This... At work I have a password to log into the computer which must be reset every 3 months and we can "nevar" reuse them. This usually is not a problem. However, we also have up to 8 different programs we have to log in and out of on a regular basis which require their own passwords. Each of which must be reset every 2-6 months (different lengths for each program). Some programs I use daily and can remember the passwords, but some I may use only once a week and may forget the passwords (or try the wrong one repeatedly). And if we get them wrong more than 3 times, we are locked out and have to call IT.
Also, to the OP: I think these guys have the combination to your luggage.
|
Pytria Le'Danness
|
Posted - 2010.10.14 04:56:00 -
[69]
Originally by: Mire Stoude
... At work I have a password to log into the computer which must be reset every 3 months and we can "nevar" reuse them. ...
We have a similar system, with varying programs requiring different password strengths and different reuse times. Also we only have just one IT guy who is working short hours and thus often not present.
Guess what happened? Everyone I know has their current passwords written down on a sheet of paper stored in the top drawer of their desk - and most of these passwords are of the <personal information><increasing number> variant.
Security Theater indeed.
|
Terminal Insanity
Minmatar Foundation
|
Posted - 2010.10.14 05:28:00 -
[70]
Edited by: Terminal Insanity on 14/10/2010 05:35:20
Originally by: Shade Millith Edited by: Shade Millith on 13/10/2010 10:08:00 Finally after quite some time, I've decided to change my password. Don't often do this with anything, as I usually don't care.
Went to change my password, and got this.
"Your password must: Contain at least one uppercase letter"
I'm seriously getting sick of more and more restrictions being placed on what I can and can't use as my password. First it was just abcdefg, now it's abcd3fg, now it's Abcd3fg.
It's getting bloody stupid. Back off and let me have what I want as my password.
CCP got sick of spending hours upon hours repairing accounts stolen due to idiots using "hello" as their password, so they decided to add some 'restrictions' to try and idiot-proof passwords... and now the idiots actually complain that they cant use their stupid passwords? lol.
the 'restrictions' you talk about are basically standard practice for picking a password. You're a dumbass if you think this is a bad idea.
IMO ccp shouldnt ever repair an account that was stolen, if their password was "abcdefg".
How to create an easy-to-remember password, that will never get cracked: Go for gibberish. Something pronouncable, but it should NOT sound like a real word. This word should just roll off your tongue spontaniuosly as you're typing it. change some letters to 1337sp33k and you've got a password that will never be cracked easily, and it will also be extremely easy to remember, due to how you created it.
An example would be "Baw1akaB1n0S". notice the first and last character are capitalized, and only 1s and 0s are used as leetspeek, You can change this method to suit you (and you really should)
|
|
Kesshisan
Minmatar
|
Posted - 2010.10.14 05:40:00 -
[71]
Originally by: FatherAzreal Great plan, just make sure no one you know reads this post.
Hmm, I had better add in a mixture of foreign languages then. A mixture of foreign languages in Dvorak keys on a Qwerty keyboard, then add in some numbers-Hmm I may be onto the-most-secure-yet-memorable password development system yet!
|
Yorack Hunt
|
Posted - 2010.10.14 05:51:00 -
[72]
I find that passwords created completely randomly do fine.. and the easiest way to do that is to stick your hand in a bag of Scrabble tiles, pull out as many as you need and use them in the order they come out. If you need to use a number then just drop a random 1 in anywhere you want.
Never had 1 yet that's been found in any dictionary....
|
Paknac Queltel
Swords Horses and Heavy Metal
|
Posted - 2010.10.14 06:05:00 -
[73]
Originally by: Terminal Insanity CCP got sick of spending hours upon hours repairing accounts stolen due to idiots using "hello" as their password, so they decided to add some 'restrictions' to try and idiot-proof passwords... and now the idiots actually complain that they cant use their stupid passwords? lol.
the 'restrictions' you talk about are basically standard practice for picking a password. You're a dumbass if you think this is a bad idea.
Look how misinformed you are. Password complexity is mostly irrelevant. If someone can bruteforce even a 4-letter password, or get through a dictionary down to 'hello', then CCP set up the authentication system completely wrong.
The threat is from keyloggers, phishing and dumbasses using their EVE log-in credentials on untrustworthy EVE-related sites or software. No amount of complexity rules will change that. - Paknac Queltel
|
Terminal Insanity
Minmatar Foundation
|
Posted - 2010.10.14 06:12:00 -
[74]
Edited by: Terminal Insanity on 14/10/2010 06:14:04
Originally by: Paknac Queltel Look how misinformed you are. Password complexity is mostly irrelevant. If someone can bruteforce even a 4-letter password, or get through a dictionary down to 'hello', then CCP set up the authentication system completely wrong.
The threat is from keyloggers, phishing and dumbasses using their EVE log-in credentials on untrustworthy EVE-related sites or software. No amount of complexity rules will change that.
I have to return your complement. when i was a cracker, my dictionary list was arranged in a way that moves the most commonly used password phrases to the top, based on how many successful cracks its made. It then trys an assortment of common numbers preceding and following the phrase.
And, to put the nail in this argument, i have only one word: Proxies. See, no amount of server-side security will prevent a brute force attack, simply because you've got a proxy for every 5 passwords.
Yes, client-side security, (re keyloggers etc) are still a problem, but a good strong password is always the first line of defense, and solves the most common method of cracking passwords.
|
Paknac Queltel
Swords Horses and Heavy Metal
|
Posted - 2010.10.14 06:43:00 -
[75]
Originally by: Terminal Insanity Edited by: Terminal Insanity on 14/10/2010 06:14:04
Originally by: Paknac Queltel Look how misinformed you are. Password complexity is mostly irrelevant. If someone can bruteforce even a 4-letter password, or get through a dictionary down to 'hello', then CCP set up the authentication system completely wrong.
The threat is from keyloggers, phishing and dumbasses using their EVE log-in credentials on untrustworthy EVE-related sites or software. No amount of complexity rules will change that.
I have to return your complement. when i was a cracker, my dictionary list was arranged in a way that moves the most commonly used password phrases to the top, based on how many successful cracks its made. It then trys an assortment of common numbers preceding and following the phrase.
And, to put the nail in this argument, i have only one word: Proxies. See, no amount of server-side security will prevent a brute force attack, simply because you've got a proxy for every 5 passwords.
Yes, client-side security, (re keyloggers etc) are still a problem, but a good strong password is always the first line of defense, and solves the most common method of cracking passwords.
Seems like a whole lot of effort when people will still gladly put their password into whatever 'EVE cheat' they download.
Also, your proxy list shouldn't matter. Long before attempt 100, the account should only be unlockable by a randomly generated link mailed to the account owner. That's how I would do it.
Strong passwords are good, yes. Complexity rules don't make passwords stronger, though. People are predictable in how they will modify their standard password to pass complexity checks. - Paknac Queltel
|
Terminal Insanity
Minmatar Foundation
|
Posted - 2010.10.14 07:02:00 -
[76]
Edited by: Terminal Insanity on 14/10/2010 07:03:48
Originally by: Paknac Queltel
Originally by: Terminal Insanity Edited by: Terminal Insanity on 14/10/2010 06:14:04
Originally by: Paknac Queltel Look how misinformed you are. Password complexity is mostly irrelevant. If someone can bruteforce even a 4-letter password, or get through a dictionary down to 'hello', then CCP set up the authentication system completely wrong.
The threat is from keyloggers, phishing and dumbasses using their EVE log-in credentials on untrustworthy EVE-related sites or software. No amount of complexity rules will change that.
I have to return your complement. when i was a cracker, my dictionary list was arranged in a way that moves the most commonly used password phrases to the top, based on how many successful cracks its made. It then trys an assortment of common numbers preceding and following the phrase.
And, to put the nail in this argument, i have only one word: Proxies. See, no amount of server-side security will prevent a brute force attack, simply because you've got a proxy for every 5 passwords.
Yes, client-side security, (re keyloggers etc) are still a problem, but a good strong password is always the first line of defense, and solves the most common method of cracking passwords.
Seems like a whole lot of effort when people will still gladly put their password into whatever 'EVE cheat' they download.
Also, your proxy list shouldn't matter. Long before attempt 100, the account should only be unlockable by a randomly generated link mailed to the account owner. That's how I would do it.
Strong passwords are good, yes. Complexity rules don't make passwords stronger, though. People are predictable in how they will modify their standard password to pass complexity checks.
True enough, the password restrictions dont always help, but its a helpful nudge in the right direction.
Also, you cant lock someone out of their account just because of the number of attempts, this would create a DOS Attack vulnerability, in where i could lock people out of their accounts simply by letting a brute force attack run for just 1 minute. The best option in this case would be to record the IP addresses used by that account, and then require email authentication if he has a new IP block or ISP. This is (sorta) how most banks secure their accounts. But in the case of videogames, this is far more work then most players would appreciate.
|
Paknac Queltel
Swords Horses and Heavy Metal
|
Posted - 2010.10.14 07:08:00 -
[77]
Originally by: Terminal Insanity Also, you cant lock someone out of their account just because of the number of attempts, this would create a DOS Attack vulnerability, in where i could lock people out of their accounts simply by letting a brute force attack run for just 1 minute. The best option in this case would be to record the IP addresses used by that account, and then require email authentication if he has a new IP block or ISP. This is (sorta) how most banks secure their accounts. But in the case of videogames, this is far more work then most players would appreciate.
Meh, all details. Probably solvable in a user-friendly way, but that would require me to actually think about it more. But you're right. There's too many whiny players anyway.
How about this: they get to opt out if they forfeit whatever they get taken for if they get hacked? - Paknac Queltel
|
Muul Udonii
Minmatar THORN Syndicate Controlled Chaos
|
Posted - 2010.10.14 07:52:00 -
[78]
I use a non-english word, with some switching of numbers for letters. In fact it's a language spoken by exactly 0 people on this planet.
But all passwords are easy to crack if you have a keylogger trojan, which is why it's great that Eve saves my usernames, because people will never be able to keylog which one I'm selecting.
|
Paknac Queltel
Swords Horses and Heavy Metal
|
Posted - 2010.10.14 07:59:00 -
[79]
Originally by: Muul Udonii I use a non-english word, with some switching of numbers for letters. In fact it's a language spoken by exactly 0 people on this planet.
But all passwords are easy to crack if you have a keylogger trojan, which is why it's great that Eve saves my usernames, because people will never be able to keylog which one I'm selecting.
A lot of keyloggers can also capture screenshots. - Paknac Queltel
|
Garia666
Amarr T.H.U.G L.I.F.E Talos Coalition
|
Posted - 2010.10.14 08:03:00 -
[80]
hehe just never change your password :) i still have an 4 digit password on my email account :D
Do not click this ad. |
|
Nadarius Chrome
Celestial Horizon Corp.
|
Posted - 2010.10.14 08:22:00 -
[81]
On days like today when I get kicked from Eve every 15 minutes, I don't want a long, unnatural-to-type password. |
Vaerah Vahrokha
Minmatar Vahrokh Consulting
|
Posted - 2010.10.14 09:57:00 -
[82]
Quote:
But let's be honest, those of us who have even a semidecent system for remembering our unique passwords aren't the target. It's Jimmy and Jane down at HR who use the same password for everything and write it on a post-it under the keyboard that are.
I wish they were so smart to hide it under the keyboard. They put a post-it on the monitor so it is WELL visible to everyone.
After all do you know what happens in any case?
- Dude you KNOW it's forbidden to leave the password there
Sharon: "By corporate policy 1116-A-ZT3-2010 (notice how policies ironically would make for decent passwords?) ONLY <enter here Joe's cryptic profession here> may access pages "ACCOUNTING-118BZ32" but Joe lately needs 2 days off every 2 weeks so I have to fill in the forms for him with the password he is so kind to leave here for me to see. THE UBERMEGA BOSS wants so. GTFO PLX.
Also, more reasons why "secure passwords" is a stupid idea:
- They have never been secure enough. When they were, the hacker corrupts someone to give him the password.
- Brute force attack? The log in system should be removed, not the passwords made a PITA. A decent log in system will refuse brute force and impose increasing timeouts (and even lockdown) after NN failed attempts.
- Nowadays brute force is obsolete. Slam a keylogger inside a big titted slideshow and you achieve 1000 times as much and quicker. Or send some "Bank account suspended, enter your password here to enable" fake email.
- Nowadays you got 100 sites all demanding different and more complicate passwords that of course expire every some weeks and must be replaced with different ones. Result: everything well written down and in an easy to find location!
- Paypal aka real money at stake, is working since like 2 decades with weaker passwords than some "25 unique contacts a month" web sites / forums talking about trivial things.
Quote:
when i was a cracker, my dictionary list was arranged in a way that moves the most commonly used password phrases to the top, based on how many successful cracks its made. It then trys an assortment of common numbers preceding and following the phrase.
I suppose you cracked unpatched Windows NT systems you had physical access to? Because I know of little else whose security would suck so much. Those systems don't deserve to NOT be cracked.
- Auditing & consulting
When looking for investors, please read http://tinyurl.com/n5ys4h + http://tinyurl.com/lrg4oz
|
Paknac Queltel
Swords Horses and Heavy Metal
|
Posted - 2010.10.14 10:20:00 -
[83]
Originally by: Vaerah Vahrokha I wish they were so smart to hide it under the keyboard. They put a post-it on the monitor so it is WELL visible to everyone.
After all do you know what happens in any case?
- Dude you KNOW it's forbidden to leave the password there
Sharon: "By corporate policy 1116-A-ZT3-2010 (notice how policies ironically would make for decent passwords?) ONLY <enter here Joe's cryptic profession here> may access pages "ACCOUNTING-118BZ32" but Joe lately needs 2 days off every 2 weeks so I have to fill in the forms for him with the password he is so kind to leave here for me to see. THE UBERMEGA BOSS wants so. GTFO PLX.
Your pain. I feel it.
Originally by: Vaerah Vahrokha Also, more reasons why "secure passwords" is a stupid idea:
- They have never been secure enough. When they were, the hacker corrupts someone to give him the password.
- Brute force attack? The log in system should be removed, not the passwords made a PITA. A decent log in system will refuse brute force and impose increasing timeouts (and even lockdown) after NN failed attempts.
- Nowadays brute force is obsolete. Slam a keylogger inside a big titted slideshow and you achieve 1000 times as much and quicker. Or send some "Bank account suspended, enter your password here to enable" fake email.
- Nowadays you got 100 sites all demanding different and more complicate passwords that of course expire every some weeks and must be replaced with different ones. Result: everything well written down and in an easy to find location!
- Paypal aka real money at stake, is working since like 2 decades with weaker passwords than some "25 unique contacts a month" web sites / forums talking about trivial things.
Mate, your password must be this tall to ride. It's for your own security. We don't need your fancy 'logic'. - Paknac Queltel
|
Dr Fighter
|
Posted - 2010.10.14 10:29:00 -
[84]
some sort of optional digital certificate shouldnt be too hard or expensive to design.
|
Ghoest
|
Posted - 2010.10.14 11:16:00 -
[85]
I have used the the word "Password1' for years now and have never been hacked. One capital for the win!!!
Wherever you went - Here you are.
|
Vaerah Vahrokha
Minmatar Vahrokh Consulting
|
Posted - 2010.10.14 12:07:00 -
[86]
Quote: It's for your own security. We don't need your fancy 'logic'
Your failure to see why the not nerd side of the world uses the fancy 'logic' is why authentication systems will keep failing. - Auditing & consulting
When looking for investors, please read http://tinyurl.com/n5ys4h + http://tinyurl.com/lrg4oz
|
Kesshisan
Minmatar
|
Posted - 2010.10.14 12:57:00 -
[87]
Originally by: Muul Udonii I use a non-english word, with some switching of numbers for letters. In fact it's a language spoken by exactly 0 people on this planet.
But all passwords are easy to crack if you have a keylogger trojan, which is why it's great that Eve saves my usernames, because people will never be able to keylog which one I'm selecting.
The word "keylogger" is misleading. Many times when people refer to something which stole their account name and password they call it a "keylogger" but in reality it's a "network packet recorder." That doesn't quite roll off the tongue as easily.
The way "network packet recorders" work is that they capture data screams going in and out of your computer. It's basically like someone standing with a magnifying glass over every packet of data which goes in and out of your computer, and then filters out the important data to save it (IE Your username and password.)
In order to log into Eve, you need to send the login server a login name and password. If you only send one, you can't get in. So even though you're not physically typing anything in for your username, "keyloggers" will still be able to get your username.
|
Furb Killer
Gallente
|
Posted - 2010.10.14 13:10:00 -
[88]
@Keshi, no when people talk about keyloggers they mean a keylogger. In any system with the most basic security protocols implemented your password is transmitted encrypted. So no packet sniffer is going to get it, if that would work you would only need to put some additional hardware besides a major router and you got the passwords rolling out of it. Luckily it doesnt work that way, and if CCP doesnt send it encrypted someone should repeatedly kick them until they do.
Quote: And, to put the nail in this argument, i have only one word: Proxies. See, no amount of server-side security will prevent a brute force attack, simply because you've got a proxy for every 5 passwords.
Not a single reasonable login system on the internet will let you brute force a pas, better to lock the account than have it hacked. And really like i showed earlier in calculations, dictionary attack is theoretically possible, brute force is just technically impossible. The login server would die long before you got to the correct password, even with stuff without caps. But even for a dictionary attack the ammount of attempts you would have to do would be excessive. Not to mention forcing capital letters wont stop a dictionary attack, it would just require a very slightly more complicated dictionary (i want to bet 99% of the stuff in the top 1000 of the dictionary attack has only a capital for the first letter).
Btw about what someone else wrote, i dont know about other countries, but here not a single bank uses IP addresses for security. Luckily since it would be pretty crap security that is really user unfriendly. Different methods are used, mine uses authenticator that works in combination with bank pass + code.
|
Br41n
Amarr Ministry of War
|
Posted - 2010.10.14 13:34:00 -
[89]
Originally by: Furb Killer
Originally by: Artemis Rose They do it for own protection.
Seriously. How could you whine about that?
Quote: Ever think that maybe it's because it's harder to guess your password when there's a mixture of upper and lower case letters, numbers and symbols?
The chance someone guesses your password when it is something easy as "kittens" is astronomically small. If my pass is "kjlsaghl" it does not contain any uppercase or special characters while the chance someone guesses it is 0.
Yes if you want to protect your encrypted HDD you want at the very least something that wont turn up in a dictionary attack, and preferably also a long pass with special stuff in it. But brute forcing your eve login is just not an option for hackers.
Generally stealing account logins are done by keyloggers, phising sites, sites inviting stupid people (ie: look here who blocked you on msn) and random sites where they just hope you use same login as on the account they want to steal (for example i make a new site like eve-central where you got to make a login, and i just hope it is equal to your eve login). Against none of these methods it will matter if you take a stronger pass. And again, brute forcing an internet login is not an option.
only lowercase letters make it a lot faster for scripts to run through, if you add capital letters, numbers and special characters you increase the time to a few hundred years with the best super computer if you use 12 or more characters.
You really don't think they just try passwords manually now do you? ~~~~~~~~~~~~~~~~~~~~~ Pinky: Gee, Brain. What are we going to do tonight?
Brain: The same thing we do every night, Pinky. Try to take over the world. ~~~~~~~~~~~~~~~~~~~~~ |
Furb Killer
Gallente
|
Posted - 2010.10.14 14:47:00 -
[90]
Of course not, i never said that, but you are seriously underestimating the ammount of combinations. I thought i showed the calculations here, but guess it was another topic.
Anyway if you want to brute force someone pass which has 6 lower case characters within 24 hours max, so that would be 12 hours average. Then you need several thousand login attempts per second. I am pretty much certain that would cause the login servers to crash, and 100% certain that CCP would notice and block the account. Now lets make it 8 characters with only lower case again, for the same requirements we are now at several million attemps per second. That would definately cause the login servers to crash.
Since forcing a password to have uppercase will most likely result in first letter being a cap that wont actually increase the number of attempts required. Now lets say we got 8 character with lower case or numbers, so still no caps or special characters, that increases the required ammount of attempts again with a factor of over 10, more than 30M attempts per second would be required.
These numbers are perfectly viable to hack an encrypted hard drive. But it is just not realistic to brute force a login like an eve login. If you want those logins there are other ways that are effective (one certain school girl comes to mind) without immediatly telling CCP which account is being compromised. And all those methods are independent of your actual password used.
|
|
|
|
|
Pages: 1 2 3 4 :: [one page] |