Pages: [1] 2 :: one page |
|
Author |
Thread Statistics | Show CCP posts - 1 post(s) |
Cypher V
Minmatar Critical Mass Technologies
|
Posted - 2011.03.10 21:13:00 -
[1]
wtf... This is so ANNOYING. I NEVER put a capital letter in there, and being forced to means I have to press the shift key and EBERTING!
Hate it.
Remove it.
Get it done.
|
Nina Mercedez
|
Posted - 2011.03.10 21:15:00 -
[2]
Just change it to whatever you want then.
|
Patient 2428190
DEGRREE'Fo'FREE Internet Business School
|
Posted - 2011.03.10 21:15:00 -
[3]
Yes, lets reduce the security of our accounts. That sounds like a smart idea. ...Then when you stopped to think about it. All you really said was Lalala. |
Aessoroz
Nohbdy.
|
Posted - 2011.03.10 21:20:00 -
[4]
Edited by: Aessoroz on 10/03/2011 21:20:04
Originally by: Patient 2428190 Yes, lets reduce the security of our accounts. That sounds like a smart idea.
Five bucks that 90% of users are making the first letter capital or the last one,thus negating any potential security gains and just ****ing off users.
|
Parah Salin McCain
|
Posted - 2011.03.10 21:20:00 -
[5]
SO ANNOYING THAT CCP WANT TO INCREASE SECURITY AND HELP TO PROTECT OUR ACCOUNTS THOSE BASTARDS. ITS SO DIFFICULT TO INPUT AN UPPER CASE LETTER GOD DAMN YOU CROWD CONTROL PRODUCTIONS HIGH FIVE.
|
Zhim'Fufu
|
Posted - 2011.03.10 21:23:00 -
[6]
Originally by: Cypher V wtf... This is so ANNOYING. I NEVER put a capital letter in there, and being forced to means I have to press the shift key and EBERTING!
Hate it.
Remove it.
Get it done.
I wonder if the op would develop an aneurysm if they made you use a number too?
Originally by: Response to bitter carebear tears in local [19:44:46] CCP Incognito > sorry i can't talk about game mechanics. you need to use your brains and figure it out.
|
Marchocias
Snatch Victory
|
Posted - 2011.03.10 21:23:00 -
[7]
Edited by: Marchocias on 10/03/2011 21:23:27
Originally by: Patient 2428190 Yes, lets reduce the security of our accounts. That sounds like a smart idea.
Actually, forcing there to be at least one capital slightly reduces security because any attacker now knows that the password has at least one capital in it.
The only benefit to it is so that people creating passwords are made aware that they can use capitals, so that more do, and guessing becomes generally more difficult.
However, this is only increasing security for those people who don't already use capitals, and who will probably, for simplicities sake, only use a capital on the first available letter, thereby leaving us back where we started (because anyone who was going to guess a password with all lowercase letters, will now do exactly the same just with the first one capitalised).
Therefore, on average, it slightly decreases security. ---- I belong to Silent Ninja (Hopefully that should cover it). |
De'Veldrin
Minmatar Self Preservation Society the 2nd Dead Terrorists
|
Posted - 2011.03.10 21:26:00 -
[8]
Originally by: Marchocias Edited by: Marchocias on 10/03/2011 21:23:27
Originally by: Patient 2428190 Yes, lets reduce the security of our accounts. That sounds like a smart idea.
Actually, forcing there to be at least one capital slightly reduces security because any attacker now knows that the password has at least one capital in it.
The only benefit to it is so that people creating passwords are made aware that they can use capitals, so that more do, and guessing becomes generally more difficult.
However, this is only increasing security for those people who don't already use capitals, and who will probably, for simplicities sake, only use a capital on the first available letter, thereby leaving us back where we started (because anyone who was going to guess a password with all lowercase letters, will now do exactly the same just with the first one capitalised).
Therefore, on average, it slightly decreases security.
And the "really clever" ones turn on caps lock to "make it harder to guess" their passwords.
--Vel
Originally by: Blacksquirrel
This is EVE. PVE can happen anywhere at anytime. Be prepared.
|
Parah Salin McCain
|
Posted - 2011.03.10 21:29:00 -
[9]
Originally by: Marchocias
Therefore, on average, it slightly decreases security.
... IN YOUR OPINION
|
Kraal Jarik
|
Posted - 2011.03.10 21:34:00 -
[10]
None of mine contain capital letters, so OP = fail.
|
|
Barakkus
|
Posted - 2011.03.10 21:35:00 -
[11]
Dear CCP, please fix the search function so we don't have to see the same threads repeatedly.
Thanks. - - [SERVICE] Corp Standings For POS anchoring
|
Patient 2428190
DEGRREE'Fo'FREE Internet Business School
|
Posted - 2011.03.10 21:35:00 -
[12]
Originally by: Marchocias Edited by: Marchocias on 10/03/2011 21:23:27
Originally by: Patient 2428190 Yes, lets reduce the security of our accounts. That sounds like a smart idea.
Actually, forcing there to be at least one capital slightly reduces security because any attacker now knows that the password has at least one capital in it.
The only benefit to it is so that people creating passwords are made aware that they can use capitals, so that more do, and guessing becomes generally more difficult.
However, this is only increasing security for those people who don't already use capitals, and who will probably, for simplicities sake, only use a capital on the first available letter, thereby leaving us back where we started (because anyone who was going to guess a password with all lowercase letters, will now do exactly the same just with the first one capitalised).
Therefore, on average, it slightly decreases security.
Even in the case of worst case of PW strength, first letter capitalized and the rest lowercase changes nothing for brute force hacking
The second you get somebody with the faint shred of intelligence (weird I know, but sometimes I'm optimistic about people) and they move their required capital letter to a different letter in PW, the strength of the password is improved.
TBH, they should require a really secure PW (Unique characters, Capitals and numbers, the whole works) and giant prompt saying "DO NOT USE THIS PASSWORD FOR ANYTHING BUT YOUR EVE ONLINE ACCOUNT". If you going to try to save people from stupid, don't do it half assed. ...Then when you stopped to think about it. All you really said was Lalala. |
Kieron VonDeux
|
Posted - 2011.03.10 21:36:00 -
[13]
Edited by: Kieron VonDeux on 10/03/2011 21:36:31
Originally by: Zhim'Fufu I wonder if the op would develop an aneurysm if they made you use a number too?
Or, God forbid, a "special" character.
|
Azureite
Amarr Special Forces Operation Detachment Delta The 0rphanage
|
Posted - 2011.03.10 21:38:00 -
[14]
Originally by: Aessoroz Edited by: Aessoroz on 10/03/2011 21:20:04
Originally by: Patient 2428190 Yes, lets reduce the security of our accounts. That sounds like a smart idea.
Five bucks that 90% of users are making the first letter capital or the last one,thus negating any potential security gains and just ****ing off users.
^this
|
|
CCP Adida
C C P C C P Alliance
|
Posted - 2011.03.10 22:00:00 -
[15]
It helps with your account security. We could allow people have their password at 12345 but wouldn't that be easy to guess?
Adida Community Rep CCP Hf, EVE Online
|
|
Katsumoto
Caldari Quam Singulari Session Changes
|
Posted - 2011.03.10 22:06:00 -
[16]
I have that combination on my luggage! .
|
Wen Illiad
Gallente GoonWaffe Goonswarm Federation
|
Posted - 2011.03.10 22:12:00 -
[17]
Originally by: Katsumoto I have that combination on my luggage!
You too?!?
|
Tippia
Sunshine and Lollipops
|
Posted - 2011.03.10 22:26:00 -
[18]
Also, see this. ùùù ôIf you're not willing to fight for what you have in ≡v≡à you don't deserve it, and you will lose it.ö ù Karath Piki |
sableye
principle of motion
|
Posted - 2011.03.10 22:50:00 -
[19]
Edited by: sableye on 10/03/2011 22:53:13 nevermind
----------------------------------------- View The North Star! In All Its Glory!! |
Ban Doga
|
Posted - 2011.03.10 22:50:00 -
[20]
Originally by: Marchocias Edited by: Marchocias on 10/03/2011 21:23:27
Originally by: Patient 2428190 Yes, lets reduce the security of our accounts. That sounds like a smart idea.
Actually, forcing there to be at least one capital slightly reduces security because any attacker now knows that the password has at least one capital in it.
The only benefit to it is so that people creating passwords are made aware that they can use capitals, so that more do, and guessing becomes generally more difficult.
However, this is only increasing security for those people who don't already use capitals, and who will probably, for simplicities sake, only use a capital on the first available letter, thereby leaving us back where we started (because anyone who was going to guess a password with all lowercase letters, will now do exactly the same just with the first one capitalised).
Therefore, on average, it slightly decreases security.
That's why common sense fails at probability theory.
By your theory guessing a password must have been much easier in the past, because most people didn't use any capital letters at all and reducing the number of different letters used in a password (actually cutting it in half) makes it much easier to apply brute force or simple guessing successfully.
Unless of course you wanted to imply that passwords already contained capital letters in which case the security is not reduced AT ALL.
|
|
Rguy Amphal
|
Posted - 2011.03.10 23:03:00 -
[21]
Originally by: Marchocias
Actually, forcing there to be at least one capital slightly reduces security because any attacker now knows that the password has at least one capital in it.
I could start talking about password cracking permutations to point out how dumb was your comment, but I won't.
|
Julius Rigel
Sub-warp Racing Venture
|
Posted - 2011.03.11 01:21:00 -
[22]
Originally by: CCP Adida It helps with your account security. We could allow people have their password at 12345 but wouldn't that be easy to guess?
I've been using that joke for years when telling people about the combinations to the bookmark cans.
|
Awesome Possum
Original Sin. PURPLE HELMETED WARRIORS
|
Posted - 2011.03.11 01:25:00 -
[23]
Adida, account security should be the responsibility of the user. Measures like this make it sound like you are taking responsibility and accountability for people's account security. So when they do get "hacked", you are to blame, not the user.
On a related issue, I dislike the fact that CCP keeps a record of peoples' old passwords. What should happen if that fell into the hands of the "bad people"? Once I change my password, there should be no record or indication of what it was in your files. ♥
|
Imajitaaltofanalt ofanalt
|
Posted - 2011.03.11 01:27:00 -
[24]
hey, look at me, I'm a geek! I can haxxorz joo!
seriously... i use numberz for my pazzwordz
|
Lothris Andastar
|
Posted - 2011.03.11 01:38:00 -
[25]
Edited by: Lothris Andastar on 11/03/2011 01:39:30
Originally by: CCP Adida It helps with your account security. We could allow people have their password at 12345 but wouldn't that be easy to guess?
Actually, CCP Adida, it Weakens account security.
A Password that can POSSIBLY have an all lower case password is harder to crack than a Password where one letter is CERTAINLY a Capital Letter. By forcing at least 1 capital letter, you eliminate the billions of potential all lower case passwords, meaning less word for any attacker to try and find the password.
Add to the fact that a grand total of zero accounts are compromised by brute force attacks (they are comprimised via keyloggers because naughty people buy isk), this has zero impact on account security and just annoys people.
|
Barakkus
|
Posted - 2011.03.11 01:50:00 -
[26]
Originally by: Lothris Andastar Edited by: Lothris Andastar on 11/03/2011 01:39:30
Originally by: CCP Adida It helps with your account security. We could allow people have their password at 12345 but wouldn't that be easy to guess?
Actually, CCP Adida, it Weakens account security.
A Password that can POSSIBLY have an all lower case password is harder to crack than a Password where one letter is CERTAINLY a Capital Letter. By forcing at least 1 capital letter, you eliminate the billions of potential all lower case passwords, meaning less word for any attacker to try and find the password.
Add to the fact that a grand total of zero accounts are compromised by brute force attacks (they are comprimised via keyloggers because naughty people buy isk), this has zero impact on account security and just annoys people.
Not this again.
No it doesn't, you have no clue about what you are talking about. - - [SERVICE] Corp Standings For POS anchoring
|
Awesome Possum
Original Sin. PURPLE HELMETED WARRIORS
|
Posted - 2011.03.11 02:13:00 -
[27]
Originally by: Barakkus
Originally by: Lothris Andastar Edited by: Lothris Andastar on 11/03/2011 01:39:30
Originally by: CCP Adida It helps with your account security. We could allow people have their password at 12345 but wouldn't that be easy to guess?
Actually, CCP Adida, it Weakens account security.
A Password that can POSSIBLY have an all lower case password is harder to crack than a Password where one letter is CERTAINLY a Capital Letter. By forcing at least 1 capital letter, you eliminate the billions of potential all lower case passwords, meaning less word for any attacker to try and find the password.
Add to the fact that a grand total of zero accounts are compromised by brute force attacks (they are comprimised via keyloggers because naughty people buy isk), this has zero impact on account security and just annoys people.
Not this again.
No it doesn't, you have no clue about what you are talking about.
Please provide proof that accounts are being compromised via brute force and not keylogging/social engineering. ♥
|
Barakkus
|
Posted - 2011.03.11 02:17:00 -
[28]
Originally by: Awesome Possum
Originally by: Barakkus
Originally by: Lothris Andastar Edited by: Lothris Andastar on 11/03/2011 01:39:30
Originally by: CCP Adida It helps with your account security. We could allow people have their password at 12345 but wouldn't that be easy to guess?
Actually, CCP Adida, it Weakens account security.
A Password that can POSSIBLY have an all lower case password is harder to crack than a Password where one letter is CERTAINLY a Capital Letter. By forcing at least 1 capital letter, you eliminate the billions of potential all lower case passwords, meaning less word for any attacker to try and find the password.
Add to the fact that a grand total of zero accounts are compromised by brute force attacks (they are comprimised via keyloggers because naughty people buy isk), this has zero impact on account security and just annoys people.
Not this again.
No it doesn't, you have no clue about what you are talking about.
Please provide proof that accounts are being compromised via brute force and not keylogging/social engineering.
I'm not suggesting that, I'm suggesting that the requirement of at least 1 uppercase character does not reduce the number of combinations that can be used for a brute force attack.
I agree, most account compromises happen due to stupid people, not brute force attacks. - - [SERVICE] Corp Standings For POS anchoring
|
Infinity Ziona
Minmatar Cloakers
|
Posted - 2011.03.11 02:43:00 -
[29]
Originally by: Barakkus I'm not suggesting that, I'm suggesting that the requirement of at least 1 uppercase character does not reduce the number of combinations that can be used for a brute force attack.
This is so wrong its ridiculous and can only be a troll.
Requiring a single capital letter reduces possible permutations because it eliminates every permutation that consists of only lowercase and every permutation that consists of lowercase and numeric characters.
--------------------------------------------- I AM BETTER THAN YOU. |
Barakkus
|
Posted - 2011.03.11 03:07:00 -
[30]
Originally by: Infinity Ziona
Originally by: Barakkus I'm not suggesting that, I'm suggesting that the requirement of at least 1 uppercase character does not reduce the number of combinations that can be used for a brute force attack.
This is so wrong its ridiculous and can only be a troll.
Requiring a single capital letter reduces possible permutations because it eliminates every permutation that consists of only lowercase and every permutation that consists of lowercase and numeric characters.
Please see page 53. http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf
CCP should follow the guidelines listed in the previous link of requiring 3 of the 4 standard password requirements actually. Requiring just one isn't enough, but I don't think they suffer very many brute force attacks. - - [SERVICE] Corp Standings For POS anchoring
|
|
|
|
|
Pages: [1] 2 :: one page |
First page | Previous page | Next page | Last page |