- Status
[citation][nom]memadmax[/nom]There's an easy way to stop list bruteforce tactics: 30 minute timeout with an email enforced password change after 3 failed login attempts... also, forced password change after first time login, with previous passwords cached for non-use later(if the user attempts to use a previous password again, it fails)... These password tactics are very, very, very easy to implement... few lines of code in most cases....[/citation]
Yahoo (or was it another website?) has a 24-hour policy. Fail the passwords three times, and you're done for the day.
The only issue is trolling. If you can get hold of someone's username, then it's very easy to lock them out of the account. :/
Yahoo (or was it another website?) has a 24-hour policy. Fail the passwords three times, and you're done for the day.
The only issue is trolling. If you can get hold of someone's username, then it's very easy to lock them out of the account. :/
[citation][nom]zshazz[/nom]Ideally, you use PBKDF2 with either bcrypt or scrypt as a function...[/citation]
Correction: PBKDF2 with one of the SHAs, or either bcrypt or scrypt. Not that you should make a decision on password storage solely by what a random joe blow in the comments of Tom's Hardware said... please do some due diligence by reading this stuff up if you actually intend on making decisions that will affect your users.
Correction: PBKDF2 with one of the SHAs, or either bcrypt or scrypt. Not that you should make a decision on password storage solely by what a random joe blow in the comments of Tom's Hardware said... please do some due diligence by reading this stuff up if you actually intend on making decisions that will affect your users.
stingstang
Distinguished
- May 11, 2009
- 1,160
- 0
- 19,310
stingstang
Distinguished
- May 11, 2009
- 1,160
- 0
- 19,310
As soon as Aion was launched in the US about 3 years ago I got many phishing e-mails with fake Aion websites and at the time I only had acquired the game, never got on the forums or any fan website. How did them get my e-mail?
My guess is NCSoft sells our records to 3rd parties or even gold sellers, why not? They might be a established "marketing" company in China looking legit.
And by the way, I am not going to purchase GW2 since they're killing City of Heroes, might as well keep myself entertained with Tera for now.
My guess is NCSoft sells our records to 3rd parties or even gold sellers, why not? They might be a established "marketing" company in China looking legit.
And by the way, I am not going to purchase GW2 since they're killing City of Heroes, might as well keep myself entertained with Tera for now.
I wonder how many peoples accounts where stolen from the info hackers got from cracking blizzard not long ago.
http://www.cinemablend.com/games/Battle-net-Database-Hacked-Always-DRM-Say-What-45524.html
I am sure its reasonable to assume that not everyone know about this happening. Special since they stole everything Battle.net related except CC numbers.
http://www.cinemablend.com/games/Battle-net-Database-Hacked-Always-DRM-Say-What-45524.html
I am sure its reasonable to assume that not everyone know about this happening. Special since they stole everything Battle.net related except CC numbers.
They hacked my ArenaNet account and changed my associated email without gaining access to my email. Great exploit they found in ArenaNet's system.
techguy911
Distinguished
- Jun 8, 2007
- 1,075
- 0
- 19,460
When you play a game that is popular don't use any password that you have used anywhere else, use uppercase/lowercase/numbers and if they also accept special characters make it even stronger.
Have a good antivirus and a very good program to have is Zemana Antilogger it prevents all keyloggers from working and encrypts keystrokes, prevents screen grabbers and clipboard grabbers from running.
It also detects man in the middle attacks it is very highly rated i work in the cyber security field and recommend it to my business customers.
Personally i think email only security is a VERY BAD idea every major email companies has been hacked at one time or another they should add an extra layer of security for logging on like Aion has with a 8 digit pin code that is selected only via mouse pin pad.
Have a good antivirus and a very good program to have is Zemana Antilogger it prevents all keyloggers from working and encrypts keystrokes, prevents screen grabbers and clipboard grabbers from running.
It also detects man in the middle attacks it is very highly rated i work in the cyber security field and recommend it to my business customers.
Personally i think email only security is a VERY BAD idea every major email companies has been hacked at one time or another they should add an extra layer of security for logging on like Aion has with a 8 digit pin code that is selected only via mouse pin pad.
madrich
Honorable
- Aug 15, 2012
- 38
- 0
- 10,530
[citation][nom]freggo[/nom]Short password is brute force safe if you allow only 3 failed attempts per 5 minutes for example and shut off the account after , say, 20 failed attempts.[/citation]
That would be a way to lock out rivals so long as you know their e-mail and enter the wrong password on purpose. I think the game is temporarily turning into "Login Wars 2".
That would be a way to lock out rivals so long as you know their e-mail and enter the wrong password on purpose. I think the game is temporarily turning into "Login Wars 2".
madrich
Honorable
- Aug 15, 2012
- 38
- 0
- 10,530
[citation][nom]myaccountgothackedaswell[/nom]same here: Not on any fansites / pw of gw2 and email are not the same ... Just received 2 emails saying password change requested and after that email change requested.. Both emails were not read so they have not even been in my email.. so no just user faults here[/citation]
could be someone choosing a name similar to yours, or they typed theirs wrong.
could be someone choosing a name similar to yours, or they typed theirs wrong.
madrich
Honorable
- Aug 15, 2012
- 38
- 0
- 10,530
[citation][nom]A Bad Day[/nom]Yahoo (or was it another website?) has a 24-hour policy. Fail the passwords three times, and you're done for the day.The only issue is trolling. If you can get hold of someone's username, then it's very easy to lock them out of the account.[/citation]
Screen Name (other users see this name in game)
Login (nobody but you will see this, used at login screen only)
E-mail (used for account signup/notification)
A factor that should be unknown, names should be different, complicated for the user but a bit more secure and prevent people from locking each other out since their display name AND their (most likely) known e-mail address wont be a part of the login process. The game Conquer 2.0 is a Chinese MMORPG that does this.
Screen Name (other users see this name in game)
Login (nobody but you will see this, used at login screen only)
E-mail (used for account signup/notification)
A factor that should be unknown, names should be different, complicated for the user but a bit more secure and prevent people from locking each other out since their display name AND their (most likely) known e-mail address wont be a part of the login process. The game Conquer 2.0 is a Chinese MMORPG that does this.
NuclearShadow
Distinguished
- Sep 20, 2007
- 1,535
- 0
- 19,810
[citation][nom]myaccountgothackedaswell[/nom]same here: Not on any fansites / pw of gw2 and email are not the same ... Just received 2 emails saying password change requested and after that email change requested.. Both emails were not read so they have not even been in my email.. so no just user faults here[/citation]
Interesting if you have no outside connection and no easily guessed user name then perhaps hackers are using the game itself as a method to account steal. I have yet to play but any chance characters names are displayed with account name when talking? For example STO and CO when you talk it shows your character name and account name does this game also use such a method?
Interesting if you have no outside connection and no easily guessed user name then perhaps hackers are using the game itself as a method to account steal. I have yet to play but any chance characters names are displayed with account name when talking? For example STO and CO when you talk it shows your character name and account name does this game also use such a method?
go ahead store everything in the cloud like wolfgang grueners paying job tells him to promote every where and any where, this is a perfect example of cloud, enjoy.
also the cloud is great for botters with a proxy or CID type program. i just had a GM ban over 300 accounts yesterday that were replaced by another 300 or so 30 minutes later. the cloud has ruined online gaming by bogging down the servers and internet.
also the cloud is great for botters with a proxy or CID type program. i just had a GM ban over 300 accounts yesterday that were replaced by another 300 or so 30 minutes later. the cloud has ruined online gaming by bogging down the servers and internet.
everygamer
Distinguished
- Aug 1, 2006
- 282
- 0
- 18,780
Not sure why they don't just adopt the key system that Battle.net and SWTOR use, that has unique changing key value tied to your login. Without the key system you cannot login.
maddogfargo
Splendid
- Nov 28, 2006
- 3,344
- 8
- 22,965
[citation][nom]samwelaye[/nom]these are ALL user errors. If the fansite gets hacked, and you use the SAME email and password for that and your gw2 account, that isnt gw2 accounts being hacked. That is you being stupid.[/citation]
I have to agree. Password security is something people take for granted until it costs them something. And most don't even bother to come up with and memorize a secure password scheme. Query any support desk and they will confirm this statement.
Plus, think about the PIN to your bank card or what you do with your credit card information. Then think about the on-line accounts you have. If you don't safeguard them both with the same degree if diligence, 'you're doing it wrong.'
Just glad to see that it was not Arena-Net who were hacked.
Still, to be safe, change your password to something better. And you can use this tool to see how secure it REALLY is:
http://howsecureismypassword.net/
I have to agree. Password security is something people take for granted until it costs them something. And most don't even bother to come up with and memorize a secure password scheme. Query any support desk and they will confirm this statement.
Plus, think about the PIN to your bank card or what you do with your credit card information. Then think about the on-line accounts you have. If you don't safeguard them both with the same degree if diligence, 'you're doing it wrong.'
Just glad to see that it was not Arena-Net who were hacked.
Still, to be safe, change your password to something better. And you can use this tool to see how secure it REALLY is:
http://howsecureismypassword.net/
leongrado
Distinguished
- Oct 10, 2010
- 142
- 0
- 18,690
[citation][nom]stingstang[/nom]Someone make a petition to block Chinese ip's from the rest of the world.[/citation]
People think it's wrong that China's censoring their internet. The irony.
So why are there no news about GW2 being "sold out" or it being an amazing game? Oh Tom's. Please tell me about Apple and Blizzard and how great they are.
People think it's wrong that China's censoring their internet. The irony.
So why are there no news about GW2 being "sold out" or it being an amazing game? Oh Tom's. Please tell me about Apple and Blizzard and how great they are.
It's nice to see leading companies in their respective verticals are giving users the perfect balance between security and user experience by implementing 2FA which allows us to telesign into our accounts. I know some will claim this make things more complicated, but the slight inconvenience each time you log in is worth the confidence of knowing your info is secure. I'm hoping that more companies start to offer this awesome functionality. This should be a prerequisite to any system that wants to promote itself as being secure.
- Status
TRENDING THREADS
-
-
Question Microsoft Defender found Trojans on my PC- Started by Tommy Sawyer
- Replies: 4
-
Question Can I just upgrade my graphics card or should I be upgrading my processor as well for UE5?- Started by Tolstoy1990
- Replies: 7
-
-
-
Discussion What's your favourite video game you've been playing?- Started by amdfangirl
- Replies: 3K
Latest posts
-
-
Question Microsoft Defender found Trojans on my PC
- Latest: ohio_buckeye
-
-
Facebook
Twitter
Instagram