Curse

erick5876 · Nov 17, 2006, 08:07 PM // 20:07

After reading some of the recent posts about account security, I thought it might be a good ideah to write a guide with some basic rules for choosing a secure password, and keeping your account safe. What I will cover will probably seem like common sense to many of you out there, but many people simply don't have that much experience. This guide is intended for someone who is not very security-savvy, and may not realize they are putting themselves at risk.

Note: To keep this guide fairly relative to all online accounts, and to make it easier to understand the examples, I won't be using and special characters in the examples.

With many online-accounts (Guild Wars included), the only thing that stands between anyone and access to your account is your password. This is your first and final line of defense, so it had better be a good one. A simple password like "ilikedogs" or a birthdate are extremely easy to break. More complex passwords are much harder to break, and are therefore more secure. To break passwords, hackers can use one of a number of methods. One of the fastest ways to break simple passwords is to use a cracker with a dictionary file (a very comprehensive list of common passwords). That method isn't always garunteed to work. The slowest (but most reliable) way to break passwords is through brute force. This method tries every possible combination of characters until the password is found. The longer, and more complex a password, the less likely it is to be in a dictionary file, and the harder it is to brute force.

So, the guidelines for creating a strong password are:

1) It should be as long as possible. If the password can be up to 12 characters long, use all 12.
2) It should contain a mix of all possible characters. This includes upper and lower case letters, numbers, and (if allowed), special characters or symbols like: !@#$%^&*(){}][/";`~.
3) It should use random, or at least seemingly random characters. For example, y0v5uCk is better than yousuck.
4) It should be changed often.

A common way to make your password seem random is to use a computer lingo called 1337 (or leet, short for elite) speak. 1337 speak is used often by people in video games. It may seem strange when you first encounter it, but it's really easy to comprehend once you understand what is being done. The basic premise to replace letters in words with similar looking characters. For example, 'E' becomes '3.' An 'I' or an 'L' could be replaced by a '1.' A 'U' can be changed to a 'v.' An 'A' can become an '@.' There are many variations, and no set rule on what character becomes what. You can read more about 1337 speak, and find a sample alphabet here:
http://en.wikipedia.org/wiki/Leet

Using 1337, you can make a simple password signifigantly stronger. Say your password is: "appercot"
By modifying it using 1337, you could get the seemingly random string: "4pP3rC07"
Although, it's still not the hardest thing to figure out, the second password would be much more difficult for a hacker to break. In order to strengthen the password, it needs to be longer, and more randomized. So, you may be thinking, "But its hard to remember a really long random password that doesn't make any sense!" That's why you use an algorithm or logic process to come up with your password. This will allow you to figure out your own password by working with an easy to remeber phrase without actually having to memorize every character. I'll walk you through an example process:

First, Think of a statement about... say something you like.

For example, I like cars.

Next, Think more specifically about that topic, and come up with another statement:

I own a 1990 Oldsmobile Cutlass Supreme.

And now, to make the phrase longer, think of something else to go with it.

I like to drive fast.

Now, come up with a statement built off the previous ones that you can remember:

I like to drive my 1990 Oldsmobile Cutlass Supreme fast.

Now, use 1337 speak to build a password from that phrase. It doesn't have to be a sentence, or match the phrase exactly, but you need to be able to figure it out from that phrase.
So, my example phrase becomes:

drive 1990 Oldsmobile Cutlass Supreme fast

First, change the words into 1337 speak:

D12iv3 1990 0lDs cv71ass 5np12Em3 f45t

You may have noticed that I shortened Oldsmobile to Olds. Longer passwords are better, but I want to show you a technique than can make your password even stronger, and the shoter string works better for this example. Take the 1990, and insert it into the 0lDs, between the letters, so you get:

0 1 l 9 D 9 s 0

Put it all together, and you get your new password:

D12iv301l9D9s0cv71ass5np12Em3f45t

Now, if you can remember that you like to "drive your 1990 Oldsmobile Cutlass Supreme fast," and you always follow the same rules for 1337 speak, you will always be able to figure out your password without actually remembering it. This gives you a seemingly random password that is going to be a whole lot harder to figure out than: "ilikekittys"

Remember though, even really strong passwords can be cracked through brute force over time. That is why you should change your password on a regular basis.

Here are some other guidelines to help keep you in control of your Guild Wars account:

Never give out your account name or email address.

Do not use the same email for your account that you use for personal emails or forum registrations. Register your account on an email that you don't give out to anyone.

Do not download any third-party software. Not only could the programs contain keyloggers, trojans, and viruses, but they are also against the End User Liscence Agreement.

Do not save your email or password, especially if you play on more than one computer.

If you are kicked off by someone logging into your account, immediately log back on to kick them off, and change or reset the password. If they change the password before you can, immediately contact ArenaNet's support department.

These are time-tested, fairly simple guidelines used by techs worldwide. Even if all you do is begin useing mixed-case letters and numbers in your passwords, it will keep you 10 times safer than before. Hopefully, this guide has helped someone make their account a little more secure.

~Erick