Jun 24, 2011, 09:37 PM // 21:37
|
#1
|
Lion's Arch Merchant
Join Date: Feb 2006
Profession: D/
|
Fed up with account "security"
Ok, you know what, I've had it!
If Arena Net cared about account security don't you think we'd have something a bit better than "8-13 Alpha Numeric Only" passwords? I mean what is the issue with these people?
I would love to have a secure password but your primitive password system DOESN'T ALLOW IT.
Plenty of other places allow MUCH MORE than 13 freaking characters, AND they allow symbols. WHAT is your problem?? All of that money you're raking in from your cash shop and you still can't afford to host passwords longer than 13 characters?
I'm tired of seeing these weekly security warnings, logging in to see if they've done anything legitimate to help the problem, and seeing NOTHING.
13 Characters, alpha-numeric only, give me a damn break.
|
|
|
Jun 24, 2011, 09:48 PM // 21:48
|
#2
|
Desert Nomad
Join Date: Apr 2006
Profession: R/
|
13 character alpha numeric is not a problem compared to the real weaknesses in the system. Unfortunatley, the biggest weakness doesn't lie with ANet. What use is stonger passwords when many people choose 1234?
Having said that, ANet should do a lot more for account protection. Thye can start by allowing you to specify non-deletable (time locked) characters and items.
|
|
|
Jun 24, 2011, 09:51 PM // 21:51
|
#3
|
Grotto Attendant
Join Date: Mar 2006
Location: "Pre-nerf" is incorrect. It's pre-buff.
Guild: Requirement Begins With R [notQ]
Profession: Me/
|
A method of 'locking' your GW account to your own particular computer would be great. Also, a temporary account lock for frequent wrong password attempts would prevent brute forcing.
|
|
|
Jun 24, 2011, 09:54 PM // 21:54
|
#4
|
Lion's Arch Merchant
Join Date: Aug 2010
Location: The other side
|
Oh gosh rager in the building. There is literally probably over a million different pass combinations you can make using 13 alpha numeric. Passwords aren't the problem.
|
|
|
Jun 24, 2011, 10:23 PM // 22:23
|
#5
|
Academy Page
Join Date: Dec 2007
Location: Smalltownville USA
Guild: OWEN
Profession: D/A
|
Really?! Your crying because of password length? Dont use the same password for multiple things and be smart with what you do online. If your not stupid or terribly unlucky you have a much better chance of not being a target. Iv played 6 years and never had a single scare. In this day and age of major hacking if the right person really wanted you acRED ENGINE GORED ENGINE GORED ENGINE GORED ENGINE GO they would get it. If the FBI, CIA and Sony can be hacked there is nothing A-net can do to provide 100% security. Cross your fingers and hope for the best ![Smile](../Img/smile.gif)
lol I have no idea why that was RED ENGINED.
Last edited by subman247; Jun 24, 2011 at 10:25 PM // 22:25..
|
|
|
Jun 24, 2011, 10:43 PM // 22:43
|
#6
|
Desert Nomad
Join Date: Sep 2009
Location: In a van, down by the river.
Guild: RED ENGINE GORED ENGINE GORED ENGINE GORED ENGINE GO if I know, ask Lynette.
Profession: R/
|
OP, you can make a strong password with alphanumeric and limited chars, the weekness generally comes from people using actual words in their passwords, which makes them easier for bruteforce programs. Randomizing lowercase and capital letters, aw well as mixing it all up with numbers alone is very strong. the problem is security breaches here and in ncsoft's sites. Many people use the same password for everything, so stealing info for this site generally helps hackers steal accounts more effectively than bruteforcing.
Quote:
Originally Posted by subman247
lol I have no idea why that was RED ENGINED.
|
You probably accidentally typed "acc unt"
|
|
|
Jun 24, 2011, 10:47 PM // 22:47
|
#7
|
Grotto Attendant
Join Date: May 2005
Location: in the midline
Profession: E/Mo
|
biggest problem always has been NCSoft Master accounts, fake account emails claiming to be from NCsoft, and people using crappy passwords (or ones they use EVERYWHERE).
It's not a bank you know, you don't need more than 13 alphanumeric with capitals and lowercase.
Not like you need something more than
SvCN2iTYeIN5Y
shOSN8HO85mpV
T36d84Rso51N6
ddL5djPoS7aC1
To6bHdQdGQ9eK
pj7kG1PIY24p9
I'd like ! or $ to be usable too, but that's wishful thinking.
Ironically a strong password is supposed to be 15+ characters and has symbols, such as ` ! " ? $ ? % ^ & * ( ) _ - + = { [ } ] : ; @ ' ~ # | \ < , > . ? /
Last edited by LifeInfusion; Jun 24, 2011 at 10:56 PM // 22:56..
|
|
|
Jun 24, 2011, 11:09 PM // 23:09
|
#8
|
Forge Runner
Join Date: Jan 2008
Location: Rubbing Potassium on water fountains.
Guild: LF guild that teaches MTSC (did it long ago before gw2 came out and I quit...but I barely remember)
Profession: N/A
|
Quote:
Originally Posted by Aycee
There is literally probably over a million different pass combinations you can make using 13 alpha numeric.
|
62^13 or 200,028,539,268,669,788,905,472
now take into account that after a few password attempts it starts taking longer and longer (assumed purposely) to check the password this last attempt took like 10 seconds...
Sooo because of this lets take 5 seconds and be nice... say that after the first few they can only make one attempt every 5 seconds that means it will take
277817415650930262368.7 hours or 11575725652122094265.4 days orrrr 31714316855129025.4 years
(just a thought I'd have better luck with a 4 number pin number that most debit/credit cards are bound to with only 10,000 possibilities)
feel free to correct me if my math was wrong I have a horribad headache atm.
Anet actually does a great job preventing this type of attack and I like the way the time keeps adding up each time you try to log in (btw this last fake attempt=30 seconds...all while my other account on the same pc is doing fine .
Sooo yes while their allowed passwords may be limited. They have implemented shit to keep it from getting hit with a brute force attack.
There is ofc course the possibility of using a botnet for it...but that still won't be very efficient i dont believe.
The main issue is the ncmaster accounts.
Last edited by End; Jun 24, 2011 at 11:14 PM // 23:14..
|
|
|
Jun 24, 2011, 11:26 PM // 23:26
|
#9
|
Desert Nomad
Join Date: Feb 2006
Location: Monkeyball Z
Guild: S.K.A.T. [Ban]
Profession: Mo/
|
I think all these account hacks have very little to do with brute force password cracking, but some kind of bug in the ncsoft website.
My account got hacked, my password got changed...
How in gods name is it possible to change a password without me getting a confirmation email about it?
|
|
|
Jun 24, 2011, 11:30 PM // 23:30
|
#10
|
Krytan Explorer
Join Date: Aug 2010
Guild: Gameamp Guides [AMP]
Profession: W/
|
I've rules out keyloggers too.
|
|
|
Jun 24, 2011, 11:35 PM // 23:35
|
#11
|
Forge Runner
|
How can you even get hacked if you change your account to use a fresh email? Definitely a flaw with NCSoft, perhaps?
If not, then it must be keyloggers. But for those with protected systems, linux, and who don't use suspicious programs...????
|
|
|
Jun 24, 2011, 11:41 PM // 23:41
|
#12
|
Desert Nomad
Join Date: Mar 2006
Guild: DPX
Profession: R/
|
So what's with all this whining, did OP use a simple password like "password" and got hacked?
Account security on the login side is good enough.Not only do you need the 13 digit password, which like end has posted is going to take along time to guess.
You also need the login name, so as long as your not stupid enough to use the same email for msn/forums will add another amazingly long time to guess.
You also need the character name, which in reality isn't hard to find, but you still have to find a login and password to fit with the character name.
So let's say I wanted to ai and attack one person, I might be able to find out his email since he uses it for MSN too and his character name because I played with him, or seen screens of his character,I would still need to break his password.
Yes having symbols added to possible character allowed in password would increase password security, but its not like the way it is now is a simple 1-2-3 step thing.
And all this is forgetting that the way most people get "hacked" is by giving the "hacker" info unknowingly or knowingly, thinking that person is trustworthy.No amount of character and symbols will help against people just being dumb.
Last edited by Xenex Xclame; Jun 24, 2011 at 11:45 PM // 23:45..
|
|
|
Jun 24, 2011, 11:48 PM // 23:48
|
#13
|
Lion's Arch Merchant
Join Date: Jun 2005
Location: Fishing Village in Wizard's Folly
Profession: R/
|
I just want a different method than using my email address as my login, is that so hard to ask?
|
|
|
Jun 24, 2011, 11:59 PM // 23:59
|
#14
|
Desert Nomad
Join Date: Mar 2006
Guild: DPX
Profession: R/
|
Quote:
Originally Posted by Porkchop Sandwhiches
I just want a different method than using my email address as my login, is that so hard to ask? ![Stick Out Tongue](../Img/tongue.gif)
|
Ugh so do I.It seemed convenient when GW came out since I wouldn't have to remember another login, I dunno why, but even so I didn't use a email address that I used for something else.
|
|
|
Jun 25, 2011, 12:07 AM // 00:07
|
#15
|
Forge Runner
Join Date: Dec 2005
Guild: Super Fans Of Gaile [ban]
Profession: W/
|
Quote:
Originally Posted by shinta_himura
"Alpha Numeric Only" passwords?
|
This is a terrible horrible thing. I laugh at every website that refuses to allow symbols in passwords.
Alpha Numeric for names is understandable but not allowing it for passwords only reduces security. There is a reason that strong password generators default to giving passwords with symbols included.
Now none of this is really seems like it is going to really affect the largest GW security issues (this is speculation), but there is still no reason for alpha numeric only passwords ever.
|
|
|
Jun 25, 2011, 12:43 AM // 00:43
|
#16
|
Jungle Guide
|
Quote:
Originally Posted by Lishy
How can you even get hacked if you change your account to use a fresh email? Definitely a flaw with NCSoft, perhaps?
If not, then it must be keyloggers. But for those with protected systems, linux, and who don't use suspicious programs...????
|
If I was selling gold through a website the very first thing I'd check to potentially compromise an account would be to throw in the same credentials they used during registration. In other words...a valid email address, a password (both of which may or may not have been reused) and a character name which they would need for delivery.
While I don't rule out NCSoft liability the simplest explanation is that the victim gave out the info to 'friends' and forgot or unwittingly revealed it to others by being careless.
|
|
|
Jun 25, 2011, 12:51 AM // 00:51
|
#17
|
Furnace Stoker
Join Date: May 2006
Profession: R/
|
Quote:
Originally Posted by shinta_himura
Ok, you know what, I've had it!
If Arena Net cared about account security don't you think we'd have something a bit better than "8-13 Alpha Numeric Only" passwords? I mean what is the issue with these people?
|
lolwut?
My password isn't alpha numeric.
Quality thread.
|
|
|
Jun 25, 2011, 02:25 AM // 02:25
|
#18
|
Grotto Attendant
|
Quote:
Originally Posted by Skyy High
lolwut?
My password isn't alpha numeric.
Quality thread.
|
Once bonded to a damned NCMA account, your GW password can only be changed through the NCMA account. While GW supports symbols in passwords, the NCMA feature to set the GW password only allows alpha-numeric. Just one more example of needlessly shitty "security" forced on GW by NCSoft.
|
|
|
Jun 25, 2011, 02:34 AM // 02:34
|
#19
|
Banned
|
I like a password I can actually remember, 1 numeral is fine, if you're that nervous about your account then use a virtual keyboard.
|
|
|
Jun 25, 2011, 02:36 AM // 02:36
|
#20
|
Furnace Stoker
Join Date: Jan 2009
Guild: [SOTA]
Profession: D/
|
Quote:
Originally Posted by Chthon
Once bonded to a damned NCMA account, your GW password can only be changed through the NCMA account. While GW supports symbols in passwords, the NCMA feature to set the GW password only allows alpha-numeric. Just one more example of needlessly shitty "security" forced on GW by NCSoft.
|
Really?
Cos my account is linked to a NCMA, and I've changed my password in the game itself before...
(and yes, it was after they were linked)
|
|
|
Thread Tools |
|
Display Modes |
Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT. The time now is 07:03 PM // 19:03.
|