Curse

Yol · Jun 25, 2011, 11:03 AM // 11:03

To all the people here saying that you can't use symbols in your password, are you referring to the NCMA webpage, or the actual GW game log-in? You can use symbols in the game log-in password, and you can change your password in-game even if it's linked to the NCMA.

Xenex Xclame · Jun 25, 2011, 11:24 AM // 11:24

Quote:

Originally Posted by gremlin

Always wondered why so many stand around trash talking for hours.

It does make you want to "hack" those people doesn't it.

@Yol:The issue is that you weren't able to change the pass in the past, that's where some of the confusion is coming from.

Swingline · Jun 25, 2011, 12:49 PM // 12:49

If what some people claim is true then there may be potential security issues with NCsoft and I wouldn't put it past them to lie about it so they dont lose customers. Maybe they cannot fix these security issues, NCsoft already can't do a lot of things because of the way they built their systems. All I have to say is if it is true I better not hear anything about it because I will never buy another arena net or NCsoft product. Not even GW2.

gremlin · Jun 25, 2011, 01:34 PM // 13:34

Quote:

Originally Posted by Xenex Xclame

It does make you want to "hack" those people doesn't it.

@Yol:The issue is that you weren't able to change the pass in the past, that's where some of the confusion is coming from.

Well yes they do get a bit annoying at times but I was thinking more that they are cultivating players.

I recon someone calling support with I cannot access my account and think its been hacked.
Was last online yesterday my old email address is **** character name ***** live in this country bought the game 2 years ago etc.
Then they are on the way to convincing support to give them access to the account.

Seemingly innocent chat in the game could lead to someone gaining a surprising amount of information about you.
I hope I am wrong.

Kunder · Jun 25, 2011, 01:45 PM // 13:45

95% of problems are because of the user. Absolutely no one is getting their password randomly guessed unless you used 12345/password/etc.

deluxe · Jun 25, 2011, 02:26 PM // 14:26

Quote:

Originally Posted by Kunder

95% of problems are because of the user. Absolutely no one is getting their password randomly guessed unless you used 12345/password/etc.

That's how everyone thinks UNTIL they get hacked themselves.
I always thought people just had bad security or terrible password too, it's not the case.

khezial tahr · Jun 25, 2011, 02:29 PM // 14:29

Quote:

Originally Posted by Kunder

95% of problems are because of the user. Absolutely no one is getting their password randomly guessed unless you used 12345/password/etc.

Very true. I actually work in IS and deal with password breaches on a regular basis. Most issues are PEBCAK (problem between chair and keyboard) or ID-10-T errors. Phishing emails, questionable applications with trojans and keyloggers, and very simple passwords (1234/password). while minimum requirements do help prevent some of this, nothing ANYONE does will stop them from breaking into your account if you GIVE THEM the password.

Reverend Dr · Jun 25, 2011, 03:15 PM // 15:15

Quote:

Originally Posted by Kunder

95% of problems are because of the user. Absolutely no one is getting their password randomly guessed unless you used 12345/password/etc.

However, when there is something where the inner workings aren't transparent, its very easy for the people in charge to deny any responsibility.

Lishy · Jun 25, 2011, 08:38 PM // 20:38

Just a suggestion, but it would help boost your account securities if you created an exclusive email account just for your GW and NCSoft logins. That way they cannot brute force your password since they don't know your email OR ncsoft login!

Ximvotn · Jun 25, 2011, 09:08 PM // 21:08

Quote:

Originally Posted by Del

Actually, I just changed mine via gw to check, and it worked. So either you two are spreading misinformation, or the effects of licking accounts isn't consistent.

I tried two linked NC Soft accounts and the password was changeable, I could have swore it used to not be changeable through any other means than NC Soft website.

A consintancy could have very well been a possibility since there was someone in an alliance I was in before who had "Guild Wars" in their name. Now that has been blocked for years, but obviously at one point you could put that in your name. Though character name has nothing to do with changing your password, It's only an example.

Quote:

Originally Posted by Reverend Dr

No. Learn something about account and internet security.

Yes, one numeral certainly makes brute-forcing easier versus adding symbols, numerals, umlauts, etc. however, without a character name and e-mail they certainly won't do too much. Learn something about odds of chance. I don't see the point in this thread. If you're account hasn't been stolen, why are you complaining? I guarentee there are many trying to use a bot and someone that posted it said don't worry if the archive shows up as virus, it's a "false-positive" then wonder why their account was stolen. If you type your e-mail, password, and character name every time there is another good indication of jeopardizing security. If you really care about the account, never physically type the e-mail and character name, simple as that.

Quote:

Originally Posted by Lishy

Just a suggestion, but it would help boost your account securities if you created an exclusive email account just for your GW and NCSoft logins. That way they cannot brute force your password since they don't know your email OR ncsoft login!

We have a winner

Lucci_Slevin · Jun 25, 2011, 09:58 PM // 21:58

Nothing wrong with the OPs request but people need to understand that the GW hackers have not been brute forcing, ever.

They have been ripping website databases all these years, so the PW strength has been irrelevant to them.

Xenex Xclame · Jun 26, 2011, 12:51 AM // 00:51

Quote:

Originally Posted by gremlin

Seemingly innocent chat in the game could lead to someone gaining a surprising amount of information about you.
I hope I am wrong.

Oh no you are completely right on this.I mean just to give you an example ,my guild mates know which country I live in, that's already more info to help them if they ever wanted to hack me (not saying they would,just the example). They obviously know my character names, or if they didn't remember they could just look in guild roster for it and same with people I friended they could just look in their friendslist.Now it wouldn't be easy for them to breach my password, which is not my cat which they might have heard me talk about or my mother or siblings or my address.My login mails are only for GW and I don't MSN email with them.But still you are right every little innocent information can hurt you.

Quote:

Originally Posted by deluxe

That's how everyone thinks UNTIL they get hacked themselves.
I always thought people just had bad security or terrible password too, it's not the case.

I was "hacked" a while ago, you know what?I didn't go say that someone brute forced my password, which I think is a pretty decent password, I contacted support and talked to them, it turned out that the way I got "hacked" was by downloading a "harmless" but convenient program from the community works section of this very forum.They didn't destroy or take anything, but still it happened and password breach was not my first though.

Quote:

Originally Posted by Lishy

Just a suggestion, but it would help boost your account securities if you created an exclusive email account just for your GW and NCSoft logins. That way they cannot brute force your password since they don't know your email OR ncsoft login!

Already done but thanks for the suggestions for others you haven't thought about that.

Kunder · Jun 26, 2011, 12:51 AM // 00:51

Quote:

Originally Posted by deluxe

That's how everyone thinks UNTIL they get hacked themselves.
I always thought people just had bad security or terrible password too, it's not the case.

Its flat out impossible to have your password randomly guessed. There is a delay between password attempts that grows the more you try. It would take years (potentially decades/centuries/till the heat death of the universe, I have no idea how high the delay grows) to try just the numbers 00000-99999 without any other characters at all.

Xenex Xclame · Jun 26, 2011, 12:53 AM // 00:53

Quote:

Originally Posted by Kunder

Its flat out impossible to have your password guessed. There is a delay between password attempts that grows the more you try. It would take years (potentially decades/centuries, I have no idea how high the delay grows) to try just the numbers 00000-99999 without any other characters at all.

A thought just occurred to me, I know GW has that built in delay, but I don't think the site has or locks you out after X attempts I could be wrong but couldn't someone have an easier time using the website?

Ximvotn · Jun 26, 2011, 01:09 AM // 01:09

Quote:

Originally Posted by Lucci_Slevin

Nothing wrong with the OPs request but people need to understand that the GW hackers have not been brute forcing, ever.

They have been ripping website databases all these years, so the PW strength has been irrelevant to them.

Then it's really nobody's fault if that is true, I guess Anet could have followed suit like other MMOs and made an aunthenticator, but I would hate to have to type a code in every time I log in.

shadowfell · Jun 26, 2011, 01:44 AM // 01:44

Quote:

Originally Posted by deluxe

I think all these account hacks have very little to do with brute force password cracking, but some kind of bug in the ncsoft website.
My account got hacked, my password got changed...
How in gods name is it possible to change a password without me getting a confirmation email about it?

This is a good question. I'd like the answer to it as well!

End · Jun 26, 2011, 01:55 AM // 01:55

Quote:

Originally Posted by Xenex Xclame

A thought just occurred to me, I know GW has that built in delay, but I don't think the site has or locks you out after X attempts I could be wrong but couldn't someone have an easier time using the website?

If you mean the master account page its after 5 or so tries and lasts i think 10 minutes but im not sure.

Xenex Xclame · Jun 26, 2011, 02:03 AM // 02:03

Ah if its like that it's not much better for a potential hacker.
I'm not worried then.

gremlin · Jun 26, 2011, 10:12 AM // 10:12

Its probably not a serious security problem But the hom calculator could be used to judge a characters material wealth.
You can enter any character name not just your own and see how well they are doing.

Anyway I am doing the best I can to prevent being hacked, antivirus antispyware and firewall all in place.

Running on a user account so if I am hacked they do not get full control of my computer.
Internet browser is fairly secure with active x and javascript not automatically turned on for every site.
Popup and adware blocked.
Don't ever click on links from emails or on websites unless I am certain of their origin.

Password is random not a name or birthday etc and the login email hasnt been valid for years.

Hopefully potential hackers will look for easier targets, anything that could be added is in the hom anyway.

nologic · Jun 26, 2011, 10:27 AM // 10:27

When I play Aion they have added a pin code to the game, and it can only be clicked by using the mouse button. It seems way better than the current system that is out there. I don't know how secure it is but still a better solution than the current implementation they added.

NCMA still needs to be more secured, and NCSoft still needs to adress their security flaws.