Pages: [1] 2 :: one page |
|
Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Vriomiunx
|
Posted - 2008.04.16 15:25:00 -
[1]
Hello.
I would like to request an upgrade to the password system which makes us able to use STRONG passwords. If you don't know what a strong password is, it is a password like: T3!25&!"ñ&/fSBsq#!5&
or
T8v[#8%l3rl31Q
I've tried to change my account's password to a strong one but I received error messages, which is rather bad. Nowadays a support for strong passwords should be manatory.
|
Tamia Clant
New Dawn Corp New Eden Research
|
Posted - 2008.04.16 15:27:00 -
[2]
Holy crap, do people use passwords like that?
Looking for queue-free research slots? Click here!
|
waferzankko
Caldari Bears Inc
|
Posted - 2008.04.16 15:28:00 -
[3]
not an issue as nobody knows your long in name.
login names should never match your in-game name in other words.
|
G'el
Gallente
|
Posted - 2008.04.16 15:28:00 -
[4]
People that work in IT security or are paranoid do...
|
sableye
principle of motion Interstellar Alcohol Conglomerate
|
Posted - 2008.04.16 15:30:00 -
[5]
also I demand finger print scanner to allow access to my hanger.
but anyway I suppose if youw ant a password like that and want to type it in everytime then you should be allowed but maybe they have good reasons for not letting you have noen standard letters/numbers in passwords.
to stop us all having
♥♥♥♥♥♥♥
as out password :)
Join The Fight With Promo Today View The North Star! |
G'el
Gallente
|
Posted - 2008.04.16 15:33:00 -
[6]
Originally by: sableye to stop us all having
♥♥♥♥♥♥♥
as out password :)
There is a middle point. Authorizing printable ASCII is not the same as authorizing full unicode passwords... ^^
|
torswin
Silver Snake Enterprise Brutally Clever Empire
|
Posted - 2008.04.16 15:34:00 -
[7]
Edited by: torswin on 16/04/2008 15:34:42 I am not paranoid, I am just aware of how easy it is to run a rainbow table and get most non-strong tables in a matter of minutes.
Having strong passwords should be encuraged by the system.
Edit: If there was any wonder, I am the original poster. I used wrong character :) --- Unless explicitly stated, this post does not represent my alliance, corporation, my own, or any other living organism's view. |
Martin Mckenna
D00M. Triumvirate.
|
Posted - 2008.04.16 15:34:00 -
[8]
this is ********....with a combination on letters and numbers who the hell is gona guess that.
Seriously get a grip and think...
---------------------------------------------
|
torswin
Silver Snake Enterprise Brutally Clever Empire
|
Posted - 2008.04.16 15:39:00 -
[9]
Originally by: Martin Mckenna this is ********....with a combination on letters and numbers who the hell is gona guess that.
Seriously get a grip and think...
I suggest that you try your password through a rainbow table, and be amazed. Did that and now I basicly only use strong passwords.
What is wrong with having support for us, apparently, paranoid? --- Unless explicitly stated, this post does not represent my alliance, corporation, my own, or any other living organism's view. |
Tarminic
Forsaken Resistance The Last Stand
|
Posted - 2008.04.16 15:40:00 -
[10]
Given the amount of time a brute-force method would need to break a 12-character long alphanumeric password, I don't think we have much to worry about. ---------------- Tarminic - 34 Million SP in Forum Warfare Play EVE: Downtime Madness v0.81 (Updated 4/8) |
|
Imperator Jora'h
|
Posted - 2008.04.16 15:40:00 -
[11]
What does the OP think he is protecting here? This is a game, not Bill Gate's bank account or the launch codes for the US nuclear missile system.
Between your login ID and password (which can be numbers and letters) you should be plenty safe. If someone is nabbing your info en route somehow then a strong password won't help anyway.
A friend and I were goofing around in our office computer room and using a brute force hack for a Window's logon password (not hacking a production machine...just one we would bang around on for testing and what not). When we used 8 letters IIRC it said it could get the answer in several hours. When we added numbers and upper/lower case the program told us it'd take 3 or more months.
In short you can make plenty strong passwords for something like a game. If you really, really care then change your password every few days.
-------------------------------------------------- "Of course," said my grandfather, pulling a gun from his belt as he stepped from the Time Machine, "there's no paradox if I shoot you!"
|
Tarminic
Forsaken Resistance The Last Stand
|
Posted - 2008.04.16 15:45:00 -
[12]
Plus, I'd be willing to bet that if someone started trying to log in at a rate of 1 try per second, each with seemingly random passwords, a server admin would notice. ---------------- Tarminic - 34 Million SP in Forum Warfare Play EVE: Downtime Madness v0.81 (Updated 4/8) |
torswin
Silver Snake Enterprise Brutally Clever Empire
|
Posted - 2008.04.16 15:45:00 -
[13]
Originally by: Imperator Jora'h What does the OP think he is protecting here? This is a game, not Bill Gate's bank account or the launch codes for the US nuclear missile system.
Between your login ID and password (which can be numbers and letters) you should be plenty safe. If someone is nabbing your info en route somehow then a strong password won't help anyway.
A friend and I were goofing around in our office computer room and using a brute force hack for a Window's logon password (not hacking a production machine...just one we would bang around on for testing and what not). When we used 8 letters IIRC it said it could get the answer in several hours. When we added numbers and upper/lower case the program told us it'd take 3 or more months.
In short you can make plenty strong passwords for something like a game. If you really, really care then change your password every few days.
Brute forcing is a very ineffective way to break passwords, and the best way to get one is by social engineer and exploit the "human" behind every system
However, using as i said Rainbow tables you can basicly get almost every password which isn't strong with a matter of minutes. There are a Linux distro (Live CD) which is tuned at getting Windows XP-passwords and usernames (local stored only). I wont give the name here, as it might encourage people using it to receive username and passwords which they aren't supposed to have.
Rainbow tables is basicly a combination of brute force and having a large word list. --- Unless explicitly stated, this post does not represent my alliance, corporation, my own, or any other living organism's view. |
itasteofcheese
|
Posted - 2008.04.16 15:47:00 -
[14]
the eve password system is at least better than wow's there's isnt even case sensetive....
|
torswin
Silver Snake Enterprise Brutally Clever Empire
|
Posted - 2008.04.16 15:47:00 -
[15]
Yes but why should one have to give up using their system of making passwords just because a system, which SHOULD ENCOURAGE SECURITY, doesn't support that? --- Unless explicitly stated, this post does not represent my alliance, corporation, my own, or any other living organism's view. |
TimMc
Gallente Genos Occidere
|
Posted - 2008.04.16 15:52:00 -
[16]
torswin you don't seem to understand that nobody cares
|
Imperator Jora'h
|
Posted - 2008.04.16 15:53:00 -
[17]
Originally by: torswin Brute forcing is a very ineffective way to break passwords, and the best way to get one is by social engineer and exploit the "human" behind every system
It is the least efficient hacking method to be sure. Ours would do a dictionary attack first along with some slang and (supposedly) common misspellings (e.g. l33t, luv, etc.). When we used a dictionary word it would get the answer within a minute or so. If that failed it would go off on the random list and that can take a long time as simply adding a few minor wrinkles to your password makes the brute forcetask rise exponentially. Just adding an upper case letter in there somewhere and a number makes a brute force attack exceptionally more time consuming.
As for access Windows passwords I have used the Linux hack (actually have the bootable CD that does just that sitting next to me) but you need physical access to the machine you want to hack. In the case of the game that is almost never possible. Besides, if you have access to the PC in question you are better off with a key logger than a hack. We use the Linux hack to get into laptops of people who have been fired and refuse to tell us the password. Works well.
-------------------------------------------------- "Of course," said my grandfather, pulling a gun from his belt as he stepped from the Time Machine, "there's no paradox if I shoot you!"
|
Zephyr Rengate
Prophets Of a Damned Universe
|
Posted - 2008.04.16 15:53:00 -
[18]
How often to people fall victim to hackers on this game? Because duriing my time at WoW keyloggers were always an issue for the forum links etc.
Originally by: Jenny Spitfire I habe no life.
|
Tarminic
Forsaken Resistance The Last Stand
|
Posted - 2008.04.16 15:55:00 -
[19]
Originally by: torswin However, using as i said Rainbow tables you can basicly get almost every password which isn't strong with a matter of minutes. There are a Linux distro (Live CD) which is tuned at getting Windows XP-passwords and usernames (local stored only). I wont give the name here, as it might encourage people using it to receive username and passwords which they aren't supposed to have.
Rainbow tables is basicly a combination of brute force and having a large word list.
You need access to an encrypted password file in order to use Rainbow Tables. In addition, a rainbow table is only effective if you know HOW the password is hashed and if/how a seed is used.
As such, they aren't useful if you're trying to ***** a password through a remote user interface, meaning your best chances are by intercepting the password on the network or obtaining it through a brute force or decompiling the client, finding out how it encrypts passwords before sending them to the server, and then using a packet sniffer to catch a user's password as it's being sent across the network. Neither of those problems would be solved by allowing extra characters in passwords. ---------------- Tarminic - 34 Million SP in Forum Warfare Play EVE: Downtime Madness v0.81 (Updated 4/8) |
torswin
Silver Snake Enterprise Brutally Clever Empire
|
Posted - 2008.04.16 16:05:00 -
[20]
Edited by: torswin on 16/04/2008 16:04:51 I know that, but I must honestly say I am shocked how little people care about this.
However I must admit that most people I know of uses passwords like <theirhowntown><2 random nr> or <nameofcoolbandin1337-speak> so after a bit of tought it's not really that shocking anyway
But is there any reasons to not support strong passwords? --- Unless explicitly stated, this post does not represent my alliance, corporation, my own, or any other living organism's view. |
|
Tarminic
Forsaken Resistance The Last Stand
|
Posted - 2008.04.16 16:08:00 -
[21]
Originally by: torswin Edited by: torswin on 16/04/2008 16:04:51 I know that, but I must honestly say I am shocked how little people care about this.
However I must admit that most people I know of uses passwords like <theirhowntown><2 random nr> or <nameofcoolbandin1337-speak> so after a bit of tought it's not really that shocking anyway
But is there any reasons to not support strong passwords?
Well, I imagine that they might have to re-work some of the password table to support the extra symbols, though I don't know what their data structure is like.
But honestly, is it worth the extra effort if the only instance it would help is one in which the hackers already have access to the file structure or database? Wouldn't they go straight for the billing information instead of stealing your login password? ---------------- Tarminic - 34 Million SP in Forum Warfare Play EVE: Downtime Madness v0.81 (Updated 4/8) |
Spigoe
Lone Starr Corporation HUZZAH FEDERATION
|
Posted - 2008.04.16 16:09:00 -
[22]
Currently a standard (no "strange" letters) 5 digit alphanumeric password has 2.1684043449710088680149056017399e+43 different combinations. Using non-Englings characters increases that number.
And I thought I was paranoid... >.> |
torswin
Silver Snake Enterprise Brutally Clever Empire
|
Posted - 2008.04.16 16:11:00 -
[23]
I suppose so. I haven't used databases so I must admit I'm totally blank on how they work.
Still I think it is pretty bad to not have the support nowadays. I am just very glad CCP haven't made this page IE-only --- Unless explicitly stated, this post does not represent my alliance, corporation, my own, or any other living organism's view. |
Rashmika Clavain
Gallente Aliastra
|
Posted - 2008.04.16 16:12:00 -
[24]
Give us RAS tokens kthx!
|
Franco Caruso
|
Posted - 2008.04.16 16:14:00 -
[25]
Originally by: Vriomiunx Hello.
I would like to request an upgrade to the password system which makes us able to use STRONG passwords. If you don't know what a strong password is, it is a password like: T3!25&!"ñ&/fSBsq#!5&
or
T8v[#8%l3rl31Q
I've tried to change my account's password to a strong one but I received error messages, which is rather bad. Nowadays a support for strong passwords should be manatory.
I might be talking out of my rear here but at one point it was mentioned how passwords are stored ( they aren't ) ... it's their hash that is and I think that the code/method/function to create the hash has a fit on strong ones.
FC
|
Jowen Datloran
Caldari Science and Trade Institute
|
Posted - 2008.04.16 16:16:00 -
[26]
I have used two passwords for EVE, both has been strong.
Example (never used): Br!ll!4nt ---------------- Mr. Science & Trade Institute |
Imperator Jora'h
|
Posted - 2008.04.16 16:24:00 -
[27]
Originally by: Spigoe Currently a standard (no "strange" letters) 5 digit alphanumeric password has 2.1684043449710088680149056017399e+43 different combinations. Using non-Englings characters increases that number.
And I thought I was paranoid... >.>
Eh? What math are you using?
Quote: For example, a five-character password made up of high-ASCII characters will require 25 keystrokes to complete. With 255 possible codes for each character and five characters, the total possible combinations are 255^5 (or 1,078,203,909,375). However, a 25-character password made up of only lower-case letters has 26^25 (or 236,773,830,007,968,000,000,000,000,000,000,000) possible combinations. Clearly, you are better off just making longer passwords.
SOURCE: Ten Password Myths
-------------------------------------------------- "Of course," said my grandfather, pulling a gun from his belt as he stepped from the Time Machine, "there's no paradox if I shoot you!"
|
Smantha Dering
Caldari Sam's Space Guys
|
Posted - 2008.04.16 16:34:00 -
[28]
using an 8 character alternating alpha-numeric /numeric-alpha password is plenty strong, and if you're that paranoid then change your password now and then. Use best practices, don't click links you're unsure of, don't give out your user name, don't use applications that haven't been approved. You'll be fine.
|
Kagura Nikon
Minmatar Infinity Enterprises Odyssey.
|
Posted - 2008.04.16 16:37:00 -
[29]
What change? I already use passwords like that, symbols, characters numbers. Just don know what the ñ is. ------------------------------------------------- If brute force doesn't solve your problem... you are not using enough
|
|
Chribba
Otherworld Enterprises Otherworld Empire
|
Posted - 2008.04.16 16:41:00 -
[30]
And...
Optional feature to allow us to restrict our accounts to specific IP's as well!
Secure 3rd party service ■ Do you Veldspar? |
|
|
|
|
|
Pages: [1] 2 :: one page |
First page | Previous page | Next page | Last page |