Pages: [1] 2 3 :: one page |
|
Author |
Thread Statistics | Show CCP posts - 2 post(s) |
Zed Jackelope
The Generic Pirate Corporation Fusion.
2
|
Posted - 2012.04.26 21:07:00 -
[1] - Quote
It would be nice to re-use old passwords, or just be able to cycle through passwords, if one wants to (which, if you haven't guessed, I do).
So do us a favor and get rid of your weird desire to save our passwords after we are no longer using them.. AFAIC, that's a security risk. |
Tanya Powers
Science and Trade Institute Caldari State
1162
|
Posted - 2012.04.26 21:10:00 -
[2] - Quote
Zed Jackelope wrote:It would be nice to re-use old passwords, or just be able to cycle through passwords, if one wants to (which, if you haven't guessed, I do).
So do us a favor and get rid of your weird desire to save our passwords after we are no longer using them.. AFAIC, that's a security risk.
Yes (they can) |
Tinnin Sylph
GoonWaffe Goonswarm Federation
155
|
Posted - 2012.04.26 21:10:00 -
[3] - Quote
Dear CCP
Please remove the security feature you put in place to ensure I don't do something to compromise my account.
Many Thanks
Some Dumb Pubbie Needs more tears. |
Kieron VonDeux
16
|
Posted - 2012.04.26 21:15:00 -
[4] - Quote
Zed Jackelope wrote:AFAIC, that's a security risk.
Actually, it is a security enhancement.
|
Florestan Bronstein
SniggWaffe YOUR VOTES DON'T COUNT
538
|
Posted - 2012.04.26 22:14:00 -
[5] - Quote
Zed Jackelope wrote:It would be nice to re-use old passwords, or just be able to cycle through passwords, if one wants to (which, if you haven't guessed, I do).
So do us a favor and get rid of your weird desire to save our passwords after we are no longer using them.. AFAIC, that's a security risk. they probably (hopefully) don't store the password (new or old) but a hash.
and any form of password reuse is bad, mkay? |
TWHC Assistant
19
|
Posted - 2012.04.26 22:19:00 -
[6] - Quote
Instead of denying the old passwords should they only warn about them. |
Voith
Republic Military School Minmatar Republic
82
|
Posted - 2012.04.26 22:36:00 -
[7] - Quote
Tinnin Sylph wrote:Dear CCP
Please remove the security feature you put in place to ensure I don't do something to compromise my account.
Many Thanks
Some Dumb Pubbie Given the rate at which MMOs are being hacked I wouldn't call them storing anything a security feature. |
supersexysucker
Uber Awesome Fantastico Awesomeness Group Ayn Sof Aur
82
|
Posted - 2012.04.26 23:05:00 -
[8] - Quote
I do not change my pw BECAUSE of CCPs dumb **** can't put in an old one... need a cap letter now, etc bullshit.
I WILL PICK MY OWN FUCKIN PASSWORD.
Be nice if someone would steal all CCPs stored old passwords rofl...
The mail they would need to send out would be LOL...
"Every password you ever used in eve online has been stolen, please make sure to change any accounts using any of these passwords, we enjoy fuckin you"
Also for the retart tinnin... why not ask CCP for an onscreen in game keyboard to enter log in info... I mean if we need to make PW's a *****... what about keyloggers PLEASE PROTECT ME FROM KEY LOGGERS CCP.
Sounds like a baby that needs someone to protect him... lul. |
Jafit
Dreddit Test Alliance Please Ignore
101
|
Posted - 2012.04.26 23:11:00 -
[9] - Quote
http://xkcd.com/792/
Also
http://xkcd.com/936/ |
Shian Yang
17
|
Posted - 2012.04.26 23:13:00 -
[10] - Quote
Voith wrote:Given the rate at which MMOs are being hacked I wouldn't call them storing anything a security feature.
Greetings capsuleer,
As you may know from your pod and ship security systems no passwords are stored in clear-text. They are stored as an (ideally) irreversible hash to prevent them from being discovered. This is safer than allowing the re-use of such passwords where an attacker may obtain an older password which may not currently be valid.
If, however, a capsuleer wishes to tie their nuts to the capsule and initiate a self-destruct sequence I see no reason for CONCORD to prevent them; providing they accept this nulls and voids any claims they may have to reimbursement.
Regards,
Shian Yang
|
|
|
CCP Sreegs
C C P C C P Alliance
1202
|
Posted - 2012.04.26 23:38:00 -
[11] - Quote
This will be reviewed when we institute the two factor option in the next couple of months. "Sreegs has juuust edged out Soundwave as my favourite dev." - Meita Way 2012 |
|
Corina Jarr
Spazzoid Enterprises Purpose Built
710
|
Posted - 2012.04.26 23:40:00 -
[12] - Quote
Shian Yang wrote:Voith wrote:Given the rate at which MMOs are being hacked I wouldn't call them storing anything a security feature. Greetings capsuleer, ... If, however, a capsuleer wishes to tie their nuts to the capsule and initiate a self-destruct sequence I see no reason for CONCORD to prevent them; providing they accept this nulls and voids any claims they may have to reimbursement. Regards, Shian Yang I have both null and void in my cargo hold... how does this effect things? |
TWHC Assistant
20
|
Posted - 2012.04.26 23:43:00 -
[13] - Quote
CCP Sreegs wrote:This will be reviewed when we institute the two factor option in the next couple of months.
Kill moar bots!! \o/ |
Beekeeper Bob
Beekeepers Anonymous
102
|
Posted - 2012.04.27 00:12:00 -
[14] - Quote
Tinnin Sylph wrote:Dear CCP
Please remove the security feature you put in place to ensure I don't do something to compromise my account.
Many Thanks
Some Dumb Pubbie
Well, I guess being a Drone your used to being led by the nose....Other people prefer to make their own choices.
Looking to stamp out apiphobia in my lifetime..... |
supersexysucker
Uber Awesome Fantastico Awesomeness Group Ayn Sof Aur
82
|
Posted - 2012.04.27 00:16:00 -
[15] - Quote
CCP Sreegs wrote:This will be reviewed when we institute the two factor option in the next couple of months.
Or you could just give us a ******* warning and let us do WHAT we want. |
Beekeeper Bob
Beekeepers Anonymous
102
|
Posted - 2012.04.27 00:17:00 -
[16] - Quote
Shian Yang wrote:Voith wrote:Given the rate at which MMOs are being hacked I wouldn't call them storing anything a security feature. Greetings capsuleer, As you may know from your pod and ship security systems no passwords are stored in clear-text. They are stored as an (ideally) irreversible hash to prevent them from being discovered. This is safer than allowing the re-use of such passwords where an attacker may obtain an older password which may not currently be valid. If, however, a capsuleer wishes to tie their nuts to the capsule and initiate a self-destruct sequence I see no reason for CONCORD to prevent them; providing they accept this nulls and voids any claims they may have to reimbursement. Regards, Shian Yang
Congratulations on giving CCP the benefit of the doubt on their handling of passwords. Certainly their attention to detail in the past is cause for such fiath in their coding skills.
Looking to stamp out apiphobia in my lifetime..... |
Jonas Xiamon
76
|
Posted - 2012.04.27 00:48:00 -
[17] - Quote
The reason this is a security feature is simple, they aren't storing your password. (Unless they're actually that ********, which I doubt.)
They're storing an encrypted version of your password, which is virtually useless.
They're are ways of cracking these things, however, your concerns would be very misplaced to worry about that. Especially if you're the type of person who reuses passwords. I usally write one of these and then change it a month later when I reread it and decide it sounds stupid. |
Grumpymunky
Super Monkey Tribe of Danger
144
|
Posted - 2012.04.27 01:22:00 -
[18] - Quote
supersexysucker wrote:Or you could just give us a ******* warning and let us do WHAT we want. When I read this post, the voice in my head shouted the "WHAT" ... I don't know why it did that. It sounds weird.
Post with your monkey. |
Shian Yang
17
|
Posted - 2012.04.27 01:42:00 -
[19] - Quote
Grumpymunky wrote:supersexysucker wrote:Or you could just give us a ******* warning and let us do WHAT we want. When I read this post, the voice in my head shouted the "WHAT" ... I don't know why it did that. It sounds weird.
Greetings capsuleer,
I believe it sounds weird if you do not have any human offspring. Those with 2 - 5 year old children will understand why WHAT is emphasised in such a fashion as it is a common tantrum response.
Regards,
Shian Yang |
Barakach
R-ISK Shadow Operations.
59
|
Posted - 2012.04.27 02:58:00 -
[20] - Quote
Voith wrote:Tinnin Sylph wrote:Dear CCP
Please remove the security feature you put in place to ensure I don't do something to compromise my account.
Many Thanks
Some Dumb Pubbie Given the rate at which MMOs are being hacked I wouldn't call them storing anything a security feature.
MMOs aren't being hacked, computers are getting infected from people clicking "yes" on everything that pops-up.
Storing an old hash isn't really a security issue, but I don't agree with forcing the end user to not use an old password. That should be up to the user.
Personally, I like to use SHA512(Password+Salt), where and password is the byte array of the password string and the salt is a 16byte crypto strength random value. Maybe I should use a 32byte salt?... hmmm... So much CPU power these days. |
|
Degren
Red Federation RvB - RED Federation
153
|
Posted - 2012.04.27 03:22:00 -
[21] - Quote
Barakach wrote:MMOs aren't being hacked, computers are getting infected from people clicking "yes" on everything that pops-up.
Quote:clicking "yes" on everything
WHY CAN'T I CLICK THIS YES?! |
Voith
Republic Military School Minmatar Republic
82
|
Posted - 2012.04.27 03:38:00 -
[22] - Quote
Barakach wrote:Voith wrote:Tinnin Sylph wrote:Dear CCP
Please remove the security feature you put in place to ensure I don't do something to compromise my account.
Many Thanks
Some Dumb Pubbie Given the rate at which MMOs are being hacked I wouldn't call them storing anything a security feature. MMOs aren't being hacked, computers are getting infected from people clicking "yes" on everything that pops-up. Storing an old hash isn't really a security issue, but I don't agree with forcing the end user to not use an old password. That should be up to the user. Personally, I like to use SHA512(Password+Salt), where and password is the byte array of the password string and the salt is a 16byte crypto strength random value. Maybe I should use a 32byte salt?... hmmm... So much CPU power these days. You're wrong.
Trion, Blizzard, Cryptic and Sony have all had their Core DBs hacked.
Not the client infected with a Trojan, but their databases have been hacked and dumped. |
Scrapyard Bob
EVE University Ivy League
898
|
Posted - 2012.04.27 04:49:00 -
[23] - Quote
Zed Jackelope wrote: So do us a favor and get rid of your weird desire to save our passwords after we are no longer using them.. AFAIC, that's a security risk.
If they store them with unique salts and in hashed forum, it's not any more of a security risk then storing the current password.
|
Ai Shun
777
|
Posted - 2012.04.27 05:06:00 -
[24] - Quote
Barakach wrote:Storing an old hash isn't really a security issue, but I don't agree with forcing the end user to not use an old password. That should be up to the user.
Agreed, up to the user. If the user agrees to not claim reimbursement should their re-used password be used without their authorisation.
EVE Ambulation and Avatars as a separate game - see here |
Hannott Thanos
Notorious Legion
44
|
Posted - 2012.04.27 08:06:00 -
[25] - Quote
l2F-ñsiQa = bad password (because you have to write it down, and it's too few characters) MyHorseIsActuallyAPony = retardedly good password (Long and makes no sense, so not in a dictionary, and you already remembered it for at least a few days just by reading it now)
Changing passwords often = bad (because you make short ones to remember them, and after a while you start writing them down) |
Akirei Scytale
Test Alliance Please Ignore
1049
|
Posted - 2012.04.27 08:08:00 -
[26] - Quote
Zed Jackelope wrote:It would be nice to re-use old passwords
That's a bigger security risk. TEST Alliance BEST Alliance |
supersexysucker
Uber Awesome Fantastico Awesomeness Group Ayn Sof Aur
82
|
Posted - 2012.04.27 08:08:00 -
[27] - Quote
Really you KNOW ccp is salting the pws and all?
Cause I seem to remember sony you know a HUGE co... had the pws in PLAIN TEXT lol |
Hannott Thanos
Notorious Legion
44
|
Posted - 2012.04.27 08:15:00 -
[28] - Quote
To emphasize. "MyHorseIsActuallyAPony" takes 9.1804 +ù 10^41 Years to solve with a dictionary attack. that's over 900.000.000.000.000.000.000.000.000.000.000.000.000.000 years. Good luck with that |
Akirei Scytale
Test Alliance Please Ignore
1049
|
Posted - 2012.04.27 08:16:00 -
[29] - Quote
Hannott Thanos wrote:To emphasize. "MyHorseIsActuallyAPony" takes 9.1804 +ù 10^41 Years to solve with a dictionary attack. that's over 900.000.000.000.000.000.000.000.000.000.000.000.000.000 years. Good luck with that
Or one human being who knows your sense of humour decently with a couple hours to burn.
The ideal is a lot more nonsensical than "MyHorseIsActuallyAPony" TEST Alliance BEST Alliance |
Jafit
Dreddit Test Alliance Please Ignore
105
|
Posted - 2012.04.27 08:18:00 -
[30] - Quote
Hannott Thanos wrote:To emphasize. "MyHorseIsActuallyAPony" takes 9.1804 +ù 10^41 Years to solve with a dictionary attack. that's over 900.000.000.000.000.000.000.000.000.000.000.000.000.000 years. Good luck with that
How about MyLittlePonyFriendshipIsMagicApplejackPinkiepieRarityFluttershyRainbowdashTwilightsparkle as a password?
I'm not saying that's my password...
...I'm saying that's my password. |
|
|
|
|
Pages: [1] 2 3 :: one page |
First page | Previous page | Next page | Last page |