Posted - 2010.09.04 14:39:00 - [91]

 

Originally by: Galvatine

---

I never said anything about their efficacy but if I want to see someone trying to brute force a password I need only log into one of many firewalls and take a peek at the audit. They don't get in, but they do try all the time (and yeah its normally some lame dictionary based attack)

Locking your permitted sources down to an IP or a range, or even geographically blocking will assist somewhat, especially if you can tie it down to a known source but how many game providers would do that, especially given the movable nature of IP addresses for most of their base of users...

As for crack time, assuming a 1/2 decent admin your probably talking not possible at all as timeouts, lockouts and mails to said admin would likely cause them to change the password or block the IP address(s).

The point still stands though, longer passwords tend to make people think about security (look at this discussion), this is a good thing. Short passwords tend to make people forget about it, this is a bad thing and from that perspective I can't support the idea.

Surely it is not that much of an ache having to type 3 more characters?

---

It sure made me think, to the point where i wrote simple eve launcher that inputs login/password for me, now i just got another launcher for each account. Thats a secure way, right ?

And as you admitted, this brute forces happens but are as effective as those guys that jump on the road to stop a moving car with their bodies. Car will keep moving, idiot will die.

Posted - 2010.09.04 17:22:00 - [93]

 

Originally by: Galvatine

---

Originally by: Valandril

---

Originally by: Galvatine

---

I never said anything about their efficacy but if I want to see someone trying to brute force a password I need only log into one of many firewalls and take a peek at the audit. They don't get in, but they do try all the time (and yeah its normally some lame dictionary based attack)

Locking your permitted sources down to an IP or a range, or even geographically blocking will assist somewhat, especially if you can tie it down to a known source but how many game providers would do that, especially given the movable nature of IP addresses for most of their base of users...

As for crack time, assuming a 1/2 decent admin your probably talking not possible at all as timeouts, lockouts and mails to said admin would likely cause them to change the password or block the IP address(s).

The point still stands though, longer passwords tend to make people think about security (look at this discussion), this is a good thing. Short passwords tend to make people forget about it, this is a bad thing and from that perspective I can't support the idea.

Surely it is not that much of an ache having to type 3 more characters?

---

It sure made me think, to the point where i wrote simple eve launcher that inputs login/password for me, now i just got another launcher for each account. Thats a secure way, right ?

And as you admitted, this brute forces happens but are as effective as those guys that jump on the road to stop a moving car with their bodies. Car will keep moving, idiot will die.

---

If you made yourself a launcher, why complain?

---

So if i find a way around the system (lets say taxes) i should stop complaining how terrible they are ?

Posted - 2010.09.05 09:59:00 - [95]

 

Wait, so you have no issues with the password anymore, and other people never had them (as they posted in the thread).

Why do you bring this up then?

Posted - 2010.09.05 11:12:00 - [97]

 

And the best part is, this will change nothing.

Posted - 2010.09.06 19:40:00 - [99]

 

The longer password is considered an industry-wide best practice. Arguments for and against, it's still considered that in all the training and documentation I've seen that touches on the subject. CCP likely takes best practices into consideration. So to get CCP to change their policy, you'd have to get the best practice changed worldwide.