open All Channels
seplocked EVE General Discussion
blankseplocked "Your password must: Contain at least one uppercase letter"
 
This thread is older than 90 days and has been locked due to inactivity.


 
Pages: 1 [2] 3 4

Author Topic

Azureite
Amarr
Special Forces Operation Detachment Delta
The 0rphanage
Posted - 2010.10.13 12:15:00 - [31]
 

I don't even understand the point of changing this. Anyone who doesn't either out of habit or paranoia sprinkle capital letters in their password is just going to make the first letter in their PW the required capital.

It won't make a single PW in the entire game more difficult to figure out, because the capital will always come at the beginning.

Buck Marui
Caldari
State War Academy
Posted - 2010.10.13 12:17:00 - [32]
 

Edited by: Buck Marui on 13/10/2010 12:20:58
Originally by: Paknac Queltel
Originally by: Buck Marui
And it never occured to them to use the industry security standard of sentences?
People tend to take words like 'password' literally, unfortunately.

I do so prefer sentences. Easy to remember, easy to type, typically harder to read over the shoulder of someone typing it in...

But of course, some idiot will have put a maximum limit on password length "so they won't forget it as easily".


FFFFFFFUUUUUUUUUUUUUUUUU!!!


hehe I think you misunderstood, you dont actually use the sentence Embarassed

You use certain letters of a sentence, so when someone says whats the password to "server" you can say something like "the grass is greener" and the password would be "tgig" obviously very simple there but you get the idea.

obviously this is further secured by using upper case and numbers in the sentences, also using a convention that only the people who need to know actually know, so you wouldn't just use the first letter of each word seriously.

This way you can openly tell someone the password and anybody overhearing would still not understand it.

Paknac Queltel
Baden's Army
Posted - 2010.10.13 12:22:00 - [33]
 

Originally by: Buck Marui
hehe I think you misunderstood, you dont actually use the sentence Embarassed

You use certain letters of a sentence, so when someone says whats the password to "server" you can say something like "the grass is greener" and the password would be "tgig" obviously very simple there but you get the idea.
Ah, that makes sense.

You know we once had someone working for us who had her current city of residence and some date as her password? She still wrote it down and taped the paper to her monitor. No password remembering scheme will help regular users.

Dirk Swan
Posted - 2010.10.13 12:24:00 - [34]
 

Its his account. Let him do what he wants with it.

Muul Udonii
Minmatar
THORN Syndicate
BricK sQuAD.
Posted - 2010.10.13 12:24:00 - [35]
 

I changed my password to 'Password1' then posted that on the forums. Now I can't get into my account and have lost all my assets. What's going on with that? Is it a bug?

Need moar account security nao plz!



(yes, it's sarcasm)

Buck Marui
Caldari
State War Academy
Posted - 2010.10.13 12:29:00 - [36]
 

Originally by: Paknac Queltel
Originally by: Buck Marui
hehe I think you misunderstood, you dont actually use the sentence Embarassed

You use certain letters of a sentence, so when someone says whats the password to "server" you can say something like "the grass is greener" and the password would be "tgig" obviously very simple there but you get the idea.
Ah, that makes sense.

You know we once had someone working for us who had her current city of residence and some date as her password? She still wrote it down and taped the paper to her monitor. No password remembering scheme will help regular users.


Haha, and to tape it to the monitor... HAHA

Guilliman R
Gallente
Northstar Cabal
Important Internet Spaceship League
Posted - 2010.10.13 13:59:00 - [37]
 

Originally by: Buck Marui
Originally by: Paknac Queltel

You know we once had someone working for us who had her current city of residence and some date as her password? She still wrote it down and taped the paper to her monitor. No password remembering scheme will help regular users.


Haha, and to tape it to the monitor... HAHA


You'd be sad if you know how many people actually do that in offices..

Mr Kidd
Posted - 2010.10.13 15:05:00 - [38]
 

Edited by: Mr Kidd on 13/10/2010 15:16:57
Edited by: Mr Kidd on 13/10/2010 15:06:24
CCP ought to allow the use of all 255 ANSI characters. That would make for some secure passwords.

Quote:

You know we once had someone working for us who had her current city of residence and some date as her password? She still wrote it down and taped the paper to her monitor. No password remembering scheme will help regular users.


It is impractical to expect people to remember every password for every site/system/program that requires it. These days it's too voluminous. And as we get older our abilities to remember "secure" passwords becomes increasingly difficult. Those of you in your teens, twenties and early thirties may not be able to empathize, but it's true. My best advice is for users to write down their passwords but, keep it on their person in a wallet or purse. Keeping a password list in electronic format, even with password managers, is a single point of epic failure. A physical list of passwords with just enough information to remind you what they're for, imo, is a better option. Most hackers will never have physical access to you or your belongings. My passwords for things I deem requiring "secure" passwords are generally over 10 character longs with letters, numbers, case. That's over a dozen complex passwords. There's no way I can remember them all, especially those that I use maybe once a month.

Another advantage of having a physical list of passwords is if lost or stolen, you'll know it and relatively quickly compared to an electronic format that may have been compromised, copied and distributed with little to no evidence for you to detect the breach.

De'Veldrin
Minmatar
Norse'Storm Battle Group
Intrepid Crossing
Posted - 2010.10.13 16:40:00 - [39]
 

Originally by: Guilliman R
Originally by: Buck Marui
Originally by: Paknac Queltel

You know we once had someone working for us who had her current city of residence and some date as her password? She still wrote it down and taped the paper to her monitor. No password remembering scheme will help regular users.


Haha, and to tape it to the monitor... HAHA


You'd be sad if you know how many people actually do that in offices..


The part that kills me is that people think replacing characters in a word with numbers that look like a letter are secure.

[email protected] really isn't that hard to figure out - really.

Tippia
Caldari
Sunshine and Lollipops
Posted - 2010.10.13 16:51:00 - [40]
 

Edited by: Tippia on 13/10/2010 16:55:01
Originally by: De'Veldrin
Originally by: Guilliman R
Originally by: Buck Marui
Originally by: Paknac Queltel
You know we once had someone working for us who had her current city of residence and some date as her password? She still wrote it down and taped the paper to her monitor. No password remembering scheme will help regular users.
Haha, and to tape it to the monitor... HAHA
You'd be sad if you know how many people actually do that in offices..
The part that kills me is that people think replacing characters in a word with numbers that look like a letter are secure.

[email protected] really isn't that hard to figure out - really.
Meh.

There's always the I-wrote-it-down-feint password scheme:
  1. Pick three letters.
  2. Pick a short sentence (with proper capitalisation and punctuation).
  3. Write said sentence down on the monitor post-it.
  4. When entering a password, use that sentence, but always skip the three letters picked in step 1.
You now have a reasonably complex, not-quite-dictionary-attackable password that is essentially only three letters long.

Buck Marui
Caldari
State War Academy
Posted - 2010.10.13 17:30:00 - [41]
 

Edited by: Buck Marui on 13/10/2010 17:33:55
Originally by: Tippia
You now have a reasonably complex, not-quite-dictionary-attackable password that is essentially only three letters long.


which is easily brute forced, and/or guessed especially since you used correct punctuation.

But I get your meaning

Oh wait nevermind I didn't get your meaning Embarassed

You mean to use the sentence and not the 3 letters.

Bit long-winded I think though

Tippia
Caldari
Sunshine and Lollipops
Posted - 2010.10.13 17:34:00 - [42]
 

Edited by: Tippia on 13/10/2010 17:36:40
Originally by: Buck Marui
which is easily brute forced, and/or guessed especially since you used correct punctuation.
Yes, but the hope is that people will notice the post-it™ with the neat "Password:" written on it… Razz

…still, you're right. Even so, since you're writing it down anyway, you can mess up both spelling and punctuation (or just use gibberish) — the actual password is in the three letters, not what's written on the note.
Quote:
Bit long-winded I think though
Yes. And good luck if you lose the post-it. Laughing

John B'dlam
Posted - 2010.10.13 17:36:00 - [43]
 

Originally by: Buck Marui
Edited by: Buck Marui on 13/10/2010 17:31:16
Originally by: Tippia
You now have a reasonably complex, not-quite-dictionary-attackable password that is essentially only three letters long.


which is easily brute forced, and/or guessed especially since you used correct punctuation.

But I get your meaning
There's also the old look-over-the-shoulder. Specifically avoiding certain keys can be obvious, if you happen to be doing it wrong.

But let's be honest, those of us who have even a semidecent system for remembering our unique passwords aren't the target. It's Jimmy and Jane down at HR who use the same password for everything and write it on a post-it under the keyboard that are.

Induc
Amarr
Posted - 2010.10.13 17:44:00 - [44]
 

Originally by: Dirk Swan
Its his account. Let him do what he wants with it.

Yes, but it's CCP's time when he comes screaming later wanting his hacked characters reimbursed.

Ocih
Amarr
Space Mermaids
Posted - 2010.10.13 18:05:00 - [45]
 

U need to think in MMO terms. Make the password people rage and

LOCK THE CAP BUTTON ON TO MAKE YOUR PASSWORD1

Barakkus
Posted - 2010.10.13 18:09:00 - [46]
 

Originally by: Manackel
Ever think that maybe it's because it's harder to guess your password when there's a mixture of upper and lower case letters, numbers and symbols?


Notrly

Mr Epeen
It's All About Me
Posted - 2010.10.13 18:10:00 - [47]
 

Lets see...

Two bank cards
Three credit cards
Two cellular providers
One ISP
Four Email accts
EVE acct
Five or six other games
Dozens of forums

50 or so passwords to remember. Is it any wonder people write them down, keep them simple, or use the same one for everything?

Biometrics FTW! Passwords are so last century.

Mr Epeen Cool

Barakkus
Posted - 2010.10.13 18:12:00 - [48]
 

Originally by: Mr Epeen
Biometrics FTW! Passwords are so last century.



This tbqfh.

KarumbaK
Amarr
Hedion University
Posted - 2010.10.13 18:29:00 - [49]
 

Originally by: Mr Epeen
Lets see...

Two bank cards
Three credit cards
Two cellular providers
One ISP
Four Email accts
EVE acct
Five or six other games
Dozens of forums

50 or so passwords to remember. Is it any wonder people write them down, keep them simple, or use the same one for everything?

Biometrics FTW! Passwords are so last century.

Mr Epeen Cool


Generally I use the same passwords but with different variations, such as diff numbers, or symbols to replace parts... works pretty well

Cory Sopapilla
Minmatar
Kiroshi Group
Posted - 2010.10.13 18:35:00 - [50]
 

It could always be worse. I find the ones who try to be the most "secure" with rules are the ones easiest to brute force if someone on the outside knows the rules. Do you have any idea how many possibilities are ruled out when it can't be more than 2 letters, 2 numbers, 2 shift-key chars in a row and must be 8 chars or more? It's like lowering the lottery #s from 1-52 to 1-20.

Must contain at least one capital letter is fine. IMO, use more than one though and don't make it spell some 'l33t' word. And 12345 is no longer safe after Spaceballs announced it for use on luggage ;)

Seriously though, so many people use the same password and username everywhere that it doesn't even matter what you use. Eventually they'll sign up for some 3rd party website for game info on a certain game and just hand it to them.

Stick Cult
Posted - 2010.10.13 19:03:00 - [51]
 

Edited by: Stick Cult on 13/10/2010 19:05:52
Originally by: KarumbaK
Originally by: Mr Epeen
Lets see...

Two bank cards
Three credit cards
Two cellular providers
One ISP
Four Email accts
EVE acct
Five or six other games
Dozens of forums

50 or so passwords to remember. Is it any wonder people write them down, keep them simple, or use the same one for everything?

Biometrics FTW! Passwords are so last century.

Mr Epeen Cool


Generally I use the same passwords but with different variations, such as diff numbers, or symbols to replace parts... works pretty well

I do too, but then things like this "you must have one capital letter" mess things up big time.

For example, I say I started with password. I've used it to register for about half a dozen things.
Oh, this website wants me to use a number. Ok, now I'll use password1 for everything. Now I've used THAT for half a dozen things.
Oh, now this website wants a capital letter. Time for Password1. Now I've used that in half a dozen things.
Now I need to have at least x characters. Time to change it again.
And it goes on.

Now I've got accounts/things that need passwords in a few dozen places, but with different variations. Most of my things now use various variations (lol) of the same password, BUT I HAVE NO IDEA WHICH ONE GOES WHERE! It usually comes down to thinking "hmm.. about what year did I register this account?" or just plain guessing.

Please, let me secure my account myself. kthxbi

/me jumps on the "get-rid-of-password-requirements-bandwagon"

edit: And yes, this has led to me having a text document on my desktop full of passwords. And things I could never remember like my Eve APIs and various IP addresses... Razz

Paknac Queltel
Baden's Army
Posted - 2010.10.13 19:03:00 - [52]
 

Originally by: Mr Epeen
Biometrics FTW! Passwords are so last century.
Please do press your password on everything you touch.

Cat o'Ninetails
Caldari
Rancer Defence League
Posted - 2010.10.13 19:04:00 - [53]
 

I was wondering if this would be more secure:

md5("Barclays[, EVE, Lloyds, Paypal, whatever]" + "password");

Means generating it everytime but an md5 function is not hard lol.

When I code and I need to store passwords etc, I tend to pre-salt with a long "randomish" code common to whatever it is I'm doing, information, then post-salt with a word like "userpass" or something:

so your password ($p) "fluffy" would be:
$presalt = "fkjgfdlkjglfdkjglkjdflg";
$member_pass = md5($presalt.$p."member");

or something Confused


x



Barkaial Starfinder
Minmatar
The Kairos Syndicate
Transmission Lost
Posted - 2010.10.13 19:20:00 - [54]
 

you really dont have to remember a lot of passwords..
you just need a personal system to integrate something not too obvious from where the password is being used, to your complex "invariable" password which you could change every 3 months.

i could share my methods but.. Rolling Eyes

Dr Neba
Posted - 2010.10.13 19:43:00 - [55]
 

I think its a great feature, it has stopped me from login in when i am drunk lol

Crias Taylor
GoonWaffe
Goonswarm Federation
Posted - 2010.10.13 19:46:00 - [56]
 

Edited by: Crias Taylor on 13/10/2010 19:48:55
Stop sucking at passwords.

Bud Logs In

Barakkus
Posted - 2010.10.13 21:35:00 - [57]
 

Originally by: Cat o'Ninetails
I was wondering if this would be more secure:

md5("Barclays[, EVE, Lloyds, Paypal, whatever]" + "password");

Means generating it everytime but an md5 function is not hard lol.

When I code and I need to store passwords etc, I tend to pre-salt with a long "randomish" code common to whatever it is I'm doing, information, then post-salt with a word like "userpass" or something:

so your password ($p) "fluffy" would be:
$presalt = "fkjgfdlkjglfdkjglkjdflg";
$member_pass = md5($presalt.$p."member");

or something Confused


x





You do realize md5 is very easy to crack right? You're better off using Blowfish.

Scorpyn
Caldari
Infinitus Odium
Posted - 2010.10.13 23:22:00 - [58]
 

When a program I used a while ago changed the maximum password length from 32 to 20 I was the only one to complain...

I'm not sure how long the eve passwords can get, but I think the maximum number of characters used to be 64 or something like that, so they can get quite long iirc.

Cat o'Ninetails
Caldari
Rancer Defence League
Posted - 2010.10.13 23:27:00 - [59]
 

Edited by: Cat o''Ninetails on 13/10/2010 23:31:24
Originally by: Barakkus

You do realize md5 is very easy to crack right? You're better off using Blowfish.


i think collisions are more of a worry than a crack Shocked

it was just an idea anyway and hashing is different from encryption lol :)

x

edit, i'll just tack this on:
why are spaces disallowed? for instance "i am cat and hate pirates" is a stronger password than "iamcatandihatepirates" though both are weak in my example, but hope my point is clear enough. sentences are quite good passwords imo but as i demonstrated above i am terrible at security lol Embarassed

Tippia
Caldari
Sunshine and Lollipops
Posted - 2010.10.13 23:29:00 - [60]
 

Originally by: Barakkus
You do realize md5 is very easy to crack right? You're better off using Blowfish.
Why would you want to use a cipher for hashing? They serve two rather different purposes…


Pages: 1 [2] 3 4

This thread is older than 90 days and has been locked due to inactivity.


 


The new forums are live

Please adjust your bookmarks to https://forums.eveonline.com

These forums are archived and read-only