open All Channels
seplocked EVE General Discussion
blankseplocked Eve Passwords MUST contain a capital letter
 
This thread is older than 90 days and has been locked due to inactivity.


 
Pages: [1] 2

Author Topic

Cypher V
Minmatar
Critical Mass Technologies
Posted - 2011.03.10 21:13:00 - [1]
 

wtf... This is so ANNOYING. I NEVER put a capital letter in there, and being forced to means I have to press the shift key and EBERTING!

Hate it.

Remove it.

Get it done.

Nina Mercedez
Posted - 2011.03.10 21:15:00 - [2]
 

Just change it to whatever you want then.

Patient 2428190
DEGRREE'Fo'FREE Internet Business School
Posted - 2011.03.10 21:15:00 - [3]
 

Yes, lets reduce the security of our accounts. That sounds like a smart idea.

Aessoroz
Nohbdy.
Posted - 2011.03.10 21:20:00 - [4]
 

Edited by: Aessoroz on 10/03/2011 21:20:04
Originally by: Patient 2428190
Yes, lets reduce the security of our accounts. That sounds like a smart idea.


Five bucks that 90% of users are making the first letter capital or the last one,thus negating any potential security gains and just ****ing off users.

Parah Salin McCain
Posted - 2011.03.10 21:20:00 - [5]
 

SO ANNOYING THAT CCP WANT TO INCREASE SECURITY AND HELP TO PROTECT OUR ACCOUNTS THOSE BASTARDS. ITS SO DIFFICULT TO INPUT AN UPPER CASE LETTER GOD DAMN YOU CROWD CONTROL PRODUCTIONS HIGH FIVE.

Zhim'Fufu
Posted - 2011.03.10 21:23:00 - [6]
 

Originally by: Cypher V
wtf... This is so ANNOYING. I NEVER put a capital letter in there, and being forced to means I have to press the shift key and EBERTING!

Hate it.

Remove it.

Get it done.
I wonder if the op would develop an aneurysm if they made you use a number too? Very Happy

Marchocias
Posted - 2011.03.10 21:23:00 - [7]
 

Edited by: Marchocias on 10/03/2011 21:23:27
Originally by: Patient 2428190
Yes, lets reduce the security of our accounts. That sounds like a smart idea.


Actually, forcing there to be at least one capital slightly reduces security because any attacker now knows that the password has at least one capital in it.

The only benefit to it is so that people creating passwords are made aware that they can use capitals, so that more do, and guessing becomes generally more difficult.

However, this is only increasing security for those people who don't already use capitals, and who will probably, for simplicities sake, only use a capital on the first available letter, thereby leaving us back where we started (because anyone who was going to guess a password with all lowercase letters, will now do exactly the same just with the first one capitalised).

Therefore, on average, it slightly decreases security.

De'Veldrin
Minmatar
Norse'Storm Battle Group
Intrepid Crossing
Posted - 2011.03.10 21:26:00 - [8]
 

Originally by: Marchocias
Edited by: Marchocias on 10/03/2011 21:23:27
Originally by: Patient 2428190
Yes, lets reduce the security of our accounts. That sounds like a smart idea.


Actually, forcing there to be at least one capital slightly reduces security because any attacker now knows that the password has at least one capital in it.

The only benefit to it is so that people creating passwords are made aware that they can use capitals, so that more do, and guessing becomes generally more difficult.

However, this is only increasing security for those people who don't already use capitals, and who will probably, for simplicities sake, only use a capital on the first available letter, thereby leaving us back where we started (because anyone who was going to guess a password with all lowercase letters, will now do exactly the same just with the first one capitalised).

Therefore, on average, it slightly decreases security.


And the "really clever" ones turn on caps lock to "make it harder to guess" their passwords.
Rolling Eyes

Parah Salin McCain
Posted - 2011.03.10 21:29:00 - [9]
 

Originally by: Marchocias


Therefore, on average, it slightly decreases security.

... IN YOUR OPINION

Kraal Jarik
Posted - 2011.03.10 21:34:00 - [10]
 

None of mine contain capital letters, so OP = fail.

Barakkus
Posted - 2011.03.10 21:35:00 - [11]
 

Dear CCP, please fix the search function so we don't have to see the same threads repeatedly.

Thanks.

Patient 2428190
DEGRREE'Fo'FREE Internet Business School
Posted - 2011.03.10 21:35:00 - [12]
 

Originally by: Marchocias
Edited by: Marchocias on 10/03/2011 21:23:27
Originally by: Patient 2428190
Yes, lets reduce the security of our accounts. That sounds like a smart idea.


Actually, forcing there to be at least one capital slightly reduces security because any attacker now knows that the password has at least one capital in it.

The only benefit to it is so that people creating passwords are made aware that they can use capitals, so that more do, and guessing becomes generally more difficult.

However, this is only increasing security for those people who don't already use capitals, and who will probably, for simplicities sake, only use a capital on the first available letter, thereby leaving us back where we started (because anyone who was going to guess a password with all lowercase letters, will now do exactly the same just with the first one capitalised).

Therefore, on average, it slightly decreases security.


Even in the case of worst case of PW strength, first letter capitalized and the rest lowercase changes nothing for brute force hacking

The second you get somebody with the faint shred of intelligence (weird I know, but sometimes I'm optimistic about people) and they move their required capital letter to a different letter in PW, the strength of the password is improved.

TBH, they should require a really secure PW (Unique characters, Capitals and numbers, the whole works) and giant prompt saying "DO NOT USE THIS PASSWORD FOR ANYTHING BUT YOUR EVE ONLINE ACCOUNT". If you going to try to save people from stupid, don't do it half assed.

Kieron VonDeux
Posted - 2011.03.10 21:36:00 - [13]
 

Edited by: Kieron VonDeux on 10/03/2011 21:36:31
Originally by: Zhim'Fufu
I wonder if the op would develop an aneurysm if they made you use a number too? Very Happy


Or, God forbid, a "special" character.

Azureite
Amarr
Special Forces Operation Detachment Delta
The 0rphanage
Posted - 2011.03.10 21:38:00 - [14]
 

Originally by: Aessoroz
Edited by: Aessoroz on 10/03/2011 21:20:04
Originally by: Patient 2428190
Yes, lets reduce the security of our accounts. That sounds like a smart idea.


Five bucks that 90% of users are making the first letter capital or the last one,thus negating any potential security gains and just ****ing off users.
^this

CCP Adida


C C P
C C P Alliance
Posted - 2011.03.10 22:00:00 - [15]
 

It helps with your account security. We could allow people have their password at 12345 but wouldn't that be easy to guess?

Katsumoto
Caldari
Quam Singulari
Session Changes
Posted - 2011.03.10 22:06:00 - [16]
 

I have that combination on my luggage!

Wen Illiad
Gallente
GoonWaffe
Goonswarm Federation
Posted - 2011.03.10 22:12:00 - [17]
 

Originally by: Katsumoto
I have that combination on my luggage!
You too?!?

Tippia
Caldari
Sunshine and Lollipops
Posted - 2011.03.10 22:26:00 - [18]
 

Also, see this.

sableye
principle of motion
Posted - 2011.03.10 22:50:00 - [19]
 

Edited by: sableye on 10/03/2011 22:53:13
nevermind

Ban Doga
Posted - 2011.03.10 22:50:00 - [20]
 

Originally by: Marchocias
Edited by: Marchocias on 10/03/2011 21:23:27
Originally by: Patient 2428190
Yes, lets reduce the security of our accounts. That sounds like a smart idea.


Actually, forcing there to be at least one capital slightly reduces security because any attacker now knows that the password has at least one capital in it.

The only benefit to it is so that people creating passwords are made aware that they can use capitals, so that more do, and guessing becomes generally more difficult.

However, this is only increasing security for those people who don't already use capitals, and who will probably, for simplicities sake, only use a capital on the first available letter, thereby leaving us back where we started (because anyone who was going to guess a password with all lowercase letters, will now do exactly the same just with the first one capitalised).

Therefore, on average, it slightly decreases security.


That's why common sense fails at probability theory.

By your theory guessing a password must have been much easier in the past, because most people didn't use any capital letters at all and reducing the number of different letters used in a password (actually cutting it in half) makes it much easier to apply brute force or simple guessing successfully.

Unless of course you wanted to imply that passwords already contained capital letters in which case the security is not reduced AT ALL.

Rguy Amphal
Posted - 2011.03.10 23:03:00 - [21]
 

Originally by: Marchocias


Actually, forcing there to be at least one capital slightly reduces security because any attacker now knows that the password has at least one capital in it.



I could start talking about password cracking permutations to point out how dumb was your comment, but I won't.

Julius Rigel
Sub-warp Racing Venture
Posted - 2011.03.11 01:21:00 - [22]
 

Originally by: CCP Adida
It helps with your account security. We could allow people have their password at 12345 but wouldn't that be easy to guess?
I've been using that joke for years when telling people about the combinations to the bookmark cans. Laughing

Awesome Possum
Original Sin.
PURPLE HELMETED WARRIORS
Posted - 2011.03.11 01:25:00 - [23]
 

Adida, account security should be the responsibility of the user. Measures like this make it sound like you are taking responsibility and accountability for people's account security. So when they do get "hacked", you are to blame, not the user.

On a related issue, I dislike the fact that CCP keeps a record of peoples' old passwords. What should happen if that fell into the hands of the "bad people"? Once I change my password, there should be no record or indication of what it was in your files.

Imajitaaltofanalt ofanalt
Posted - 2011.03.11 01:27:00 - [24]
 

hey, look at me, I'm a geek! I can haxxorz joo!

seriously... i use numberz for my pazzwordz

Lothris Andastar
Posted - 2011.03.11 01:38:00 - [25]
 

Edited by: Lothris Andastar on 11/03/2011 01:39:30
Originally by: CCP Adida
It helps with your account security. We could allow people have their password at 12345 but wouldn't that be easy to guess?
Actually, CCP Adida, it Weakens account security.

A Password that can POSSIBLY have an all lower case password is harder to crack than a Password where one letter is CERTAINLY a Capital Letter. By forcing at least 1 capital letter, you eliminate the billions of potential all lower case passwords, meaning less word for any attacker to try and find the password.

Add to the fact that a grand total of zero accounts are compromised by brute force attacks (they are comprimised via keyloggers because naughty people buy isk), this has zero impact on account security and just annoys people.

Barakkus
Posted - 2011.03.11 01:50:00 - [26]
 

Originally by: Lothris Andastar
Edited by: Lothris Andastar on 11/03/2011 01:39:30
Originally by: CCP Adida
It helps with your account security. We could allow people have their password at 12345 but wouldn't that be easy to guess?
Actually, CCP Adida, it Weakens account security.

A Password that can POSSIBLY have an all lower case password is harder to crack than a Password where one letter is CERTAINLY a Capital Letter. By forcing at least 1 capital letter, you eliminate the billions of potential all lower case passwords, meaning less word for any attacker to try and find the password.

Add to the fact that a grand total of zero accounts are compromised by brute force attacks (they are comprimised via keyloggers because naughty people buy isk), this has zero impact on account security and just annoys people.


Not this again.

No it doesn't, you have no clue about what you are talking about.

Awesome Possum
Original Sin.
PURPLE HELMETED WARRIORS
Posted - 2011.03.11 02:13:00 - [27]
 

Originally by: Barakkus
Originally by: Lothris Andastar
Edited by: Lothris Andastar on 11/03/2011 01:39:30
Originally by: CCP Adida
It helps with your account security. We could allow people have their password at 12345 but wouldn't that be easy to guess?
Actually, CCP Adida, it Weakens account security.

A Password that can POSSIBLY have an all lower case password is harder to crack than a Password where one letter is CERTAINLY a Capital Letter. By forcing at least 1 capital letter, you eliminate the billions of potential all lower case passwords, meaning less word for any attacker to try and find the password.

Add to the fact that a grand total of zero accounts are compromised by brute force attacks (they are comprimised via keyloggers because naughty people buy isk), this has zero impact on account security and just annoys people.


Not this again.

No it doesn't, you have no clue about what you are talking about.


Please provide proof that accounts are being compromised via brute force and not keylogging/social engineering.

Barakkus
Posted - 2011.03.11 02:17:00 - [28]
 

Edited by: Barakkus on 11/03/2011 02:26:20
Originally by: Awesome Possum
Originally by: Barakkus
Originally by: Lothris Andastar
Edited by: Lothris Andastar on 11/03/2011 01:39:30
Originally by: CCP Adida
It helps with your account security. We could allow people have their password at 12345 but wouldn't that be easy to guess?
Actually, CCP Adida, it Weakens account security.

A Password that can POSSIBLY have an all lower case password is harder to crack than a Password where one letter is CERTAINLY a Capital Letter. By forcing at least 1 capital letter, you eliminate the billions of potential all lower case passwords, meaning less word for any attacker to try and find the password.

Add to the fact that a grand total of zero accounts are compromised by brute force attacks (they are comprimised via keyloggers because naughty people buy isk), this has zero impact on account security and just annoys people.


Not this again.

No it doesn't, you have no clue about what you are talking about.


Please provide proof that accounts are being compromised via brute force and not keylogging/social engineering.


I'm not suggesting that, I'm suggesting that the requirement of at least 1 uppercase character does not reduce the number of combinations that can be used for a brute force attack.

I agree, most account compromises happen due to stupid people, not brute force attacks.

And actually, I might add, most times someone who gets compromised used the same user name and password for EVE on some random fansite or whatnot that gets hacked.

For those of you interested:
Hacking Exposed 6 I've had occasion to meet George Kurtz a few times due to him doing some contract work for where I work, he's brilliant.

Infinity Ziona
Minmatar
Cloakers
Posted - 2011.03.11 02:43:00 - [29]
 

Originally by: Barakkus
I'm not suggesting that, I'm suggesting that the requirement of at least 1 uppercase character does not reduce the number of combinations that can be used for a brute force attack.

This is so wrong its ridiculous and can only be a troll.

Requiring a single capital letter reduces possible permutations because it eliminates every permutation that consists of only lowercase and every permutation that consists of lowercase and numeric characters.

Barakkus
Posted - 2011.03.11 03:07:00 - [30]
 

Edited by: Barakkus on 11/03/2011 03:27:55
Originally by: Infinity Ziona
Originally by: Barakkus
I'm not suggesting that, I'm suggesting that the requirement of at least 1 uppercase character does not reduce the number of combinations that can be used for a brute force attack.

This is so wrong its ridiculous and can only be a troll.

Requiring a single capital letter reduces possible permutations because it eliminates every permutation that consists of only lowercase and every permutation that consists of lowercase and numeric characters.


Please see page 53.
http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf

CCP should follow the guidelines listed in the previous link of requiring 3 of the 4 standard password requirements actually. Requiring just one isn't enough, but I don't think they suffer very many brute force attacks.

Unless the attacker knows exactly which character(s) is upper case, it still increases the number of possibilities regardless. By forcing the increase in the character set, you increase the amount of time it will take to brute force. Most people will use all lower case, in which case forcing at least 1 upper case character increases the possible characters 2 fold.


Pages: [1] 2

This thread is older than 90 days and has been locked due to inactivity.


 


The new forums are live

Please adjust your bookmarks to https://forums.eveonline.com

These forums are archived and read-only