Account security suggestions

Account or connection issues

Account security suggestions

by Uzephi » Thu Mar 17, 2016 9:34 pm

As described in the below linked thread, there was a security leak somewhere, either on another private server or another entity. These suggestions are common sense but should be considered for your account security.

viewtopic.php?f=2&t=38394

Password strength
  • More than 8 characters, suggested 16. (will explain further down the post)
  • Combination of letters, numbers and special characters.
  • No duplicated letters/numbers/symbols
  • No numbers/symbols/letters in order on keyboard or alphabetically(1234, asdf, abcd, !@#$, etc)
  • Unique from other sites/logins(don't have forum and game account the same or game and Tuleap the same)

Examples of bad passwords with their reasons
Below is a few random password and the websites used to check them are checking rainbow tables, dictionary hack, and brute force.
site 1: https://howsecureismypassword.net/
Site 2: http://www.passwordmeter.com/
  • 1337h3@lz: 3 is repeated 3 times, numbers in concession 4 times, no capital letters. Under 12 characters. Security: low. Site 1: 6 days to crack Site 2: 83% secure.
  • potatosoapdrink: 9 repeat characters, all lower case, no numbers or symbols. Security: low Site 1 13k years to crack with the algorithm they use. Site 2: 17% secure.

Examples of good passwords with their reasons
Same sites as above with two example passwords.
  • I@tLd!O3wEbM: Password is a sentence with interchanging capital letters and using symbols. "I ate the last donut! Only three were eaten by me." Simple to remember but pretty hard to crack. First site: 344k years. Second site: 100% secure.
  • w]r4/u7F]q2HN8$U: Password was a random made by a GM on page 3 of announcement thread linked at the beginning. Hard to remember, hard to crack. First site: 412 trillion years. Second site: 100% secure.

Why having a secure password is needed
As technology progresses and we get faster computers, cracking password get quicker and more simple. Security vulnerabilities in SSL, SQL, and other encryption databases gets compromised and until those holes are found and patched, that version is susceptible to attack. Most passwords are stored as a hash sum. This means it isn't saved as plain text.

In most cases if a database is hacked or have a MTM attack, they will most likely get the hash sum of your password and have a rainbow table crack the password. The first site uses that method of cracking. An 8 character password can be cracked with an average PC with this kind of hack within 3 days. Longer passwords require a longer hash making the password significantly less likely from being vulnerable to being cracked. Increasing from 8 to 12 characters makes that 3 days jump to 344 thousand years.

Should I change my password?
If you used a site that has an outdated security certificate and it shares the same login as your in game account. Change it as soon as possible! It is common practice to change your password everywhere at least every 3-6 months. If you password is recent and not used elsewhere, you should be safe. Do a malware/Virus scan and see if you have any PUPs (potentially unwanted programs), hacktools, viruses, etc. If any come up, change your password. When you do any scan for malicious files/software, be sure to download the most recent database from your AV program. Be weary as there is always new forms of malicious code out there and databases only update what they found, not a threat that was made by (random coder/hacker name here) last night.

Final Thoughts
Account security is the user's responsibility and hopefully this will help you secure your account better. Happy Hunting and have fun!
Uzephi
Stone Guard
Stone Guard
 

Return to Support