bigwoody Posted March 4, 2010 Report Share Posted March 4, 2010 (edited) Today, I saw one of these password dumps from this hacker. Seeing some of the passwords you people use, you're all but asking to get hacked. Have you ever wondered why dictionary passwords are bad? On far too many encryptions, you can work out what the password is you are trying to crack by letter frequency, and if you're working in English, you're vulnerable to this on many encryption methods. Worse is when you use common passwords ("abc123"? REALLY?) even hashes won't save you. Some of you probably even do universal passwords. This is all but asking for a hacker to go further, like locking you out of your e-mail, going on a shopping spree with your paypal account, or worse. Now, its easy to do, just follow these steps: 1) Go here for secure, random passwords: https://www.grc.com/passwords.htm 2) At minimum, have a different password for your in-game nation, your "home" forums, the CN forums, and forums you administrate. This is damage control, if one of your passwords is stolen, it cannot then be re-used elsewhere. If you re-use passwords, you should be comfortable with potentially having many of them compromised at once. 3) For $%&@ sake PLEASE don't use the same password for important RL accounts as you do for CN. People can find those accounts via your e-mail and it can lead to huge trouble. Its that simple, just don't be lazy. Do it now. Edited March 4, 2010 by bigwoody Quote Link to comment Share on other sites More sharing options...
mdnss69 Posted March 4, 2010 Report Share Posted March 4, 2010 o/ common sense. tbh I don't even know my own password, just where the keys are on the keyboard... Quote Link to comment Share on other sites More sharing options...
Jyrinx Posted March 4, 2010 Report Share Posted March 4, 2010 I also recommend having a separate email address just for CN related stuff. This way nobody even knows what your real life email address is and thus there's no risk to your real email address being compromised. Quote Link to comment Share on other sites More sharing options...
theArrowheadian Posted March 4, 2010 Report Share Posted March 4, 2010 Or maybe people could just not take a game this seriously. Quote Link to comment Share on other sites More sharing options...
bigwoody Posted March 4, 2010 Author Report Share Posted March 4, 2010 [quote name='theArrowheadian' date='04 March 2010 - 11:40 AM' timestamp='1267724625' post='2213790'] Or maybe people could just not take a game this seriously. [/quote] You'd wish. However the steps I listed are sadly a bare minimum, as not following them risks ruining the game for others, or exposing your RL personal info to attack. Quote Link to comment Share on other sites More sharing options...
Gorard Posted March 4, 2010 Report Share Posted March 4, 2010 I recommend using last pass it's a plugin for browsers that stores your passwords and logs you in automatically, you only have to remember one password to open your password store. All of your passwords can be as complex as you like, here is an example of one of my passwords k_7A7'E=U,R'Dde]}w)f.7Lmp}[LJ<`\oA'.zynT/)1"(TsgYMC[=b/g7=>i!%d It works with Linux, Mac, Windows, and most smart phones.It supports most browsers, Firefox, Chrome, Safari, IE, I'm not sure about Opera but no one uses that anyway. Quote Link to comment Share on other sites More sharing options...
Smooth Posted March 4, 2010 Report Share Posted March 4, 2010 I actually posted an announcement about this on our forums earlier today. It's kinda ridiculous. Quote Link to comment Share on other sites More sharing options...
lonewolfe2015 Posted March 4, 2010 Report Share Posted March 4, 2010 Couple things of note: I very much doubt the correct passwords are being hashed everytime someone cracks a forum. Not a lot of people are dumb enough to use abc123 or WordWord or 123456 unless it's a mundane forum they don't care about. Second, if you use the automatic log in features or a big password repository, don't forget your passwords then... you have to record them somewhere. And when you use services to request new passwords, or store the passwords somewhere, make sure your e-mail or the giant password database have passwords you can easily remember, are different than anything else, and you rotate the passwords often. CHANGE your passwords every so often. Some places go so far as to give you an automatic password kill now so you are forced to use a new password. Quote Link to comment Share on other sites More sharing options...
Lord GVChamp Posted March 4, 2010 Report Share Posted March 4, 2010 [quote name='Smooth' date='04 March 2010 - 12:03 PM' timestamp='1267726016' post='2213800'] I actually posted an announcement about this on our forums earlier today. It's kinda ridiculous. [/quote] Just changed my forum password, actually :psy: Quote Link to comment Share on other sites More sharing options...
DocOctane Posted March 4, 2010 Report Share Posted March 4, 2010 Another solution would be for parents to beat their children into having respect for others. Quote Link to comment Share on other sites More sharing options...
Duncan King Posted March 4, 2010 Report Share Posted March 4, 2010 (edited) I actually just changed all of mine and consequentially, I am now locked out of my facebook account. Edited March 4, 2010 by Duncan King Quote Link to comment Share on other sites More sharing options...
Hiro Nakara Posted March 4, 2010 Report Share Posted March 4, 2010 That is a good website and some handy advice, thanks. [quote name='bigwoody' date='04 March 2010 - 04:44 PM' timestamp='1267721265' post='2213748'] Today, I saw one of these password dumps from this hacker. Seeing some of the passwords you people use, you're all but asking to get hacked. Have you ever wondered why dictionary passwords are bad? On far too many encryptions, you can work out what the password is you are trying to crack by letter frequency, and if you're working in English, you're vulnerable to this on many encryption methods. Worse is when you use common passwords ("abc123"? REALLY?) even hashes won't save you. Some of you probably even do universal passwords. This is all but asking for a hacker to go further, like locking you out of your e-mail, going on a shopping spree with your paypal account, or worse. Now, its easy to do, just follow these steps: 1) Go here for secure, random passwords: https://www.grc.com/passwords.htm 2) At minimum, have a different password for your in-game nation, your "home" forums, the CN forums, and forums you administrate. This is damage control, if one of your passwords is stolen, it cannot then be re-used elsewhere. If you re-use passwords, you should be comfortable with potentially having many of them compromised at once. 3) For $%&@ sake PLEASE don't use the same password for important RL accounts as you do for CN. People can find those accounts via your e-mail and it can lead to huge trouble. Its that simple, just don't be lazy. Do it now. [/quote] Quote Link to comment Share on other sites More sharing options...
Duncan King Posted March 4, 2010 Report Share Posted March 4, 2010 This is also a very good tool: http://www.microsoft.com/uk/protect/yourself/password/checker.mspx Quote Link to comment Share on other sites More sharing options...
Sandwich Controversy Posted March 4, 2010 Report Share Posted March 4, 2010 Use KeePass to generate ridiculous passwords and keep track of them. It's what the pros do. Quote Link to comment Share on other sites More sharing options...
tamerlane Posted March 4, 2010 Report Share Posted March 4, 2010 (edited) Best method in promoting internet security is giving icecream to nerds wherever you find them. Edited March 4, 2010 by tamerlane Quote Link to comment Share on other sites More sharing options...
Cotillion Posted March 4, 2010 Report Share Posted March 4, 2010 [quote name='Duncan King' date='04 March 2010 - 06:59 PM' timestamp='1267729361' post='2213855'] I actually just changed all of mine and consequentially, I am now locked out of my facebook account. [/quote] This happened to me on a couple of things. ;_; Quote Link to comment Share on other sites More sharing options...
Groucho Marx Posted March 4, 2010 Report Share Posted March 4, 2010 It's depressing that this actually needed to be said. Quote Link to comment Share on other sites More sharing options...
rabonnobar Posted March 4, 2010 Report Share Posted March 4, 2010 Something else I was thinking about that won't take care of the problem, but will help, is for all alliances to do a member purge where they delete accounts that haven't been used in the past 2 months or something. Thus, decreasing the amount of passwords that can be stolen from each forum. Quote Link to comment Share on other sites More sharing options...
bigwoody Posted March 4, 2010 Author Report Share Posted March 4, 2010 [quote name='Emperor Marx' date='04 March 2010 - 01:56 PM' timestamp='1267732826' post='2213918'] It's depressing that this actually needed to be said. [/quote] Yeah, this is way more difficult than a universal CN password. Personally my life would go on, as would most peoples, even if all my CN stuff got compromised, HOWEVER there is a chance people could take this too far and go after RL personal stuff (think bank accounts), so this needs to be taken seriously. Unfortunately. Quote Link to comment Share on other sites More sharing options...
omfghi2u2 Posted March 5, 2010 Report Share Posted March 5, 2010 what if my CN email has no correlation whatsoever to any of my RL stuff? -omfg Quote Link to comment Share on other sites More sharing options...
Goldie Posted March 5, 2010 Report Share Posted March 5, 2010 It is actually much smarter to use dumb unique passwords for websites than use a super strong password for all of them. That's what I do, if someone hacks RIA's boards and gets my retarded, easy to remember password, then there is nothing they can gain from it, but if someone took my strong password that I might use elsewhere, then there might be an issue. Quote Link to comment Share on other sites More sharing options...
Solaris Posted March 5, 2010 Report Share Posted March 5, 2010 [quote name='Lord GVChamp' date='04 March 2010 - 08:45 PM' timestamp='1267728636' post='2213844'] Just changed my forum password, actually :psy: [/quote]It's now abd124, isn't it, you sneaky man, you. Quote Link to comment Share on other sites More sharing options...
keeology Posted March 5, 2010 Report Share Posted March 5, 2010 it is sad that we have to do this. can we still say some people taking a game to seriously. but it is a few easy steps to protect your RL stuff and CN stuff. Quote Link to comment Share on other sites More sharing options...
Schattenmann Posted March 5, 2010 Report Share Posted March 5, 2010 bigwoody is the hacker. It is a trick. Quote Link to comment Share on other sites More sharing options...
Geoffron X Posted March 5, 2010 Report Share Posted March 5, 2010 [quote name='tamerlane' date='04 March 2010 - 02:13 PM' timestamp='1267730320' post='2213876'] Best method in promoting internet security is giving icecream to nerds wherever you find them. [/quote] It's true. Give me ice cream! But seriously, due to the recent hackings, the NPO about a month ago created guidelines and mandatory password changes for its forums, so even if someone chooses a terrible password the one time, at least it might not be every time... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.