Enough!!!

[memoryproblems]

About a month ago or so, maybe it wasn't that long ago, when the alliance Darkstar got their forums hacked I made an initiative to become more secure. I finally got my $@! in gear and finished after hearing about the recent RoK/RIA forum hackings.

Steps i took included changing the approach I took with email and changing my password on every site i could remember to 30+ character passwords. To keep track of the multiple passwords, 1) firefox remembers them, but i have to enter a master password at the beginning of every firefox session (in case my computer gets stolen or some friend using it decides to screw around) and they are all stored in a spreadsheet, which in turn is stored in an encrypted file on my desktop, courtesy of TrueCrypt.

Its unfortunate this is happening, but its not in vain, we are learning from our (and others) mistakes and becoming better prepared for the future.

Whats sad is that the hacker doesn't have anything better to focus his energy on then this game.

Edited March 5, 2010 by memoryproblems

[Homura]

I keep different and much more complex passwords for my web e-mail, because I don't want someone to take and abuse knowledge about my private life for in-game purposes.

[bros]

what password list was posted last night

[Prime minister Johns]

Here are some tips for creating a secure password you can remember.

1: Make a reasonably long sentence.
Example: I would like to make a nice and secure password. (10 words)

2: Take the first letter of each word in the sentence.
Example: Iwltmanasp (10 characters)

3: Add some numbers. (2 numbers, in spots you can remember, I chose the first and last characters)
Example: 1Iwltmanasp9 (12 characters)

4: Add some punctuation. (2 marks, in spots you can remember, I chose the 5th and 5th last characters)
Example: 1Iwl^tman&asp9 (14 characters)

[MaGneT]

It's also very easy to write your own programs to generate passwords if you don't trust online generators. I generate my own 30+ character passwords with my own (very crude) program in Python that takes anyone with minimal experience about 10 minutes to write.

[bigwoody]

[quote name='Schattenmann' date='05 March 2010 - 10:38 AM' timestamp='1267807419' post='2214933']
bigwoody is the hacker. It is a trick.
[/quote]
Of course!

[quote name='MaGneT' date='05 March 2010 - 09:25 PM' timestamp='1267846232' post='2215566']
It's also very easy to write your own programs to generate passwords if you don't trust online generators. I generate my own 30+ character passwords with my own (very crude) program in Python that takes anyone with minimal experience about 10 minutes to write.
[/quote]
If you know how to write said program, my post was probably redundant. The target audience might not have realized their passwords needed urgent changing, even if they have not yet been caught (I havent had an account on any of the so-far hacked boards, but I do this followup anyways).

[iamthey]

Its sad that this is even necessary. I have yet to figure out why someone would even waste the time it takes to hack someone on CN.

[Quinoa Rex]

I gain a little faith in humanity, and then I realise that so many people are totally brain-dead when it comes to securing a computer on the most basic level. You learn how to use combination locks for physical storage spaces -- same concept.

[Zombie Glaucon]

[quote name='bigwoody' date='04 March 2010 - 10:43 AM' timestamp='1267721265' post='2213748']
2) At minimum, have a different password for your in-game nation, your "home" forums, the CN forums, and forums you administrate. This is damage control, if one of your passwords is stolen, it cannot then be re-used elsewhere. If you re-use passwords, you should be comfortable with potentially having many of them compromised at once.
3) For $%&@ sake PLEASE don't use the same password for important RL accounts as you do for CN. People can find those accounts via your e-mail and it can lead to huge trouble.

Its that simple, just don't be lazy. Do it now.
[/quote]

On top of this, it's not hard to use long, different passwords for sites if you use a password manager. Password Safe (http://passwordsafe.sourceforge.net/) is particularly good for Windows users. It stores your passwords encrypted on your hard drive, then you only need to remember one (which should be strong!) to get access to the rest. If you use it you don't even need to know the passwords you use for different sites (but make sure to backup the password DB), just copy and paste them from the DB.

Make it easy on yourself!

[Xiphosis]

I love some of these. "diplomaat"? "password"? Really? XD

[zzzptm]

I'm just going to stop registering as a diplomat on other forums. Security through inactivity.

[MaGneT]

[quote name='bigwoody' date='05 March 2010 - 11:48 PM' timestamp='1267851209' post='2215661']
If you know how to write said program, my post was probably redundant. The target audience might not have realized their passwords needed urgent changing, even if they have not yet been caught (I havent had an account on any of the so-far hacked boards, but I do this followup anyways).
[/quote]
Not necessarily. Even the moderately savvy folks like myself can get lazy at times. This made me check my saved passwords list on Firefox, and I realized a whole bunch of my CN related stuff had the same password. It's a strong password, but I'd rather not have an ally's forum get hacked then give someone the ability to access my nation.

Needless to say, that was remedied. My nation password is now unique.

[Hyperbad]

Don't forget character map where permitted and foreign language characters. Those additions increase the possibilities exponentially. Just make sure the website supports them. Some flat out won't accept them and some will upon submission but when you try to log in you get database errors.

An example of the craziness one of the passwords I used to have in the past: öQMहिं³文§0¹Ãš©«U,दी½;2

Good luck with that.

[Nizzle]

1234554321

Hasn't failed me yet. Some people can't process hitting the "5" again.

[Lord Rune]

I tend to go for whatever swear words come to mind when prompted for a new password, with some numbers thrown in for good measure.

[Booter]

My password is ************

[Neo Uruk]

[quote name='Booter' date='13 March 2010 - 10:48 PM' timestamp='1268542444' post='2225110']
My password is ************
[/quote]
My password is much more complex than that.

Edited March 14, 2010 by Rey the Great

[Stilcho]

The 1 or 2 passwords that you don't want to write down or store anywhere (banking, paypal, etc) can be created and remembered by taking two numbers that you've already remembered and combining/mixing them.

[James IV]

Cool kids use their social of course. Its hard to believe people actually use "password" as a password. lol

[Joe Stupid]

[quote name='James IV' date='19 March 2010 - 08:37 PM' timestamp='1269045433' post='2230738']
Cool kids use their social of course. Its hard to believe people actually use "password" as a password. lol
[/quote]

That was my original AOL password like 10-15 years ago. it was awesome.

also i just use the same CN password for everything, and i don't bank online, makes life a little easier.

[MIKE1587]

I honestly never believed people were stupid enough to abc123 or something like that . Just the other day I was asked to sign in to an account on another website by a family member who went on to give me their password which was 1234567 . I was like you've got to be kidding me. I then went on to chastise them about password security. I can't believe people are really that stupid .

[Oppressed]

[quote name='DocOctane' date='04 March 2010 - 12:58 PM' timestamp='1267729064' post='2213852']
Another solution would be for parents to beat their children into having respect for others.
[/quote]
This is obviously the only solution to the problem.