test content
What is the Arc Client?
Install Arc

Happy First Contact Day... Go Change Your Password

commadorebobcommadorebob Member Posts: 1,223 Arc User
I want to wish everyone a T-50 year anniversary of First Contact Day!

But given recent news of a fleet having their assets stolen by a TRIBBLE account, I think today would be a great day for everyone to change their passwords. You should be changing them out twice a year anyway but I know some of us are guilty of not doing so (myself included).

So celebrate the day the world changes forever by changing your password to STO! Protect your stuff!

Since your password is only as secure as you make it, use this great password tester: http://howsecureismypassword.net/
According to it, a hacker would need 83 quintillion years to hack my home router.
"If you have never used Cello, I'm not interested in your browser opinion."
___________________________
In game: Commadore_Bob; Joined Jul 2009; That post count + 20,000
Post edited by commadorebob on
«1

Comments

  • gespensterjaegergespensterjaeger Member Posts: 157 Arc User
    edited April 2013
    I want to wish everyone a T-50 year anniversary of First Contact Day!

    But given recent news, I think today would be a great day for everyone to change their passwords. You should be changing them out twice a year anyway but I know some of us are guilty of not doing so (myself included).

    So celebrate the day the world changes forever by changing your password to STO! Protect your stuff!

    what news ?
    If only they fix Cloaking bugg :( *new message BOOM decloacked.
  • commadorebobcommadorebob Member Posts: 1,223 Arc User
    edited April 2013
    Ah, there was a "break-in" of a players account that resulted in a fleet losing everything. So, I'm merely suggesting that everyone take a moment to change their passwords. You know, to protect your stuff.
    "If you have never used Cello, I'm not interested in your browser opinion."
    ___________________________
    In game: Commadore_Bob; Joined Jul 2009; That post count + 20,000
  • shockwave85shockwave85 Member Posts: 1,040 Arc User
    edited April 2013
    My password is a string of random garbage. When I want to log in, I go to LastPass and copy/paste the password into the launcher. I'd encourage everybody to adopt LastPass or something similar, and start using randomized passwords for their logins.
    ssog-maco-sig.jpg
  • tinkerstormtinkerstorm Member Posts: 853 Arc User
    edited April 2013
    My password is a string of random garbage. When I want to log in, I go to LastPass and copy/paste the password into the launcher. I'd encourage everybody to adopt LastPass or something similar, and start using randomized passwords for their logins.
    Or, you know, just don't share your user account.
  • pointedearspointedears Member Posts: 0 Arc User
    edited April 2013
    No matter how much you might trust that fleet member who you have never met in real life but feel you can share your account with them JUST DONT.

    Think how much time you have invested into your account as well as money and ask yourselves how you would feel if that got taken form you :rolleyes:
    [SIGPIC][/SIGPIC]
  • sunfranckssunfrancks Member Posts: 3,925 Arc User
    edited April 2013
    The only problem is PWE does not like long passwords. Over 10 characters and it all goes to hell.....
    Fed: Eng Lib Borg (Five) Tac Andorian (Shen) Sci Alien/Klingon (Maelrock) KDF:Tac Romulan KDF (Sasha) Tac Klingon (K'dopis)
    Founder, member and former leader to Pride Of The Federation Fleet.
    What I feel after I hear about every decision made since Andre "Mobile Games Generalisimo" Emerson arrived...
    3oz8xC9gn8Fh4DK9Q4.gif





  • elessymelessym Member Posts: 0 Arc User
    edited April 2013
    sunfrancks wrote: »
    The only problem is PWE does not like long passwords. Over 10 characters and it all goes to hell.....

    Why do you think that? My password is over 10 characters...
    "Participation in PVP-related activities is so low on an hourly, daily, weekly, and monthly basis that we could in fact just completely take it out of STO and it would not impact the overall number of people [who] log in to the game and play in any significant way." -Gozer, Cryptic PvP Dev
  • cuatelacuatela Member Posts: 296 Arc User
    edited April 2013
    I want to wish everyone a T-50 year anniversary of First Contact Day!

    But given recent news of a fleet having their assets stolen by a TRIBBLE account, I think today would be a great day for everyone to change their passwords. You should be changing them out twice a year anyway but I know some of us are guilty of not doing so (myself included).

    So celebrate the day the world changes forever by changing your password to STO! Protect your stuff!

    Since your password is only as secure as you make it, use this great password tester:
    (website link)
    According to it, a hacker would need 83 quintillion years to hack my home router.



    Yeah... that's pretty brilliant too. Make a website called "password tester", and then just wait for people to give you their passwords. :rolleyes:

  • lan451lan451 Member Posts: 3,386 Arc User
    edited April 2013
    It's over 14 characters when the system freaks out. I usually use passwords over 14, but had to downsize so I could actually log in.

    Also if their account was TRIBBLE, how did they get around Cryptic's email code thing? Whenever I change locations or log in on a different PC it doesn't let me log in until I go copy/paste the code they send to my email. I doubt that both this persons email AND game account were TRIBBLE. Sounds like they shared account info with someone, which is a big no-no.
    JWZrsUV.jpg
    Mine Trap Supporter
  • hevachhevach Member Posts: 2,777 Arc User
    edited April 2013
    cuatela wrote: »
    Yeah... that's pretty brilliant too. Make a website called "password tester", and then just wait for people to give you their passwords. :rolleyes:

    Passwords with no usernames are even less useful than usernames with no passwords. At least with the username you probably know what service the account is for.
  • erei1erei1 Member Posts: 4,081 Arc User
    edited April 2013
    cuatela wrote: »
    Yeah... that's pretty brilliant too. Make a website called "password tester", and then just wait for people to give you their passwords. :rolleyes:
    Exactly :)
    [SIGPIC][/SIGPIC]
  • topsettopset Member Posts: 0 Arc User
    edited April 2013
    My password is a string of random garbage. When I want to log in, I go to LastPass and copy/paste the password into the launcher. I'd encourage everybody to adopt LastPass or something similar, and start using randomized passwords for their logins.

    I considered this at one point but I hate the idea of not knowing what my passwords are. You know what's going to happen, your HDD is going to fail and your list of passwords from whatever clever software you're using are gone. The only other option is backup on the cloud - and I don't like the idea of having every password I use somewhere on the internet, no matter how "secure" the software is.
    [SIGPIC][/SIGPIC]
    Kirk's Protege.
  • sunfranckssunfrancks Member Posts: 3,925 Arc User
    edited April 2013
    elessym wrote: »
    Why do you think that? My password is over 10 characters...

    Then they must have updated their security. I normally use complex passwords with 20 characters, but PWE never liked them. Had to settle for 10 in the end.

    If you say they accept longer passwords now, then I must update! :D
    Fed: Eng Lib Borg (Five) Tac Andorian (Shen) Sci Alien/Klingon (Maelrock) KDF:Tac Romulan KDF (Sasha) Tac Klingon (K'dopis)
    Founder, member and former leader to Pride Of The Federation Fleet.
    What I feel after I hear about every decision made since Andre "Mobile Games Generalisimo" Emerson arrived...
    3oz8xC9gn8Fh4DK9Q4.gif





  • erei1erei1 Member Posts: 4,081 Arc User
    edited April 2013
    I use a password with letters and numbers, but it's not randomly generated. I was never TRIBBLE on any account so far. And I used letters only password for a long time before that, I changed to what it is now when SOE was TRIBBLE, which may have included my account.
    But I never gave my password to anyone, except my mother once, so she could use my origin account to play dragon age^^ Never used any 3rd party service, like goldseller, cheat or anything.

    So far, I'm either extremly lucky, or it works.
    [SIGPIC][/SIGPIC]
  • sunfranckssunfrancks Member Posts: 3,925 Arc User
    edited April 2013
    Just updated, will only take a hacker 98 million years to crack my password.

    When they do, I am sure I wont care about it by then lol
    Fed: Eng Lib Borg (Five) Tac Andorian (Shen) Sci Alien/Klingon (Maelrock) KDF:Tac Romulan KDF (Sasha) Tac Klingon (K'dopis)
    Founder, member and former leader to Pride Of The Federation Fleet.
    What I feel after I hear about every decision made since Andre "Mobile Games Generalisimo" Emerson arrived...
    3oz8xC9gn8Fh4DK9Q4.gif





  • neoakiraiineoakiraii Member Posts: 7,468 Arc User
    edited April 2013
    I bet a lot of nerds changed their password to


    Yucbar123
    GwaoHAD.png
  • shockwave85shockwave85 Member Posts: 1,040 Arc User
    edited April 2013
    topset wrote: »
    I considered this at one point but I hate the idea of not knowing what my passwords are. You know what's going to happen, your HDD is going to fail and your list of passwords from whatever clever software you're using are gone. The only other option is backup on the cloud - and I don't like the idea of having every password I use somewhere on the internet, no matter how "secure" the software is.

    I can't speak for other services, but LastPass at least is done correctly. For one thing, LastPass does not have your encryption key. They can't decrypt your data even if they wanted to. Your key is derived algorithmically from your password by the software you install on your computer. LastPass never sees your password, nor your key. The way you can generally tell this is if the service offers any kind of password reset/recovery option. If they can reset your password, it means they have your key. Conversely, this means if you forget your LastPass master password, you are well and truly screwed. So make sure you remember that one, and make it good. I also bought a Yubikey and tied my LastPass account to it as a second factor, so that makes me feel a lot better as well.

    Security Now did an entire episode on LastPass if you want to hear about it in detail: http://twit.tv/sn256
    ssog-maco-sig.jpg
  • dm19deltadm19delta Member Posts: 206 Arc User
    edited April 2013
    Mine will only take 58 years to crack, but I'm sure by that time, I'll be more concerned with my ability to digest solid foods than whether or not my STO account was TRIBBLE.
  • maddog0000doommaddog0000doom Member Posts: 1,017 Arc User
    edited April 2013
    neoakiraii wrote: »
    I bet a lot of nerds changed their password to


    Yucbar123

    HUH?:confused:
    [SIGPIC][/SIGPIC]
  • gpgtxgpgtx Member Posts: 1,579 Arc User
    edited April 2013
    hmm 30 years. i doubt sto would even be running by then
    victoriasig_zps23c45368.jpg
  • shockwave85shockwave85 Member Posts: 1,040 Arc User
    edited April 2013
    One thing to note about that password cracking link in the OP: It's basing its estimate on a single, average desktop PC from today. Not from 10 years from now. And certainly not a cluster of field programmable gate arrays brute forcing on a hash table stolen from Cryptic. If you think those databases don't get stolen, it actually happens fairly often. That's the reason services nowadays will force global password resets if they even think that might have happened.

    For everyone who thinks getting 30-50 years on that little password tester is good enough, it isn't. Bottom line is the passwords that people come up with off the top of their heads aren't good enough. Hackers are laughing at your attempts to be clever. Wherever possible, especially for high value accounts like banks, MMOs, or big online services (Apple, Google) you need to use a long, highly varied, preferably random password.

    For reference, my password rated at 25 thousand years.
    ssog-maco-sig.jpg
  • neoakiraiineoakiraii Member Posts: 7,468 Arc User
    edited April 2013
    here some music to set the mood

    Steppenwolf - Magic Carpet Ride
    GwaoHAD.png
  • brigadooombrigadooom Member Posts: 0 Arc User
    edited April 2013
    230 sextillion years :)
    ----
    [SIGPIC][/SIGPIC]
  • millimidgetmillimidget Member Posts: 0 Arc User
    edited April 2013
    topset wrote: »
    The only other option is backup on the cloud - and I don't like the idea of having every password I use somewhere on the internet, no matter how "secure" the software is.
    You could buy an external floppy drive and use it just to backup your password text file.

    I fortunately haven't suffered a compromise in years. It probably helps that for D3 I bought that stupid keychain authenticator. It seems a growing amount of hack attempts stem from account information stolen from the hosting party itself.

    Better than maintaining a wildly convoluted password for your game account would be to maintain different passwords for game accounts, e-mail, social media, etc.
    That's the reason services nowadays will force global password resets if they even think that might have happened.
    I really despise the forced resets. That seems like its setting itself up to further be a target, either by announcing that there's a fresh database of information to hack that's only marginally more secure than the last one, or as a result of users falling back on more easily remembered passwords because they're constantly being asked to change them.

    IP verification, on the other hand, is great. So far, the only "hack" attempts I've suffered are from when I log in from another location.
    "Tolerance and apathy are the last virtues of a dying society." - Aristotle
  • theindefatigabletheindefatigable Member Posts: 351 Arc User
    edited April 2013
    brigadooom wrote: »
    230 sextillion years :)

    YES. Loved that song ever since I looked it up thanks to Cochrane. :o)

    PS - ah, meant to quote the previous post about "Magic Carpet Ride."
    [SIGPIC][/SIGPIC]
    Former/Cryptic Name: Captain_Hans_Langsdorff
    Founding member, Special Service Squadron
    "Fear God and Dread Nought." First Sea Lord, Adm. Jacky Fisher
  • erei1erei1 Member Posts: 4,081 Arc User
    edited April 2013
    One thing to note about that password cracking link in the OP: It's basing its estimate on a single, average desktop PC from today. Not from 10 years from now. And certainly not a cluster of field programmable gate arrays brute forcing on a hash table stolen from Cryptic. If you think those databases don't get stolen, it actually happens fairly often. That's the reason services nowadays will force global password resets if they even think that might have happened.

    For everyone who thinks getting 30-50 years on that little password tester is good enough, it isn't. Bottom line is the passwords that people come up with off the top of their heads aren't good enough. Hackers are laughing at your attempts to be clever. Wherever possible, especially for high value accounts like banks, MMOs, or big online services (Apple, Google) you need to use a long, highly varied, preferably random password.

    For reference, my password rated at 25 thousand years.
    I know someone working in internet security, using a randomly generated password, changed every week or so, using letter, number, caps, etc, who was TRIBBLE on ***. I'm pretty sure his PW rated thousands years to. Doesn't mean a thing if the hacker have access to the PW database, or whatever, they just hack your account, no matter your PW.
    I'm not even sure hacker try to hack pw the old fashioned way by trying every pass in the world, except maybe for the most stupid pw possible, like "myname" and '"password123".

    I'm pretty sure any password complicated enough so the people that knows you will not be able to find it is fine. Most hack attempt are made by people that knows you. Ingame relative or IRL. For the others, they either have your password because you were stupid enough to use gold seller service, or any keylogger program, or they simply hack the game company, and alongside hundred or thousands of people, your account is TRIBBLE.
    [SIGPIC][/SIGPIC]
  • shockwave85shockwave85 Member Posts: 1,040 Arc User
    edited April 2013
    erei1 wrote: »
    I know someone working in internet security, using a randomly generated password, changed every week or so, using letter, number, caps, etc, who was TRIBBLE on ***. I'm pretty sure his PW rated thousands years to. Doesn't mean a thing if the hacker have access to the PW database, or whatever, they just hack your account, no matter your PW.
    I'm not even sure hacker try to hack pw the old fashioned way by trying every pass in the world, except maybe for the most stupid pw possible, like "myname" and '"password123".

    I'm pretty sure any password complicated enough so the people that knows you will not be able to find it is fine. Most hack attempt are made by people that knows you. Ingame relative or IRL. For the others, they either have your password because you were stupid enough to use gold seller service, or any keylogger program, or they simply hack the game company, and alongside hundred or thousands of people, your account is TRIBBLE.

    If the company providing the service you're logging into isn't storing passwords properly, your password is easily derived from a stolen database. Your password itself should not be stored on the server. Instead, a cryptographic hash of your password should be stored. When you submit your password to log in, your input is hashed, and if the hash of your input matches the one stored, you log in. The hashes also need to be "salted", meaning have some random junk added that only the company you're logging into knows. That prevents use of precomputed tables of all possible hashes (rainbow tables).

    Regardless, yes, skilled enough people will still likely be able to hack an account if they really wanted to. That's just life. Just because door locks and alarms can't stop a really skilled thief doesn't mean you shouldn't lock your doors and arm your alarm though. And obviously, don't ever share your credentials with anybody.
    ssog-maco-sig.jpg
  • spork87spork87 Member Posts: 239 Arc User
    edited April 2013
    I want to wish everyone a T-50 year anniversary of First Contact Day!

    But given recent news of a fleet having their assets stolen by a TRIBBLE account, I think today would be a great day for everyone to change their passwords. You should be changing them out twice a year anyway but I know some of us are guilty of not doing so (myself included).

    So celebrate the day the world changes forever by changing your password to STO! Protect your stuff!

    Since your password is only as secure as you make it, use this great password tester: http://howsecureismypassword.net/
    According to it, a hacker would need 83 quintillion years to hack my home router.

    nah been using the same password for email, this, wow, steam, origin, and my bank account and it has never been compromised, its 16 letters,numbers upper and lowercase mix trust me its safe :D
    [SIGPIC][/SIGPIC]
  • spork87spork87 Member Posts: 239 Arc User
    edited April 2013
    If the company providing the service you're logging into isn't storing passwords properly, your password is easily derived from a stolen database. Your password itself should not be stored on the server. Instead, a cryptographic hash of your password should be stored. When you submit your password to log in, your input is hashed, and if the hash of your input matches the one stored, you log in. The hashes also need to be "salted", meaning have some random junk added that only the company you're logging into knows. That prevents use of precomputed tables of all possible hashes (rainbow tables).

    Regardless, yes, skilled enough people will still likely be able to hack an account if they really wanted to. That's just life. Just because door locks and alarms can't stop a really skilled thief doesn't mean you shouldn't lock your doors and arm your alarm though. And obviously, don't ever share your credentials with anybody.

    do one better get a dog one that doesnt mind killing
    [SIGPIC][/SIGPIC]
  • commadorebobcommadorebob Member Posts: 1,223 Arc User
    edited April 2013
    One thing to note about that password cracking link in the OP: It's basing its estimate on a single, average desktop PC from today. Not from 10 years from now. And certainly not a cluster of field programmable gate arrays brute forcing on a hash table stolen from Cryptic. If you think those databases don't get stolen, it actually happens fairly often. That's the reason services nowadays will force global password resets if they even think that might have happened.

    For everyone who thinks getting 30-50 years on that little password tester is good enough, it isn't. Bottom line is the passwords that people come up with off the top of their heads aren't good enough. Hackers are laughing at your attempts to be clever. Wherever possible, especially for high value accounts like banks, MMOs, or big online services (Apple, Google) you need to use a long, highly varied, preferably random password.

    For reference, my password rated at 25 thousand years.

    You can adjust the calculator in the OP to whatever your feel is more realistic. I set it to supercomputer levels (honestly, who'd go to that extremes just to hack 1 account) and it'd still take longer to hack than is worth it.
    "If you have never used Cello, I'm not interested in your browser opinion."
    ___________________________
    In game: Commadore_Bob; Joined Jul 2009; That post count + 20,000
Sign In or Register to comment.