I want to wish everyone a T-50 year anniversary of First Contact Day!
But given recent news of a fleet having their assets stolen by a TRIBBLE account, I think today would be a great day for everyone to change their passwords. You should be changing them out twice a year anyway but I know some of us are guilty of not doing so (myself included).
So celebrate the day the world changes forever by changing your password to STO! Protect your stuff!
Since your password is only as secure as you make it, use this great password tester:
http://howsecureismypassword.net/
According to it, a hacker would need 83 quintillion years to hack my home router.
Comments
what news ?
___________________________
In game: Commadore_Bob; Joined Jul 2009; That post count + 20,000
Think how much time you have invested into your account as well as money and ask yourselves how you would feel if that got taken form you :rolleyes:
Why do you think that? My password is over 10 characters...
Yeah... that's pretty brilliant too. Make a website called "password tester", and then just wait for people to give you their passwords. :rolleyes:
Also if their account was TRIBBLE, how did they get around Cryptic's email code thing? Whenever I change locations or log in on a different PC it doesn't let me log in until I go copy/paste the code they send to my email. I doubt that both this persons email AND game account were TRIBBLE. Sounds like they shared account info with someone, which is a big no-no.
Mine Trap Supporter
Passwords with no usernames are even less useful than usernames with no passwords. At least with the username you probably know what service the account is for.
I considered this at one point but I hate the idea of not knowing what my passwords are. You know what's going to happen, your HDD is going to fail and your list of passwords from whatever clever software you're using are gone. The only other option is backup on the cloud - and I don't like the idea of having every password I use somewhere on the internet, no matter how "secure" the software is.
Kirk's Protege.
Then they must have updated their security. I normally use complex passwords with 20 characters, but PWE never liked them. Had to settle for 10 in the end.
If you say they accept longer passwords now, then I must update!
But I never gave my password to anyone, except my mother once, so she could use my origin account to play dragon age^^ Never used any 3rd party service, like goldseller, cheat or anything.
So far, I'm either extremly lucky, or it works.
When they do, I am sure I wont care about it by then lol
Yucbar123
I can't speak for other services, but LastPass at least is done correctly. For one thing, LastPass does not have your encryption key. They can't decrypt your data even if they wanted to. Your key is derived algorithmically from your password by the software you install on your computer. LastPass never sees your password, nor your key. The way you can generally tell this is if the service offers any kind of password reset/recovery option. If they can reset your password, it means they have your key. Conversely, this means if you forget your LastPass master password, you are well and truly screwed. So make sure you remember that one, and make it good. I also bought a Yubikey and tied my LastPass account to it as a second factor, so that makes me feel a lot better as well.
Security Now did an entire episode on LastPass if you want to hear about it in detail: http://twit.tv/sn256
Rest in Peace Brothers
HUH?
For everyone who thinks getting 30-50 years on that little password tester is good enough, it isn't. Bottom line is the passwords that people come up with off the top of their heads aren't good enough. Hackers are laughing at your attempts to be clever. Wherever possible, especially for high value accounts like banks, MMOs, or big online services (Apple, Google) you need to use a long, highly varied, preferably random password.
For reference, my password rated at 25 thousand years.
Steppenwolf - Magic Carpet Ride
[SIGPIC][/SIGPIC]
I fortunately haven't suffered a compromise in years. It probably helps that for D3 I bought that stupid keychain authenticator. It seems a growing amount of hack attempts stem from account information stolen from the hosting party itself.
Better than maintaining a wildly convoluted password for your game account would be to maintain different passwords for game accounts, e-mail, social media, etc.
I really despise the forced resets. That seems like its setting itself up to further be a target, either by announcing that there's a fresh database of information to hack that's only marginally more secure than the last one, or as a result of users falling back on more easily remembered passwords because they're constantly being asked to change them.
IP verification, on the other hand, is great. So far, the only "hack" attempts I've suffered are from when I log in from another location.
YES. Loved that song ever since I looked it up thanks to Cochrane. )
PS - ah, meant to quote the previous post about "Magic Carpet Ride."
Former/Cryptic Name: Captain_Hans_Langsdorff
Founding member, Special Service Squadron
"Fear God and Dread Nought." First Sea Lord, Adm. Jacky Fisher
I'm not even sure hacker try to hack pw the old fashioned way by trying every pass in the world, except maybe for the most stupid pw possible, like "myname" and '"password123".
I'm pretty sure any password complicated enough so the people that knows you will not be able to find it is fine. Most hack attempt are made by people that knows you. Ingame relative or IRL. For the others, they either have your password because you were stupid enough to use gold seller service, or any keylogger program, or they simply hack the game company, and alongside hundred or thousands of people, your account is TRIBBLE.
If the company providing the service you're logging into isn't storing passwords properly, your password is easily derived from a stolen database. Your password itself should not be stored on the server. Instead, a cryptographic hash of your password should be stored. When you submit your password to log in, your input is hashed, and if the hash of your input matches the one stored, you log in. The hashes also need to be "salted", meaning have some random junk added that only the company you're logging into knows. That prevents use of precomputed tables of all possible hashes (rainbow tables).
Regardless, yes, skilled enough people will still likely be able to hack an account if they really wanted to. That's just life. Just because door locks and alarms can't stop a really skilled thief doesn't mean you shouldn't lock your doors and arm your alarm though. And obviously, don't ever share your credentials with anybody.
nah been using the same password for email, this, wow, steam, origin, and my bank account and it has never been compromised, its 16 letters,numbers upper and lowercase mix trust me its safe
do one better get a dog one that doesnt mind killing
You can adjust the calculator in the OP to whatever your feel is more realistic. I set it to supercomputer levels (honestly, who'd go to that extremes just to hack 1 account) and it'd still take longer to hack than is worth it.
___________________________
In game: Commadore_Bob; Joined Jul 2009; That post count + 20,000