Force entry protection
lightblade
I recently found that GW accounts doesn't have force entry protection. That is...if the user provide the wrong password for like N times, the system will shut the user out for a period of time. This feature is really needed to protect player's accounts.
gameshoes3003
/notsigned
Sorry, but sometimes I forget my password, or I accidentally have Caps Lock on and I don't realize it, or I just mistype my password. Then I wouldn't like having to wait to reenter it again.
Besides, if you want to protect your account, don't share it.
Sorry, but sometimes I forget my password, or I accidentally have Caps Lock on and I don't realize it, or I just mistype my password. Then I wouldn't like having to wait to reenter it again.
Besides, if you want to protect your account, don't share it.
lightblade
if you play everyday, you wouldn't be forgetting your password. BTW, you can always have the password send to your email.
Not sharing account can NOT protect your account. People can just come to your PC and take a quick look at your account ID, then guess the password to your account.
Not sharing account can NOT protect your account. People can just come to your PC and take a quick look at your account ID, then guess the password to your account.
gameshoes3003
Quote:
|
Originally Posted by lightblade
Not sharing account can NOT protect your account. People can just come to your PC and take a quick look at your account ID, then guess the password to your account.
|
But anyway, guessing a password would take a long time. And if they did guess your password, uumm... Your password obviously stunk.
ADDED:
Also, whose going to check out you account name? For goodness sake if you play at a Cafe, I'd be worried about a keylogger.
Then if a friend were to steal it, wow, terrible friend there.
Randomway Ftw
This is really troubling, without force entry proffesion, someone can use a script and brute force your account.
Aeon_Xin
You shouldn't play anything you care about(or make online purchases for that matter) in a place where people can get your info, end of story.
Since hotmail and other free emails are allowed for logins, it's your own fault for being loose with the email address you use for registration.
Most of my game type accounts are related to one email, while I use other addresses for talking to people and messengers and such, for example.
I've no pitty for people who don't safeguard themselves. People suddenly bring it up when the game is nearing 2 years old?.....
Since hotmail and other free emails are allowed for logins, it's your own fault for being loose with the email address you use for registration.
Most of my game type accounts are related to one email, while I use other addresses for talking to people and messengers and such, for example.
I've no pitty for people who don't safeguard themselves. People suddenly bring it up when the game is nearing 2 years old?.....
lightblade
Quote:
|
Originally Posted by Randomway Ftw
This is really troubling, without force entry proffesion, someone can use a script and brute force your account.
|
Aeon_Xin
Quote:
|
Originally Posted by lightblade
Not sharing account can NOT protect your account. People can just come to your PC and take a quick look at your account ID, then guess the password to your account.
|
Really....
lightblade
If force protection is not there, people can actually write a small program and brute force your account ID also. It's not hard.
Mohnzh
/unsigned
You should not have personal information stored anywhere in your account. Yes, it goes by your email, so make sure your password does not match your email password. The amount of work and maintenance it would take to implement this would not be worth the security garnered. Yeah, I don't want anyone hacking my account and playing my characters, but it's just a game and a keylogger can surely find something more profittable to hack as long as I don't have anything on the account that they can use.
You should not have personal information stored anywhere in your account. Yes, it goes by your email, so make sure your password does not match your email password. The amount of work and maintenance it would take to implement this would not be worth the security garnered. Yeah, I don't want anyone hacking my account and playing my characters, but it's just a game and a keylogger can surely find something more profittable to hack as long as I don't have anything on the account that they can use.
cellardweller
That the time to work out how long it would take such a scipt to run and you'll see why its not required.
... I for one don't mind if they crack my password 100million years from now.
... I for one don't mind if they crack my password 100million years from now.
lightblade
Quote:
|
Originally Posted by Mohnzh
/unsigned
You should not have personal information stored anywhere in your account. Yes, it goes by your email, so make sure your password does not match your email password. The amount of work and maintenance it would take to implement this would not be worth the security garnered. Yeah, I don't want anyone hacking my account and playing my characters, but it's just a game and a keylogger can surely find something more profittable to hack as long as I don't have anything on the account that they can use. |
Quote:
|
Originally Posted by lightblade
If force protection is not there, people can actually write a small program and brute force your account ID also. It's not hard.
|
lightblade
Quote:
|
Originally Posted by cellardweller
That the time to work out how long it would take such a scipt to run and you'll see why its not required.
... I for one don't mind if they crack my password 100million years from now. |
It only take 3 hours at most to write the code for this kind of thing.
[/MOD EDIT] *Snip snip*... Please be a bit more gentle in your tone. - Mods
Mohnzh
No doubt it could be brute forced easily. My point is, who would bother? And if someone did, how would it affect you? Yeah, they can really mess up your game and characters, but there are much more serious things that could be hacked that would have serious ramification rather than a disruption of entertainment. Yes, the protection would be nice, but I don't see it as necesary simply because it would require resources to protect something that in the long run has only entertainment value. I understand your concern and do not mean to diminish it. My ambivolence is simply my personal opinion.
Curse You
Quote:
|
Originally Posted by gameshoes3003
/notsigned
Sorry, but sometimes I forget my password, or I accidentally have Caps Lock on and I don't realize it, or I just mistype my password. Then I wouldn't like having to wait to reenter it again. Besides, if you want to protect your account, don't share it. |
Aeon_Xin
Quote:
|
Originally Posted by lightblade
Did you even read the message above you?
Both account ID and password can be brute forced. None of us is safe... |
lol
If it were the case, there would be thousands of cases of stolen accounts and growing daily. Brute Forcing both would take eons, and I'm sure Anet would notice the constant ping, even for just a password.
Whatever man, yes, just because you're paranoid doesn't mean they're not after you.....but, in line with that saying, you're still a paranoid nutjob.
Note:
(i'm not calling him a nutjob, using the universal "you" as in the adage(sp?), I don't want some forum nazi coming along and banning me for name calling)
Oh, and thanks for spreading the word that it's possible and incredibly easy... If you were really concerned you'd contact customer support, and NOT post on a public forum.
I think the thread deserves a lock.
Hockster
Quote:
|
Originally Posted by lightblade
If force protection is not there, people can actually write a small program and brute force your account ID also. It's not hard.
|
But it boils down to using a secure and effective password. No password should ever be brute forced in under 6 months of trying. Biweekly password changes pretty much makes that a nonissue.
Not A Fifty Five
Quote:
|
Originally Posted by gameshoes3003
/notsigned
Sorry, but sometimes I forget my password, or I accidentally have Caps Lock on and I don't realize it, or I just mistype my password. Then I wouldn't like having to wait to reenter it again. Besides, if you want to protect your account, don't share it. |
lightblade
a computer can try 5 different passwords in 1 second. That's 300 in a minute and 18000 in an hour. It'll only take a few days to find your password.
cellardweller
Quote:
|
Originally Posted by lightblade
omg...you have no idea! This brute forcing password only take less than a week of work. Our passwords are not like RSA encryption, it's only 15 characters long.
It only take 3 hours at most to write the code for this kind of thing. (How many of you have a computer degree and actually know this stuff?) |
Quote:
|
Originally Posted by lightblade
a computer can try 5 different passwords in 1 second. That's 300 in a minute and 18000 in an hour. It'll only take a few days to find your password.
|
8-20 characters per password
96 possible symbols per character
96^8+96^9+96+10+...+96^20 ~= 3.09x10^57 possible combinations
if you were doing 18k/hr it would take you 1.96x10^49 years before you could cycle through the possibilities.
MithranArkanere
The longer your password, the harder it would be to force it.
Worried about brute force algorithms? Use a longer password.
Worried about brute force algorithms? Use a longer password.
Anarkii
Quote:
|
Originally Posted by lightblade
a computer can try 5 different passwords in 1 second. That's 300 in a minute and 18000 in an hour. It'll only take a few days to find your password.
|
Adding to that, brute forcing over internet is VERY different from on your local machine. Can your computer send 5 different passwords in 1 second, getting the response from the server, and dealing with the response(in GW case, automating hitting 'OK' to the message box)? I doubt it.
Swampgirl Inez
Double posts.
Flames.
A suggestion that turned into an argument.
Closed.
Flames.
A suggestion that turned into an argument.
Closed.