Ok, you know what, I've had it!
If Arena Net cared about account security don't you think we'd have something a bit better than "8-13 Alpha Numeric Only" passwords? I mean what is the issue with these people?
I would love to have a secure password but your primitive password system DOESN'T ALLOW IT.
Plenty of other places allow MUCH MORE than 13 freaking characters, AND they allow symbols. WHAT is your problem?? All of that money you're raking in from your cash shop and you still can't afford to host passwords longer than 13 characters?
I'm tired of seeing these weekly security warnings, logging in to see if they've done anything legitimate to help the problem, and seeing NOTHING.
13 Characters, alpha-numeric only, give me a damn break.
Fed up with account "security"
shinta_himura
Fay Vert
13 character alpha numeric is not a problem compared to the real weaknesses in the system. Unfortunatley, the biggest weakness doesn't lie with ANet. What use is stonger passwords when many people choose 1234?
Having said that, ANet should do a lot more for account protection. Thye can start by allowing you to specify non-deletable (time locked) characters and items.
Having said that, ANet should do a lot more for account protection. Thye can start by allowing you to specify non-deletable (time locked) characters and items.
makosi
A method of 'locking' your GW account to your own particular computer would be great. Also, a temporary account lock for frequent wrong password attempts would prevent brute forcing.
Aycee
Oh gosh rager in the building. There is literally probably over a million different pass combinations you can make using 13 alpha numeric. Passwords aren't the problem.
subman247
Really?! Your crying because of password length? Dont use the same password for multiple things and be smart with what you do online. If your not stupid or terribly unlucky you have a much better chance of not being a target. Iv played 6 years and never had a single scare. In this day and age of major hacking if the right person really wanted you acRED ENGINE GORED ENGINE GORED ENGINE GORED ENGINE GO they would get it. If the FBI, CIA and Sony can be hacked there is nothing A-net can do to provide 100% security. Cross your fingers and hope for the best 
lol I have no idea why that was RED ENGINED.
lol I have no idea why that was RED ENGINED.
Del
OP, you can make a strong password with alphanumeric and limited chars, the weekness generally comes from people using actual words in their passwords, which makes them easier for bruteforce programs. Randomizing lowercase and capital letters, aw well as mixing it all up with numbers alone is very strong. the problem is security breaches here and in ncsoft's sites. Many people use the same password for everything, so stealing info for this site generally helps hackers steal accounts more effectively than bruteforcing.
You probably accidentally typed "acc unt"
Quote:
|
Originally Posted by subman247
lol I have no idea why that was RED ENGINED.
|
LifeInfusion
biggest problem always has been NCSoft Master accounts, fake account emails claiming to be from NCsoft, and people using crappy passwords (or ones they use EVERYWHERE).
It's not a bank you know, you don't need more than 13 alphanumeric with capitals and lowercase.
Not like you need something more than
SvCN2iTYeIN5Y
shOSN8HO85mpV
T36d84Rso51N6
ddL5djPoS7aC1
To6bHdQdGQ9eK
pj7kG1PIY24p9
I'd like ! or $ to be usable too, but that's wishful thinking.
Ironically a strong password is supposed to be 15+ characters and has symbols, such as ` ! " ? $ ? % ^ & * ( ) _ - + = { [ } ] : ; @ ' ~ # | \ < , > . ? /
It's not a bank you know, you don't need more than 13 alphanumeric with capitals and lowercase.
Not like you need something more than
SvCN2iTYeIN5Y
shOSN8HO85mpV
T36d84Rso51N6
ddL5djPoS7aC1
To6bHdQdGQ9eK
pj7kG1PIY24p9
I'd like ! or $ to be usable too, but that's wishful thinking.
Ironically a strong password is supposed to be 15+ characters and has symbols, such as ` ! " ? $ ? % ^ & * ( ) _ - + = { [ } ] : ; @ ' ~ # | \ < , > . ? /
End
Quote:
|
Originally Posted by Aycee
There is literally probably over a million different pass combinations you can make using 13 alpha numeric.
|
now take into account that after a few password attempts it starts taking longer and longer (assumed purposely) to check the password this last attempt took like 10 seconds...
Sooo because of this lets take 5 seconds and be nice... say that after the first few they can only make one attempt every 5 seconds that means it will take
277817415650930262368.7 hours or 11575725652122094265.4 days orrrr 31714316855129025.4 years
(just a thought I'd have better luck with a 4 number pin number that most debit/credit cards are bound to with only 10,000 possibilities)
feel free to correct me if my math was wrong I have a horribad headache atm.
Anet actually does a great job preventing this type of attack and I like the way the time keeps adding up each time you try to log in (btw this last fake attempt=30 seconds...all while my other account on the same pc is doing fine
Sooo yes while their allowed passwords may be limited. They have implemented shit to keep it from getting hit with a brute force attack.
There is ofc course the possibility of using a botnet for it...but that still won't be very efficient i dont believe.
The main issue is the ncmaster accounts.
deluxe
I think all these account hacks have very little to do with brute force password cracking, but some kind of bug in the ncsoft website.
My account got hacked, my password got changed...
How in gods name is it possible to change a password without me getting a confirmation email about it?
My account got hacked, my password got changed...
How in gods name is it possible to change a password without me getting a confirmation email about it?
Chrisworld
I've rules out keyloggers too.
Lishy
How can you even get hacked if you change your account to use a fresh email? Definitely a flaw with NCSoft, perhaps?
If not, then it must be keyloggers. But for those with protected systems, linux, and who don't use suspicious programs...????
If not, then it must be keyloggers. But for those with protected systems, linux, and who don't use suspicious programs...????
Xenex Xclame
So what's with all this whining, did OP use a simple password like "password" and got hacked?
Account security on the login side is good enough.Not only do you need the 13 digit password, which like end has posted is going to take along time to guess.
You also need the login name, so as long as your not stupid enough to use the same email for msn/forums will add another amazingly long time to guess.
You also need the character name, which in reality isn't hard to find, but you still have to find a login and password to fit with the character name.
So let's say I wanted to ai and attack one person, I might be able to find out his email since he uses it for MSN too and his character name because I played with him, or seen screens of his character,I would still need to break his password.
Yes having symbols added to possible character allowed in password would increase password security, but its not like the way it is now is a simple 1-2-3 step thing.
And all this is forgetting that the way most people get "hacked" is by giving the "hacker" info unknowingly or knowingly, thinking that person is trustworthy.No amount of character and symbols will help against people just being dumb.
Account security on the login side is good enough.Not only do you need the 13 digit password, which like end has posted is going to take along time to guess.
You also need the login name, so as long as your not stupid enough to use the same email for msn/forums will add another amazingly long time to guess.
You also need the character name, which in reality isn't hard to find, but you still have to find a login and password to fit with the character name.
So let's say I wanted to ai and attack one person, I might be able to find out his email since he uses it for MSN too and his character name because I played with him, or seen screens of his character,I would still need to break his password.
Yes having symbols added to possible character allowed in password would increase password security, but its not like the way it is now is a simple 1-2-3 step thing.
And all this is forgetting that the way most people get "hacked" is by giving the "hacker" info unknowingly or knowingly, thinking that person is trustworthy.No amount of character and symbols will help against people just being dumb.
Porkchop Sandwhiches
I just want a different method than using my email address as my login, is that so hard to ask? 
Xenex Xclame
Quote:
|
Originally Posted by Porkchop Sandwhiches
I just want a different method than using my email address as my login, is that so hard to ask?
|
Ugh so do I.It seemed convenient when GW came out since I wouldn't have to remember another login, I dunno why, but even so I didn't use a email address that I used for something else.
Reverend Dr
Quote:
|
Originally Posted by shinta_himura
"Alpha Numeric Only" passwords?
|
Alpha Numeric for names is understandable but not allowing it for passwords only reduces security. There is a reason that strong password generators default to giving passwords with symbols included.
Now none of this is really seems like it is going to really affect the largest GW security issues (this is speculation), but there is still no reason for alpha numeric only passwords ever.
Reformed
Quote:
|
Originally Posted by Lishy
How can you even get hacked if you change your account to use a fresh email? Definitely a flaw with NCSoft, perhaps?
If not, then it must be keyloggers. But for those with protected systems, linux, and who don't use suspicious programs...???? |
While I don't rule out NCSoft liability the simplest explanation is that the victim gave out the info to 'friends' and forgot or unwittingly revealed it to others by being careless.
Skyy High
Quote:
|
Originally Posted by shinta_himura
Ok, you know what, I've had it!
If Arena Net cared about account security don't you think we'd have something a bit better than "8-13 Alpha Numeric Only" passwords? I mean what is the issue with these people? |
My password isn't alpha numeric.
Quality thread.
Chthon
Quote:
|
Originally Posted by Skyy High
lolwut?
My password isn't alpha numeric. Quality thread. |
Ximvotn
I like a password I can actually remember, 1 numeral is fine, if you're that nervous about your account then use a virtual keyboard.
Verene
Quote:
|
Originally Posted by Chthon
Once bonded to a damned NCMA account, your GW password can only be changed through the NCMA account. While GW supports symbols in passwords, the NCMA feature to set the GW password only allows alpha-numeric. Just one more example of needlessly shitty "security" forced on GW by NCSoft.
|
Cos my account is linked to a NCMA, and I've changed my password in the game itself before...
(and yes, it was after they were linked)
Skyy High
Quote:
|
Originally Posted by Chthon
Once bonded to a damned NCMA account, your GW password can only be changed through the NCMA account. While GW supports symbols in passwords, the NCMA feature to set the GW password only allows alpha-numeric. Just one more example of needlessly shitty "security" forced on GW by NCSoft.
|
Del
Quote:
|
Originally Posted by Chthon
Once bonded to a damned NCMA account, your GW password can only be changed through the NCMA account.
|
Ximvotn
Quote:
|
Originally Posted by Verene
Really?
Cos my account is linked to a NCMA, and I've changed my password in the game itself before... (and yes, it was after they were linked) |
Del
Quote:
|
Originally Posted by Ximvotn
That user is right, once linked to NCMA you cannot change the password via Guild Wars anymore, you have to go to the NC Soft website. That's happen on every account I linked, I really wish the e-mail was still changeable via the NC Soft website. I stopped linking accounts because it's simply not worth it, there's nothing I need to buy I can't already get in game or somewhere else from the Guild Wars store.
|
Chthon
Quote:
|
Originally Posted by Del
Actually, I just changed mine via gw to check, and it worked. So either you two are spreading misinformation, or the effects of licking accounts isn't consistent.
|
Reverend Dr
Quote:
|
Originally Posted by Ximvotn
1 numeral is fine
|
inscribed
Quote:
|
Originally Posted by LifeInfusion
Not like you need something more than
SvCN2iTYeIN5Y shOSN8HO85mpV T36d84Rso51N6 ddL5djPoS7aC1 To6bHdQdGQ9eK pj7kG1PIY24p9 |
Swingline
Bruteforcing - Unlikely unless your using a password like puppy1234
Keylogger - Plausible, you can get one just from pictures and websites. A good anti-virus and firewall will protect you.
Ignorance - The most likely. This is giving your account info out to anyone(including family members). Also buying from gold sellers and buying used accounts.
Security Issues - Plausible. In the past when someone logged into a NCMA they somehow got logged on to someone else's and from there a glitch was found to steal account info. There are also many other rumors about cracks in NCsofts security. We can only hope they are not as stupid as Sony(derp).
Keylogger - Plausible, you can get one just from pictures and websites. A good anti-virus and firewall will protect you.
Ignorance - The most likely. This is giving your account info out to anyone(including family members). Also buying from gold sellers and buying used accounts.
Security Issues - Plausible. In the past when someone logged into a NCMA they somehow got logged on to someone else's and from there a glitch was found to steal account info. There are also many other rumors about cracks in NCsofts security. We can only hope they are not as stupid as Sony(derp).
Bristlebane
While I do think 13 characters is enough, I do agree that they should allow symbols in the passwords. But there's really no need to create a whole rant topic about it.
Kanyatta
Quote:
|
Originally Posted by Aycee
Oh gosh rager in the building. There is literally probably over a million different pass combinations you can make using 13 alpha numeric. Passwords aren't the problem.
|
The reason accounts get hacked is because they use the same password on GW as they do on Guru, QQ or whatever other GW forum. Or that they have a password like "password1" or some equivalent. Or they give it out in local chat when some troll goes "Check it out, GW censors your password when you type it, mine's *******!!!" I've seen it happen more times than you'd think.
All in all, no one ever got their account hacked because they only had alphabet and numeric characters and didn't have a symbol. People get their account hacked out of stupidity more often than not. Hate to break it to you. Letting people put a # or & in their password won't change the number of accounts that get hacked on a daily basis.
Xenex Xclame
Quote:
|
Originally Posted by Kanyatta
"Check it out, GW censors your password when you type it, mine's *******!!!"
|
LOL ,We'll To be honest Guildwars only warns that Anet would never ask for your password, it doesn't warn you about not typing it in chat so you can't blame people for getting hacked.
Hells Fury
Quote:
|
Originally Posted by Swingline
Bruteforcing - Unlikely unless your using a password like puppy1234
(derp). |
Is that hard to implement to game?
VikingHaag
just make your pass max lenght and change it a lot
i change mine every 2 weeks, 5 years old account, never hacked, at least i never found anything missing
i change mine every 2 weeks, 5 years old account, never hacked, at least i never found anything missing
BladeDVD
Quote:
|
Originally Posted by Hells Fury
This is why i like login delay or lock after X times attemps , like on guru.
Is that hard to implement to game? |
DreamingGirl
This whole thread is based on false premises anyway. To everyone who claims you can only change your password through your NCsoft master account after it is linked: Wrong
Simply LOG IN to your account the normal way, THEN, on the character screen, choose 'edit account', and you can change your password right there. AND you are allowed to use symbols!
Simply LOG IN to your account the normal way, THEN, on the character screen, choose 'edit account', and you can change your password right there. AND you are allowed to use symbols!
Xenex Xclame
Quote:
|
Originally Posted by DreamingGirl
This whole thread is based on false premises anyway. To everyone who claims you can only change your password through your NCsoft master account after it is linked: Wrong
Simply LOG IN to your account the normal way, THEN, on the character screen, choose 'edit account', and you can change your password right there. AND you are allowed to use symbols! |
As has been pointed out this used to NOT be possible, which is one the reasons people didn't like/want to link their account.
But as has also been pointed out this is no longer the case, no need to post just to tell people they are wrong,you used to NOT be able to simple as that.
akelarumi
The main issue is between your keyboard and your chair (you!). Yes anet could do a better job at protecting accounts, but 99.9% off all hacked accounts have a source outside of anet's control namely at the user. Don't share your account with anyone, don't keep a record of your password on your computer (if you must, write it down and keep it in a secure place), don't use your gw password on other websites specially websites that are gw related like the guru, don't use a password that is too easy to guess.
Some idea's to keep your password safe:
What is your favourite song? for example, when it is Where the streets have no name, make a password Wtshnn87 (first letters from every word and 87 for the year it is published). you can also use a book title, or any line of text that is long enough. It will be easy for you to remember, but hard to guess.
Some idea's to keep your password safe:
What is your favourite song? for example, when it is Where the streets have no name, make a password Wtshnn87 (first letters from every word and 87 for the year it is published). you can also use a book title, or any line of text that is long enough. It will be easy for you to remember, but hard to guess.
cosyfiep
..making random passwords is easy...simple hit the keyboard with a glove...then add a few *(&^% in between the letters, capitalize one and viola! random password...like this:
ru4;-w9bjq20...now add the *&^...for: r*u4;-&wbJq20 ....nice and random....
not hard at all...though I do like using the other characters and as the OP says, wishes that the master account would indeed allow them (I had fun when they changed over to the new system what, 4 years ago and my old password had symbols--and was 16 characters long--yepo had fun getting a new password for that one
)
any time they improve the security, even by just allowing symbols, its a good thing and I believe the OP was just expressing his wishes that they would indeed add this to theirs.
ru4;-w9bjq20...now add the *&^...for: r*u4;-&wbJq20 ....nice and random....
not hard at all...though I do like using the other characters and as the OP says, wishes that the master account would indeed allow them (I had fun when they changed over to the new system what, 4 years ago and my old password had symbols--and was 16 characters long--yepo had fun getting a new password for that one
)any time they improve the security, even by just allowing symbols, its a good thing and I believe the OP was just expressing his wishes that they would indeed add this to theirs.
deluxe
It doesn't matter how hard your password is, I had a hard one and they still got in and changed it.
People will always say: Oh you must have shared your account, had an easy password or had a keylogger...
Things lie deeper than that i'm afraid.
People will always say: Oh you must have shared your account, had an easy password or had a keylogger...
Things lie deeper than that i'm afraid.
gremlin
There simply must be something that makes some people targets and others not.
I don't ever remember anyone saying they got hacked after x years and their only character and 500 gold got stolen.
Its usually their 20 suits of obsidian armour 10 stacks of ectos etc.
Beginning to think either people find their targets in chat or on forums etc.
A hacker really needs to find likely targets to attack.
So if you just bragged about your fabulous wealth online emailed someone you met in the game and told them your giving up playing for some time, expect the removal men to move into your account soon.
Because someone out there knows your email address character name and probably a few other things like what country you are in and how long you have been playing and how many of the games you own.
Always wondered why so many stand around trash talking for hours.
I don't ever remember anyone saying they got hacked after x years and their only character and 500 gold got stolen.
Its usually their 20 suits of obsidian armour 10 stacks of ectos etc.
Beginning to think either people find their targets in chat or on forums etc.
A hacker really needs to find likely targets to attack.
So if you just bragged about your fabulous wealth online emailed someone you met in the game and told them your giving up playing for some time, expect the removal men to move into your account soon.
Because someone out there knows your email address character name and probably a few other things like what country you are in and how long you have been playing and how many of the games you own.
Always wondered why so many stand around trash talking for hours.