Backstage - OOC Forums
EVE-Online RP Discussion and Resources => EVE Guides, Mechanics & Gameplay => Topic started by: Zuzanna Alondra on 19 Feb 2012, 21:47
-
I'm going to feel like one hell of a noob here - but CCP completely rearranged their site.
I try to log into account management with my old username and password to add game time and it says my account is expired. So - how the flip do you resub if you can't log into your old account to add game time?!
I'm guessing the answer is right in front of me and I'll find it and feel dumb - but some help would be lovely.
-
Yeap - called it - the moment I said FML - I remembered my old password combo used to be all lowercase and the passwords are case sensitive.
-
might want to hack off that last bit there for security reasons
-
Or just practice better password security. DO NOT use only lowercase, use mixed case and put numbers and special signs into it. ABSOLUTELY DO NOT use dictionary words or names or whatever. A trick that is easy to remember and hard to guess is for example have a phrase and use the third letter of each word and replace letters by numbers like it were leetspeak. Also putting in something uniquely for each website, or have different phrases based on use (a game phrase for all MMO accounts, a long phrase for sensitive stuff like online banking ect.) will further enhance security.
And if you have difficulty remembering all this, consider using something like KeePass. Helps you keep track of all your logins too so in case one gets compromised you can easily go everywhere and implement new passwords :)
-
Just an example of something Myrh here talked about that works wonders. Pick any mnemonic or phrase you're likely to remember, like "Miz is a very sexy devil.". The site is.. well, let's use Backstage which is easily shortened to BS. Now I take the first two letters (where possible, one in one letter words) from each word and craft "miisavesede" from it. Add BS to the beginning since that's the site I'm logging into. "bsmiisavesede" is pretty much impossible to guess already, but let's make it even harder. Let's turn it into leetspeak. "b$m11$4v3$3d3". Hell, we can turn every other remaining letter into a CAP. "b$M11$4v3$3D3".
Of course, this has now become a fucking pain in the ass to type and remember even with the very easily remembered phrase, so we've overdone it somewhat. This is just an example of how to craft a unique and ridiculously hard to crack password while keeping it easy to remember and in just a few short steps. Let's see how quickly we went from plain text to gibberish:
"Miz is a very sexy devil"
"miisavesede"
"bsmiisavesede"
"b$m11$4v3$3d3"
"b$M11$4v3$3D3"
The last two look very similar, but suddenly forcing any brute-force attempt to find your password to have to deal with twice as many possibilities wherever there's letters has a rather impressive impact. So, five steps and we have a unique password. Change the steps to your taste, picking just one letter from each word, be it the second, first, last or whatever. Add caps in a different pattern maybe. You can keep the initial phrase though, very easy to remember.
There's never an excuse for having a normal word or name as a password, definitely not if it's all lower case. Another important thing to remember is to use unique passwords on different sites if possible, because you never know when a site derps up the security and your password turns out to be floating free out there on the intarwebz. If Backstage loses my password, the baddies only get access to that PM history. If I used the password elsewhere, they'd gain access to everything else.
Edit: Of course, a keylogger will sniff out any password you design once you use it, so all of the above is worthless if you don't also keep everything else under control. Virus scan and firewall, all that jazz. Using your browser's "remember this password" feature is actually quite handy in that respect, since it will then fill it in for you without the possible keylogger ever seeing it.
-
(http://imgs.xkcd.com/comics/password_strength.png)
Enough said. :u
-
The bit that kills the entire joke is that no remote web service will allow a thousand guesses per second for three days, really...
-
That actually was my problem... since the divorce I changed all my passwords to new passwords mixing things up. I forgot that I had shut down Zuzu's account before I did the password changes for Defias and Celiwyn. Zuzu had the old too simple password and I forgot it.
I was disappointed with myself that I hadn't changed her password before I shut down the account.
However, once I finally cracked it, I decided against resubbing her until next payday as Fox restarted his indy account and I like goofing off with a different set of skills. She can build a lot cool stuff then Defias can.
-
Just want to add that KeePass has password obfuscation. It won't work on some things but where it does it types the letters in a random order to confuse (some? most?) keyloggers. Granted, with a logger on your system you're probably damned sooner or later because that means there is a glaring security hole somewhere, but you know, every bit helps.
Note for those using KeePass auto-enter with the EVE client, you need to set a delay or it will go too fast and enter part of your password into the name field because of some kind of GUI lag.
-
More often then not brute force attacks these days are run on a botnet so they can distribute the load over multiple IPs to twart bruteforce detection, and as for complex passwords.. you have cloud based rainbow table cracking, its a payed for service to! I hope CCP uses salt in their hashes lol
-
Let's hope they do, but has something new happened that would have resulted in the hashes being leaked?