Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Sinjin Mokk]

Just as a head's up:

My Blizzard/Battlenet account was hacked early today. I was able to catch it in time and stop it before any payments went out or anything. It seemed more like a bot than an individual hack.

All the same, if you have a Blizzard/Battlenet account, take the time to change your passswords and account info just in case.

[Casiella]

Isn't this, like, something that's a huge problem there? And why we have the two-factor authenticators? (You do have one, right?)

[Myrhial Arkenath]

Isn't this, like, something that's a huge problem there? And why we have the two-factor authenticators? (You do have one, right?)

^ This.

How strong was your password? It's all nice and well to warn people, and it's appreciate really, but if you password was "logmein" or your sibling's name or any other dictionary word well that'd could have been brute forced. Always use upper / lower case, numbers, special characters, and make sure there is no known word in it.

To avoid words, take a sentence, and take the 1th (or last, or whichever pattern you like) letter of each word and jam them together. Replace some letters with numbers (A == 4, O == 0 ect.) and in case that's not possible make up a word out of numbers and stick it in there.

If you have all that, and you got hacked, then you can worry. Also, make sure said "omg you are hacked" mail is in fact not a phishing mail. I get a ton of them, every day. Thank god for spam filter. But once in a while they manage to slip through and turn up in your inbox.

[Sinjin Mokk]

Well to be honest, the old password might have been a little on the weak side. 

It's all good now.

I've heard though, that the authenticators don't really give you all that much extra protection.

[Bacchanalian]

Best password doctrine: 

"I really like MC Hammer's 2 Legit 2 Quit!" = IrlMCH2L2Q!

Good luck brute forcing that password.  Make it a sentence you remember, make sure it has some sort of punctuation somewhere in it, incorporate some numbers, and you have a very strong password.

[lallara zhuul]

Or just use some other language than english.

Omenapuujakuujonkaylihyppasilehma.

Good luck in cracking that

[Casiella]

That password is fairly secure because of its length, not because of the language. Eight character passwords of just regular Latin letters are insecure no matter what language they're in.

[Lydia Tishal]

I'm going to go ahead and display my considerable ignorance here, but...isn't it pretty much standard procedure to lock out access to an account if it fails password authentication a certain number of times in rapid succession? How do brute force a password if you get locked out after three or four failed attempts?

[Casiella]

Yes, assuming a service provider does that, then you've defeated a lot of brute forcing. However, these days, the primary threats consist of malware such as keyloggers (where strong passwords won't matter), phishing, password reuse across sites, or database compromises that reveal encrypted or hashed passwords which attackers then compromise via brute force or rainbow tables.

[Lydia Tishal]

Got it, thanks for the clarification.

[Darveses]

1Password best, comfiest 64 character passwords ever