Captain
Join Date: Jun 2012
Posts: 1,302
# 21
04-05-2013, 10:11 AM
hmm 30 years. i doubt sto would even be running by then
Career Officer
Join Date: Jun 2012
Posts: 994
# 22
04-05-2013, 10:26 AM
One thing to note about that password cracking link in the OP: It's basing its estimate on a single, average desktop PC from today. Not from 10 years from now. And certainly not a cluster of field programmable gate arrays brute forcing on a hash table stolen from Cryptic. If you think those databases don't get stolen, it actually happens fairly often. That's the reason services nowadays will force global password resets if they even think that might have happened.

For everyone who thinks getting 30-50 years on that little password tester is good enough, it isn't. Bottom line is the passwords that people come up with off the top of their heads aren't good enough. Hackers are laughing at your attempts to be clever. Wherever possible, especially for high value accounts like banks, MMOs, or big online services (Apple, Google) you need to use a long, highly varied, preferably random password.

For reference, my password rated at 25 thousand years.

Last edited by shockwave85; 04-05-2013 at 10:28 AM.
Republic Veteran
Join Date: Jun 2012
Posts: 6,847
# 23
04-05-2013, 10:28 AM
here some music to set the mood

Steppenwolf - Magic Carpet Ride

Paid for by the down with Bajor Party
Career Officer
Join Date: Jun 2012
Posts: 1,028
# 24
04-05-2013, 10:35 AM
230 sextillion years
----
Commander
Join Date: Dec 2012
Posts: 488
# 25
04-05-2013, 10:50 AM
Quote:
Originally Posted by topset View Post
The only other option is backup on the cloud - and I don't like the idea of having every password I use somewhere on the internet, no matter how "secure" the software is.
You could buy an external floppy drive and use it just to backup your password text file.

I fortunately haven't suffered a compromise in years. It probably helps that for D3 I bought that stupid keychain authenticator. It seems a growing amount of hack attempts stem from account information stolen from the hosting party itself.

Better than maintaining a wildly convoluted password for your game account would be to maintain different passwords for game accounts, e-mail, social media, etc.

Quote:
Originally Posted by shockwave85 View Post
That's the reason services nowadays will force global password resets if they even think that might have happened.
I really despise the forced resets. That seems like its setting itself up to further be a target, either by announcing that there's a fresh database of information to hack that's only marginally more secure than the last one, or as a result of users falling back on more easily remembered passwords because they're constantly being asked to change them.

IP verification, on the other hand, is great. So far, the only "hack" attempts I've suffered are from when I log in from another location.

Last edited by millimidget; 04-05-2013 at 10:54 AM.
Rihannsu
Join Date: Jun 2012
Posts: 343
# 26
04-05-2013, 12:33 PM
Quote:
Originally Posted by brigadooom View Post
230 sextillion years
YES. Loved that song ever since I looked it up thanks to Cochrane. )

PS - ah, meant to quote the previous post about "Magic Carpet Ride."

Former/Cryptic Name: Captain_Hans_Langsdorff
Founding member, Special Service Squadron
"Fear God and Dread Nought." First Sea Lord, Adm. Jacky Fisher
Captain
Join Date: Jul 2012
Posts: 3,293
# 27
04-05-2013, 12:47 PM
Quote:
Originally Posted by shockwave85 View Post
One thing to note about that password cracking link in the OP: It's basing its estimate on a single, average desktop PC from today. Not from 10 years from now. And certainly not a cluster of field programmable gate arrays brute forcing on a hash table stolen from Cryptic. If you think those databases don't get stolen, it actually happens fairly often. That's the reason services nowadays will force global password resets if they even think that might have happened.

For everyone who thinks getting 30-50 years on that little password tester is good enough, it isn't. Bottom line is the passwords that people come up with off the top of their heads aren't good enough. Hackers are laughing at your attempts to be clever. Wherever possible, especially for high value accounts like banks, MMOs, or big online services (Apple, Google) you need to use a long, highly varied, preferably random password.

For reference, my password rated at 25 thousand years.
I know someone working in internet security, using a randomly generated password, changed every week or so, using letter, number, caps, etc, who was hacked on ***. I'm pretty sure his PW rated thousands years to. Doesn't mean a thing if the hacker have access to the PW database, or whatever, they just hack your account, no matter your PW.
I'm not even sure hacker try to hack pw the old fashioned way by trying every pass in the world, except maybe for the most stupid pw possible, like "myname" and '"password123".

I'm pretty sure any password complicated enough so the people that knows you will not be able to find it is fine. Most hack attempt are made by people that knows you. Ingame relative or IRL. For the others, they either have your password because you were stupid enough to use gold seller service, or any keylogger program, or they simply hack the game company, and alongside hundred or thousands of people, your account is hacked.
Career Officer
Join Date: Jun 2012
Posts: 994
# 28
04-06-2013, 08:27 AM
Quote:
Originally Posted by erei1 View Post
I know someone working in internet security, using a randomly generated password, changed every week or so, using letter, number, caps, etc, who was hacked on ***. I'm pretty sure his PW rated thousands years to. Doesn't mean a thing if the hacker have access to the PW database, or whatever, they just hack your account, no matter your PW.
I'm not even sure hacker try to hack pw the old fashioned way by trying every pass in the world, except maybe for the most stupid pw possible, like "myname" and '"password123".

I'm pretty sure any password complicated enough so the people that knows you will not be able to find it is fine. Most hack attempt are made by people that knows you. Ingame relative or IRL. For the others, they either have your password because you were stupid enough to use gold seller service, or any keylogger program, or they simply hack the game company, and alongside hundred or thousands of people, your account is hacked.
If the company providing the service you're logging into isn't storing passwords properly, your password is easily derived from a stolen database. Your password itself should not be stored on the server. Instead, a cryptographic hash of your password should be stored. When you submit your password to log in, your input is hashed, and if the hash of your input matches the one stored, you log in. The hashes also need to be "salted", meaning have some random junk added that only the company you're logging into knows. That prevents use of precomputed tables of all possible hashes (rainbow tables).

Regardless, yes, skilled enough people will still likely be able to hack an account if they really wanted to. That's just life. Just because door locks and alarms can't stop a really skilled thief doesn't mean you shouldn't lock your doors and arm your alarm though. And obviously, don't ever share your credentials with anybody.
Career Officer
Join Date: Jan 2013
Posts: 233
# 29
04-06-2013, 08:33 AM
Quote:
Originally Posted by commadorebob View Post
I want to wish everyone a T-50 year anniversary of First Contact Day!

But given recent news of a fleet having their assets stolen by a hacked account, I think today would be a great day for everyone to change their passwords. You should be changing them out twice a year anyway but I know some of us are guilty of not doing so (myself included).

So celebrate the day the world changes forever by changing your password to STO! Protect your stuff!

Since your password is only as secure as you make it, use this great password tester: http://howsecureismypassword.net/
According to it, a hacker would need 83 quintillion years to hack my home router.
nah been using the same password for email, this, wow, steam, origin, and my bank account and it has never been compromised, its 16 letters,numbers upper and lowercase mix trust me its safe
Career Officer
Join Date: Jan 2013
Posts: 233
# 30
04-06-2013, 08:35 AM
Quote:
Originally Posted by shockwave85 View Post
If the company providing the service you're logging into isn't storing passwords properly, your password is easily derived from a stolen database. Your password itself should not be stored on the server. Instead, a cryptographic hash of your password should be stored. When you submit your password to log in, your input is hashed, and if the hash of your input matches the one stored, you log in. The hashes also need to be "salted", meaning have some random junk added that only the company you're logging into knows. That prevents use of precomputed tables of all possible hashes (rainbow tables).

Regardless, yes, skilled enough people will still likely be able to hack an account if they really wanted to. That's just life. Just because door locks and alarms can't stop a really skilled thief doesn't mean you shouldn't lock your doors and arm your alarm though. And obviously, don't ever share your credentials with anybody.
do one better get a dog one that doesnt mind killing
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


All times are GMT -7. The time now is 06:21 PM.