supersaver

Author Topic: Attempted Password Changes  (Read 2300 times)

Offline Hugo

Attempted Password Changes
«: March 29, 2008, 11:07:33 AM»
I think it'd be nice if this were a sticky. People can post the name of the alt and the date an unauthorized password change was requested here.

This way, people can check for recent attempts and be informed if they see one of the listed alts acting strangely or with new colors. It might prevent theft.

If you have an attempt made on your alts, do not click the confirmation link in the e-mail you receive. If anything, simply change your password or make it more difficult for a 'hacker' to guess.

--


I'll start:

Date: 3/29/08
Alt: George Bush
Color Code: t0-+4.;;:;;%%#
Notes: Two(2) attempts made to change password within an hour.

_________________


Offline LSD

Attempted Password Changes
«Reply #1: March 29, 2008, 11:42:53 AM»
Suggestion on safer passwords: Don't use words from the English language, who would ever guess that? And I haven't found a password cracker yet for German, French.. anything like that. x) So you should be safe!
alts in thread, quitting


Offline Zodiac

Attempted Password Changes
«Reply #2: March 29, 2008, 11:49:18 AM»
Password crackers work via any word from any language you want to use. They are not auto generated, people compile the lists themselves. Password lists contain any random possible word and number combinations you can think of. One list may contain hello, hello1, hello12, hello123, and THOUSANDS more variations of the word hello with numbers before and after it.

The ONLY way to make a secure password is to use a combination of letters and numbers, preferrably WITHOUT whole words.

Bad password examples: yahoo44, hello123, iloveyou (very common)

Good password examples: dghf45hskf, mmr349df5, ben238kdj85

If you think that a jumbled password will be too hard for you to try and remember, try and make it related to something you will remember and write down a hint somewhere you will always be able to find it.

Here is an example of what I mean, if I were to use this method myself:

(Note: This is NOT an actual password to ANYTHING I own.)

- Last three letters of my middle name
- Year I was born in
- First three letters of my brothers middle name

Result: ole87jos

The more letters and numbers you have, the harder it will be for anyone to guess or any password cracker to hit a match on.

Sookan

Attempted Password Changes
«Reply #3: March 29, 2008, 12:20:11 PM»
you use symbols too. also, capital letters.

[email protected]

Offline Gallifreyan

Attempted Password Changes
«Reply #4: March 29, 2008, 12:23:21 PM»
Foreign names and such can also be great to use aswel as numbers.

Always use (as has been said) numbers and letters/words in that case to keep your alts safe.

Also never use the same password for all your alts...if it gets found out then all your stuff can go.

Dare

Attempted Password Changes
«Reply #5: March 29, 2008, 12:40:14 PM»
Umm.
They can't get the alt in the first place if you're getting the password change request, just don't confirm it...
Some people request alts, not because they're trying to steal them but because they weren't sure whether or not they have expired.
Yeah, use a heavy password/use common sense.

Offline Tamsen

Attempted Password Changes
«Reply #6: March 29, 2008, 01:08:48 PM»
You could do what I did, use cap on every other or something around those lines to make it harder;

Example:

CoLlPnMMynN23

Main contacts are Boe or Tamsen ~
Whisper or PM me.

Offline anathema

Attempted Password Changes
«Reply #7: March 29, 2008, 01:32:09 PM»
Quote from: "Turquoise"
Password crackers work via any word from any language you want to use. They are not auto generated, people compile the lists themselves. Password lists contain any random possible word and number combinations you can think of. One list may contain hello, hello1, hello12, hello123, and THOUSANDS more variations of the word hello with numbers before and after it.


turq would know all about this. ;) <3

Offline Zodiac

Attempted Password Changes
«Reply #8: March 29, 2008, 09:36:32 PM»
Its good to be knowledgeable to keep yourself safe. :)

Fairy

Attempted Password Changes
«Reply #9: March 30, 2008, 12:49:25 AM»
I just smack my keyboard 3-4 times in random spots.

jhnvfgujfvgu90gtuj90v4eu j9hfg9f3iojfe3ghevfhifew 90jh

Offline Harley

Attempted Password Changes
«Reply #10: March 30, 2008, 09:14:25 AM»
Just for the record, last I checked (which was some time ago..) you could not use symbols as a part of your Furcadia password ([email protected]#$%^&*(), ect.).  I had brought this up to Cironir but not sure if it ever got changed or not, or can remember why it's this way.  Just a heads up.

e; And not to be a dick here, but I think posting up a thread for this is a dumb idea.  It takes up time and space, and I doubt anyone's going to bother.  As was already said, don't click the link if you know you didn't send the request.  If you click it then if you ask me, you're just asking for trouble.

Offline Cironir

Attempted Password Changes
«Reply #11: March 30, 2008, 09:19:12 AM»
The Furcadia server keeps track of failed login attempts. Each failed login attempt is logged and viewable by staff. Also, if a certain number of failed attempts is exceeded, the server automatically sends a notification to staff and blocks the address. So, password crackers are generally a bad idea.

Offline LSD

Attempted Password Changes
«Reply #12: March 30, 2008, 10:38:18 AM»
Someone just changed the password of my character, Lip. I can no longer log in. WTF? :(
alts in thread, quitting


Offline Hugo

Attempted Password Changes
«Reply #13: March 30, 2008, 11:11:09 AM»
Quote from: "Toushin"

e; And not to be a dick here, but I think posting up a thread for this is a dumb idea.  It takes up time and space, and I doubt anyone's going to bother.  As was already said, don't click the link if you know you didn't send the request.  If you click it then if you ask me, you're just asking for trouble.
Heh, you were saying?

_________________

Digital Love

Attempted Password Changes
«Reply #14: March 30, 2008, 12:47:12 PM»
How is that going to help though? There's nothing we can do about it. The person who got 'hacked' needs to contact Furc first thing, not rush here to post about it.

And even if they do, wouldn't it classify as either just plain our dumb luck, lack of proper password, sharing email account or being scammed? Changed password attempts are completely and utterly harmless unless someone has access to the email address the character is listed on. And that's a whole different story all together.

The point of posting changed password attempts is lost to me for that reason. The attempts are harmless, and it could be someone who let an alt expire and thinks the password got changed etcetera.

If it's come to a point where the person's alt was confiscated by someone who got a hold of the password, it has very little to do with alerting people on an attempt to change the password. It's either a scam, hacked through neglect of one's passwords (as stated before by Turq, easy to guess password) or sharing passwords with (a friendly) someone who abused the knowledge.

Alerting people of stolen alts is one thing. Alerting people of password change attempts that are harmless seems.... pointless.

Offline Sync

Attempted Password Changes
«Reply #15: March 30, 2008, 01:07:30 PM»
you can still get arrested for attempted robbery.

Offline anathema

Attempted Password Changes
«Reply #16: March 30, 2008, 01:39:43 PM»
Quote from: "Sync"
you can still get arrested for attempted robbery.


LOL

Dare

Attempted Password Changes
«Reply #17: March 30, 2008, 01:42:55 PM»
Quote from: "Sync"
you can still get arrested for attempted robbery.

Yeah, that would make an interesting report.
Someone stole my virtual character..

Offline MAU

Attempted Password Changes
«Reply #18: March 30, 2008, 02:01:37 PM»
sync's comment is just a very broad comparison suggesting that if someone is attempting to get into your alt repeatedly it isn't something to ignore or take lightly if it becomes a problem etc etc.

people make crazy legal suggestions all the time when it comes to alts, but this is hardly one of them. :P broad analogy, no real instigation of legitimate legal action intended i'm sure.

in my opinion, a few lost password attempts aren't a threat at all. there are many reasons why people would send these to you, and only if it's habitual and ongoing would i mention it, but if each login attempt is monitored i think cironir has you pretty much covered already.

i remember when i first started alt trading back in early 2005, one of my favorite alts expired and i thought i lost the password, so i must have sent tons of those to whoever created the alt next. it happens. :lol:

Offline Sync

Attempted Password Changes
«Reply #19: March 30, 2008, 03:43:04 PM»
it was just a comparison guys replying to sadil's comment, chill.

Digital Love

Attempted Password Changes
«Reply #20: March 30, 2008, 06:44:59 PM»
Quote from: "Sync"
you can still get arrested for attempted robbery.


Then it must be really stupid thieves who send a password reminder to an email address they don't know or have no access to. :P And if they do, then that's likely the owner's fault for leaving the key in the keyhole.

Offline Hugo

Attempted Password Changes
«Reply #21: March 30, 2008, 08:43:54 PM»
This is not a discussion thread.

Post password change attempts, helpful password protection measures, or do not post at all.

_________________

Offline Harley

Re: Attempted Password Changes
«Reply #22: March 31, 2008, 01:04:30 AM»
Quote from: "Hugo"
I think it'd be nice if this were a sticky. People can post the name of the alt and the date an unauthorized password change was requested here.

This way, people can check for recent attempts and be informed if they see one of the listed alts acting strangely or with new colors. It might prevent theft.

If you have an attempt made on your alts, do not click the confirmation link in the e-mail you receive. If anything, simply change your password or make it more difficult for a 'hacker' to guess.
Sounds like a suggestion up for discussion to me buddy.

Offline LSD

Re: Attempted Password Changes
«Reply #23: March 31, 2008, 01:22:32 AM»
Quote from: "Toushin"
Quote from: "Hugo"
I think it'd be nice if this were a sticky. People can post the name of the alt and the date an unauthorized password change was requested here.

This way, people can check for recent attempts and be informed if they see one of the listed alts acting strangely or with new colors. It might prevent theft.

If you have an attempt made on your alts, do not click the confirmation link in the e-mail you receive. If anything, simply change your password or make it more difficult for a 'hacker' to guess.
Sounds like a suggestion up for discussion to me buddy.

didn't you already make some asinine remark in here? :roll:
alts in thread, quitting


Offline Zodiac

Attempted Password Changes
«Reply #24: March 31, 2008, 02:21:24 AM»
Don't any of you know how to interact nicely on the forums?

Any and all remarks not related to the topic are not necessary including ones that instigate a fight.

This thread is way off topic, and two pages in so it is being locked. If Hugo decides to remake the topic, that is up to him. If anyone wishes to USE this kind of topic for its intended purpose at this time, that is also up to them although it will not necessarily be stickied until it proves itself to be useful. As of this point based on the discussion in this thread, attempted passwords are not necessarily a thread, and the administration of Furcadia have our characters well-protected form brute force attempts, and any attempt to steal a character via password change request is at the mistake of the person who owns the character.

 

supersaver