[Announcement About Account Security] Haven/Salem

[SynthAura]

I'm flattered someone would go through this much effort to hack into my account that doesn't even have any characters on it. xD This is just my forum username, I'm sure half of the other usernames on the "prioritized" list are just the same. But I guess ever since they removed bugramming and cliffjumping the scumbag kids who can't play the game legitimately and get the rewards themselves had to find a new sleazy exploit so they can feel powerful.

[hiro]

This is just my forum username

You are smart hope everyone does like you do

[MagicManICT]

I haven't in the past, but I'm going to start.

@apxeolog: yeah, I thought of that possibility, too, but then how/where did they get the names at?

[Snk]

Just thought i'd put it into perspective for people who are worried: 400 attempts a day against an account means at least 500 milion years before the hacker gets even tiny chance of cracking it, assuming your password is mid-security; bruteforcing is a method for and against computer-illiterate.

[MagicManICT]

There was a pretty good article in Wired several months ago called "Kill the Password: Why a String of Characters Can't Protect You" by Mat Honan. It's on their website now. I'm not sure if the site is IP restricted in any way, so apologies to those that can't access it.

http://www.wired.com/gadgetlab/2012/11/ ... rd-hacker/

[Snk]

Frankly i think that article is deeply flawed. While examples of hacking mechanisms are well presented, the conclusion is totaly biased on author's own pattern of network usage. Also, assumption that it's x-box generation of hackers causing newfound mayhem is simply off the mark as 99% of the methods are decades old now, with known solutions, all that's changed is new users. The bottom line is, if good practice is preserved, then password is the only point of entry, and so it's form may warp and usage decrease in favour of new technologies, aimed at people who have no idea about their own security, but for those who know how to use and protect one it'll remain near perfect solution.

[Windforce]

Wonder how long they would take to bruteforce a password called "Password"

[MagicManICT]

It's one thing to brute force a hack when you don't know potential passwords. However, look at all the sites that have been hacked over the last few years with "member data compromised." They often don't tell you exactly what was compromised. If it was the login files, there's a ton of data to mine for simplifying a brute force attack. Look at all the phishing sites and emails, which is another way to snag this information.

I'm not going to disagree with you on the article. I'm posting it up there as a recent piece of journalism on the inherent flaws in a password-only based system. Any time data is transmitted over public lines, it's possible security can potentially be breached, and no method we can devise can prevent this. The only secure system is one that never connects to another computer, never has outside software loaded onto it, and has the strictest controls on who can sit down and use it (and if more than one person can use it, there goes that security).

[loftar]

There was a pretty good article in Wired several months ago called "Kill the Password: Why a String of Characters Can't Protect You" by Mat Honan. It's on their website now. I'm not sure if the site is IP restricted in any way, so apologies to those that can't access it.

http://www.wired.com/gadgetlab/2012/11/ ... rd-hacker/

The article has some points that deserve to be made, but it has nothing to do with brute-forcing, which is the actual threat at hand here. ;)

[MagicManICT]

Good point, but the point made in the article I was after was all the hacked password files that have spread around the Net these days. Brute forcing by random alphanumeric attempts is almost outdated. I'm horrible at making my point on this stuff (and why I can't seem to pass my college English classes. ).