Results 1 to 17 of 17
  1. #1
    Secondary Hivemind Nexus mrpier's Avatar
    Join Date
    Jun 2011
    Posts
    1,295

    Prosiebensat security breach

    http://planetside2.eu/teasers/261-im...to-our-players

    So, yeah take the usual/necessary precautions and all that.

  2. #2
    Moderator QuantaCat's Avatar
    Join Date
    Jun 2011
    Location
    Vienna, Austria
    Posts
    6,476
    MOTHERFUCKINGMOTHERFUCKER WETOPWIGOWMRIOHEMRHiqwmeroimoism ergoEPMTOIMEpMoiMGWEOIMIMWOIEG

    How can they not learn to allow passwords longer than 20 characters.
    - Tom De Roeck.

    verse publications

    "Quantacat's name is still recognised even if he watches on with detached eyes like Peter Molyneux over a cube in 3D space, staring at it with tears in his eyes, softly whispering... Someday they'll get it."

    "It's frankly embarrassing. The mods on here are woeful."

    "I wrinkled my nose at QC being a mod."

    "At least he has some personality."

  3. #3
    Secondary Hivemind Nexus Jesus_Phish's Avatar
    Join Date
    Aug 2012
    Location
    Dublin, Ireland
    Posts
    4,266
    Quote Originally Posted by QuantaCat View Post
    MOTHERFUCKINGMOTHERFUCKER WETOPWIGOWMRIOHEMRHiqwmeroimoism ergoEPMTOIMEpMoiMGWEOIMIMWOIEG

    How can they not learn to allow passwords longer than 20 characters.
    They could allow passwords longer than 200 characters, the average player and internet user isn't going to use a long password, I wouldn't be surprised that if the list got leaked we saw such gems as Qwerty123 and Password1

  4. #4
    Lesser Hivemind Node
    Join Date
    Nov 2012
    Posts
    690
    Long passwords means shit when someone manages to access the database with mail/passwords since well... they have your password or the hash used for password verification. (storing peoples passwords and/or creditcard info in clear text should be a capital offense). The most important bit here is to never ever use the same password as you use for your email account that way they cannot use this info to get access to pretty much everything else you have by password resets etc.

    Overly complicated passwords has zero, zilch effect on security, rather the opposite as people write them down to remember them, and when they are forced to change they just add a number at the end.

  5. #5
    Secondary Hivemind Nexus Dewi's Avatar
    Join Date
    Dec 2012
    Posts
    1,041
    Best thing to do, choose a memorable word and add "flavour". For example (I don't use this and neither should anyone else now) "R0(kP4p3rSh0tGun%!", although like you say if theyve hacked a server and decrypted your password this creates zero difference

  6. #6
    Secondary Hivemind Nexus EsotericReverie's Avatar
    Join Date
    Dec 2012
    Location
    Sweden (Göteborg)
    Posts
    3,315
    Or a sequence of words that do not form a sensible sentence, but that are easy to summon a memorable image from. See: http://xkcd.com/936/

  7. #7
    Secondary Hivemind Nexus mickygor's Avatar
    Join Date
    Dec 2011
    Location
    Leicester, UK
    Posts
    1,588
    My personal favourite is sentence acronyms. Nice long ones. Look random to the unknowing eye, hard to memorise in a few seconds from a casual glance, but easy to recall so long as you know the sentence itself. betrslayktsi.
    Itsbastiat, Dawngate
    Bastiat, Planetside 2, Miller NC
    Therin Katta, FFXIV, Cerberus

  8. #8
    Secondary Hivemind Nexus Bankrotas's Avatar
    Join Date
    Apr 2012
    Location
    Lithuania
    Posts
    1,642
    I do write down my passwords on paper. That's right, you heard me! PAPER!
    Hear from the spirit-world this mystery:
    Creation is summed up, O man, in thee;
    Angel and demon, man and beast art thou,
    Yea, thou art all thou dost appear to be!
    http://ps2guides.besaba.com/

  9. #9
    Secondary Hivemind Nexus Boris's Avatar
    Join Date
    Apr 2012
    Location
    Netherlands
    Posts
    1,453
    My personal favourite is http://keepass.info/ and use it to generate and store a random password for each and every login I use. You can instruct it to generate a password of X length using some Y set of characters.
    I synchronize the keepass file across devices with Dropbox, and that's secure because it itself is encrypted with a master password. So you have one huge ass password you have to remember that unlocks all your other passwords.

  10. #10
    Secondary Hivemind Nexus
    Join Date
    Jan 2013
    Posts
    2,290
    Quote Originally Posted by EsotericReverie View Post
    Or a sequence of words that do not form a sensible sentence, but that are easy to summon a memorable image from. See: http://xkcd.com/936/
    Love that one. So educational!

    Quote Originally Posted by Boris View Post
    So you have one huge ass password you have to remember that unlocks all your other passwords.
    Also interesting, since what I worry about most is using similar/the same passwords for multiple things (though obviously nothing important).

  11. #11
    Secondary Hivemind Nexus
    Join Date
    Feb 2013
    Posts
    1,265
    I also use the XKCD method, quite usefull and easy to remember. Also not easy for any hash bashed method to unlock.

    also note that many mail applications/providers support the yourmailadress+string@domain.tld This means that you can fill in your emailadress in forms followed by a + and then a string. The mail will be send to your adress, but sendto has the string attached. This way you can see where the spam is originating from, or what company is selling your mail adress. Quite usefull.

  12. #12
    Secondary Hivemind Nexus Boris's Avatar
    Join Date
    Apr 2012
    Location
    Netherlands
    Posts
    1,453
    Quote Originally Posted by Rizlar View Post
    Also interesting, since what I worry about most is using similar/the same passwords for multiple things (though obviously nothing important).
    It's a great tool and I highly recommend it.

    Quote Originally Posted by pepper View Post
    I also use the XKCD method, quite usefull and easy to remember. Also not easy for any hash bashed method to unlock.

    also note that many mail applications/providers support the yourmailadress+string@domain.tld This means that you can fill in your emailadress in forms followed by a + and then a string. The mail will be send to your adress, but sendto has the string attached. This way you can see where the spam is originating from, or what company is selling your mail adress. Quite usefull.
    Until spammers get wise and remove the + and everything up until the @.

    Concern with the XKCD method is that there isn't actually a lot of entropy there.

    There's high entropy in a 4-word password if you brute force all character possibilities, but a smart attacker will get a dictionary and start combining those words, dramatically reducing the search space. Your 4-word dictionary password will be about as good as a 7 character random one (in the same order of magnitude).

    If you really want to be secure, replace some characters in those dictionary words. That'll dramatically shoot up the entropy. So instead of correct horse battery staple, how about c0rrect horse battery stapl&.

    This is all pretty academic. Most password breaches are from password reuse and weak passwords. If you care enough to use a correct-horse-type password, you're pretty safe anyway.
    Last edited by Boris; 28-02-2013 at 11:55 AM.

  13. #13
    Secondary Hivemind Nexus
    Join Date
    Feb 2013
    Posts
    1,265
    For now, it works though.

  14. #14
    Secondary Hivemind Nexus Boris's Avatar
    Join Date
    Apr 2012
    Location
    Netherlands
    Posts
    1,453
    Yeah. I'm glad it's not a really well known trick at the moment because that's the only thing keeping spammers from circumventing it.

  15. #15
    Secondary Hivemind Nexus Jesus_Phish's Avatar
    Join Date
    Aug 2012
    Location
    Dublin, Ireland
    Posts
    4,266
    To expand on the XKCD one, you can use more than four words and more than one language.

    Five random words in five languages. Still easy for humans to remember but makes it more difficult to crack.

    I find the best solution is to just use throw away email accounts.

  16. #16
    Secondary Hivemind Nexus Cooper's Avatar
    Join Date
    Jun 2011
    Posts
    2,054
    I second keepass.

    As well as on my desktop and notebook, I have a tiny USB keyring that I keep my keepass database on, along with portable versions (windows and linux) which means I can use it on pretty much any computer I end up using.
    Quote Originally Posted by CROCONOUGHTKEY
    KING GEORGE IS A FROG
    le BANG~__-MICHEAL FUCK OFF~~__-INTERPOL KNOW YOU WELLBIENG~—
    OFF
    NOT RUSHMORE MOUNTAIN
    KILL WESTON KILL MUST KILLTHEWESTERNINMYHEADDOESN’TEXSIST
    TEXASISDEADINPARISHEWASAMAN..BINGBING.TETTOHEAD.SP ACEOK,TIMEDEADANDSTOPPED1920HOKKAIDO.UNDERSTOODAT1 ONE.
    UNDERSTANDTHISANDFUCKOFFPIRATEBAY.TIMEDOESNTEXSIST FORMEASIMPATEKPHILLPE.
    BANG

  17. #17
    Moderator QuantaCat's Avatar
    Join Date
    Jun 2011
    Location
    Vienna, Austria
    Posts
    6,476
    I was more annoyed by them because I have a system I use for all my passwords, and it usually is longer than 20 characters and still easy to remember.
    - Tom De Roeck.

    verse publications

    "Quantacat's name is still recognised even if he watches on with detached eyes like Peter Molyneux over a cube in 3D space, staring at it with tears in his eyes, softly whispering... Someday they'll get it."

    "It's frankly embarrassing. The mods on here are woeful."

    "I wrinkled my nose at QC being a mod."

    "At least he has some personality."

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •