Need a secure, reliable password? (PSA)

(Locked)

85 Blood Elf Priest
5610
(Note: This is a general "public service" type post. I hope it's helpful to you!)

You'd be surprised how many people just aren't that wise in relation to their passwords. According to some data graphic released after the gawker attack, a ridiculous percentage of registrants actually used "password" as their password and it may be reasonably assumed that most people use a single password everywhere for ease of remembrance.

Of course, this means whenever a password is compromised, anyone can use it to attempt to access accounts and the poor sot holding them is wide open to further abuse.


It's a good idea to have some manner of convention for passwords (patterns or methods of generating them for yourself that are easy for you to remember, but difficult for others to guess). Some of the ones that have served me well in the past include:

- taking my initials and translating them to either numbers or to numbers and then dividing them by X (some easy to remember number of my choosing and, of course, dropping any remainder/fraction), AND

- combining that result with my numeric street address ("3745 Any Street" becomes "cgde"), AND

- taking my 5 digit zip code and dividing it by X (as mentioned above) and using the result (sans decimal)

The result of the above (for me) would be:

166cgde49002 (and no, this is not my current password. heh.)

Or, for WoW, a similar function might be:

- converting the first three letters of my character name to numbers (16 8 25)
- converting my current achievement score to letters (D F D E)
- dividing my character's current level in half (42 [ignoring the fraction] )

The result could serve nicely as a password: 16825dfde42 (also not my current password!)

You get the idea.

Obviously, a system easy for you to use and remember might contain very different means of arriving at something, but the idea is to have something in place.

Also, to change up ALL your passwords at least once a year (most would recommend once a quarter, and if you're using sites where compromised accounts are known or in any way regular, once a month).
5 Tauren Paladin
0
thx this helped alot
90 Night Elf Druid
9070
Get an authenticator kids. Your password won't matter because you would need to be specifically targeted to get past the authenticator. Otherwise, this is good advice.
85 Worgen Druid
7255
Good advice, but using an authenticator, you could make your password "1234" and not be hacked.

Go Authenticators go!
The biggest thing to remember is to not use a normal word. Mix letters and numbers together. And don't tell anyone your password.
85 Troll Death Knight
2245
Very good advice and deffinetly the way to go if you can not afford an authenticator. I have been playing for six years and have been hacked 6 times so finding a way to stop them is key.
some 1 hacked me and i ant find how to change my password on batte.net site
70 Blood Elf Paladin
1490
i think i may be getting hacked, and i cant find out how to change my password. help?
I want to change my password
90 Draenei Priest
7520
The complexity of a password does not matter in our context due to the layer of encryption that is involved behind the wow login portal. The only way to beat it is by client-side installation of malware. A keylogger can log "34Gjvkf3" just as quickly as it can log the word "password".


lets keep in mind, WoW hijacks are always catalyzed from the client's terminal, always. we cannot compare Gwaker to Blizzard.
Edited by Javascript on 2/15/2011 8:13 AM PST
85 Draenei Shaman
6130
A keylogger doesn't give a frack how complex your password for WoW is.

The bad guys aren't out there trying to 'guess' your WoW password.


QFT

I would hazard a guess that Blizzard has methods in place to keep brute force password guessing from working (normally it is X number of failed authentications requiring a call to CS to unlock the account). I do not know, since I have yet to reach that level.

It is my opinion that most passwords are not guessed, but are due to the result of keyloggers and other malware existing on the system. Why try to guess passwords when getting them from the user's is much easier. The issue is not password complexity, it is the wetware behind the keyboard.

As someone else in this thread stated, an authenticator is one of the best methods to use in order to increase account security. You would either have to fall victim to a Man in the Middle (MiM) attack, where the traffic is being intercepted (and used) during the authentication process, or have fallen to a Man on the Box attack, where there is an active session on your workstation allowing a malicious user to use your credentials. Both are real time attacks and both require a lot more resources than keyloggers.

I would say that Blizzard has been more that open about getting tools available to help secure your account with the free authenticators on cell phones, and the tokens at what I see is pretty much at cost (with Blizzard eating the infrastructure fees to support the two factor authentication).

Can you get hacked with an authenticator? Yes, but it is much less likely than not using one.
85 Orc Warrior
0
i need help changing my password
85 Orc Warrior
0
ya me to
90 Goblin Death Knight
7555
I'm waiting for the day when someone writes a program that duplicates the algorithm that generates the 8 digit authenticator code.
86 Tauren Druid
8070
Why was this post reported?

OP gives good insight into how to generate a password.

+1 internetz
90 Night Elf Hunter
15210
(Note: This is a general "public service" type post. I hope it's helpful to you!)



You'd be surprised how many people just aren't that wise in relation to their passwords. According to some data graphic released after the gawker attack, a ridiculous percentage of registrants actually used "password" as their password and it may be reasonably assumed that most people use a single password everywhere for ease of remembrance.



Of course, this means whenever a password is compromised, anyone can use it to attempt to access accounts and the poor sot holding them is wide open to further abuse.





It's a good idea to have some manner of convention for passwords (patterns or methods of generating them for yourself that are easy for you to remember, but difficult for others to guess). Some of the ones that have served me well in the past include:



- taking my initials and translating them to either numbers or to numbers and then dividing them by X (some easy to remember number of my choosing and, of course, dropping any remainder/fraction), AND



- combining that result with my numeric street address ("3745 Any Street" becomes "cgde"), AND



- taking my 5 digit zip code and dividing it by X (as mentioned above) and using the result (sans decimal)



The result of the above (for me) would be:



166cgde49002 (and no, this is not my current password. heh.)



Or, for WoW, a similar function might be:



- converting the first three letters of my character name to numbers (16 8 25)

- converting my current achievement score to letters (D F D E)

- dividing my character's current level in half (42 [ignoring the fraction] )



The result could serve nicely as a password: 16825dfde42 (also not my current password!)



You get the idea.



Obviously, a system easy for you to use and remember might contain very different means of arriving at something, but the idea is to have something in place.



Also, to change up ALL your passwords at least once a year (most would recommend once a quarter, and if you're using sites where compromised accounts are known or in any way regular, once a month).


you can sum up most good passwords in one statement: passphrases. instead of a password, think of a small sentence, a phrase. they are as easy to remember, and much tougher to crack.

ooo! and i forgot, always make up your secret question answer! for example, for the question, "where were you born?" which is pretty easy to find out, make up the answer. you could say, "third moon of earth." it makes your secret question impregnable.
Edited by Seffie on 2/27/2011 10:42 AM PST
85 Worgen Druid
2410
I'd like to know why someone was offended enough by the OP's wonderful suggestion to report it.

A hacker, maybe?
This topic is locked.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)
Submit Cancel

Reported!

[Close]