Support for Truly Strong Passwords?

82 Human Hunter
1115
Since this is where most people will understand what I mean...

Is there ever going to be support for non-alpha/numeric characters in a password? Or is the only solution for better security only ever going to be "get an (easily lost) authenticator"?
Reply Quote
- Technical Support
100 Human Mage
13970
you have 16 characters which includes !@#$% plus 0-9 , if you use all 16 character the chance of breaking the pasword in the amount of attempts you get is slim to nile. Acounts get compramised by keyloggers,how easy it is to hack most email acounts , going to the wrong sites and giving people the tools to hack you ie personel information. a 9 character password with just leters is 4 months to crack. add numbers to 178 years to try all the combos so if you use all 16 allowed characters the password can not be cracked in your life time. or even your kids. Even if there lucky with a 9 character password and get it in the first 10 percent thats still is 17.8 years.

http://www.uber.com.au/blog/2011/05/03/how-long-will-it-take-a-hacker-to-crack-your-password/
Edited by Northernlite on 3/4/2012 9:46 PM PST
Reply Quote
- Technical Support
100 Human Mage
13970
Brute force hacking is not possible with wow you only have a limited number of tries to enter the right password. It is not possible with most things that take a password.

If you look at it from a math perspective they do not know how many characters you used. so they have to start at the minium which is 6 i think and work there way up orstart at the max and work there way down down so the math problem looks like this they would have to try every combo before it to reach yours.

40^6 + 40^7 + 40^8+ 40^9 +40^10 + 40^11 + 40^12 + 40^13 + 40^14+40^15+ 40^16

the total of this a little more than 500 septillion combinations. do belive my estamite is low gave up on adding it at to the 14th

At one try per second, it will take you a mere 20 quadrillion years, a mere 1.8 billion times longer than the universe has existed to-date.
Edited by Northernlite on 3/4/2012 10:12 PM PST
Reply Quote
90 Night Elf Hunter
6550
Since this is where most people will understand what I mean...

Is there ever going to be support for non-alpha/numeric characters in a password? Or is the only solution for better security only ever going to be "get an (easily lost) authenticator"?



I had to check the date of your post, since I've seen this same thread several times.

As people answered those several times:

Moot point.


NO ONE IS GUESSING THE PASSWORD. Its being keylogged. So non-alpha numeric characters is moot.

A user gets a trojan OR they let through some bad flash ad that runs and then gets their login and password.

----------------

I've never bought gold.

I use firefox with noscript, as well as a couple of other ad/trojan preventer things.

The big one:

I've only played in opensuse linux, since patch 2.3. So I'm not even IN a windows operating system; I'm in one that is MUCH more secure, while also being much less of a target by default:

I still logged on one day long ago, Naked in front of the last vendor I was shopping at, with 12 K gold missing (which was a LOT back then.) I was restored in less than a day by blizzard, changed my default email login to something else, changed the password too, ran all the trojan checks that Linux had to offer (which is a LOT harder by the way, since the problem is fairly unheard of on that operating system), came up empty and chalked it up to some naughty flash ad or something even though I never even show ads (or go to any "bad" websites.)

I added the phone authenticator, where if the IP/whatever is different you get a lock and then have to call blizzard from YOUR phone number that you set up. Since they changed the regular authenticator to more
or less work the same way (you only ever use it if there is a significant
enough change), its pretty much the same.

Since then I've had zero further problems.
Reply Quote
82 Human Hunter
1115
03/04/2012 09:32 PMPosted by Northernlite
you have 16 characters which includes !@#$% plus 0-9 , if you use all 16 character the chance of breaking the pasword in the amount of attempts you get is slim to nile.


Last time I attempted to change my password, I was told that I could *not* use those special characters. Letters and numbers only. (Maybe - and _ - I forget). If I could get the profanity characters you list above, I'd be happy.
Reply Quote
- Technical Support
100 Human Mage
13970
if you use a 9+ character alpha numeric + one of these $,#,!,% . a 9+ character alpha numeric its vertualy imposible to crack it.hardeded password are only really used for shorter passwords to make them more secure. for example a 6 digit with special characters 18 days, 7 characters 4 years, once you get to 8 characters hardened passwords do not make a lot of diffrence it takes 3 years to try all the combos of a 8 character alphanumeric password. Like i said earlier you are allowed 16 characters if you use more then nine no one is going to guess it in you life time
Edited by Northernlite on 3/5/2012 2:14 AM PST
Reply Quote
80 Blood Elf Rogue
14125
I am for stronger password. Some services already requires both lower and upper cases in password (in addition to number and symbols), which so far is not supported in WoW. Currently upper and lower cases are treated the same and not separately so your "password", "PassWord", and "PaSsWoRd" all means the same thing to the server.
Reply Quote
- Technical Support
100 Human Mage
13970
with 26 letters plus 10 numbers plus the 4 special characters they allows it will take more time to crack your password then you will be alive. if you figure just a 40^16 you have 12683916794 years to try all the combos if you try one a second. lets say you get a super computer that can try combos at even 100 a second its still going to take more time to crack it then you will be alive. with just 40 allowed character a nine character password has 109589041 combinations you are still have 3.4 years to try all the combinations possible at 1 every second . Hardened passwords are not needed when the characters allowed are not a small number. Thats not including they do not know how many characters you used so they have to try the every combo of shorter passwords. which adds more varibles to the mix
Edited by Northernlite on 3/5/2012 3:36 AM PST
Reply Quote
86 Worgen Mage
12100
03/05/2012 03:01 AMPosted by Yukineko
I am for stronger password. Some services already requires both lower and upper cases in password (in addition to number and symbols), which so far is not supported in WoW. Currently upper and lower cases are treated the same and not separately so your "password", "PassWord", and "PaSsWoRd" all means the same thing to the server.


Wait a minute. Your telling me that passwords are NOT case sensitive? BLIZZARD, please fix this immediately. even public domain web page code, that people use to control access to private web sites is case sensitive. All this time, I have been mixing upper and lower case, and now I find out, it is a waste of my time. that really makes me mad.
Edited by Frostytoes on 3/5/2012 7:09 AM PST
Reply Quote
100 Night Elf Druid
15980
Since WoW launched, it hasn't been case sensitive. As others have mentioned, making it so would be somewhat redundant.

A "safe" password is one that cannot be guessed. Basically if it's not an actual word (in any language), a name, either of those with a number or two tacked onto the end, a number associated with you (birthdays, etc) or an unimaginative number sequence (eg "123456" or "1111111") than it's safe for Blizzard's purposes. They don't allow enough password attempts for a brute-force attack to even hope to be succesful - unless they're willing to devote several years to the process (by which time someone will have noticed).

Incidentally, a while back a website parsed a list of e-mail passwords that had been gathered by way of social engineering and posted in a torrent. I don't recall exactly how many passwords were in the list, but the most common were "password" and "12345". However one password on the list contained no less than 34 characters - 8 of which were "M" - in upper and lower case, with numbers and non-alpha-numeric characters. Because of how the password made it to the list, the "difficulty" of the password was completely irrelevant - it could have been 100 characters long made exclusively of extended unicode characters and still meant nothing.
Reply Quote
MVP - Technical Support
97 Draenei Mage
6650
03/05/2012 08:05 AMPosted by Asterchades
They don't allow enough password attempts for a brute-force attack to even hope to be succesful - unless they're willing to devote several years to the process (by which time someone will have noticed).


This is true.

I do believe there's a cool down period that occurs after too many password attempts. I don't recall how many it is as it's been a while since I tested it myself but I think it's only a few attempts. "Cool down" as in it wouldn't let you log into the account until a short cool down period had passed.

IIRC there was something said somewhere about eventually locking the account after too password attempts as well (an escalation from the cool down thing above) , requiring a call to Billing to unlock.

So as long as it only allows you a limited number of attempts before it goes into lock out mode then arguing for stronger possible passwords is a moot point. It's a placebo belief IMHO.
________________________________________________
Bringing you walls of text and cookies since 2005 :)

Mac Tech Support MVP (moonlights in other forums)
Here to Help :)
Reply Quote
82 Human Hunter
1115
And, of course, technical considerations aside, the selfish reason for wanting stronger passwords, is that I have a collection of passwords I use, for sites of varying security. I'd like to start using my "It's not the end of the world if people guess this, but I don't want it to be obvious" password for WoW, rather than one of my other passwords...
Reply Quote
100 Human Warlock
14005
hack email account.... usually easier..
so many people use a cheap web interface with poor passwords.

if wow account in email account... email blizz you forgot your password.
wow entrance not so hard after all.

Reply Quote
90 Pandaren Shaman
6750
throughout all my years of gaming my email has only been stolen once and that was when i was like 14....

pro tip always have a good anti virus like nod32, use different passwords for everything, and please stop downloading !@#$.
Reply Quote

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)
Submit Cancel

Reported!

[Close]