Need a secure, reliable password? (PSA)

General Discussion
(Note: This is a general "public service" type post. I hope it's helpful to you!)

You'd be surprised how many people just aren't that wise in relation to their passwords. According to some data graphic released after the gawker attack, a ridiculous percentage of registrants actually used "password" as their password and it may be reasonably assumed that most people use a single password everywhere for ease of remembrance.

Of course, this means whenever a password is compromised, anyone can use it to attempt to access accounts and the poor sot holding them is wide open to further abuse.


It's a good idea to have some manner of convention for passwords (patterns or methods of generating them for yourself that are easy for you to remember, but difficult for others to guess). Some of the ones that have served me well in the past include:

- taking my initials and translating them to either numbers or to numbers and then dividing them by X (some easy to remember number of my choosing and, of course, dropping any remainder/fraction), AND

- combining that result with my numeric street address ("3745 Any Street" becomes "cgde"), AND

- taking my 5 digit zip code and dividing it by X (as mentioned above) and using the result (sans decimal)

The result of the above (for me) would be:

166cgde49002 (and no, this is not my current password. heh.)

Or, for WoW, a similar function might be:

- converting the first three letters of my character name to numbers (16 8 25)
- converting my current achievement score to letters (D F D E)
- dividing my character's current level in half (42 [ignoring the fraction] )

The result could serve nicely as a password: 16825dfde42 (also not my current password!)

You get the idea.

Obviously, a system easy for you to use and remember might contain very different means of arriving at something, but the idea is to have something in place.

Also, to change up ALL your passwords at least once a year (most would recommend once a quarter, and if you're using sites where compromised accounts are known or in any way regular, once a month).
thx this helped alot
Get an authenticator kids. Your password won't matter because you would need to be specifically targeted to get past the authenticator. Otherwise, this is good advice.
Good advice, but using an authenticator, you could make your password "1234" and not be hacked.

Go Authenticators go!
The biggest thing to remember is to not use a normal word. Mix letters and numbers together. And don't tell anyone your password.
Very good advice and deffinetly the way to go if you can not afford an authenticator. I have been playing for six years and have been hacked 6 times so finding a way to stop them is key.
some 1 hacked me and i ant find how to change my password on batte.net site
i think i may be getting hacked, and i cant find out how to change my password. help?
I want to change my password
The complexity of a password does not matter in our context due to the layer of encryption that is involved behind the wow login portal. The only way to beat it is by client-side installation of malware. A keylogger can log "34Gjvkf3" just as quickly as it can log the word "password".


lets keep in mind, WoW hijacks are always catalyzed from the client's terminal, always. we cannot compare Gwaker to Blizzard.
A keylogger doesn't give a frack how complex your password for WoW is.

The bad guys aren't out there trying to 'guess' your WoW password.


QFT

I would hazard a guess that Blizzard has methods in place to keep brute force password guessing from working (normally it is X number of failed authentications requiring a call to CS to unlock the account). I do not know, since I have yet to reach that level.

It is my opinion that most passwords are not guessed, but are due to the result of keyloggers and other malware existing on the system. Why try to guess passwords when getting them from the user's is much easier. The issue is not password complexity, it is the wetware behind the keyboard.

As someone else in this thread stated, an authenticator is one of the best methods to use in order to increase account security. You would either have to fall victim to a Man in the Middle (MiM) attack, where the traffic is being intercepted (and used) during the authentication process, or have fallen to a Man on the Box attack, where there is an active session on your workstation allowing a malicious user to use your credentials. Both are real time attacks and both require a lot more resources than keyloggers.

I would say that Blizzard has been more that open about getting tools available to help secure your account with the free authenticators on cell phones, and the tokens at what I see is pretty much at cost (with Blizzard eating the infrastructure fees to support the two factor authentication).

Can you get hacked with an authenticator? Yes, but it is much less likely than not using one.
i need help changing my password
ya me to
I'm waiting for the day when someone writes a program that duplicates the algorithm that generates the 8 digit authenticator code.
Why was this post reported?

OP gives good insight into how to generate a password.

+1 internetz
(Note: This is a general "public service" type post. I hope it's helpful to you!)



You'd be surprised how many people just aren't that wise in relation to their passwords. According to some data graphic released after the gawker attack, a ridiculous percentage of registrants actually used "password" as their password and it may be reasonably assumed that most people use a single password everywhere for ease of remembrance.



Of course, this means whenever a password is compromised, anyone can use it to attempt to access accounts and the poor sot holding them is wide open to further abuse.





It's a good idea to have some manner of convention for passwords (patterns or methods of generating them for yourself that are easy for you to remember, but difficult for others to guess). Some of the ones that have served me well in the past include:



- taking my initials and translating them to either numbers or to numbers and then dividing them by X (some easy to remember number of my choosing and, of course, dropping any remainder/fraction), AND



- combining that result with my numeric street address ("3745 Any Street" becomes "cgde"), AND



- taking my 5 digit zip code and dividing it by X (as mentioned above) and using the result (sans decimal)



The result of the above (for me) would be:



166cgde49002 (and no, this is not my current password. heh.)



Or, for WoW, a similar function might be:



- converting the first three letters of my character name to numbers (16 8 25)

- converting my current achievement score to letters (D F D E)

- dividing my character's current level in half (42 [ignoring the fraction] )



The result could serve nicely as a password: 16825dfde42 (also not my current password!)



You get the idea.



Obviously, a system easy for you to use and remember might contain very different means of arriving at something, but the idea is to have something in place.



Also, to change up ALL your passwords at least once a year (most would recommend once a quarter, and if you're using sites where compromised accounts are known or in any way regular, once a month).


you can sum up most good passwords in one statement: passphrases. instead of a password, think of a small sentence, a phrase. they are as easy to remember, and much tougher to crack.

ooo! and i forgot, always make up your secret question answer! for example, for the question, "where were you born?" which is pretty easy to find out, make up the answer. you could say, "third moon of earth." it makes your secret question impregnable.
I'd like to know why someone was offended enough by the OP's wonderful suggestion to report it.

A hacker, maybe?

Join the Conversation

Return to Forum