The Gang Garrison 2 Forum
Gang Garrison Discussion => Announcements => Topic started by: MedO on December 18, 2011, 05:17:06 pm
-
We had a case of account hijacking today. No harm was done (the victims only had their profiles edited), but I think it deserves to be talked about to raise some basic security awareness, because this was not a security problem of the forum software.
So, due to the current events, here is an important rule: Don't use the same password for different services. This rule is so important that it's the first one on Google's password security tips (http://www.google.com/security/passwords/), even above using a long or complex password. If you use the same password for everything, it only takes one insecure or malicious service to compromise all your accounts.
In particular, if you are using the same password that you used for Colton's FLS account system anywhere else, best change it. He says he deleted the passwords now, but as the slogan of Uplink goes, "trust is a weakness."
-
wow what a day
-
Wait what happened?
-
He used the fls account system to get into peoples' accounts via entering passwords and seeing if they'd actually work. He didn't mean to scare anyone, though. He was just messing around. Didn't mean to scare y'all or anything.
Moral of the story is that you should alternate online passwords.
-
err what is fls
-
Colton's game
-
oh
-
:z9:
-
Reminds me of my account named "USB" where someone guessed my password and deleted it.
The other moral of this story is don't have a password called "password1"
-
Guessed? More like bruteforced.
-
Yeah, OK, sure. If that was the case, this account would be gone too.
-
I doubt that anybody would go the the trouble of guessing the password for an account possibly hundreds of times just to deal with a certain pasty forum-goer. In that case, it would probably be brute-forced or gotten by some other means. Just go ask the person who did it yourself.
-
I have at least four different passwords for different types of service and sites (not counting the important ones like Steam on which I use combinations of multiple passwords), so I don't really feel concerned. I hope nothing bad happens to those who use a single password.
-
Well, he took care of my account. No harm done, I am not angry. Keeping the avatar for now.
-
google's password advice is stupid.
taking the time to remember 1337speak jargoned passwords is a waste of valuable brain space: it still takes longer to bruteforce shutyourdickholeandgivemeaccess than it does to bruteforce n1ggl3$n0ggl3, because the assumption is that special characters will be used as long as they are available.
it's much easier to commit a phrase like the first one to memory than a word like the second, the only real issue is if the website has short character limits on passwords, in which case good luck.
-
google's password advice is stupid.
taking the time to remember 1337speak jargoned passwords is a waste of valuable brain space: it still takes longer to bruteforce shutyourdickholeandgivemeaccess than it does to bruteforce n1ggl3$n0ggl3, because the assumption is that special characters will be used as long as they are available.
it's much easier to commit a phrase like the first one to memory than a word like the second, the only real issue is if the website has short character limits on passwords, in which case good luck.
Correcthorsebatterystaple?
-
^^^ a/d trufax
http://howsecureismypassword.net/ (http://howsecureismypassword.net/)
-
It would take a desktop PC
About 1 trillion years
to hack your password
that's my server's root password
It would take a desktop PC
About 3 quadrillion years
to hack your password
that's my email password
It would take a desktop PC
About 70 sextillion years
to hack your password
aaaaannd that's my steam password
-
It would take a desktop PC
About 227 duodecillion years
to hack your password
ha good luck with that colton
-
Ok.
I hope nobody actually pasted their password in there.
Because if you hand your password out that freely, nobody will ever *need* to hack it with a desktop PC.
-
Ok.
I hope nobody actually pasted their password in there.
Because if you hand your password out that freely, nobody will ever *need* to hack it with a desktop PC.
http://howsecureismypassword.net/privacy/ (http://howsecureismypassword.net/privacy/)
-
Ok.
I hope nobody actually pasted their password in there.
Because if you hand your password out that freely, nobody will ever *need* to hack it with a desktop PC.
http://howsecureismypassword.net/privacy/ (http://howsecureismypassword.net/privacy/)
Bravo! You just beat MedO! :c1:
-
That's nice, but did you check it? Words are patient, especially on the internet. I don't think this site is malicious, but the chances that a site like that is are way way higher than that anyone will ever actually bruteforce your password, and I wouldn't bet my Steam account on that.
-
Ok.
I hope nobody actually pasted their password in there.
Because if you hand your password out that freely, nobody will ever *need* to hack it with a desktop PC.
http://howsecureismypassword.net/privacy/ (http://howsecureismypassword.net/privacy/)
I looked at the javascript too and it doesn't send anything anywhere as far as I can tell
-
I just turned off my internet and tried it as per the privacy page, and it worked fine for me.
-
As I said, I don't think it is malicious, but encouraging people to enter their passwords anywhere than at the service it belongs to is just a bad idea imo.
-
I actually entered a derivative of my actual password to check. substitute each letter for any other letter, and numbers/symbols with any other symbols.
-
that's what he generated at me :P
http://makemeapassword.net/ (http://makemeapassword.net/)
S@ndb@ggedRef0rming
-
Sand bagged Reforming
What the hell is this
-
Smash your face threeish times onto your keyboard
Best passwords
-
F;EJWIOAOYU.fj;ioe
thts what i got :3
-
F;EJWIOAOYU.fj;ioe
thts what i got :3
Bess Pass.
-
OH NOOOZ NOW I TOLD YOU GUYS D: generate another one
*bumping my head to my laptop*
-
OH NOOOZ NOW I TOLD YOU GUYS D: generate another one
*bumping my head to my laptop*
Tell us you result when you done
-
m3vfru
-
As I said, I don't think it is malicious, but encouraging people to enter their passwords anywhere than at the service it belongs to is just a bad idea imo.
That would be quite a good account compromising tool if anyone were to set up a malicious version of the tool
-
1 nonillion year...
-
These guyz have inhuman memories