The Gang Garrison 2 Forum

Gang Garrison Discussion => Announcements => Topic started by: MedO on December 18, 2011, 05:17:06 pm

Title: Account security
Post by: MedO on December 18, 2011, 05:17:06 pm

We had a case of account hijacking today. No harm was done (the victims only had their profiles edited), but I think it deserves to be talked about to raise some basic security awareness, because this was not a security problem of the forum software.

So, due to the current events, here is an important rule: Don't use the same password for different services. This rule is so important that it's the first one on Google's password security tips (http://www.google.com/security/passwords/), even above using a long or complex password. If you use the same password for everything, it only takes one insecure or malicious service to compromise all your accounts.

In particular, if you are using the same password that you used for Colton's FLS account system anywhere else, best change it. He says he deleted the passwords now, but as the slogan of Uplink goes, "trust is a weakness."

Title: Re: Account security
Post by: Teekytots [PC][OG] on December 18, 2011, 05:27:53 pm

wow what a day

Title: Re: Account security
Post by: trog on December 18, 2011, 08:12:42 pm

Wait what happened?

Title: Re: Account security
Post by: Saniblues on December 18, 2011, 08:40:14 pm

He used the fls account system to get into peoples' accounts via entering passwords and seeing if they'd actually work. He didn't mean to scare anyone, though. He was just messing around. Didn't mean to scare y'all or anything.

Moral of the story is that you should alternate online passwords.

Title: Re: Account security
Post by: trog on December 18, 2011, 09:21:26 pm

err what is fls

Title: Re: Account security
Post by: Nukleus on December 18, 2011, 09:28:51 pm

Colton's game

Title: Re: Account security
Post by: trog on December 18, 2011, 09:31:07 pm

oh

Title: Re: Account security
Post by: pandaturds on December 18, 2011, 11:37:49 pm

 :z9:

Title: Re: Account security
Post by: billymaze on December 18, 2011, 11:57:12 pm

Reminds me of my account named "USB" where someone guessed my password and deleted it.

The other moral of this story is don't have a password called "password1"

Title: Re: Account security
Post by: Jowly on December 19, 2011, 01:12:16 am

Guessed? More like bruteforced.

Title: Re: Account security
Post by: billymaze on December 19, 2011, 01:15:39 am

Yeah, OK, sure. If that was the case, this account would be gone too.

Title: Re: Account security
Post by: Jowly on December 19, 2011, 01:27:24 am

I doubt that anybody would go the the trouble of guessing the password for an account possibly hundreds of times just to deal with a certain pasty forum-goer. In that case, it would probably be brute-forced or gotten by some other means. Just go ask the person who did it yourself.

Title: Re: Account security
Post by: Lemonade on December 19, 2011, 08:21:32 am

I have at least four different passwords for different types of service and sites (not counting the important ones like Steam on which I use combinations of multiple passwords), so I don't really feel concerned. I hope nothing bad happens to those who use a single password.

Title: Re: Account security
Post by: Z3r05t4r on December 19, 2011, 08:42:07 am

Well, he took care of my account. No harm done, I am not angry. Keeping the avatar for now.

Title: Re: Account security
Post by: a/d on December 19, 2011, 08:48:43 am

google's password advice is stupid.

taking the time to remember 1337speak jargoned passwords is a waste of valuable brain space: it still takes longer to bruteforce shutyourdickholeandgivemeaccess than it does to bruteforce n1ggl3$n0ggl3, because the assumption is that special characters will be used as long as they are available.

it's much easier to commit a phrase like the first one to memory than a word like the second, the only real issue is if the website has short character limits on passwords, in which case good luck.

Title: Re: Account security
Post by: [Royal Gay Penguin Nachos Ibarra Gordita Agave] LC on December 19, 2011, 10:24:28 am

Quote from: a/d on December 19, 2011, 08:48:43 am

google's password advice is stupid.

taking the time to remember 1337speak jargoned passwords is a waste of valuable brain space: it still takes longer to bruteforce shutyourdickholeandgivemeaccess than it does to bruteforce n1ggl3$n0ggl3, because the assumption is that special characters will be used as long as they are available.

it's much easier to commit a phrase like the first one to memory than a word like the second, the only real issue is if the website has short character limits on passwords, in which case good luck.

Correcthorsebatterystaple?

Title: Re: Account security
Post by: RebelINS on December 19, 2011, 02:31:42 pm

^^^ a/d trufax
http://howsecureismypassword.net/ (http://howsecureismypassword.net/)

Title: Re: Account security
Post by: Phantom Brave on December 19, 2011, 02:35:59 pm

It would take a desktop PC
About 1 trillion years
to hack your password
that's my server's root password

It would take a desktop PC
About 3 quadrillion years
to hack your password
that's my email password

It would take a desktop PC
About 70 sextillion years
to hack your password
aaaaannd that's my steam password

Title: Re: Account security
Post by: Rodoval on December 19, 2011, 03:44:31 pm

It would take a desktop PC
About 227 duodecillion years
to hack your password

ha good luck with that colton

Title: Re: Account security
Post by: MedO on December 19, 2011, 05:04:26 pm

Ok.

I hope nobody actually pasted their password in there.

Because if you hand your password out that freely, nobody will ever *need* to hack it with a desktop PC.

Title: Re: Account security
Post by: Intel Guard on December 19, 2011, 05:07:21 pm

Quote from: MedO on December 19, 2011, 05:04:26 pm

Ok.

I hope nobody actually pasted their password in there.

Because if you hand your password out that freely, nobody will ever *need* to hack it with a desktop PC.

http://howsecureismypassword.net/privacy/ (http://howsecureismypassword.net/privacy/)

Title: Re: Account security
Post by: CrazNoDale on December 19, 2011, 05:08:41 pm

Quote from: Intel Guard on December 19, 2011, 05:07:21 pm

Quote from: MedO on December 19, 2011, 05:04:26 pm

Ok.

I hope nobody actually pasted their password in there.

Because if you hand your password out that freely, nobody will ever *need* to hack it with a desktop PC.

http://howsecureismypassword.net/privacy/ (http://howsecureismypassword.net/privacy/)

Bravo! You just beat MedO! :c1:

Title: Re: Account security
Post by: MedO on December 19, 2011, 05:11:08 pm

That's nice, but did you check it? Words are patient, especially on the internet. I don't think this site is malicious, but the chances that a site like that is are way way higher than that anyone will ever actually bruteforce your password, and I wouldn't bet my Steam account on that.

Title: Re: Account security
Post by: Phantom Brave on December 19, 2011, 05:12:54 pm

Quote from: Intel Guard on December 19, 2011, 05:07:21 pm

Quote from: MedO on December 19, 2011, 05:04:26 pm

Ok.

I hope nobody actually pasted their password in there.

Because if you hand your password out that freely, nobody will ever *need* to hack it with a desktop PC.

http://howsecureismypassword.net/privacy/ (http://howsecureismypassword.net/privacy/)

I looked at the javascript too and it doesn't send anything anywhere as far as I can tell

Title: Re: Account security
Post by: Intel Guard on December 19, 2011, 05:15:41 pm

I just turned off my internet and tried it as per the privacy page, and it worked fine for me.

Title: Re: Account security
Post by: MedO on December 19, 2011, 05:19:24 pm

As I said, I don't think it is malicious, but encouraging people to enter their passwords anywhere than at the service it belongs to is just a bad idea imo.

Title: Re: Account security
Post by: RebelINS on December 19, 2011, 05:20:33 pm

I actually entered a derivative of my actual password to check. substitute each letter for any other letter, and numbers/symbols with any other symbols.

Title: Re: Account security
Post by: Vyers on January 01, 2012, 03:37:58 pm

that's what he generated at me :P
http://makemeapassword.net/ (http://makemeapassword.net/)
S@ndb@ggedRef0rming

Title: Re: Account security
Post by: Madness9001 on January 01, 2012, 03:43:13 pm

Quote from: xHydra on January 01, 2012, 03:37:58 pm

Sand bagged Reforming

What the hell is this

Title: Re: Account security
Post by: Meower on January 01, 2012, 03:45:17 pm

Smash your face threeish times onto your keyboard
Best passwords

Title: Re: Account security
Post by: Vyers on January 01, 2012, 03:47:01 pm

F;EJWIOAOYU.fj;ioe

thts what i got :3

Title: Re: Account security
Post by: Madness9001 on January 01, 2012, 03:49:43 pm

Quote from: xHydra on January 01, 2012, 03:47:01 pm

F;EJWIOAOYU.fj;ioe

thts what i got :3

Bess Pass.

Title: Re: Account security
Post by: Vyers on January 01, 2012, 03:55:30 pm

OH NOOOZ NOW I TOLD YOU GUYS D: generate another one


*bumping my head to my laptop*

Title: Re: Account security
Post by: Madness9001 on January 01, 2012, 04:00:43 pm

Quote from: xHydra on January 01, 2012, 03:55:30 pm

OH NOOOZ NOW I TOLD YOU GUYS D: generate another one


*bumping my head to my laptop*

Tell us you result when you done

Title: Re: Account security
Post by: Vyers on January 01, 2012, 04:31:29 pm

m3vfru

Title: Re: Account security
Post by: NAGN on January 01, 2012, 07:58:34 pm

Quote from: MedO on December 19, 2011, 05:19:24 pm

As I said, I don't think it is malicious, but encouraging people to enter their passwords anywhere than at the service it belongs to is just a bad idea imo.

That would be quite a good account compromising tool if anyone were to set up a malicious version of the tool

Title: Re: Account security
Post by: /THA/high5ghost)RA( on January 01, 2012, 08:25:14 pm

1 nonillion year...

Title: Re: Account security
Post by: MTK5012 on January 05, 2012, 02:02:56 am

These guyz have inhuman memories