![[toj.cc]phantom](/forums/data/avatars/m/1/1132.jpg?1442680067){kind=avatar}
Guild Wars 2 hack impacts 11,000 accounts
- Thread starter [toj.cc]phantom
- Start date
Klaatu
Member
yikes!!!!
reets
New Member
I'm glad I use a unique email for logging into guild wars 
Abba San
Legacy of Elijah [LoE] - Proud Grandfather
That is the first change I made - a unique password.
RyanB
Legacy of Elijah Guild Leader
Why no sympathy? Sure it's a little naive, but a lot of people just don't know any better.
Sure it's a little naive, but a lot of people just don't know any better.In case anyone needs a tip on how to create a secure password:
You can generate a seemingly random string of numbers and symbols by using a line from the Bible or favorite piece of literature. This lets you create a very secure password, but doesn't require you to memorize random characters. Take the first line from a chapter or favorite verse. Use the first letters of each word. Substitute some letters with numbers, for example 3 for E, or 1 for I. Capitalize some of the characters, based on the text.
For example, the first line of Psalm 100, "Make a joyful noise unto the Lord, all ye lands" becomes "m4jnutL4yl" which is a strong password, and you can always look up Psalm 100 if you are having trouble remembering it.
You can also make a physical list of your passwords, and if they all come from the same book of the bible, for example, they could just say GW2 - 100, bank account 40, insurance 91, and if someone found the list they'd be hard pressed to decipher it.
Hope that helps someone.
You can generate a seemingly random string of numbers and symbols by using a line from the Bible or favorite piece of literature. This lets you create a very secure password, but doesn't require you to memorize random characters. Take the first line from a chapter or favorite verse. Use the first letters of each word. Substitute some letters with numbers, for example 3 for E, or 1 for I. Capitalize some of the characters, based on the text.
For example, the first line of Psalm 100, "Make a joyful noise unto the Lord, all ye lands" becomes "m4jnutL4yl" which is a strong password, and you can always look up Psalm 100 if you are having trouble remembering it.
You can also make a physical list of your passwords, and if they all come from the same book of the bible, for example, they could just say GW2 - 100, bank account 40, insurance 91, and if someone found the list they'd be hard pressed to decipher it.
Hope that helps someone.
RyanB
Legacy of Elijah Guild Leader
Some great tips here.
FYI, though, substituting letters or special characters for letters is NOT secure. Any modern password cracking software will try s, S, or $. Your advice on creating a pneumonic is very true - randomized type letters are always the best sort of letters. One issue that people should be aware of, though, is length. 10 characters (like in your example) is pretty good, 8 not so much.
Just remember - "How secure is my passsword?"
http://http://howsecureismypassword.net/
Quick point on length - your example pass would take 6 years to crack on a desktop PC...but only 15 hours if you remove 2 characters, and 14 minutes (!) if you remove 3.
FYI, though, substituting letters or special characters for letters is NOT secure. Any modern password cracking software will try s, S, or $. Your advice on creating a pneumonic is very true - randomized type letters are always the best sort of letters. One issue that people should be aware of, though, is length. 10 characters (like in your example) is pretty good, 8 not so much.
Just remember - "How secure is my passsword?"
http://http://howsecureismypassword.net/
Quick point on length - your example pass would take 6 years to crack on a desktop PC...but only 15 hours if you remove 2 characters, and 14 minutes (!) if you remove 3.
ursen
Officer SOE/LoE/Where's "here"?
Wonderful tips, also avoid SSNs, birth dates, and similar personal data, although shoe size might work repeated in 4 different mathematical codes. I tested one of my new passwords in how secure and got a return of 15 billion years. I can just see a skeleton sitting in front of a monitor with cobwebs on it, when the computer goes "ding", "Password solved".
Interesting. I was aware that special characters/numbers weren't helpful if you were using identifiable words... "Pa$$word" or "Pa55word" isn't going to help, but I've always understood that increasing the number of possibilities was helpful. 52 letters (with cases) is better than just 26 lower case, and special characters expands the number of possibilities even farther. Perhaps that is old information.
At any rate, it can't hurt, as long as your not using special characters to try to get away with an identifiable word, right?
EDIT: For what it's worth, the site you linked, howsecureismypassword.net, does advocate using special characters to increase security. There's a notice at the bottom if you enter in my example from my previous post. If you replace those "4"s with "a"s and drop the L to lower case, the site rates the password at "9 hours" instead of "6 years".
Last edited:
RyanB
Legacy of Elijah Guild Leader
Is the password: "Be sure to drink your Ovaltine"?
ursen
Officer SOE/LoE/Where's "here"?
Lol I ran that, 273 undecillion years.
RyanB
Legacy of Elijah Guild Leader
Thanks for the response...sorry if I was a bit unclear at first. It definitely helps some; I was merely cautioning folks about relying on things like that entirely. You're right that the most vulnerable part is using them in examples, like you mentioned.
Password crackers roll an order of operations, that pretty much goes like:
* Top passwords, like 12345. That one is on briefcases everywhere
* Dictionary words
* Dictionary words with a number after them (hunter2). Throwing a number after is extremely common due to password requirements. And so is capitalizing the first letter when you're doing it.
* Dictionary words with subsitutions (capital letters, special characters, etc)
* random stuff
There are more layers/sub-break downs than that, but that's a general gist...in all honesty, it's rare that password checkers will ever get to the random stuff, because if htey are looking at a bunch of accounts on a list they're trying to be more efficient.
Why no sympathy?
I am sometimes irked by users who are clearly computer savvy or otherwise claim to be but insist that their security practices are adequate. Many are unwilling to admit that their systems, practices, and applications are insecure, and are unwilling to implement a better method to harden them. We're also sometimes unwilling to recognize that poor habits and practices affect not only our security, but those of our neighbors, coworkers, and family. Ignorance is sometimes tolerable, but not always excusable.
Lloren
Christian Gamers Alliance Forums Administrator
That's why my home WiFi SSID is "FBI Surveillance Van".
No one tries to get on that wifi.
No one tries to get on that wifi.
Made me laugh. Thanks!
Koeril
New Member
Curious, what about using different languages? For example, we have Ukrainian letter sets on all our computers because we frequently type in Ukrainian (or at least I do). What about changing the language? My wife did that for one of her passwords and I thought that was a good idea in addition to everything else.
Example: 4GsltwtHgH1oS (taken from John 3:16) changes to 4ПідецеРпР1щІ
Example: 4GsltwtHgH1oS (taken from John 3:16) changes to 4ПідецеРпР1щІ
Koeril,
That is a fantastic question. The simple answer is, unfortunately, it won't help much. It will help in many circumstances, but there a number of ways to achieve better account security, and a complex password is only a part of the puzzle. Unfortunately, too, is that it's only a small part.
That is a fantastic question. The simple answer is, unfortunately, it won't help much. It will help in many circumstances, but there a number of ways to achieve better account security, and a complex password is only a part of the puzzle. Unfortunately, too, is that it's only a small part.
Uniqueness of passwords is much more important than complexity of the passwords. It doesn't matter how good a password is if you use it on a poorly secured website that winds up leaking their database to hackers. Chances are a website that gets compromised will also have terrible hashing practices, so your password will be discovered in no time. I strongly urge everyone to use KeePass or it's web-based equivalent LastPass for everything, if you can afford the usual usability trade-off for security.
RyanB
Legacy of Elijah Guild Leader
KeePass is fantastic.
One way to a semi-lazy (but pretty efficient) way of creating "unique" passwords is to take a password and prepend it with something related to the site. Say my password is "hunter2"...I could make the pass for this site "CGA-hunter2"...password for GW could be "GuildWars-hunter2". The reason this works, aside from adding some length, is that when someone gets a cracked database...they aren't going through it manually. They are just trying the same password combination.
The only obvious problem here is that if a human were to actually look at your password, it might be easy to guess...so only use if you're lazy. Something like KeePass or a sticky note is much better.
One way to a semi-lazy (but pretty efficient) way of creating "unique" passwords is to take a password and prepend it with something related to the site. Say my password is "hunter2"...I could make the pass for this site "CGA-hunter2"...password for GW could be "GuildWars-hunter2". The reason this works, aside from adding some length, is that when someone gets a cracked database...they aren't going through it manually. They are just trying the same password combination.
The only obvious problem here is that if a human were to actually look at your password, it might be easy to guess...so only use if you're lazy. Something like KeePass or a sticky note is much better.