12 replies to this topic

[Daemoroth]

A small but really urgent request - please allow for username/password to be pasted into the launcher when logging in.

I use a password safe, and all my passwords are very lengthy, random jumbles of characters and symbols, and since the launcher doesn't allow you to copy and paste, it makes logging in a major pain in the #$@. This means that when I'm on the fence on what to play, I tend to skip over MWO for other games that are more easily accessible.

[H3rtz]

Storing any passwords in anything other than your head is insecure.

The comic in the below link rounds this subject off nicely.

https://xkcd.com/936/

[Gibbon]

The entropy of a random jumble of ASCII characters is much higher than a 4 word diceware password (which the XKCD comic refers to).

Think of diceware as an alphabet of 7000-8000 words, either a set list if you've used a utility, or common vocabulary - your password is only four 'units' long.

You would need 10 diceware words to match a 20 character random ASCII password. Password vaults generate very secure passwords - the only risk is that you now have a single point of failure at your machine. (but most access attempts won't be from your machine, so who cares?)

https://en.wikipedia...andom_passwords

[Modo44]

Mix the common words' characters in some simple way only you know.

[Belorion]

H3rtz, on 06 January 2013 - 07:53 AM, said:

Storing any passwords in anything other than your head is insecure.

The comic in the below link rounds this subject off nicely.

https://xkcd.com/936/

The logic in the comic is flawed. Both of those are insecure, you shouldn't use real words ever. They are subject to dictionary attacks that greatly reduce time to crack using brute force methods. This includes the use of words where letters are replaced with numbers. L00k is just as bad as Look.

A better tactic would be to come up with a phrase, and use the first letters in the phrase with a mix of letters and non-numeric, non-alphabetic characters.

1 red bike I ride! Green bike 12 @ home

would be
1rbIr!Gb12@h

[Mechteric]

Your clipboard is not secure.

Edited by CapperDeluxe, 24 July 2013 - 05:38 AM.

[Bendak]

You'd be better off requesting implementation of two factor authentication via a smartphone app(or similar device).

[Spyder228]

Can we just get copy/paste in chat at least? I was going out of my mind trying paste a TS3 server address the other day.

[Belorion]

Baby steps... backspace repeat first then past.

[Roland]

Quote

The logic in the comic is flawed. Both of those are insecure, you shouldn't use real words ever. They are subject to dictionary attacks that greatly reduce time to crack using brute force methods.

Not when you use multiple real words, because it's no longer just a matter of checking against words in a dictionary. It becomes a matter of checking against every combination of all the words in the dictionary.

It's not a diceware password, because you're not limited to a set of words in a list that can be picked via a dice roll. You're using a combination of any words in your language.

Given that English has approximately 900,000 words in it, a combination of 4 randomly selected words in english is going to result in a password that has 900,000^4 combinations. You are not going to crack that via brute force. Even if you restricted it to a more common subset of the english language, say the average person's vocabulary size of 20,000 words... you're still talking about a total set of passwords which would require over 5 million years to exhaustively search, at a rate of 1000 tries per second.

The reason it's more complex is because the alphabet being used, where each "letter" is a word, is orders of magnitude larger than the ASCII alphabet which is only 256 symbols.

[3rdworld]

There is nothing of monetary value in my account. You can't transfer it or trade it.

Other than to troll me, what would you possibly get out of hacking my account?

[Roland]

3rdworld, on 24 July 2013 - 08:28 AM, said:

There is nothing of monetary value in my account. You can't transfer it or trade it.

Other than to troll me, what would you possibly get out of hacking my account?

Sell all your mechs, and buy nothing but machine gun spiders and millions of tons of machine gun ammo.

[Volthorne]

Roland, on 24 July 2013 - 08:41 AM, said:

Sell all your mechs, and buy nothing but machine gun spiders and millions of tons of machine gun ammo.

I'd be more worried about someone selling all my XL engines.