Page 2 of 7 FirstFirst 1234 ... LastLast
Results 21 to 40 of 129
  1. Default

    You can change your password up to twice a day (Resets at 12am PST).

    But this is a great method =]

    Still screwed if they find out the email attached and hack your account via redeeming pass.

  2. Default

    @above: That isn't likely to happen, since these are not targeted attacks. It's just a quick hit and run. If they can't get into your account, they'll move on to the next one immediately.
    Last edited by Takebacker; 2010-01-19 at 12:26 AM.

  3. Orbital Bee Cannon
    IGN: GatlingPunch
    Server: Bellocan
    Level: 200
    Job: Gear 2nd Pirate
    Guild: Virtues
    Alliance: NARs


    Wait. Resetting your password, to verify your e-mail? If there's a way to ScrewedVille, this has got to be it.

  4. Default

    Thanks bunches, dear.

    Locked both the hubby's accounts, since he doesn't have access to MS at the moment anyway. Now I can rest easy and not worry about DCing overnight.

  5. Default

    Does anyone know if the passwords were encrypted in Nexon's database? I was under the impression that md5 was near imposable to crack but a simple google search seems to prove that wrong (I didn't test it tho). So i suppose it could have been encrypted and the hackers just ran a crack algorithm on all the passwords and it wouldn't matter.

    I guess this isn't really the place for this kind of question... but does the MD5 algorithm creating non-unique strings make it more or less vulnerable?

    Anyways, great find. You are surely a critical thinker.

  6. Default

    You can request a PIN reset via email. If I remember correctly, it doesn't go into effect unless you receive the email and click the link.

    Or what Steve suggested.

  7. Default

    Then why would they bother to strip accounts and sell everything for mesos in shops rather than npc the stuff? The simply can't target people and are going on accounts at random, but there's so many accounts to go through (and so many are worthless), that it just takes a while.

  8. Default

    Because it's easier to enjoy revenge when there are tangible benefits.

  9. Default

    Hm, would they even bother with an account with only a couple mil of items on it and no characters above 40? I'm wondering if I should bother taking any safety measures or not.

    Even if I do lose what I still have left on MS, it wouldn't matter much, but it'd still be pretty jarring.

  10. Default

    Awesome! Now I can protect my account!

    That is, if my email wasn't dead and Nexon wasn't ignoring my ticket to change it. How long on average does Nexon take to answer tickets again...?

  11. Default

    Why go though the trouble of typing up a hard password with a variety of hard symbols when one symbol will render the entire password useless. Locking your account should only take like 30 seconds at most. I would set up a general unuseable password for all my accounts on a wordpad to save time. Thanks a million though! I will be using this as my permanant account guard. ^__^

    Any single special character will make the password 100% safe. The main problem is if the hacker cracks your email, I think.
    Last edited by Goals; 2010-01-19 at 01:44 AM.

  12. Default

    BECAUSE IT'S PRETTYFUL! Come on, why would you want ☆LetMeSing★ as a password?!

    Those work? I haven't tested them.

  13. Water

    IGN: MysticHLE
    Server: Broa
    Level: 18x
    Job: Paladin
    Guild: VincitOmnia
    Alliance: Sonata


    I think he means only 1 single special character is needed along with the minimum requirement length.

    There is one thing I'm skeptical though about this method...and that's how the server translates/encodes and stores these special characters. It's quite possible that these special characters that we're entering ends up getting turned into arbitrary regular characters upon storage. I'm not sure what kind of input templates Nexon server accepts/stores with...but take URL character codes for example...a %20 actually denotes a regular space character. So it may very well be possible that we enter our password as "©password" but it ends up being stored as "$2Dpassword" or some other sort, which would of course, prevent us from accessing our account from both the game and website since we wouldn't know that © gets turned into $2D upon encoding and storage. And of course at the same time, it might be entirely hashable still.

    Just putting this out here for the possibility of this occuring. It may not be as fail-proof as we think - but let's hope it is.
    Last edited by MysticHLE; 2010-01-19 at 02:27 AM.

  14. Default

    (Disclaimer: I don't really know what I'm talking about.)

    Well, that's an issue with character encoding. I doubt that Nexon's site transforms ©password into anything else, since © is in the default "Western" character codepage (ISO-8859-1). For one thing, posting to Southperry doesn't do anything with it either; it shows up as a literal © in the source code.

    However, if passwords don't handle Unicode (which is probably true), then Japanese characters or anything else not on the codepage will be turned into a sequence of other symbols, probably something like ∆’ľ. Chances are, though, that this still produces an unusable password.

    And in any case, entering in the same password with the same special characters and the same codepage in use should convert to the same other symbols and be accepted as a password, so if it doesn't, then you're probably safe.

  15. Water

    IGN: MysticHLE
    Server: Broa
    Level: 18x
    Job: Paladin
    Guild: VincitOmnia
    Alliance: Sonata


    The thing is, if it doesn't encode it into anything else and is stored as it is, it doesn't quite fully explain how the web forms for logging into your account on the site would not work while the resetting password form does. I would think it would be standard practice to use a same input form for a password field? Nonetheless, here's still hoping that this method works. lol

  16. Default

    1) Go to
    2) In upper left right under where it says "free signup" click the option "already a member click here" When you do this the "free signup" button is replaced with login fields. Under the login fields there are 3 options
    • Find ID: Requires you to fill out an Email and a birthdate. If the email exist in their records and the birthday is correct then a email is sent to that address with the login ID.
    • Find P/W: Requires you to fill out ID and Birthday.
    • Find Pin: Requires you to log in, once logged in you click the "info button". And on the info page there is a button to send a pin reset email. Nothing happens to your pin until you open the email and click the link and then your pin is cleared and next time you log in you will be prompted to set it.

    So easiest way to use this technique to protect your account is to first, do a Find ID. Then check your email. If you received an email and the ID is the account you intended then you will have the information (email, id, and birthdate) required to reset your password.

    (Disclaimer, I'm not a cryptography expert, this is just hypothesis)

    I was also kinda curious about the storage of the passwords. Like what MysticHLE pointed out.
    Has anyone tried the same passwords just with the special characters stripped out. Example: ©opy©at = opyat. Stripping those characters might be a byproduct of security against sql injections.

    Also I thought that the hashes used will may create collision prone keys (IE possibility that multiple passwords that once encrypted, are the same).
    If this is true upon decryption an alternate (yet functional) password may be returned to the hacker and render this method useless.
    Last edited by SpikeAi; 2010-01-19 at 04:44 AM.

  17. Default

    Guess I'll be taking a break from MS for some time. I'll change my password into something unusable and find some game to fill my time inbetween...

  18. Default

    Probably depends on their mood at the time. If they've just had a couple of juicy hits, they might not bother. But then again, they bothered to npc (probably) clean 3x equipment, and shift 50+ slots of ores and refined stuff.

  19. Default

    Interesting solution. I was going to say your plan could be backfired, but I forgot that the hacker does not know your dob, which technically means you're safe, because without knowing that, they cannot alter the current password on the site even if they have your current info. Nice going, Spidey ...for a man.



Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts