Page 1 of 7 123 ... LastLast
Results 1 to 20 of 129
  1. Default Fort Knox level account protection here


    Hello, friends.
    After running into a little bump on the road, I've thought up of a way to "lock" your account. That is, this method makes it so that nobody can go onto your account, provided they don't have access your username, birthday, and email account. If someone knows all of that information about you, then you're pretty much screwed hard.

    In any case, I'm making this thread simply because of all the people dumping loads of NX into locking their items and such due recent events. Weeks ago I passed it off as just another hack scare because most of the time hack "attacks" are just fads in which those who lost their accounts due to their own gap in judgment place their blame on someone else.

    However, I will admit that there does seem to be quite a bit more people this time around claiming the same thing, as well as this "Vent" dude spilling a list of stolen account info. I will admit that there's a pretty alarming possibility of some exploit existing.

    Because of this, I tried thinking of a way one could "lock" their account. Before, what one would do to lock their account would be to request a password reset and keep their temporary password until they need to log back in. This would make a randomly generated passphrase every time the user was done with their account. However, many believe that the recent account stealing have to do with a database exploit. If this is the case, while a temporary password may give you a little more protection, it becomes worthless if you crap out on luck and get a password that the group behind this can crack.

    So what do you do?
    Create a password that cannot be used, even if it was cracked. Initially, my theory was to use a password with special text characters in it. This would make it EXTREMELY difficult to crack, if this group has the MD5 hashes. However, you cannot copy+paste into the Maplestory client, so that part of my plan was ruined. But then I realized that this password didn't work even on Nexon's site.

    That's right, using a password with special characters makes it impossible for your account to be logged into. If you try to log into said account in question, you'll simply be redirected to the portal page of Nexon.net, without being logged in or receiving any error messages.

    So then, even if the group did manage to crack this password (believe me, including special characters really increases the difficulty level on this) they wouldn't even be able to use it. It'd be completely useless to them.

    This is your key. Use it to lock your account whenever you need, and only open your account with a password reset request. When you sign off from Maple, change your password back to your unusable one.


    Let me give you some examples.
    When I say special characters, I don't mean !@#$%(etc.), what I mean are characters such as ♥ and ∞.

    So if you make a password like "FlyMe2DaM☪on", or "☆LetMeSing★", or "兄貴物語かっこいい", they'd all be impossible to use in Maple or on Nexon.net.

    As a warning: Do not do this if you no longer have access to the email account you signed up with, or don't remember your birthday. If you don't have access to your email, you won't be able to get the password reset, and will be stuck with an unusable password. If you do not know your birthday, you will be unable to even request a password reset, and will be stuck with an unusable password.

    I just felt like providing some extra reassurance to those who are still paranoid. Don't drop $50 protecting all of your in game valuables. This takes maybe 30 seconds at most after each logout, and about 30 seconds before each login. It's simple to do, and acts as a safe to your account. Unless they have access to your email account and birthday, they shouldn't be able to log into your account at all.

    Sincerely,
    Your dear friend. Your local image provider.


    Edit - Apparently, you get 1 password reset a day. In other words, only change your password to the unusable version if you're sure that you aren't going to sign on again for the day. You won't be able to reset it again if you've already done so beforehand.

    As of right now, you can't unlock it more than once a day. Once it's locked, you get one key every 24(?) hours. Makes the method less flexible than I thought, but it's still pretty secure. I'm still testing this a little.

    By the way, you can get special text characters from charmap.
    Last edited by Spideyjvc; 2010-01-18 at 11:54 PM.

  2. Default


    You can only manually change your password once a day, btw.

    Or you can do what I've been contemplating and edit your packet and intentionally get yourself temp banned, though that won't protect you on the website like this does.

  3. GLADIGATORS
    IGN: Overburnd
    Server: Khaini
    Level: 210
    Job: Cannoneer
    Guild: Contagious
    usa

    Default


    Interesting. You can't type special characters into the client when you're logging in?

  4. Default


    Hmm, does a password reset count with that too? As in, could you change your password+request a reset, or does that count as 2 resets?
    I'll try it on my clean account I made for testing this.

    Well, I'm not too sure about doing the Alt+(insert numberpad code here) method, but I was using Japanese to create a password. You can't use Japanese in GMS, and you can't copy+paste into the client either. I've tried ctrl+v and shift+insert. Neither of those methods worked. If someone can find a way to use special characters in the MS login screen, please post here. Just having special characters in your password is good enough on its own. Mixing characters to create a password of different shapes and languages mixed together would make an incredibly strong password that would most certainly give you a hard time to crack even with the MD5 hashes.


    Edit - I was able to request a password change AND change my password in the same day with my test account. I would imagine most people only log in once a day, take care of their business, and then log off.

    Is it possible to stay logged on in game even if your password is changed? In that case, you don't even have to wait until you're done playing to change your password back to the unusable one. Just alt+tab after you log in and swap your password. Unless you're prone to DCing. If you are, then you don't really have to worry about your account being left unlogged in for a minute or two. Unless you were DC'd specifically by someone who knows your info and is trying to take your account, or they stalked you waiting for you to log off.

    If you're that paranoid, just lock your account with this until the whole situation has died down. If you're willing to get a temp ban, might as well do this instead.
    Last edited by Spideyjvc; 2010-01-18 at 10:58 PM.

  5. Default


    Can you name any websites that have a lot of usable special characters like these available? This seems like a good idea, an alternative to leaving my laptop on for days and nights until this blows over.

  6. Default


    You can probably continuously reset your password through "forgot password" but you can only change it via the request page once a day which means that if you intend to use this and still play, you'll be screwed after one shot.

    The other problem is that Nexon is completely eratic and we don't know how they will respond to constant password changes (it's possible that, assuming they are accepting that this is their fault, they will begin taking precautionary measures) as the hackers changing people's passwords and set in a temporary password lock. God knows what else they're capable of doing. They're so unpredictable that pretty much everything at this point is risky.

  7. Default


    Like this?

    Spidey, as great of an idea as this is, I am very disappointed to see that you, of all people, made a 'guide'-like thread with no images. :[

    I thought changing a password while logged in DC'd the client. Just something I heard a while back, never played around with it.

  8. Default


    I collect images, but don't make any (like a leech)

    Hmm, I dunno. I've never got an account taken from me, but if it was that easy to kick someone off your account then I'm sure it'd be the first thing anyone does if they notice something going on. Some people log onto a mule to see their own character logged in, and can do nothing about it other than spouting profanity.

    Run charmap and pick out any character you want.

    There's also an online version.
    Last edited by Spideyjvc; 2010-01-18 at 11:34 PM.

  9. Water
    IGN: Fumni/AcerSavita
    Server: Mardia
    Level: 16X
    Job: Ketchup
    Guild: Resonance
    Alliance: Everybody Leeches
    New_Jersey

    Default


    I get the feeling that Nexon isn't going to acknowledge the huge severity of this problem until it's too late. It'd be cool if you guys come up with a way to do this, because keeping my computer on 24/7 is getting ridiculous.

  10. Default


    Well as of right now, if you're not using your account daily and simply afking in the cash shop, you can still lock your account with my method. You just can't unlock it more than once a day. Once it's locked, you get one key every 24(?) hours.

  11. Default


    the staying logged in 24/7 is the best way so long as no one with a d/c hack is hunting/stalking you....

    what i find really strange is that these hackers are arbitrarily hacking accounts rather than selectivly targeting people, they took a low lvled, low funded (aside from the 11atk wg from one of my mains), all in all they got maybe 210M from my account. Seems like if they had the power to target people they would choose the merchanters first, people that have 3-5 chars with max mesos would be more of a target than some random person.

  12. Default


    Thanks Spideyjvc, I'm very glad you came up with a method to secure our valuables (I'm scared I'll be targeted next).

    2 questions: You need to know your email account, last name, birthday & ID to request for password reset right? You can change your password to a temp. one twice a day right?

  13. Default


    It's clear that their goal isn't to get anything, it's just revenge because they were treated badly. And they're taking it out on everyone.

  14. Default


    Yes, you will need your last name and birthday to change your password. For a password reset, you need your birthday and access to your email account so you can get your email. So far, from what I've tested, you can only request a password reset once a day. You can change your password an umlimited amount of times daily, from what I see. You just can't reset your password more than once.

    You get kicked off your account on Nexon.net as soon as your password is changed, so you're forced to relog with your new password. If you changed it to the unusable one and already used your reset for the day, you are locked out of your account for 24(?) hours. Still haven't tested if the timer is limited to 24 hours or 12 AM PST.

  15. Orbital Bee Cannon
    IGN: GatlingPunch
    Server: Bellocan
    Level: 200
    Job: Gear 2nd Pirate
    Guild: Virtues
    Alliance: NARs

    Default


    Thanks for this tip Spidey. My password is ♥(Insert phrase), which doesn't work on the Nexon site nor on Maple (copy-pasting does nothing). It's the closest thing to locking my house (account) instead of having it voice commanded (password).

  16. Default


    I did this before (on accident) by putting in a ç at the end of my password. I locked myself out for the rest of the day. It ruled.
    Last edited by sicnarf; 2010-01-19 at 12:02 AM.

  17. Default


    One more question: I have three main accounts, to verify if the information I signed up with is correct should I test it by trying a temp. password request for each account? I'm also worried that I forgot the B-day and last name I signed up for each account.

  18. GLADIGATORS
    IGN: Overburnd
    Server: Khaini
    Level: 210
    Job: Cannoneer
    Guild: Contagious
    usa

    Default


    You can change your password while you're logged on and you won't be kicked off by the way. I did it yesterday.

  19. Default


    The last thing you want to do is verify if you know the email by resetting your password. You'll never get that password email, and thus lose your temp password.

    To make sure you have the birthday correct, you need the birthday to change your password anyway. Go to your account page and verify there. I'm not sure how you can check your email for your own account, to tell you the truth.

  20. Default


    You can test the birth day by trying to delete a dummy character as well, assuming you have the space.

  21.  

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •