[0.82] Personal Identification Codes
[Jr. Event Coordinator]
It's almost as if Nexon is purposefully drawing away players with such poor security measures.
They're taking 5 steps back everytime, and the more updates there are ignoring the hackings, the more I really just don't want to play anymore.
[Edit] Lol wow I'm tired. Lazy post ftl?
[Jr. Event Coordinator]
You guys are going crazy over your precious b-day, their is a b-day cracker a friend forgot her b-day and seeing that nexon couldn't help she looked around and found one. Your b-day is not that secure as many crying over it. Everyone claiming the unknown "what if the hacker gets on my account" if they get on your accounts its your own dam fault, stop crying over losing a few numbers and gaining a system were you can extend on securing your account.
Also for the players that choose to not get a pic the blame is on them. The same way you cant force someone to do something they don't want too.
I've told a ton of people my b'day.. o_O but I never really cared. I'm disliking the load from there website crap. PIC's well I liked the PIN because it was on a soft keyboard, guess I'll just have to find my own Virtual Keyboard to input my PIC.. and I really don't feel like creating a new PIC for my main acc's ugh and the rest of my acc's well yay... time to think up a PIC...
lol, no... 365 * 100 = 36,500Originally Posted by Hazzy
(In reality, the # of combinations is much lower because I chose 100 years to give a reasonable upper limit.)
Someone mentioned a b-day cracker a few posts above. Also, a lot of people have revealed their birthday through social networking websites. And many states publish birth records online when people become age 13+; they're searchable by first/last name, county of birth, etc. So birthdays were never really secure.
Meanwhile, for PICs:
62^6 = 56,800,235,584
62^16 = 47,672,401,706,823,533,450,263,330,816
I'm going to be really disappointed if we are all forced to log into the website to start the game though. (They haven't mentioned a workaround/ability to keep logging in the way we always have.) And websites have security vulns. all the time.
Nice, now anyone can look you up in google or facebook/forums, what ever, and find out stuff about your info. You may not think about it, but when you say yay it's my birthday online, people with bad intentions can know part of your info. Is it that hard to use fake info and just write it down?
This goes against what they encouraged me to do when I signed up...
And my account is quite old. I'm sorry I lack that kind of foresight, I assumed account security would be a bit more extensive that last name/bday.
Actually, this is wrong.
For the hacking epidemic, some of my friends had lost their bdays on the account (fake BDays inputted), I used a birthday cracker, and found it. But on top of that, I was able to find people's last name and emails just by looping around the Nexon website logged into their account.
When Nexon deletes your personal information from their tickets, it's quite stupid in my opinion, anyone who has half a brain can go around a pull a few things, and they have their email, last name, and birthday... you can do this with just your pass/pin.
---
Anyway, I see Nexon will not be ditching the PINs as well, you will need the following now it seems.
PINs
PICs
And maybe Birthdays, not sure yet!
I wonder if there'll be a way to reset PICs just like PINs from the website.
If this PIC works how I think it will upon login, then in my opinion, it's probably the best admission we'll ever get from Nexon that there was SOME sort of information leak regarding MS accounts. Making users set up brand new login information (which cannot be retrieved using a player's old login information) would render anything a hacker obtained from before this patch... useless.
For that to be right though, the following would have to be correct:
- The hacking was caused by an information leak (hacking a database, etc)
- They have fixed whatever caused it (doesn't matter if we have 20 separate passwords/pins/pics to enter... If someone can continually grab all the necessary information from a database, this won't stop the hacking)
It'll be interesting to see the numbers of new hacking reports in the coming weeks.
Nexon's pretty ignorant.... it's pretty obvious that their information has been hacked. I know people who have been hacked (including myself) who haven't shared their information. My shadower got hacked without me telling anyone the info and having a crazy password (something like 0mGwtp!!$# was the pass). I ended up letting people on it later since I didn't really care.
So basically they're doing the same thing KMS did with the KSSN except it's a code that you make?
As far as I'm concerned this new PIC system won't help or hurt anything. If hackers really have found their way into Nexon's database, it doesn't really matter what kind of new security system is implemented.
I don't really like the idea of removing birthdays, though. Hopefully we'll have to enter both our PIC and our birthday.
6-16 characters isn't bad. But I dislike the fact that symbols cannot be used. Uppercase, lowercase, and numbers can only do so much. But by adding 'symbols', you can further enhance one's security. There exists so many symbols with "ALT CODES", and by using any of those symbols, the chances of hackers cracking it are harder.
I was thinking about mentioning non-alphanumeric ASCII characters, but if Nexon doesn't properly validate input PICs, then there'd be potential for injection vulns. So then... you think Nexon could do the coding necessary (knowing their history of difficulty converting time zones, past security flaws, etc.)? With that said, I guess it'd be hard for a hacker to write an exploit in 16 char. or less.
16 chars? no way am i remembering 16 random characters....
sticky note on the monitor time!
Doesn't have to be random. It just has to be something that makes sense to you.
Mine's probably gonna be ... some YuGiOh card, or a reference to an anime, translated in to 1337 as much as possible, but with some uppercase+lowercase words, and tons of symbols. Ex:
"87u33y3sWD!~@"
if they get rid of the birthdays, and a PIC isn't softkey you type it in manually with your keyboard, I'm going to be pretty disgruntled.
hopefully someone can test it after the game is back up. i'd test it for myself but i don't have any characters to delete.
i mean if you have a keylogger installed and someone is observing what you type, and you log in with a user name and password, and then type in your PIC... they have all the information they need to pretty much do everything to your account they could possibly want. PIC better be soft key and birthdays better still be needed in tandem with PICs to delete character. =|
i guess we'll see once the game is back up. if it is indeed soft key, it'll be kind of annoying and most people will probably just use an easy 6 character one. i'm hoping it's one you type yourself but like i said, we'll see. if you're careful, it shouldn't be a problem.
Posting Permissions
|
|
Reply With Quote
Bookmarks