NEW!!! PIC has just been released, please read the section on the bottom.
This thread was inspired by a similar thread from Gaia Online. The thread, made by the former Gaia moderator, (their equivalent of GM,) Paakun is right here:
At the time of this thread's creation, I was unable to secure Paakun's permission to use his thread, because he seemed to have quit that site in late November and I did not have his contact info. However, there is now hope of contacting him, so if he requests, I will take this thread down or edit it to his liking. However, with the endless hackings I have seen on Maple Story, I think it's past time for a similar thread to appear here.
What this thread is:
This is a thread on "password strength" and also other security measures. Using it will create a "strong" password for your Maple account which, while not "hackproof," (nothing is,) will ensure that most people attempting to use software to crack open your account will FAIL. Paakun told me that a password created as in this thread would deter bank-cracking software for around TWO HUNDRED years. The thread will also educate you to a couple common security threats which are taken lightly by Maplers, causing them to lose their valuable accounts.
Do not post your password here, or anywhere, or you will seriously risk compromising the security of your account.
To use it: Go to this page:
- Select "Base95"
- Select "length 10" (note: if you want, select another length 8-12, but I'd suggest no shorter than 8.)
- Write the password down and type and retype it around 100 times. Keep it written down in a safe place, (your private email is good for this,) until your fingers can type it out without you thinking about. Eventually, you will not be able to say what your password is, but you will easily be able to type it.
If you do not trust this software, (or if the pass generator URL is currently not functioning, which is the case sometimes,) you may simply slap your keyboard, add characters, subtract characters, and end up with something similar. As long as it contains capital letters, small letters, numbers and special characters, is long enough and is made in a fairly random fashion, it'll do the job. Follow this procedure:
1. Slap your keyboard a few times until you get a combination of small letters that reads like gibberish. In my case this resulted in "inogaerif"
2. Replace some of the small letters with capital letters "InogaEriF"
3. Add some numbers in a random fashion. "In56oga3EriF"
4. Add some special characters in a random fashion. "In(5(6o+ga3*EriF"
5. If you wish, take out some of the stuff so the password is 8-12 characters long; however, make sure the end result retains small letters, capital letters, numbers and special characters. In my case, I ended up with "In(5(+g3*riF," which is a 12 digit strong password.
Special characters such as "^" and "+" ARE supported by Maple Story. You may use them in your password.
While the password that appears may seem impossible to memorize, eventually a password such as "_+.&<NM=D4" will be as easy for you to write as the word "hotdog." Trust me on this, I have used passwords such as "_+.&<NM=D4" for roughly 2 years, and with practice it really is that easy. I can type my password in no more than two seconds. However, while a hacking script working against your account will crack open the word "hotdog" within minutes, the password "_+.&<NM=D4" will be another matter. The sort of people who can crack "_+.&<NM=D4" will not be the sort of people who play Maple Story. They'll be robbing Swiss banks.
Fiel provided another method to generate a password, in case you are going on a site that does not accept special characters. However, I STRONGLY recommend the prior method for Maple, or any other site that allows special characters, cap letters, lowercase letters and numbers, because such a password is, in my opinion, harder to crack than the method below.
There is a hash algorithm called MD5. You can use this algorithm to generate a string of length 32. By repeatedly using the generated string as the new password, it completely obfuscates the original password to the point that the password is cryptographically strong (Google for "Key Strengthening").
An example of it can be found here.
type in: thisismypassword
And it generates the hash: 31435008693ce6976f45dedc5532e2c1
Copy the hash and have it replace "thisismypassword".
It generates a new hash: f519151fe174d55afb4da18646e6a552
Once you've strengthened your password enough, just take the first five or eight characters. In this case, your password would be:
Why do it?
You will essentially be trading about an hour of your time for a lot of security. If you're going to play Maple for a year or two, spend an hour doing this. It's worth it.
Ideally, your account name and other info will not become known to anyone and so no one will even get the chance to attempt hacking your account. If it does become known somehow, or if you maybe made your account name the same as your character name, the password will be the only real protection you have. Your pin is completely worthless because a pin cracker will break through it, and those are easy to get.
Gaia Online has a lot of concern about this matter, and to the best of my knowledge about that site, (which is pretty extensive,) NO ONE with a strong password has ever gotten hacked through scripts, even though unlike Maple you have to crack only the password and not the account name.
Note: A strong password is WORTHLESS if anyone knows about it. Worthless. This is very important. If your password is "_+.&<NM=D4" and you give it to the wrong person, it may as well have been "hotdog" and the hacker scripted you. In fact, most hackings involve the hacker worming his way into the account-holder's trust, and then cleaning out the account. The sort of betrayal I have seen for mesos can scarcely be described. We're talking about billions upon billions of mesos, and some of the highest level accounts in Maple. The one thing that almost all such incidents have in common is that the victim never sees it coming. Neither will you.
Keep in mind that your situation may change. Much as you love your friends, and even family, friends, brothers and sisters HAVE hacked on Maple in the past. I personally played with my best friend of 13 years who, upon the termination of our friendship, stole 150 million mesos from me. On my server, xRagingHeart's best friend sold his info to a hacker, (pre-2x 13x account destroyed and robbed, and the best friend was caught red-handed with xRagingHeart's Dex earring in her shop,) Chamukoo was robbed by the person he shared with, (mostly pre-2x 15x account cleaned out, resold by the hacker to its owner, and deleted due to inadequate security,) ivluleMan was nearly cleaned out for 5 billion by the same guy who cleaned out xRagingHeart due to sharing with him, and then ivluleMan HIMSELF cleaned out StrafeStyle for over 2 billion mesos. (I was very good friends with ivluleMan, was completely shocked by this, and never saw it coming, personally.) One of my friends trusted the info to his 10x WK to the wrong person, and the account simply dissapeared. These are just the ones I've personally been at the scene for. Peripherally speaking, the horror stories just keep piling up on a daily basis. I mean, do I really need to go on? Sharing is a very dangerous and convoluted world. The single best gesture of protection on your part is to never share your account info with ANYONE. It's as Paakun says -- your password is like your underwear. You might trust your friend, but you still wear your own underwear.
There is an exploit that allows the hacking of an account if the hacker knows the account name and birthday. Therefore, a strong password on Maple is a protective factor if the hacker knows the account name only. It may not protect you if the hacker knows your birthday. Such details of your account should be kept to yourself under all circumstances. Even your best friend or brother whom you might trust your account to need not know the birthday to your account, because that would allow them to change the pass. Why would the person you're sharing with need to know that info? Hopefully Nexon is aware of this security problem, but until it's dealt with we must create our own security.
In creating your account name itself, mix letters with numbers. A hacker might randomly guess and target the account name "Steph" but he will not randomly target an account called "0Steph78."
Birthday is a horrible security question in my opinion. When making a new account, do not use your actual birthday, as every person who knows you for a while will eventually find out what your birthday is. No one really has reason to know that you were born in Mobile, Alabama, or Kagoshima, Japan, (and asking this will look suspicious,) but your birthday will get out there. Especially when your birthday comes around and your friends throw you a party in Free Market. If your real birthday is currently locked in, tell strangers that you are one year and a few days older/younger than you actually are because disclosing your true birthday in such a case may create a security risk for you. If you can create another birthday for another account, put your birthday, (and all your other security info,) in your email account or another secure place where you will not lose it. Some people I have known used information that they lost and were unable to change passwords for their accounts.
Beware of keyloggers. There are some safe sites, such as hidden-street, sleepywood, southperry, and Nexon's official site. But generally, do not go to random sites and do not click on random links. This goes especially for links advertising hacks or meso selling, which are "shady" sites linked to Maple. If a person is okay with using godmode, (and puts it on his site,) he may well be okay with placing a keylogger on that site to clean your account out. Learn the safe sites, and do not go to the others. It's also possible to get a keylogger by chatting with someone on MSN or AIM.
If you suspect your computer has been infected with a keylogger, immediately go to another computer, go to the Nexon site and change all your info. Do not log onto Maple from your original computer until you have used reliable security software to diagnose and eliminate the keylogger. Such software will, of course, also tell you if you have no keylogger and not need to worry.
The PIC has just been released! Everything is not yet known about this feature, but it is a lot more promising than the useless old 4 digit pin. The PIC is a 6-12 unit identification code which can be any combination of capital letters, small letters, and numbers. Make sure to utilize this to the fullest. Make a 12 unit code -- not less than 12 -- which does not contain any real words, (orange, hotdog, etc.) It should seem random. For example you might choose 89GdOp628kLp. Yeah, it'll be a handful to memorize, but it's very strong.