Page 1 of 2 12 LastLast
Results 1 to 20 of 28
  1. Default Guide to Maple Story account safety


    NEW!!! PIC has just been released, please read the section on the bottom.

    This thread was inspired by a similar thread from Gaia Online. The thread, made by the former Gaia moderator, (their equivalent of GM,) Paakun is right here:

    http://www.gaiaonline.com/forum/gaia...hot/t.7146477/

    At the time of this thread's creation, I was unable to secure Paakun's permission to use his thread, because he seemed to have quit that site in late November and I did not have his contact info. However, there is now hope of contacting him, so if he requests, I will take this thread down or edit it to his liking. However, with the endless hackings I have seen on Maple Story, I think it's past time for a similar thread to appear here.

    ////////////////

    What this thread is:

    This is a thread on "password strength" and also other security measures. Using it will create a "strong" password for your Maple account which, while not "hackproof," (nothing is,) will ensure that most people attempting to use software to crack open your account will FAIL. Paakun told me that a password created as in this thread would deter bank-cracking software for around TWO HUNDRED years. The thread will also educate you to a couple common security threats which are taken lightly by Maplers, causing them to lose their valuable accounts.

    Do not post your password here, or anywhere, or you will seriously risk compromising the security of your account.

    ////////////////

    To use it: Go to this page:

    http://www.mytsoftware.com/dailyproj...n/PassGen.html

    - Select "Base95"
    - Select "length 10" (note: if you want, select another length 8-12, but I'd suggest no shorter than 8.)
    - Write the password down and type and retype it around 100 times. Keep it written down in a safe place, (your private email is good for this,) until your fingers can type it out without you thinking about. Eventually, you will not be able to say what your password is, but you will easily be able to type it.

    If you do not trust this software, (or if the pass generator URL is currently not functioning, which is the case sometimes,) you may simply slap your keyboard, add characters, subtract characters, and end up with something similar. As long as it contains capital letters, small letters, numbers and special characters, is long enough and is made in a fairly random fashion, it'll do the job. Follow this procedure:

    1. Slap your keyboard a few times until you get a combination of small letters that reads like gibberish. In my case this resulted in "inogaerif"
    2. Replace some of the small letters with capital letters "InogaEriF"
    3. Add some numbers in a random fashion. "In56oga3EriF"
    4. Add some special characters in a random fashion. "In(5(6o+ga3*EriF"
    5. If you wish, take out some of the stuff so the password is 8-12 characters long; however, make sure the end result retains small letters, capital letters, numbers and special characters. In my case, I ended up with "In(5(+g3*riF," which is a 12 digit strong password.

    Special characters such as "^" and "+" ARE supported by Maple Story. You may use them in your password.

    While the password that appears may seem impossible to memorize, eventually a password such as "_+.&<NM=D4" will be as easy for you to write as the word "hotdog." Trust me on this, I have used passwords such as "_+.&<NM=D4" for roughly 2 years, and with practice it really is that easy. I can type my password in no more than two seconds. However, while a hacking script working against your account will crack open the word "hotdog" within minutes, the password "_+.&<NM=D4" will be another matter. The sort of people who can crack "_+.&<NM=D4" will not be the sort of people who play Maple Story. They'll be robbing Swiss banks.

    Fiel provided another method to generate a password, in case you are going on a site that does not accept special characters. However, I STRONGLY recommend the prior method for Maple, or any other site that allows special characters, cap letters, lowercase letters and numbers, because such a password is, in my opinion, harder to crack than the method below.

    There is a hash algorithm called MD5. You can use this algorithm to generate a string of length 32. By repeatedly using the generated string as the new password, it completely obfuscates the original password to the point that the password is cryptographically strong (Google for "Key Strengthening").

    An example of it can be found here.

    type in: thisismypassword

    And it generates the hash: 31435008693ce6976f45dedc5532e2c1

    Copy the hash and have it replace "thisismypassword".

    It generates a new hash: f519151fe174d55afb4da18646e6a552

    Once you've strengthened your password enough, just take the first five or eight characters. In this case, your password would be:

    f519151f


    ////////////////

    Why do it?

    You will essentially be trading about an hour of your time for a lot of security. If you're going to play Maple for a year or two, spend an hour doing this. It's worth it.

    Ideally, your account name and other info will not become known to anyone and so no one will even get the chance to attempt hacking your account. If it does become known somehow, or if you maybe made your account name the same as your character name, the password will be the only real protection you have. Your pin is completely worthless because a pin cracker will break through it, and those are easy to get.

    Gaia Online has a lot of concern about this matter, and to the best of my knowledge about that site, (which is pretty extensive,) NO ONE with a strong password has ever gotten hacked through scripts, even though unlike Maple you have to crack only the password and not the account name.

    //////////////

    Note: A strong password is WORTHLESS if anyone knows about it. Worthless. This is very important. If your password is "_+.&<NM=D4" and you give it to the wrong person, it may as well have been "hotdog" and the hacker scripted you. In fact, most hackings involve the hacker worming his way into the account-holder's trust, and then cleaning out the account. The sort of betrayal I have seen for mesos can scarcely be described. We're talking about billions upon billions of mesos, and some of the highest level accounts in Maple. The one thing that almost all such incidents have in common is that the victim never sees it coming. Neither will you.

    Keep in mind that your situation may change. Much as you love your friends, and even family, friends, brothers and sisters HAVE hacked on Maple in the past. I personally played with my best friend of 13 years who, upon the termination of our friendship, stole 150 million mesos from me. On my server, xRagingHeart's best friend sold his info to a hacker, (pre-2x 13x account destroyed and robbed, and the best friend was caught red-handed with xRagingHeart's Dex earring in her shop,) Chamukoo was robbed by the person he shared with, (mostly pre-2x 15x account cleaned out, resold by the hacker to its owner, and deleted due to inadequate security,) ivluleMan was nearly cleaned out for 5 billion by the same guy who cleaned out xRagingHeart due to sharing with him, and then ivluleMan HIMSELF cleaned out StrafeStyle for over 2 billion mesos. (I was very good friends with ivluleMan, was completely shocked by this, and never saw it coming, personally.) One of my friends trusted the info to his 10x WK to the wrong person, and the account simply dissapeared. These are just the ones I've personally been at the scene for. Peripherally speaking, the horror stories just keep piling up on a daily basis. I mean, do I really need to go on? Sharing is a very dangerous and convoluted world. The single best gesture of protection on your part is to never share your account info with ANYONE. It's as Paakun says -- your password is like your underwear. You might trust your friend, but you still wear your own underwear.

    ///////////////

    There is an exploit that allows the hacking of an account if the hacker knows the account name and birthday. Therefore, a strong password on Maple is a protective factor if the hacker knows the account name only. It may not protect you if the hacker knows your birthday. Such details of your account should be kept to yourself under all circumstances. Even your best friend or brother whom you might trust your account to need not know the birthday to your account, because that would allow them to change the pass. Why would the person you're sharing with need to know that info? Hopefully Nexon is aware of this security problem, but until it's dealt with we must create our own security.

    In creating your account name itself, mix letters with numbers. A hacker might randomly guess and target the account name "Steph" but he will not randomly target an account called "0Steph78."

    Birthday is a horrible security question in my opinion. When making a new account, do not use your actual birthday, as every person who knows you for a while will eventually find out what your birthday is. No one really has reason to know that you were born in Mobile, Alabama, or Kagoshima, Japan, (and asking this will look suspicious,) but your birthday will get out there. Especially when your birthday comes around and your friends throw you a party in Free Market. If your real birthday is currently locked in, tell strangers that you are one year and a few days older/younger than you actually are because disclosing your true birthday in such a case may create a security risk for you. If you can create another birthday for another account, put your birthday, (and all your other security info,) in your email account or another secure place where you will not lose it. Some people I have known used information that they lost and were unable to change passwords for their accounts.

    /////////////

    Beware of keyloggers. There are some safe sites, such as hidden-street, sleepywood, southperry, and Nexon's official site. But generally, do not go to random sites and do not click on random links. This goes especially for links advertising hacks or meso selling, which are "shady" sites linked to Maple. If a person is okay with using godmode, (and puts it on his site,) he may well be okay with placing a keylogger on that site to clean your account out. Learn the safe sites, and do not go to the others. It's also possible to get a keylogger by chatting with someone on MSN or AIM.

    If you suspect your computer has been infected with a keylogger, immediately go to another computer, go to the Nexon site and change all your info. Do not log onto Maple from your original computer until you have used reliable security software to diagnose and eliminate the keylogger. Such software will, of course, also tell you if you have no keylogger and not need to worry.

    //////////////

    The PIC has just been released! Everything is not yet known about this feature, but it is a lot more promising than the useless old 4 digit pin. The PIC is a 6-12 unit identification code which can be any combination of capital letters, small letters, and numbers. Make sure to utilize this to the fullest. Make a 12 unit code -- not less than 12 -- which does not contain any real words, (orange, hotdog, etc.) It should seem random. For example you might choose 89GdOp628kLp. Yeah, it'll be a handful to memorize, but it's very strong.
    Last edited by Derimed; 2010-02-11 at 12:23 AM. Reason: Added small section on PIC (now with PIC!!!)

  2. Won't Be Coming Back

    IGN: Septher
    Server: vengeance
    Level: 172
    Job: ShAHHHdower

    Default


    You posted this on Sleepywood months ago, and I only decided to listen to it about two weeks ago. I realized that I've put too much time and money in to my account to take any of it's safety lightly, so I threw one of those hard-ass passwords on it.

    Seriously guys, I've had friends of mine getting hacked recently and sometimes you just wonder "How could -she- get hacked?" or "Why would someone even bother hacking that level 50?". It could happen to anyone, right when you least expect it.

  3. Default


    I hope you believe me when I say I am not really into this type of thing out of recognition, but rather because Maple forums regularly get threads by people who were cleaned out, and I felt sorta responsible because maybe it could have been prevented. I remarked on Sleepy that a hacker brute-forced accounts on Habbo Hotel to steal 4000 Euros worth of virtual currency. He was caught and prosecuted. With the sort of stuff happening on my server lately, (mass duped-white-scroll proliferation, channel crashing by hackers, complete game disruption by the Power Guard hack, guild hackings, etc.,) I now find it a bit difficult to believe that only "script kiddies" play Maple.


  4. Default


    I've always been concerned about my security. Fix the link so I can create a super duper strong password.

    Thanks.

  5. Default


    Sorry about that.

    It did seem like it was down, but I looked into it and it seems to work now. Try it out.

  6. Default


    thanks i dont wanna lose my stuff now that there is actual stuff worth something

  7. Harrisonized
    Guest

    Default


    You said a hacking script will crack hotdog within minutes... what would it crack in what order? I'm assuming letters come first, then what's next? Numbers? Then would that mean a password such as 'hotdog+=' is equally as safe as 'hotdog'?
    Last edited by Harrisonized; 2008-07-08 at 04:29 AM.

  8. Default


    Thanks for the guide, just changed my pass! =]

  9. Default


    I don't know how hacking scripts operate, but I do know that common words are weak, lengthy convoluted combinations of letters, (such as "heitarlinobenaril" are stronger, letters with numbers is stronger than that, and fully randomized passwords with small and capital letters, numbers, and special characters are the best of all. If you create a Gmail account, you can type in passwords for the account and it'll approximate how strong they are. Even hotdog1 or hotdog+= is definitely stronger than hotdog, but a fully randomized password is still better than hotdog1. Ultimately, you'll type in your pass so many times that you'll remember it whatever it might be; having a complex password therefore seems more beneficial because whatever you choose, you'll end up remembering.
    Last edited by Derimed; 2008-07-08 at 07:23 AM.

  10. Default


    I'd totally do this, but I have a problem. My account is almost three years old, I don't remember some of my private information. :[

  11. Neutron
    IGN: hibikimura
    Server: Khaini
    Level: 140
    Job: Bishop
    Guild: TurtleHeroes
    Alliance: KhainiHeroes

    Default


    i wish i knew about a lot of this before i actually created my maple account. nice job on it, even if you pulled it from another game site ^^

  12. Harrisonized
    Guest

    Default


    Well, in Gmail, I just go for length, because I really can't remember where I put special characters. One time, I changed my password in MS to something with a space in it and ended up having to reset it, because it wouldn't work.
    For Gmail, my password is a 29 digit number with a letter in it hitting the maximum for a password. I suppose nobody can crack that, but should I change it to something with special characters?

  13. Default


    Keep in mind that I am not a hacker or familiar with hacking tools so I cannot give a fully adequate answer to that. I simply learned that "do this and this and it'll protect against most hackings and scammings," and I repeated what I know.

    However, the pass generator Paakun provides approximates the strength of your password. Therefore, enter your password, (or, eyeing security, enter something very similar, but not quite your password,) and see what strength the generator says your password possesses. I tested an all-letters very long password, and the generator said it was more secure than a short all-letters pass, but not as secure as an 8 digit password containing letters, numbers, capital letters and special characters will adequately deter hackers. Honestly, if you're at the point where you've memorized a 29 digit string, you probably are better off getting the 8-12 mixed pass.

  14. Default


    I did this with my own password, but also formed it into a word to make it easier to memorize.

    Example: b!4kn3sS

    it still spells a word so its easier for me to memorize, but it also would give a strong password.

  15. Default


    yes and no, it all depends on the type of hacking device being used. Words are your weakest type of password, because it is a word, it's easy for a program to go through a list of words till it finds the right one. Its the same thing with letters and numbers only, when you throw a number into a word, I.E. Hotd0g, it makes it a lot more difficult to crack; adding the special symbols makes it even more difficult.

    I once saw a website that gauged the strength of your password and exactly how long it would take for a computer to crack it, once i find it again i'll edit this post to include it so you can all test your own passwords(or as the OP suggests, a similar password for security reasons)

  16. Default


    I agree with that, you can mis-spell something you are familiar with and mix it with numbers. I did that... lol XD

  17. Default


    how do u get keylogged from aim or msn?....
    scary=/

  18. Won't Be Coming Back

    IGN: Southperry:
    Server: Land
    Level: of
    Job: Chinchillas,
    Guild: Pineapples,
    Alliance: and opossums.

    Default


    easily. some1 send you an executable attachment saying its a <something that would make you want to open it>. you open the attachment, not knowing that its a keylogger...

    owned.


    also, protip: you dont really need a password strong as the ones in this thread. as long as its not guessable (lower case letters that does not make a dictionary word and a few numbers will do), its ok. keyloggers will steal your password anyway, doesnt matter how hard it is.

    also, this is completely wrong to say that pin is worthless. now that we have that 5 tries thing protection, pin is maybe the only strong protection we have, since it cannot be easily recorded by keyloggers.
    Last edited by haha01haha01; 2008-11-22 at 08:12 AM.

  19. Default


    well i thought youd be keylogged for JUST being on aim=p
    *signs back on aim* lol

    thank you for telling me~

  20.  

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •