Jump to content

Weak Passwords Must Be Changed - 09-January-2009


Kenneh

Recommended Posts

  • Replies 111
  • Created
  • Last Reply

Top Posters In This Topic

We recommend you use a combination of letters and numbers, and then write the password down and store it in a very safe place so you dont forget it. Andrew.

 

 

 

I love that we got something so personal from Andrew himself!

 

And it REALLY saddens me to see the tip.it community respond to this newspost. Pointless and silly have been mentioned in relation to this update. I feel so sorry for Jagex having to deal with your kind.

"There are only two strategies in war. Move forward or change. The victor is the first to realise that when he cannot move forward he must change."

 

~ Mod Mark H ~

 

100000players-2.jpg

Link to comment
Share on other sites

A waste of time if you ask me, but I'm glad Jagex is stepping up to support idiot customers. Honestly, those lv 40s with "runescape", "zezima", "password", and "noob" as their pass just deserve to be haxed and lose their 50k worth of bank items. And as someone else already said, most account stealers get accounts by means of keyloggers, not guessing it. But I think Jagex has better things to do than protect account safety of lazy customers.

[hide=]

tip it would pay me $500.00 to keep my clothes ON :( :lol:
But then again, you fail to realize that 101% of the people in this universe hate you. Yes, humankind's hatred against you goes beyond mathematical possibilities.
That tears it. I'm starting an animal rebellion using my mind powers. Those PETA bastards will never see it coming until the porcupines are half way up their asses.
[/hide]

montageo.png

Apparently a lot of people say it. I own.

 

http://linkagg.com/ Not my site, but a simple, budding site that links often unheard-of websites that are amazing for usefulness and fun.

Link to comment
Share on other sites

Seems extremely pointless to me. People don't guess other peoples passwords, they get it by means of a keylogger or getting the person to trust them and telling the password.

 

 

 

actually, brute force attacks start with a dictionary of the most common passwords, so these kinds of accounts would probably be broken very quickly.

fishing.gif
Link to comment
Share on other sites

Good idea for the players who don't have their brain fully developed yet :P

 

 

 

 

 

The way my brother told me to do passwords is like impossible to guess

 

 

 

Caplizie the first letter of your first and last name (ex: John Doe = JD)

 

2nd letter of your first name in lowercase (JDo)

 

2-4 random numbers that you can remember (JDo2839)

 

3rd letter of your first name (JDo2839h)

 

 

 

honestly no one is gonna guess that lol

 

 

 

 

 

another password i've heard about is that you put your finger on a and slide your finger stright across the keyboard until you hit enter (asdfghjkl;') lol

cac29dfe51.png

image.png

Please click and warm up my egg.

Link to comment
Share on other sites

I make my password easy to remember, but hard to guess. For example i use combined words that i call: "inner punchlines." So basically they are my own punchlines.

"An Amateur practices until he can get it right. A Professional practices until he can't get it wrong."

nimetnbb.jpg
 

Quests just keep bringing me back to this game.

Link to comment
Share on other sites

I've been lagging since the update, anyone else?

 

EDIT: Never mind, I was on a New Zealand world. -.-

 

 

 

But, I'm surprised this didn't happen sooner.

hopesolopatriot.jpg
Link to comment
Share on other sites

Good idea for the players who don't have their brain fully developed yet :P

 

 

 

The way my brother told me to do passwords is like impossible to guess

 

 

 

[Explanation snipped]

 

honestly no one is gonna guess that lol

 

 

 

 

Well no one would have, until you decided to post it on Tip.it forums. Will you, and everyone else, please keep your mouths shut on how you do your passwords? It's just not smart.

Linux User/Enthusiast Full-Stack Software Engineer | Stack Overflow Member | GIMP User
s1L0U.jpg
...Alright, the Elf City update lured me back to RS over a year ago.

Link to comment
Share on other sites

I guess their intent was to help and thats a good thing but I agree with the stuff on the first page of this thread. The majority of passwords that are stolen are done so thru keyloggers and not guessing. Perhaps a recommendation to free computer protection software would have been a great section to add in that update.

Sublexation.gif 203934109074superballpwnage.gif
Link to comment
Share on other sites

lol seriously you shouldnt use a formula for a password imo,

 

Everybody has something personal which he can remember and nobody knows about right?. well then :D .

 

 

 

by the way I guess many people used 'Runescape' as password or just 'password' 8-) .

 

I also think that allot of people have their user names as passwords.

 

 

 

but seriously, nobody should help people with bad passwords,

 

this is what you call natural selection ;) .

coenvg.png

Master of Firemaking since 10-11-2007 Yes, I QUIT! =]

Master of Woodcutting since Christmas 2007

Completed all quests - Completed all achievement diaries.

Link to comment
Share on other sites

this is the stupidest thing i have ever seen done on rs im sure that is arguable in some people's eyes. of course its always me i have like 2 or 3 dummy accs for fun but all accs not all same password i try to log on and they like change pass or dont play never been hacked once and only way to get hacked is to be an idiot and give it out or get keylogged by going on some fake site. had to change my pass yes but i think this was really worthless

OTMSigXD.png

Link to comment
Share on other sites

My password for runescape is by far the most complex i use. Trying not to go into detail, but i use not so common personal information combined with pieces of my passwords to various other sites. Its unguessable thanks to my twisted sanity and it would take years to crack with the brute force method.

 

 

 

Thats the exact same thing I do. My password is a collection of 18-20 chars that are a weird collection of various past passwords (like my first password in elementry) to a few others that have significant personal meaning yet mean nothing to anyone else. I only use it for RS, so that sites that just log passes can't get me should I ever have a stupid moment (of couse this means nothing to a keylogger). Like a few other passes I use, I can type this so fast that people can't guess it after watching me type it. I tried this with a different pass, but the way I do it makes it look like I hit several other keys. I never tried this with my rs pass, but I figure the only thing you could get from watching me type it is the general location of parts of the pass, but without a video camera, that won't help you.

 

 

 

This update harms no one, and serves as education if nothing else. To many computer crimes (some on quite large scales) were made possible by bad passwords (or ones written down and stored near the computer), especialy in the infancy of PCs. You don't want your password to show up in a dictionary (or at least no more than a small part), or a name dictionary (which is a more common flaw).

 

 

 

The possible permutations of a 6 digit number using 0-9 is: 1,000,000 possibilitys

 

A string of random letters is actualy better since that yeilds: 308,915,776 possibilitys

 

A random string of numbers and letters yeilds: 2,176,782,336 possibilitys

 

These are easy permutation, they are simply 10^6, 26^6 and 36^6. Note that is not how you normally do permutations, and is actualy short cut for a situation like this. For passwords it is possible charecter choices ^ number of charecters.

Link to comment
Share on other sites

this is the stupidest thing i have ever seen done on rs im sure that is arguable in some people's eyes. of course its always me i have like 2 or 3 dummy accs for fun but all accs not all same password i try to log on and they like change pass or dont play never been hacked once and only way to get hacked is to be an idiot and give it out or get keylogged by going on some fake site. had to change my pass yes but i think this was really worthless

 

Ehm....why is it worthless? Because you had to take 30 secs to change your way too simple password? (seeing as it was one of the 500 most common). And write with proper english please, I have no idea what you just said.

"There are only two strategies in war. Move forward or change. The victor is the first to realise that when he cannot move forward he must change."

 

~ Mod Mark H ~

 

100000players-2.jpg

Link to comment
Share on other sites

but seriously, nobody should help people with bad passwords,

 

this is what you call natural selection ;) .

 

 

 

Natural selection? First, I don't believe Social Darwinism is right. Second, those with bad passwords aren't eliminated from the gamewhen they're "hacked", they just make more accounts with similarly bad passwords and continue playing. Bottom line is that this update hurts no one, and if you don't need this kind of security measure to help you, more power to you.

Link to comment
Share on other sites

Jeez I can't believe anyone didn't post something like this already

 

 

 

A couple of points when deciding on a password.

 

1. Don't use a password that you use ingame or on a different forum(especially any abandoned forums)

 

2. Use a different email than you use ingame if possible.

 

3. Avoid using your ingame name or msn or any username from any program in your password. (ie. ocanderson452693 wouldn't be a good choice for me)

 

4. Try to include at least 2 numbers in your password, if they are non-sequential then even better.

 

5. If you use a shared network (school or work) then make sure to log off when done and don't use the "remember password" function.

 

6. I personally would only reccomemend a 10 alphanumeric character password or better if allowed. Though some sites will only allow an eight character password. (One site I found only allows a 3 character password.)

 

7. The alphanumeric characters are Captiol Letters (A,B,C,etc), lower case letters (a,b,c,etc), numbers (0123456789), and special characters (like !@#$%^&*()_+{}[];':",./<>?`~-= and of course the space bar space)

 

8. If you have to write it down then it is not repeat not a secure password. Though I do admit mine is written down but is is written down in an encrpyted file which even decrpyted is in a shorthand form that only my family knows how to translate, in a safe deposit box und a name different than what people know me as but still a legal name for me to use, and in a town that very few people know where is (it is too small to be well known).

Link to comment
Share on other sites

Making people think of more secure passwords is a good thing. I hope they don't get too many 'I forgot my new password' requests, tho. It is interesting that the post was from Andrew himself.

 

 

 

Disclaimer : Of course I do not know the design of JaGeX's databases and they might, for reasons known only to them, have chosen to not store the passwords in an encrypted form. I'd be surprised if that were the case though.

 

I doubt it still is, but it used to be plaintext:

 

From:  	    [email protected]

Sent: 	Thu 5/24/01 4:08 PM

To: 	***@hotmail.com



We're sorry you forgot your RuneScape password

Your current password is: ***



-------------------------------------------------------

You are receiving this mail because a password reminder

was requested from our website. If you have received

this in error then please disregard it. Receiving this

message does not mean you have been added to a mailing

list. We do not send unsolicited e-mail.

ren_tbv450.png

Mechscape World (the original MechScape fansite)

Link to comment
Share on other sites

Seems extremely pointless to me. People don't guess other peoples passwords, they get it by means of a keylogger or getting the person to trust them and telling the password.

 

 

 

 

 

There are hundreds of people out there with programs which attempt to log into about 50,000 accounts at the same time, trying various passwords that the user of the program types into it, which are always obvious passwords, such as "Oblivion". That was my password at one point, and someone hacked me but luckily he disconnected and I got it back. I even have a good friend who used to password crack people but doesn't anymore.

 

 

 

After reading some of the posts, I can't believe how oblivious so many people are that programs like this exist. I don't know why my password was Oblivion before...but I can guarantee no one will ever guess it now. When new games come out, people are smart enough to check for new obvious passwords relating to that game because people are dumb enough to have a password like, "callofduty4".

Link to comment
Share on other sites

Does anyone else wonder how they know what the 500 most common passwords are? I thought most companies kept passwords in an encrypted database so that no one could break in to their site and steal passwords. It seems Jagex has the free time and ability to check people's passwords, or else they are just guessing what the top 500 passwords are...

picture.php?albumid=328&pictureid=1551
Link to comment
Share on other sites

Does anyone else wonder how they know what the 500 most common passwords are? I thought most companies kept passwords in an encrypted database so that no one could break in to their site and steal passwords. It seems Jagex has the free time and ability to check people's passwords, or else they are just guessing what the top 500 passwords are...

 

 

 

No it is just like the 5 most common constants are R, S, T, L, and N and the most common vowel is E in English. You can get lists of the most common words (a, an, and, the, etc.) This is just one more list type thing that people have done studies on.

Link to comment
Share on other sites

For the record, i'm not complaining. I had less then 50k of stuff, and I got full rune shortly after that.

 

I'm just saying that an extremely secure password can still be brute forced by a 12 year old kid. And before you say 7 characters is insecure, try to brute-force that...

 

I've never had a password more than 10 characters, and since then(when I changed my pass every couple months) I've never been hacked.

 

Sorry, I'll let this die now. I had to get that out.

 

 

 

Hes alot more than a 12 year old kid if you claim he did what you just did, he probably planted a keylogger on ur computer, or got ur name off a phishing site and then contacted you in game to blackmail you =S

O.O

Link to comment
Share on other sites

Does anyone else wonder how they know what the 500 most common passwords are? I thought most companies kept passwords in an encrypted database so that no one could break in to their site and steal passwords. It seems Jagex has the free time and ability to check people's passwords, or else they are just guessing what the top 500 passwords are...

 

 

 

No it is just like the 5 most common constants are R, S, T, L, and N and the most common vowel is E in English. You can get lists of the most common words (a, an, and, the, etc.) This is just one more list type thing that people have done studies on.

 

 

 

I doubt that was what they used, this seemed more rs-specific. Zezima, anyone?

Hail to The Great Big Penguin in the sky. And Guthix, of course.

 

Harbringerjm.gif

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.