Jump to content

Weak Passwords Must Be Changed - 09-January-2009


Kenneh

Recommended Posts

It says to keep your password in a save place. Such as with a parent or guardian. When I read the latter, I imagined a thirty something, balding, man with thick glasses sitting in his basement reading this. He then shouts "Ma! I need you to keep my Runescape password safe!" "Of course, sweety." she replies "How many fish sticks do you want for supper? Four or five?"

 

 

 

Well you see, I pictured a ten year old kid giving the password to his father who resembles your thirty something, balding man with thick glasses. The son then of course gets hacked by his father.

Nemo vir est qui mundum non reddat meliorem..

Link to comment
Share on other sites

  • Replies 111
  • Created
  • Last Reply

Top Posters In This Topic

Hehe, this is like Jagex telling half of Runescape players that they're [developmentally delayed]. Sort of. That's how I interpreted it. :P

 

 

 

Half of Runescape is emot-downsgun.gif, so if anything Jagex have finally hit the nail on the head.

banner6jf.jpg

 

jomali.png

Link to comment
Share on other sites

My password is in a hidden file, in a hidden folder, in a hidden partition on my hidden HDD which runs a hidden OS. It's so deeply hidden, not even I know about it!

TIF-SIG-PREVAIL.jpg

IRC Nick: Hiroki | 99 Agility | Max Quest Points | 138 Combat

Bandos drops: 20 Hilt | 22 Chestplate | 21 Tassets | 14 Boots

Link to comment
Share on other sites

It says to keep your password in a save place. Such as with a parent or guardian. When I read the latter, I imagined a thirty something, balding, man with thick glasses sitting in his basement reading this. He then shouts "Ma! I need you to keep my Runescape password safe!" "Of course, sweety." she replies "How many fish sticks do you want for supper? Four or five?"

 

 

 

 

 

Epic. <3:

 

 

 

 

 

My password is in a hidden file, in a hidden folder, in a hidden partition on my hidden HDD which runs a hidden OS. It's so deeply hidden, not even I know about it!

 

 

 

I'm assuming you're kidding :lol: .

 

 

 

Anyway, I know people who have their credit card numbers along with their name and address, bank pins, and social security numbers saved in a notepad file on the desktop of their laptop. :wall:

1ekn0o.jpg

Thanks to Uno for the awsome sig <3

Link to comment
Share on other sites

 

You should of course keep this in a very safe place, like giving it to your parents or guardian for safekeeping.

 

 

 

 

You are now playing KidScape. Enjoy being wrapped in cottonwool while we feed you hot milk. :wall:

 

 

 

Roll on Mechscape.

 

 

 

Correct me if I'm wrong, but MechScape is still being made by the same company that's allegedly wrapping you in "cottonwool", right? Grow up.

 

 

 

It's being marketed at an older gaming range than Runescape. So hopefully it won't suck as much as Rs2 has done these past couple of years.

asrhasrh.jpg
Link to comment
Share on other sites

Just found a list of the 500 worst passwords of all time. Be warned, some of the passwords contain offensive language:

 

 

 

http://www.whatsmypass.com/?p=415

Lugia_Lvl138.png

 

4x Phat owner: Blue, Green, 2x Purple

 

3100+ GWD bosses soloed.

Solo GWD Drops:

5 Bandos Plates, 4 Bandos Boots, 3 Bandos Hilts, 2 Arma Helms, Arma Skirt, Arma Plate, 3 Arma Hilts, 4 Zammy Spears, Steam Staff, 15 Sara Swords, 6 Sara Hilts, 29 Shards.

Link to comment
Share on other sites

Its good, you have no idea how many friends of myne simply have there last name plus the first letter of the first name as their password, as well as passwords like hello, and qwerty.

 

 

 

Unless Jagex knows everyones names, they can keep theirs.

Hail to The Great Big Penguin in the sky. And Guthix, of course.

 

Harbringerjm.gif

Link to comment
Share on other sites

Its good, you have no idea how many friends of myne simply have there last name plus the first letter of the first name as their password, as well as passwords like hello, and qwerty.

 

 

 

my little brothers used to be qwerty123 lol

 

 

 

i reckon the password flowers gone now...

Pit_Guardian.png

Gamertag: EFs Predator.

Games I play: Halo 3, Halo wars.

Link to comment
Share on other sites

Just a friendly tip, you can create a shortcut to the on screen keyboard next to the start menu, so when you enter your password, a key logger won't be able to get it. :D

 

 

 

 

Who would have thought that Jagex could get ridiculed for trying to keep accounts safe..

 

 

 

Strange, isn't it? Seems like Jagex will never be able to please us, no matter what. #-o :roll:

Link to comment
Share on other sites

Just a friendly tip, you can create a shortcut to the on screen keyboard next to the start menu, so when you enter your password, a key logger won't be able to get it. :D

 

 

 

 

Who would have thought that Jagex could get ridiculed for trying to keep accounts safe..

 

 

 

Strange, isn't it? Seems like Jagex will never be able to please us, no matter what. #-o :roll:

 

 

 

Strange indeed, the good ol' "grass is always greener on the other side" The truth is, its not, its mud \:D/

Link to comment
Share on other sites

Just a friendly tip, you can create a shortcut to the on screen keyboard next to the start menu, so when you enter your password, a key logger won't be able to get it. :D

 

 

 

 

 

 

I don't think your right, the onscreen keyboard would still be registered as a keyboard press as it still sends the same binary code like the main keyboard does..?

 

 

 

 

 

ALL passwords should be alphanumerical, else you will not be spared!

 

though, saying that i got hacked even with an alphanumerical 20 character password :/.

 

 

 

alphanumericalise (i made that word up ¬¬) your recovery questions to ;)

buzz_knight.png


buzz_knight.png


 

Link to comment
Share on other sites

Just a friendly tip, you can create a shortcut to the on screen keyboard next to the start menu, so when you enter your password, a key logger won't be able to get it. :D

 

 

 

 

Who would have thought that Jagex could get ridiculed for trying to keep accounts safe..

 

 

 

Strange, isn't it? Seems like Jagex will never be able to please us, no matter what. #-o :roll:

 

 

 

Strange indeed, the good ol' "grass is always greener on the other side" The truth is, its not, its mud \:D/

 

 

 

Instead of just saying "Yay, now there aren't all those people with easy passwords, things are safer, go Jagex, hooray, sunshine and rainbows all round!!!", consider for a moment why people use those easy passwords. Not because they think, "Omg, awesome password, woot!" when it isn't, but because they don't want to bother with (or just can't) remembering a long/hard password and typing it in. So Jagex bans 500 easy passwords, the people that had them say "Omg, wtf, now I have to change it", and can't be bothered thinking up a hard one they can easily remember, so they just use another easy one. Either they haven't been hacked before (note hacked, not scammed: if scammed, it really doesn't matter how hard your password is), or they have and just don't give a stuff. Either way, they are unlikely to change their ways just on one warning, especially given there are already all those warnings in the SoS and the login text, so the update might make a very small number of people get strong passwords. Of those, very few would be going to be hacked anyway, given how comparitively rarely it occurs. So essentially, they've just made a lot of hassle for people with weak passwords, especially those with noob accs or w/e who don't really care if it gets hacked, for a fairly dubious reward, coupled with making the passwords of people who have other common weak passwords not in the list more unsafe. Great work there.

 

 

 

[/wall of text]

Hail to The Great Big Penguin in the sky. And Guthix, of course.

 

Harbringerjm.gif

Link to comment
Share on other sites

I was quite suprised that my password didn't need changed because even though it is letters and numbers, it is relatively short compared to some. Ah well, it musn't be that easy to guess, and to be honest, I don't think anyone could guess it unless I had a key logger on my computer.

Link to comment
Share on other sites

I haven't changed my password in months. It's a 10-20 character mixture of random numbers and letters, but I know I should change it regularly. But I sort of don't want to, because being hacked would be a way of escaping this evil, evil game. But I can stop playing any time I want! But I must quit... But why should I?!

 

Disregard that :?

Link to comment
Share on other sites

So, I'm not sure how well this will work...

 

I've been hacked with a password that was 3 numbers(not random-ish), 3 letters(random), 1 number(random)

 

I didn't have a keylogger, or anything else. Apparently, this emo-wannabee-kid-who-hates-every-one-and-thinks-he's-cool hacked me by using jagex's site that has all passes stored...

 

He threatened me that I would be hacked if I didn't buy him pizza, and I didn't.

 

That night, I logged to find all my items gone. About killed him the next day.

 

And, no. I never, ever said my password. Ever.

 

 

 

Wowww. a 7 letter password. Your epic.

 

 

 

Mines 18 letters/numbers.

 

Make it longer, and stop whining.

 

And there is no site that Jagex uses to store passwords. Its called a database. The database is hidden probably on a backend, and you would need an IP address, an open port, AND a login to get into. My guess is that this database has some 25 character usename AND password, to be sure that no script kiddies get into it. This is most likely all sitting behind many layers of industrial firewall. This kid just fed you a load of crap and you ate it all up.

 

 

For the record, i'm not complaining. I had less then 50k of stuff, and I got full rune shortly after that.

 

I'm just saying that an extremely secure password can still be brute forced by a 12 year old kid. And before you say 7 characters is insecure, try to brute-force that...

 

I've never had a password more than 10 characters, and since then(when I changed my pass every couple months) I've never been hacked.

 

Sorry, I'll let this die now. I had to get that out.

My skin is finally getting soft
I'll scrub until the damn thing comes off

Link to comment
Share on other sites

This reminds me of when Jagex officially decreed luring against the TOS. People were outraged, as they enjoyed their predatory practice and said that people who fell for it "deserved to lose what they lost".

 

 

 

I think this update works very effectively in that it ensures that if someone -IS- hacked, it is the result of them downloading a keylogger or telling someone else. In other words, stop crying to Jagex when you get hacked.

stormveritas.png
Link to comment
Share on other sites

The whole thing of pointless because ppl use key loggers makes me lol

 

 

 

Firstly 90% of hackings people post whining about were a friend guessing their password - so guessing passwords = ftw

 

Secondly hacking engines purposefully designed to try and get into accounts for certain things can easily be used to rs cause at no point are you locked out for too many wrong guesses, this equally means the engines are highly likely to have a list of common passwords to try first.

 

 

 

If you have an easy password and you get hacked its your own fault, I think.

 

 

 

But it makes me laugh that so many accounts had easy passwords Jagex found the need to implement this update, though we should be happy less easy passwords = less hackings = customer service team has less work load = possibility of better responses

Plv6Dz6.jpg

Operation Gold Sparkles :: Chompy Kills ::  Full Profound :: Champions :: Barbarian Notes :: Champions Tackle Box :: MA Rewards

Dragonkin Journals :: Ports Stories :: Elder Chronicles :: Boss Slayer :: Penance King :: Kal'gerion Titles :: Gold Statue

Link to comment
Share on other sites

The whole thing of pointless because ppl use key loggers makes me lol

 

 

 

Firstly 90% of hackings people post whining about were a friend guessing their password - so guessing passwords = ftw

 

Secondly hacking engines purposefully designed to try and get into accounts for certain things can easily be used to rs cause at no point are you locked out for too many wrong guesses, this equally means the engines are highly likely to have a list of common passwords to try first.

 

 

 

If you have an easy password and you get hacked its your own fault, I think.

 

 

 

But it makes me laugh that so many accounts had easy passwords Jagex found the need to implement this update, though we should be happy less easy passwords = less hackings = customer service team has less work load = possibility of better responses

 

 

 

"Too many incorrect logins from your adress. Please wait 5 minutes before trying again."

Hail to The Great Big Penguin in the sky. And Guthix, of course.

 

Harbringerjm.gif

Link to comment
Share on other sites

Apparently, this emo-wannabee-kid-who-hates-every-one-and-thinks-he's-cool hacked me by using jagex's site that has all passes stored...

 

He threatened me that I would be hacked if I didn't buy him pizza, and I didn't.

 

That night, I logged to find all my items gone. About killed him the next day.

 

And, no. I never, ever said my password. Ever.

 

If their database containing the player's passwords is well-designed, even people with direct access to the database will not be able to get the password of a player. The trick is to store the passwords in an encrypted form, such that finding the encrypted password from the real password is easy (and thus allowing the computer to verify if the player has entered the correct password), but finding the real password from the encrypted password should be extremely hard.

 

 

 

Disclaimer : Of course I do not know the design of JaGeX's databases and they might, for reasons known only to them, have chosen to not store the passwords in an encrypted form. I'd be surprised if that were the case though.

"Noob" is an insult. "Noob" is overused. Be polite. Try to say "noob" less than once a day.

Thank you.

Link to comment
Share on other sites

The whole thing of pointless because ppl use key loggers makes me lol

 

 

 

Firstly 90% of hackings people post whining about were a friend guessing their password - so guessing passwords = ftw

 

Secondly hacking engines purposefully designed to try and get into accounts for certain things can easily be used to rs cause at no point are you locked out for too many wrong guesses, this equally means the engines are highly likely to have a list of common passwords to try first.

 

 

 

If you have an easy password and you get hacked its your own fault, I think.

 

 

 

But it makes me laugh that so many accounts had easy passwords Jagex found the need to implement this update, though we should be happy less easy passwords = less hackings = customer service team has less work load = possibility of better responses

 

 

 

"Too many incorrect logins from your adress. Please wait 5 minutes before trying again."

 

 

 

 

 

hum clearly i don't mistype my pass often enough XD or they added tht recently-ish (i mean past like half yr since thths about last time i managed to mistype pass more than 3 times in a row)

Plv6Dz6.jpg

Operation Gold Sparkles :: Chompy Kills ::  Full Profound :: Champions :: Barbarian Notes :: Champions Tackle Box :: MA Rewards

Dragonkin Journals :: Ports Stories :: Elder Chronicles :: Boss Slayer :: Penance King :: Kal'gerion Titles :: Gold Statue

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.