Serrin474 Posted July 19, 2018 Share Posted July 19, 2018 My password for the other MMO I play is extremely long and complicated and filled with random numbers and characters because I don't have to remember it. It's stored in a password manager in case I need it but that only comes up rarely. Warframe requires me to enter my password every time I log in, thus it has to be something I can remember and type out in a reasonable amount of time and with a reasonable amount of effort. Because of this my password for your game is significantly less complex and shorter than my password for games that remember the password. The vast majority of MMO "intrusions" come from online attacks by people who don't have direct access to the hardware of the person they're attacking. You probably already recognize this on consoles (I haven't played on console but I'd be surprised if you require users to enter their password every time they want to play from a console). The fact is that if someone has physical access to my PC and has already bypassed my PCs security, then I have much bigger problems than my Warframe account being tampered with. Please consider allowing the client to store my password so that I can use a more complex password on my account. Two factor (only triggered when logging in from a new location) would also be nice. Link to comment Share on other sites More sharing options...
JuanS Posted July 19, 2018 Share Posted July 19, 2018 Copy/paste Link to comment Share on other sites More sharing options...
FollowTheFaceless Posted July 19, 2018 Share Posted July 19, 2018 11 minutes ago, Serrin474 said: Two factor (only triggered when logging in from a new location) would also be nice. https://digitalextremes.zendesk.com/hc/en-us/articles/200287080-Account-Security On the bottom. 11 minutes ago, Serrin474 said: The fact is that if someone has physical access to my PC and has already bypassed my PCs security, then I have much bigger problems than my Warframe account being tampered with. Please consider allowing the client to store my password so that I can use a more complex password on my account. And how password storing are supposed to improve security? Isn't it more secure if it's only in your head? And if you have a habit to surf suspicious sites (which causes catching viruses that can stole your password) then it's your problem. Link to comment Share on other sites More sharing options...
Modeaus Posted July 20, 2018 Share Posted July 20, 2018 (edited) In this day and technological age we should be remembering different passwords for everything. When I was a kid back in the 80's/90's we had to remember all our friends phone numbers. I still remember most of them today. Even the first cell phones only let you save 10 numbers. Likewise I have many passwords for many things which I remember day to day without too much trouble the longest of which is I think 30 characters long. For work I have passwords I don't use often and are tricky to remember, like guids, so I keep them in Keepass. In short stop being so damn lazy or get a key safe. Quote The fact is that if someone has physical access to my PC and has already bypassed my PCs security, then I have much bigger problems than my Warframe account being tampered with. Please consider allowing the client to store my password so that I can use a more complex password on my account. No one is going to take your WF account from your PC. You're more likely to lose a password from an attack on another site when you used the same email and password to sign up because you're lazy. This happens. I lost a really old user/pass combo when Epic's Unreal site was hacked. I discovered that my email and pass from there were also the ones I used for an old Ebay account. No one stole my PC to get into Ebay, they just grabbed my info from a leaked list. That password has now been updated and it's not a problem. Finally you should look into password strength. Random characters aren't that tough. https://xkcd.com/936/ Edited July 20, 2018 by Modeaus Link to comment Share on other sites More sharing options...
NeithanDiniem Posted July 20, 2018 Share Posted July 20, 2018 Get a small book, write passwords down in it, dont lose it. You will still not need to remember the password for long term/little use passwords, but frankly if you are putting the password in often into a game, you should be remembering it. Link to comment Share on other sites More sharing options...
Insizer Posted July 20, 2018 Share Posted July 20, 2018 1 hour ago, Modeaus said: Finally you should look into password strength. Random characters aren't that tough. https://xkcd.com/936/ don't they try and crack passwords via words as well? I dunno, maybe I'm talking out of my crack. Link to comment Share on other sites More sharing options...
peterc3 Posted July 20, 2018 Share Posted July 20, 2018 1 minute ago, Insizer said: don't they try and crack passwords via words as well? I dunno, maybe I'm talking out of my crack. The key is to not just use a single word from the dictionary. That is the danger. Link to comment Share on other sites More sharing options...
Insizer Posted July 20, 2018 Share Posted July 20, 2018 Just now, peterc3 said: The key is to not just use a single word from the dictionary. That is the danger. I understand that Link to comment Share on other sites More sharing options...
AriesGreyscale Posted July 20, 2018 Share Posted July 20, 2018 4 hours ago, FollowTheFaceless said: suspicious sites Hahaha, I get the feeling you meant "pron", but I've caught more viruses from browsing Government websites (for varying reasons, and the DMV was the worst of them all) than I ever have from pron. (pron has a vested interest in not transmitting virii, and tend to go overkill on the anti-virus systems.) Among other "suspicious sites" are : Religion (even more virii than government) Conspiracy Hives (they try, but the other side is just better) and Anti-virus. (yes, McCrappee is still running virus laden ads on their own site, to try and garuntee a customer) As to the main topic of "passwords": I've long had great success with romanized words from non-latin derived languages. (if it has a latin-ish alphabet, it's right out, this easily allows for non-standard romanization) Add a short string of memorable to you numbers either before or after (but not yer sodding birthdate), and security is hard to beat. (for those places with asinine requirments, those are what password managers were meant for) True, nothing (realistic) will ever beat a 256-long string of hexadecimal, but remembering that level of insanity is why you're having a problem, right? Go simple, stupid even. Find a everyday phrase you like, and use it instead. Terrible example (if only because here it is being put on display): I mulch grineer for fun and Grofit! (my most sincere apologies to anyone who happens to have actually been using that, to my knowledge I thought it up on the spot) Link to comment Share on other sites More sharing options...
Sibernetika Posted July 20, 2018 Share Posted July 20, 2018 Most people have passwords, I have pass sentences Link to comment Share on other sites More sharing options...
(PSN)Deathscythex01 Posted July 20, 2018 Share Posted July 20, 2018 10 minutes ago, Sibernetika said: Most people have passwords, I have pass sentences pass sentences are so mainstream i use pass books Link to comment Share on other sites More sharing options...
Sibernetika Posted July 20, 2018 Share Posted July 20, 2018 1 minute ago, (PS4)Deathscythex01 said: pass sentences are so mainstream i use pass books With some sites having a 15 word limit those most be some short books... Or is it just the book title Link to comment Share on other sites More sharing options...
(PSN)Deathscythex01 Posted July 20, 2018 Share Posted July 20, 2018 1 minute ago, Sibernetika said: With some sites having a 15 word limit those most be some short books... Or is it just the book title more along the lines of a joke but not very funny ill see myself out the door *quietly walks out the door* Link to comment Share on other sites More sharing options...
Sibernetika Posted July 20, 2018 Share Posted July 20, 2018 3 minutes ago, (PS4)Deathscythex01 said: more along the lines of a joke but not very funny ill see myself out the door *quietly walks out the door* Too late, the joke already got my dad joke stamp of approval. Link to comment Share on other sites More sharing options...
MagPrime Posted July 20, 2018 Share Posted July 20, 2018 So...you want to make it easier for people that aren't you to access your account by having the game remember your login info? Brilliant. What could go wrong? Link to comment Share on other sites More sharing options...
AriesGreyscale Posted July 20, 2018 Share Posted July 20, 2018 (edited) 1 hour ago, MagPrime said: So...you want to make it easier for people that aren't you to access your account by having the game remember your login info? I know I shouldn't, but I just feel the need to respond to this one. To be clear, "the game" remembering your pass-word/phrase/number, doesn't actually need to involve the internet, except for the comparing of entered pass-word/phrase/number to the one stored on the server. Effectively, "the game" remembering it is a .txt (encrypted or otherwise) on the end-user's computer instructing the end-user portion of the game to auto-type the password. There are only 3 ways to "steal" a password in that circumstance. #1: A key-logger, which WARFRAME is currently vulnerable to, as is basically every program ever. (and the code causing the game to "remember" can actually be made immune to key-loggers, by the entered pass-word/phrase/number not going through the usual interface channels.) #2: A hack/crack of the server to get user's passwords. Again, warframe is at least a little vulnerable to this, and this is the option preferred by the types that want passwords, because they want them en-mass. #3: Physical access to the end-user's computer. This is the least likely scenario, and is the only one made more vulnerable by "the game" remembering the pass-word/phrase/number. As others have outright stated, if scum have physical access to your PC/PoS4/Xboner, then you've got a bigger problem than them "maybe" stealing your account, because they've broken into your house/car and stolen your computer, and probably everything else too. Having "the game" remember is exactly equivalent to writing said password on a post-it and sticking it to the edge of the monitor, then just typing whatever the post-it says. EDIT: I forgot about friends with physical access: This is a special case, in that, if you can't trust your friends, then you need to get new friends and/or keep them away from your hardware. College students are another special case, but if you can't trust your dorm-mate, file yer sodding greivance and move out. Edited July 20, 2018 by AriesGreyscale added a scenario for clarification Link to comment Share on other sites More sharing options...
Shalath Posted July 20, 2018 Share Posted July 20, 2018 Use something like "game name or abbreviation" dot "my weak password" and a symbol like ! or something. WF.blah+# is easy to remember, fairly strong and means you don't have the same password for everything. Link to comment Share on other sites More sharing options...
Oreades Posted July 20, 2018 Share Posted July 20, 2018 Counterpoint, not forcing me to type my password in every time causes me to always forget my passwords. Link to comment Share on other sites More sharing options...
ScribbleClash Posted July 20, 2018 Share Posted July 20, 2018 3 hours ago, Shalath said: Use something like "game name or abbreviation" dot "my weak password" and a symbol like ! or something. WF.blah+# is easy to remember, fairly strong and means you don't have the same password for everything. Great idea suggesting a format, makes it bruteforcing the password way faster. <hr /> Appart from minimal password complexity and length rules, there technically is nothing a provider has to do. It then is in the users governance, to either use a secure password, or one that they feel is being convenient. The one issue I have, is that the password for the administration of your account, forums and profile, is the same as the one used ingame. The "two-factor"-authentication allows you, at the very least, to have a secondary password (your e-mail accounts password) to protect your data. I'd rather have a more proper authenticator in the warframe app. Users will always be lazy when it comes to security - until it is too late. What many don't want to agree on then, is that it was their own fault. You do your thing with using a less secure password for your convenience. In my eyes, that is not the part that needs to be fixed. Link to comment Share on other sites More sharing options...
BoomyGordo Posted July 20, 2018 Share Posted July 20, 2018 (edited) 7 hours ago, AriesGreyscale said: There are only 3 ways to "steal" a password in that circumstance. #1: A key-logger, which WARFRAME is currently vulnerable to, as is basically every program ever. (and the code causing the game to "remember" can actually be made immune to key-loggers, by the entered pass-word/phrase/number not going through the usual interface channels.) #2: A hack/crack of the server to get user's passwords. Again, warframe is at least a little vulnerable to this, and this is the option preferred by the types that want passwords, because they want them en-mass. #3: Physical access to the end-user's computer. This is the least likely scenario, and is the only one made more vulnerable by "the game" remembering the pass-word/phrase/number. You skipped over trojan's, worms, and other virus/bugs that would look for exactly what you just talked about. Some warframe accounts are extremely lucrative to try and get into, its not worth the added risk. Just get last pass. it can enter passwords into fullscreen games for you Edit: you covered friends with physical access in point 3. Edited July 20, 2018 by --Laughing-Soul-- Link to comment Share on other sites More sharing options...
Gandergear Posted July 20, 2018 Share Posted July 20, 2018 14 hours ago, Modeaus said: In this day and technological age we should be remembering different passwords for everything. When I was a kid back in the 80's/90's we had to remember all our friends phone numbers. I still remember most of them today. You didnt just write them down like literally everyone else? Link to comment Share on other sites More sharing options...
-InV-igo95862 Posted July 20, 2018 Share Posted July 20, 2018 9 hours ago, AriesGreyscale said: Effectively, "the game" remembering it is a .txt (encrypted or otherwise) on the end-user's computer instructing the end-user portion of the game to auto-type the password. It does not need to remember the password in plain text. Just session token. Link to comment Share on other sites More sharing options...
Modeaus Posted July 20, 2018 Share Posted July 20, 2018 5 hours ago, Gandergear said: You didnt just write them down like literally everyone else? Well we had a phone book but that's not much good when you're in town and need a ride. So yeah I can still remember a dozen or so numbers from when I was 16. After that cell phones became a thing and I stopped bothering to even remember my own number! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now