Forcing me to enter my password every time I log in causes me to use a less secure password.

[Serrin474]

My password for the other MMO I play is extremely long and complicated and filled with random numbers and characters because I don't have to remember it. It's stored in a password manager in case I need it but that only comes up rarely.

Warframe requires me to enter my password every time I log in, thus it has to be something I can remember and type out in a reasonable amount of time and with a reasonable amount of effort. Because of this my password for your game is significantly less complex and shorter than my password for games that remember the password.

The vast majority of MMO "intrusions" come from online attacks by people who don't have direct access to the hardware of the person they're attacking. You probably already recognize this on consoles (I haven't played on console but I'd be surprised if you require users to enter their password every time they want to play from a console).

The fact is that if someone has physical access to my PC and has already bypassed my PCs security, then I have much bigger problems than my Warframe account being tampered with. Please consider allowing the client to store my password so that I can use a more complex password on my account.

Two factor (only triggered when logging in from a new location) would also be nice.

[JuanS]

Copy/paste

[FollowTheFaceless]

11 minutes ago, Serrin474 said:

Two factor (only triggered when logging in from a new location) would also be nice.

https://digitalextremes.zendesk.com/hc/en-us/articles/200287080-Account-Security

On the bottom.

 

11 minutes ago, Serrin474 said:

The fact is that if someone has physical access to my PC and has already bypassed my PCs security, then I have much bigger problems than my Warframe account being tampered with. Please consider allowing the client to store my password so that I can use a more complex password on my account.

And how password storing are supposed to improve security? Isn't it more secure if it's only in your head? And if you have a habit to surf suspicious sites (which causes catching viruses that can stole your password) then it's your problem.

[Modeaus]

In this day and technological age we should be remembering different passwords for everything. When I was a kid back in the 80's/90's we had to remember all our friends phone numbers. I still remember most of them today. Even the first cell phones only let you save 10 numbers. Likewise I have many passwords for many things which I remember day to day without too much trouble the longest of which is I think 30 characters long. For work I have passwords I don't use often and are tricky to remember, like guids, so I keep them in Keepass.  

In short stop being so damn lazy or get a key safe. 

Quote

The fact is that if someone has physical access to my PC and has already bypassed my PCs security, then I have much bigger problems than my Warframe account being tampered with. Please consider allowing the client to store my password so that I can use a more complex password on my account.

No one is going to take your WF account from your PC. You're more likely to lose a password from an attack on another site when you used the same email and password to sign up because you're lazy. This happens. I lost a really old user/pass combo when Epic's Unreal site was hacked. I discovered that my email and pass from there were also the ones I used for an old Ebay account. No one stole my PC to get into Ebay, they just grabbed my info from a leaked list. That password has now been updated and it's not a problem. 

Finally you should look into password strength. Random characters aren't that tough. 

https://xkcd.com/936/

Edited July 20, 2018 by Modeaus

[NeithanDiniem]

Get a small book, write passwords down in it, dont lose it. You will still not need to remember the password for long term/little use passwords, but frankly if you are putting the password in often into a game, you should be remembering it.

[Insizer]

1 hour ago, Modeaus said:

Finally you should look into password strength. Random characters aren't that tough. 

https://xkcd.com/936/

don't they try and crack passwords via words as well?  I dunno, maybe I'm talking out of my crack.

[peterc3]

1 minute ago, Insizer said:

don't they try and crack passwords via words as well?  I dunno, maybe I'm talking out of my crack.

The key is to not just use a single word from the dictionary. That is the danger.

[Insizer]

Just now, peterc3 said:

The key is to not just use a single word from the dictionary. That is the danger.

I understand that

[AriesGreyscale]

4 hours ago, FollowTheFaceless said:

suspicious sites

Hahaha, I get the feeling you meant "pron", but I've caught more viruses from browsing Government websites (for varying reasons, and the DMV was the worst of them all) than I ever have from pron.
(pron has a vested interest in not transmitting virii, and tend to go overkill on the anti-virus systems.)

Among other "suspicious sites" are : Religion (even more virii than government) Conspiracy Hives (they try, but the other side is just better) and Anti-virus. (yes, McCrappee is still running virus laden ads on their own site, to try and garuntee a customer)


As to the main topic of "passwords":

I've long had great success with romanized words from non-latin derived languages. (if it has a latin-ish alphabet, it's right out, this easily allows for non-standard romanization)
Add a short string of memorable to you numbers either before or after (but not yer sodding birthdate), and security is hard to beat. (for those places with asinine requirments, those are what password managers were meant for)

True, nothing (realistic) will ever beat a 256-long string of hexadecimal, but remembering that level of insanity is why you're having a problem, right?
Go simple, stupid even. Find a everyday phrase you like, and use it instead.

Terrible example (if only because here it is being put on display):
I mulch grineer for fun and Grofit!
(my most sincere apologies to anyone who happens to have actually been using that, to my knowledge I thought it up on the spot)

[Sibernetika]

Most people have passwords, I have pass sentences 

[(PSN)Deathscythex01]

10 minutes ago, Sibernetika said:

Most people have passwords, I have pass sentences 

pass sentences are so mainstream i use pass books

[Sibernetika]

1 minute ago, (PS4)Deathscythex01 said:

pass sentences are so mainstream i use pass books

With some sites having a 15 word limit those most be some short books... Or is it just the book title 

[(PSN)Deathscythex01]

1 minute ago, Sibernetika said:

With some sites having a 15 word limit those most be some short books... Or is it just the book title 

more along the lines of a joke but not very funny ill see myself out the door *quietly walks out the door*

[Sibernetika]

3 minutes ago, (PS4)Deathscythex01 said:

more along the lines of a joke but not very funny ill see myself out the door *quietly walks out the door*

Too late, the joke already got my dad joke stamp of approval. 

[MagPrime]

So...you want to make it easier for people that aren't you to access your account by having the game remember your login info?

Brilliant. 

What could go wrong?

[AriesGreyscale]

1 hour ago, MagPrime said:

So...you want to make it easier for people that aren't you to access your account by having the game remember your login info?

I know I shouldn't, but I just feel the need to respond to this one.

To be clear, "the game" remembering your pass-word/phrase/number, doesn't actually need to involve the internet, except for the comparing of entered pass-word/phrase/number to the one stored on the server.

Effectively, "the game" remembering it is a .txt (encrypted or otherwise) on the end-user's computer instructing the end-user portion of the game to auto-type the password.

There are only 3 ways to "steal" a password in that circumstance.
#1: A key-logger, which WARFRAME is currently vulnerable to, as is basically every program ever. (and the code causing the game to "remember" can actually be made immune to key-loggers, by the entered pass-word/phrase/number not going through the usual interface channels.)
#2: A hack/crack of the server to get user's passwords. Again, warframe is at least a little vulnerable to this, and this is the option preferred by the types that want passwords, because they want them en-mass.
#3: Physical access to the end-user's computer. This is the least likely scenario, and is the only one made more vulnerable by "the game" remembering the pass-word/phrase/number.
As others have outright stated, if scum have physical access to your PC/PoS4/Xboner, then you've got a bigger problem than them "maybe" stealing your account, because they've broken into your house/car and stolen your computer, and probably everything else too.

Having "the game" remember is exactly equivalent to writing said password on a post-it and sticking it to the edge of the monitor, then just typing whatever the post-it says.

 

EDIT: I forgot about friends with physical access:
This is a special case, in that, if you can't trust your friends, then you need to get new friends and/or keep them away from your hardware.
College students are another special case, but if you can't trust your dorm-mate, file yer sodding greivance and move out.

Edited July 20, 2018 by AriesGreyscale
added a scenario for clarification

[Shalath]

Use something like "game name or abbreviation" dot "my weak password" and a symbol like ! or something. WF.blah+# is easy to remember, fairly strong and means you don't have the same password for everything.

[Oreades]

Counterpoint, not forcing me to type my password in every time causes me to always forget my passwords. 

[ScribbleClash]

3 hours ago, Shalath said:

Use something like "game name or abbreviation" dot "my weak password" and a symbol like ! or something. WF.blah+# is easy to remember, fairly strong and means you don't have the same password for everything.

Great idea suggesting a format, makes it bruteforcing the password way faster.

<hr />

Appart from minimal password complexity and length rules, there technically is nothing a provider has to do. It then is in the users governance, to either use a secure password, or one that they feel is being convenient.
The one issue I have, is that the password for the administration of your account, forums and profile, is the same as the one used ingame.
The "two-factor"-authentication allows you, at the very least, to have a secondary password (your e-mail accounts password) to protect your data. I'd rather have a more proper authenticator in the warframe app.

Users will always be lazy when it comes to security - until it is too late. What many don't want to agree on then, is that it was their own fault. You do your thing with using a less secure password for your convenience. In my eyes, that is not the part that needs to be fixed.

[BoomyGordo]

7 hours ago, AriesGreyscale said:

There are only 3 ways to "steal" a password in that circumstance.
#1: A key-logger, which WARFRAME is currently vulnerable to, as is basically every program ever. (and the code causing the game to "remember" can actually be made immune to key-loggers, by the entered pass-word/phrase/number not going through the usual interface channels.)
#2: A hack/crack of the server to get user's passwords. Again, warframe is at least a little vulnerable to this, and this is the option preferred by the types that want passwords, because they want them en-mass.
#3: Physical access to the end-user's computer. This is the least likely scenario, and is the only one made more vulnerable by "the game" remembering the pass-word/phrase/number.

You skipped over trojan's, worms, and other virus/bugs that would look for exactly what you just talked about.

Some warframe accounts are extremely lucrative to try and get into, its not worth the added risk. Just get last pass. it can enter passwords into fullscreen games for you

 

Edit: you covered friends with physical access in point 3.

Edited July 20, 2018 by --Laughing-Soul--

[Gandergear]

14 hours ago, Modeaus said:

In this day and technological age we should be remembering different passwords for everything. When I was a kid back in the 80's/90's we had to remember all our friends phone numbers. I still remember most of them today.

You didnt just write them down like literally everyone else?

[-InV-igo95862]

9 hours ago, AriesGreyscale said:

Effectively, "the game" remembering it is a .txt (encrypted or otherwise) on the end-user's computer instructing the end-user portion of the game to auto-type the password.

It does not need to remember the password in plain text. Just session token.

[Modeaus]

5 hours ago, Gandergear said:

You didnt just write them down like literally everyone else?

Well we had a phone book but that's not much good when you're in town and need a ride. So yeah I can still remember a dozen or so numbers from when I was 16. After that cell phones became a thing and I stopped bothering to even remember my own number!