Lobby: Up
Online: 60
Sync Range: 40
* FAQ    * Search
It is currently Thu Mar 28, 2024 1:44 pm

All times are UTC




Post new topic  Reply to topic  [ 39 posts ]  Go to page Previous 1 2 3 4 Next

How do you want to secure your account?
I'm a man, and use real secure passwords that aren't password1 43%  43%  [ 43 ]
I would prefer to generate a one time password. 18%  18%  [ 18 ]
I would prefer to manually authorize my login each time. 40%  40%  [ 40 ]
Total votes: 101
Author Message
PostPosted: Fri Oct 04, 2019 1:09 pm 
Offline

Joined: Wed Apr 03, 2019 2:40 am
Posts: 177
Boötes wrote:
I like the one-time idea, but in the meantime, if you're worried that your password is weak, something like this will give you a decent alphanumeric string, so that you're safer from brute force/dictionary attacks. Although, it's probably an exploit somewhere else.

https://www.random.org/passwords/


Brute force and dictionary attacks are easy to mitigate against. I would not worry about these as much as long as you have a long, complex password.

Here's some food for the 'old mind. You know all those emails and notifications that we're all used to seeing, regarding databases that are compromised, where hackers from xyz were able to get the records etc for millions of people? But companies say you have nothing to worry about because the data is encrypted and safe? The reality is -- your data is not safe.

There are warehouses in places like China, Russia, etc where the only objective us to get as much data dumps, they don't care about encryption or not because every single encryption algorithm that is used today is vulnerable -- it just takes time to crack it ith today's computing efforts -- but once quantum computing becomes an actual thing then all that data is cracked in sometimes minutes. Scary stuff.

Not to get off-topic (I apologize - this is a topic I hold dear), any option suggested here is better than not having any at all.

_________________
Image


Top
   
PostPosted: Fri Oct 04, 2019 2:15 pm 
Offline
User avatar

Joined: Thu Mar 08, 2018 3:50 pm
Posts: 273
Is there any increased risk associated with having a complex password that is saved into the Ashita launcher?

I'm all for making my password something like: SDG$$^^Y#bfdg21G2%677&&re34Fbanana but it'll sure be a pain in the butt if I have to type it in every time.


Top
   
PostPosted: Fri Oct 04, 2019 2:30 pm 
Offline

Joined: Mon Oct 08, 2018 7:27 am
Posts: 212
seventythree19 wrote:
Is there any increased risk associated with having a complex password that is saved into the Ashita launcher?

I'm all for making my password something like: SDG$$^^Y#bfdg21G2%677&&re34Fbanana but it'll sure be a pain in the butt if I have to type it in every time.

I think it's limited to 15 characters, but other than that I don't see why not.

I like the #2 option. If they figure out how to bypass the game password system like last year, passwords won't matter. If they manage to access my forum account then it won't matter either way. But if I keep my forum account locked down, I wouldn't have to worry about unauthorized access because it would only be accessible when I said it was ok. However I would make a suggestion to not have to reauthorize after dc or game crash. I don't know how hard that would be.

I would like to inquire about changing login names for game accounts though. I made some poor choices.


Top
   
PostPosted: Fri Oct 04, 2019 2:37 pm 
Offline

Joined: Wed Aug 14, 2019 9:57 pm
Posts: 775
This doesn't really seem to address the fact that forum accounts are usually what is compromised, but I guess it's better than nothing..

_________________
yikes


Top
   
PostPosted: Fri Oct 04, 2019 2:51 pm 
Offline
User avatar

Joined: Sat Dec 03, 2016 2:23 am
Posts: 1139
wow sexist poll bro :lol:

_________________
Image
Image
Image
Image
Image


Top
   
PostPosted: Fri Oct 04, 2019 2:59 pm 
Offline

Joined: Sat Mar 03, 2018 8:28 pm
Posts: 604
A system like ffxiv where u can set up a token pw and authorization from the non current ip would be sick XD


Top
   
PostPosted: Fri Oct 04, 2019 3:01 pm 
Offline

Joined: Wed Apr 03, 2019 2:40 am
Posts: 177
seventythree19 wrote:
Is there any increased risk associated with having a complex password that is saved into the Ashita launcher?

I'm all for making my password something like: SDG$$^^Y#bfdg21G2%677&&re34Fbanana but it'll sure be a pain in the butt if I have to type it in every time.


Depends on how passwords are stored within Ashita Launcher. For example, you can have a complex password such as that -- yet if you have your browser, as an example, "remember password" etc then ... if your computer gets compromised and they are able to grab that -- then you're screwed. There's a reason why password managers exist.

_________________
Image


Top
   
PostPosted: Fri Oct 04, 2019 3:07 pm 
Offline

Joined: Sun Jun 17, 2018 11:24 pm
Posts: 767
Zigma wrote:
cthalupa wrote:
I like #2, but adding one time password for site login would also be something I would like. Combine the two and it should be super secure.



I am ... about anything that uses this forum for handling authentication. PhpBB is notorious for having exploits and vulnerabilities. Unfortunately, 2FA/MFA authentication platforms aren't free .. some aren't even cheap.

Google's is free

_________________
PhD Shitposting 2037 | Cthalupa 75 BLM BRD RNG RDM WAR | Cathatwopa 75 NIN THF BLU BRD PLD

http://rfklinkshell.com/


Top
   
PostPosted: Fri Oct 04, 2019 3:15 pm 
Offline

Joined: Wed Apr 03, 2019 2:40 am
Posts: 177
cthalupa wrote:
Zigma wrote:
cthalupa wrote:
I like #2, but adding one time password for site login would also be something I would like. Combine the two and it should be super secure.



I am ... about anything that uses this forum for handling authentication. PhpBB is notorious for having exploits and vulnerabilities. Unfortunately, 2FA/MFA authentication platforms aren't free .. some aren't even cheap.

Google's is free


lol, yes. I've never used Google but you can use something like freeradius/google's pam but in order to do that -- you'll still need something to hook it into it. In other words, Nasomi's authentication method would need to support, say, RADIUS, in order for such a thing to work.

_________________
Image


Top
   
PostPosted: Fri Oct 04, 2019 3:24 pm 
Offline

Joined: Sun Jun 17, 2018 11:24 pm
Posts: 767
Zigma wrote:
cthalupa wrote:
Zigma wrote:


I am ... about anything that uses this forum for handling authentication. PhpBB is notorious for having exploits and vulnerabilities. Unfortunately, 2FA/MFA authentication platforms aren't free .. some aren't even cheap.

Google's is free


lol, yes. I've never used Google but you can use something like freeradius/google's pam but in order to do that -- you'll still need something to hook it into it. In other words, Nasomi's authentication method would need to support, say, RADIUS, in order for such a thing to work.

No you don't. You can add Google Authenticator support incredibly easily to just about anything. Google Auth codes are just RFC6238 and HMAC - you don't need PAM or RADIUS or any other sort of heavyweight auth method to support it.

There's a bunch of existing RFC6238 implementations for PHP and basically every other language that would be very easy to adapt. e.g. https://github.com/mindgruve/two-factor-authentication / https://github.com/Voronenko/PHPOTP/wik ... entication

_________________
PhD Shitposting 2037 | Cthalupa 75 BLM BRD RNG RDM WAR | Cathatwopa 75 NIN THF BLU BRD PLD

http://rfklinkshell.com/


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 39 posts ]  Go to page Previous 1 2 3 4 Next

All times are UTC


Who is online

Users browsing this forum: No registered users and 66 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Limited