BigMama Posted September 10, 2017 Share Posted September 10, 2017 i think you guyz should add 2 step verification because of reasons Link to comment Share on other sites More sharing options...
Lethys Posted September 10, 2017 Share Posted September 10, 2017 Care to elaborate? Link to comment Share on other sites More sharing options...
BigMama Posted September 10, 2017 Author Share Posted September 10, 2017 2 minutes ago, Lethys said: Care to elaborate? your a ruby founder right and that is expensive so how would you feel if someone stole your account and fucked everything for you. like your reputation or destroying your origination. you just go to think about it man. i said "reason" because most of it is the obvious reasons Link to comment Share on other sites More sharing options...
Shadow Posted September 10, 2017 Share Posted September 10, 2017 Hi there, Even though I do support a correct two-factors authentication (ie: using standard applications, not SMS and secure the whole connexion, not like other games ahem...), we first need a game before trying to secure it ;). In other words, think about it, think how to do it right, but it is not a priority, for now. Side note: if you are using a strong and dedicated password (16+ random letters and numbers) and never give it to anyone, two-factors authentication would only prevent the theft of your password if your computer was compromised, maybe. So, if you are worried about the security of your account, use a strong password and never use it on another application, that's the first and main measure to take. Hint: Nobody knows my DU password (not even me). It is a random string of 30 characters stored encrypted in my KeePass database (as all of my other passwords) which I copy/paste when needed. I'm using two-factors authentication for only one think: my main google account which has a "weaker" password which I do remember (still 16 characters long). Regards, Shadow Link to comment Share on other sites More sharing options...
Lethys Posted September 10, 2017 Share Posted September 10, 2017 5 hours ago, BigMama said: your a ruby founder right and that is expensive so how would you feel if someone stole your account and fucked everything for you. like your reputation or destroying your origination. you just go to think about it man. i said "reason" because most of it is the obvious reasons Gl trying to hack a 22 character pw. Everyone who uses less than 10 characters these days is just plain stupid. So yeah, if they do it: hooray If they don't do it: hooray Link to comment Share on other sites More sharing options...
Anaximander Posted September 10, 2017 Share Posted September 10, 2017 39 minutes ago, Lethys said: Gl trying to hack a 22 character pw. Everyone who uses less than 10 characters these days is just plain stupid. So yeah, if they do it: hooray If they don't do it: hooray I am so proud of you. I wept. Link to comment Share on other sites More sharing options...
Lethys Posted September 10, 2017 Share Posted September 10, 2017 2 minutes ago, CaptainTwerkmotor said: I am so proud of you. I wept. Hahaha Link to comment Share on other sites More sharing options...
Haunty Posted September 10, 2017 Share Posted September 10, 2017 Hacking your email account (used to reset your password) is more likely than hacking your password. 2-factor would help in that event, but you really want to make sure your email is secure and maybe use 2 factor on it, if available. Just in case you mess up and fall for a phishing scam. Shadow 1 Link to comment Share on other sites More sharing options...
Kuritho Posted September 10, 2017 Share Posted September 10, 2017 I think Dual-Email (hehe) would be great. Requiring both emails if you want to change your password, post, ect.; You can use your primary email just to view. Mini-RDMS maybe? Link to comment Share on other sites More sharing options...
CaptainQuoth Posted September 10, 2017 Share Posted September 10, 2017 If implemented please ensure there is a way to change the phone number used for two step verification.One game I play the only way to change the phone number is to enter a code sent to the old phone number.... Link to comment Share on other sites More sharing options...
Groogy Posted September 11, 2017 Share Posted September 11, 2017 18 hours ago, Lethys said: Gl trying to hack a 22 character pw. Everyone who uses less than 10 characters these days is just plain stupid. So yeah, if they do it: hooray If they don't do it: hooray As long as that password is also unique across sites, your email isn't compromised and as long as you are not exposed to some phishing technique or whatever. Length in this case only matters in case if someone is trying to brute force. The 2 step verification on Steam saved me just recently which was surprising for me since I also trusted in my long really scrambled password. Link to comment Share on other sites More sharing options...
Veln Posted September 11, 2017 Share Posted September 11, 2017 A 22 char password isn't gonna stop some dude with a botnet from brute forcing you XD It may take a month, but it'd be pretty inconvenient to have to change your password every month 2-Step Verification makes you essentially "brute force proof" in that they would have to have access to your text messages/e-mail/authenticator in addition to the brute force to get in. That, or figure out what your IP is and spoof it so the server thinks you're connecting from the same place you usually do (2-step usually only kicks in if you log in from a new or unusual location). But imo it won't matter till the game is out. I mean, what are they going to do if they hack you right now? Make forum posts? Join an org? XD There isn't much they could do at this point. GunDeva 1 Link to comment Share on other sites More sharing options...
Lethys Posted September 11, 2017 Share Posted September 11, 2017 that net better be big for those 10^21 combinations of a mixed serial # Link to comment Share on other sites More sharing options...
Shadow Posted September 11, 2017 Share Posted September 11, 2017 1 hour ago, Vellnn said: A 22 char password isn't gonna stop some dude with a botnet from brute forcing you XD It may take a month, but it'd be pretty inconvenient to have to change your password every month 2-Step Verification makes you essentially "brute force proof" in that they would have to have access to your text messages/e-mail/authenticator in addition to the brute force to get in. That, or figure out what your IP is and spoof it so the server thinks you're connecting from the same place you usually do (2-step usually only kicks in if you log in from a new or unusual location). But imo it won't matter till the game is out. I mean, what are they going to do if they hack you right now? Make forum posts? Join an org? XD There isn't much they could do at this point. With strong authentication, you indeed cannot brut-force the password. Though, even the largest botnet won't find a 22 chars password before a very long time: -> Combinations amount for a 22 long password with numbers, lower and uppercase characters are about (10+26+26)^22 -> Divide by 60*60*24*365 and you obtain something like 9 x 10^30 years (at ten requests per second). -> Even with thousands of machines, it will take ages... and that's not even counting special chars. -> Anyway, you will DDOS the game faster than you will find a correct password. 2FA (two factors authentication) does prevent you from phishing attempts and is a good security practice. However, 2FA or not, you should never give your password to anyone, even if a verified NQ employee requests it. The only exception is if a US customs officer asks you to unlock your account (you may refuse, but it is probably not a good idea). In this case, make sure to change all your passwords whenever possible (yes, I said "ALL"). Regards, Shadow GunDeva 1 Link to comment Share on other sites More sharing options...
Haunty Posted September 11, 2017 Share Posted September 11, 2017 1 hour ago, Shadow said: The only exception is if a US customs officer asks you to unlock your account (you may refuse, but it is probably not a good idea). My plan is this: wipe phone/tablet before going through customs. Go ahead and give them access to the blank phone/tablet. For anything else just say "I don't have my passwords memorized, they're saved on my computer at home." Link to comment Share on other sites More sharing options...
Chuckinator Posted September 11, 2017 Share Posted September 11, 2017 Actually this is better for the community , because the people who have invest ALOT of money may not feel safe , maybe 2 email verification would be appropriate , or even phone security idk but security should increase somehow i approve with you Link to comment Share on other sites More sharing options...
Kuritho Posted September 11, 2017 Share Posted September 11, 2017 1 hour ago, Lenux said: Actually this is better for the community , because the people who have invest ALOT of money may not feel safe , maybe 2 email verification would be appropriate , or even phone security idk but security should increase somehow i approve with you Me trying to find out my own password after not writing it down *Yes, I still know my password. It's kinda long Chuckinator 1 Link to comment Share on other sites More sharing options...
Guest Posted September 11, 2017 Share Posted September 11, 2017 Google 2-Step Verification is easy, reliable and free Link to comment Share on other sites More sharing options...
yamamushi Posted September 11, 2017 Share Posted September 11, 2017 8 hours ago, Shadow said: The only exception is if a US customs officer asks you to unlock your account (you may refuse, but it is probably not a good idea). In this case, make sure to change all your passwords whenever possible (yes, I said "ALL"). I would never let US Customs onto my computer, nor would I give them my password ever. I would deal with the consequences and miss my connecting flight and every other ordeal that they would put me through (jail even), but there is no way they would ever get me to just give up my password to them willingly. There are just some things I am too principled about to give up over threats of incarceration When I go overseas, I always fly with a heavy dose of encryption and obfuscation so that there are very few people on the planet who are getting access to my data. Kael and poocallah 2 Link to comment Share on other sites More sharing options...
AlexCout Posted September 13, 2017 Share Posted September 13, 2017 On 12/09/2017 at 1:27 AM, yamamushi said: I would never let US Customs onto my computer, nor would I give them my password ever. I would deal with the consequences and miss my connecting flight and every other ordeal that they would put me through (jail even), but there is no way they would ever get me to just give up my password to them willingly. There are just some things I am too principled about to give up over threats of incarceration When I go overseas, I always fly with a heavy dose of encryption and obfuscation so that there are very few people on the planet who are getting access to my data. If you really don't want people to get your data... (have fun) yamamushi and Veln 2 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now