Warning To All Players - Read This!

[Platyna]

There was a topic here posted by Learner but got deleted, people are asking me to repost my hints

about password security, so I am doing it:

 

Moderators are receiving alot of complaints because of stolen in game accounts. If you are lucky you will

"wake up" in the Underworld with empty storage, if you are not lucky then you will get message "You

doesn't exist" while trying to log in. There are currently no other method to get your your password than

guessing it. So there are few hints...

 

Mainly don't use password same or simmilar to your username, it will be first combination which will be

used to guess your password by even most stupid script kiddie. Also passwords should consist of 6 to

8 characters including one or more from each of following sets:

- Lower case alphabetics

- Upper case alphabetics

- Digits 0 thru 9

- Punctuation marks

 

In any system, no matter if this is a game server or your bank account managment compromises in

password security normally result from careless password selection or handling. For this reason, you

should not select a password which appears in a dictionary or which must be written down.

The password should also not be a proper name, your license number, birth date, or street address.

Any of these may be used as guesses

 

Your password must easily remembered so that you will not be forced to write it on a piece of paper.

This can be accomplished by appending two small words together and separating each with a special

character or digit. For example, Pass%word.

 

Other methods of construction involve selecting an easily remembered phrase from literature and

selecting the first or last letter from each word. An example of this is:

Ask not for whom the bell tolls.

which produces:

An4wtbt.

 

You may be reasonably sure few crackers will have included this in their dictionaries. You should,

however, select your own methods for constructing passwords and not rely exclusively on the methods

given here.

 

Well, this is probably even moe than you need to secure your game account anyway, if you will follow

that instruction you will always, everywhere create yourself a secure password so you can, in the future,

avoid alot more serious consequences than only loosing few items in game.

 

After you will think, and get good password you may change it in game using command #change_pass:

#change_pass old_password new_password

 

Be careful while typing this command to not make mistake like typo, because then your current password

can be sent to local chat. If you type only #change_pass it will show you a help message.

 

Regards.

[The_Piper]

Hmm, teh banned 0n3, good post.

 

Some other thoughts.

 

Dont use only one password for your EL login, the login to EL forums, for your freemail account and your bank login. etc.pp.

 

Use different passwords because if someone managed it to break your login at forums, s/he has acces to your EL account, your freemail account, your bank account.

 

Dont use passwords which are simple words, because if someone uses a dictionary to crack passwords s/he will get you.

 

The password "cat" for example will be found in nearly every word list or dictionary and if someone tries to crack accounts with word lists, you are not safe.

 

The password "MyCat" is a little bit harder. it wont appear in every online dictionary or word list.

 

And the password "My_Cat" or "My$Cat" or "my___$$$___cat" is still easy to remember, but the chance that it can be cracked by a brute force attack with dictionaries/word lists is really poor.

 

An other idea is, of course, changing your password periodically, maybe every week, every month. If you do that, dont use passwords with the date in it. Be creative.

 

For me as a whisky and wine lover, i would choose an easy to remember combination of whisky and wine brands + some extra chars. Maybe &&glenfiddich__ or M$E$r$L/o/t.

 

So, DONT choose periodically passwords like 09Sep09, combine it with your favorite drink/food/football club of the month. Every month a new drink/food/sport/country or what ever you like. But dont use numbers/words related to dates. Thats too easy to guess.

 

 

Piper

[Platyna]

Any good, on topic suggestion is very welcome The_Piper. Thanks.

 

Regards.

[Wytter]

Personally I prefer using alphanumeric passwords from the output of /dev/urandom

 

For all GNU/Linux-users, here's a password generator that uses /dev/urandom:

 

$ dd if=/dev/urandom count=1 2> /dev/null | uuencode -m - | head -n 2 | tail -n 1 | cut -c-8

If you want more or less characters than 8, change the last cut to cut -c-<number> :-)

[Platyna]

Well Wytter is isn't good suggestion for the person who just started in world of passwords and codes

because people will write their passwords down, and the main thing is "easy to remember, difficould to

guess".

 

Regards.

[Placid]

Another way to create a good password is using this method:

 

1.) Choose a sentance. e.g. I have A Pet Named Bob

2.) Select all the first letters of each word: ihapnb

3.) Add two numbers to the sequence created in 2.): ihapnb19

4.) Use that password: ihapnb19

 

This way you create a unique password and it is reletively easy to remember.

 

 

Hope that helps in addition to previous suggestions.

[Wytter]

Well Wytter is isn't good suggestion for the person who just started in world of passwords and codes

because people will write their passwords down, and the main thing is "easy to remember, difficould to

guess".

 

Regards.

A person who just started in the world of passwords is not likely to use GNU/Linux anyway ;-) Let's call the above a suggestion to power users who just wants to automate password generation :0)

[Platyna]

Oh you are wrong Wytter, I know people who was windoze users, got trojaned and installed Mandrake.

But I agree, lets call it hint for power users. ;-)

 

Regards.

[Fizban]

I played a game called priston tale from beta to p2p. Still have a account with them. They had a huge promble with people hacking passwords. Everyday someone whould log in and find their char. stripped. Luckly it never happend to me.

Some of the steps I took to pervent hacking.

1.I didn't show off; people who sit there and talk about all the cool stuff they have are making themselves a tragert.

2.I changed my pass everyonce and awhile.

3.The biggest promble was keyloggers. People would make post like 'free pt clenit" or "In game lvl hack". People would download the bogus softwear and it would load a trojan and a keymapper in thier pc. That would upload thier key storkes to the hacker. I am not saying that that is a promble here but as game grow and gain players it gains more hackers. So just becareful, run a vrius scann on all thing downloaded and run a firewall.

 

The biggest thing the help cut down the number of hackers was the community.

Hacker use to sit there in the markert and sell their hacked potions and weapons. But people started to give them hell, yelling and curssing at them than reporting them to the adims. People just ran them out of town.

 

p.s. Priston is a great game. They cut into the hackers hard. Just didn't want anyone to be turned off from pt from my post.

[Aragorn1-Real]

sorry i say this plats but i have a friend that knows my pass and he use it for helping me on things so this is somethings stupids but its a good system for real crackers to stop them

[Kaosaur]

I was bored and decided to expand a little bit on the command that Wytter provided so check it out:

 

This is for GNU/Linux users. Sorry for the rest of you folks.

 

#!/bin/bash
#
# This command generates a random password of a specified 
# length and optionally appends it to a file.
#
# Format is as follows:
# ./passwordgenerator.sh length_in_digits
# for example
# ./passwordgenerator.sh 12
# gives a 12 digit password
# additionally
# ./passwordgenerator.sh length_in_digits description_nospaces filename
# for example
# ./passwordgenerator.sh 12 EternalLandsPassword KEYRING
# will output the random 12 character password to the file KEYRING
# in the form of "EternalLandsPassword --> password"

if [ -n "$1" ]
then
 if [ -n "$2" ]
 then 
   if [ -n "$3" ]
   then
     if [ -e "$3" ]
     then
       if [ -w "$3" ]
       then      
         passkey=`dd if=/dev/urandom count=1 2> /dev/null | uuencode -m - | head -n 2 | tail -n 1 | cut -c-$1`
         echo $passkey
         echo $2 "-->" $passkey >> $3
       else
       echo "Error: File $3 is not writable."
       fi
     else
       touch $3
       passkey=`dd if=/dev/urandom count=1 2> /dev/null | uuencode -m - | head -n 2 | tail -n 1 | cut -c-$1`
       echo $passkey
       echo $2 "-->" $passkey >> $3
     fi       
   else
   echo "Error:  Must specify a filename for output."
   fi
 else
 dd if=/dev/urandom count=1 2> /dev/null | uuencode -m - | head -n 2 | tail -n 1 | cut -c-$1
 fi
else
echo "Must specify a password length."
fi

 

Somebody feel free to include this in a modified client if they wish. Cheers

 

-Kaosaur

Edited November 13, 2004 by Lyanna

[Kaosaur]

I should probably mention that the maximum output is 60 characters.

If anyone has any suggestions on what to do to increase that, go ahead. My brain is fudge right now.

[Guest Szardik]

#change_pass old_password new_password

I'm not an expert but don't You think that this should by mentioned in

Eternal Lands Official Forums -> Official -> News of Game Updates -> Game Commands

[chatterbug89]

Yeah..it probaly should be.

 

Oh, here is what I would recomend...first come up with something completely random but not too long and make sure you memorize it...so we could pick...

 

aqwpr

 

 

Then later on you may consider adding some numbers to it that you easily remember...

 

aqwpr89

 

Then you can try repeating it after you have that down memorized...

 

aqwpr89aqwpr89

 

Then finaly you may want to try doing this..

 

aQwPr89AqWpR89

 

That's kind of what I do...and i'll end up using all the variations in differnt places (i usualy remember which variation i used) untill I finaly decide to start using my completely random pass at the end

Edited February 6, 2005 by chatterbug89

[Leeloo]

Note to self: Try repeats of the same string with varied casing when trying to crack chatterbug's password :lol:

[chatterbug89]

LOL yeah...if you used a cracker and it did that there may be a slight problem :-P

 

Thou, here's an idea...

 

lets say you have qrtz

 

you add some numbers

 

qrtz73

 

you double it...

 

qrtz73qrtz73

 

now instead of goign from large to small capitals in the same pattern all the way though do it every other or whatever...

 

QrtZ73qRtz73

 

There LOL.

 

EDIT: By the way, have fun cracking my pass...yes it is double...kind of...but even if it wasent' double it is still pretty long and to create a program which started trying all posible combinations and double each combination each time...your goign to have to go get a very large cup of coffe...

Edited February 7, 2005 by chatterbug89

[Leeloo]

Changing a letter from lower to upper case only adds a single bit. Adding a letter adds about 5. And repeating the string doesn't do much, especially not when we know.

[chatterbug89]

Oh well, go figure...

 

Chatter's to-do list.

 

Come up with a new random pasword that exceeds 10 characters

[Leeloo]

Oh well, go figure...

 

Chatter's to-do list.

 

Come up with a new random pasword that exceeds 10 characters

That would be 5 characters repeated?