Well, on the plus side, maybe we'll get a big apology sale or something. I don't feel too worried, after the Sony hack I changed all of my passwords to be different things and it's easy enough to check for faulty CC charges.
We'll all get Episode 3 for free when it comes out.
Hee hee hee.
Or maybe the hackers made off with some Ep. 3 info! It's about time we got a screenshot or trailer or something.
Edit: And, come to think of it, long term goodwill in Steam is worth a LOT more than the money they'll see from Ep. 3. Not that it'll happen, but it might not be quite as crazy as the joke implies...
Darlan on
0
Options
minor incidentexpert in a dying fieldnjRegistered Userregular
Well, on the plus side, maybe we'll get a big apology sale or something. I don't feel too worried, after the Sony hack I changed all of my passwords to be different things and it's easy enough to check for faulty CC charges.
Ooh, hot, steamy apology sale.
Ah, it stinks, it sucks, it's anthropologically unjust
0
Options
David_TA fashion yes-man is no good to me.Copenhagen, DenmarkRegistered Userregular
Well, on the plus side, maybe we'll get a big apology sale or something. I don't feel too worried, after the Sony hack I changed all of my passwords to be different things and it's easy enough to check for faulty CC charges.
Ooh, hot, steamy apology sale.
Only the games you buy go into some other random persons account.
0
Options
Lord_SnotЖиву за выходныеAmerican ValhallaRegistered Userregular
Well, on the plus side, maybe we'll get a big apology sale or something. I don't feel too worried, after the Sony hack I changed all of my passwords to be different things and it's easy enough to check for faulty CC charges.
Ooh, hot, steamy apology sale.
Only the games you buy go into some other random persons account.
Unintended Generosity-em-up!
Also, amongst this disturbing news, console yourself with either Ben There, Dan That & Time Gentleman, Please, or Fate of the World! PM me if you want either.
ugggh after battlefield was hacked i changed all my passwords. and now i have to do it a second time
Battlefield was hacked?
I know Battlefield Heroes was hacked a few months ago, not sure about 3. Also, Fuga, it's probably worth it to change your passwords to different things this time so you don't have to change them all when this inevitably happens again.
Well, on the plus side, maybe we'll get a big apology sale or something. I don't feel too worried, after the Sony hack I changed all of my passwords to be different things and it's easy enough to check for faulty CC charges.
Ooh, hot, steamy apology sale.
Only the games you buy go into some other random persons account.
This would not be much of a change for some people here :P.
Speaking of, I still have a key for Sanctum from the first IRB and now a key for Gish from the current HB. First to me PM can have one or both.
0
Options
MaddocI'm Bobbin Threadbare, are you my mother?Registered Userregular
I have Steamguard set up, and two step authentication on my email, so meh...
The fact that they have possible access to my CC information if they break the encryption is extremely troubling, but I'm not terribly concerned about them knowing my password.
0
Options
minor incidentexpert in a dying fieldnjRegistered Userregular
edited November 2011
The best solution is to have a different password for everything. There's an easy way to do this with no need for a password keeper app. The system I use (Which I think I picked up from Merlin Mann years ago) is to have a 3-part password:
The first part is a generic word that will be the same in every login you use. For example, let's say you choose "terrible"
The second part is a number (as is often required by most sites). For example we'll use "39"
The last part is a couple of letters pulled from the site you're using. For example, you could use the 2nd and 3rd letters of the site. For Google.com this would be "oo"
This would make your google password "terrible39oo"
Chase Bank would be "terrible39ha"
Steam would be "terrible39te"
It's a system I swear by. Highly secure passwords, since there results basically never end up being dictionary words, and they're simple to remember no matter what site you're using. Plus, you'll never need a password manager app. If a password is ever compromised, you can just alter it by changing the order of the components ("terribleoo39"), or going to a backup number. For more security, you can also include a symbol which changes depending on the security level of the site, like a "%" for low security sites and a "#" for high security sites (bank, and anything with a stored credit card).
/Password PSA
minor incident on
Ah, it stinks, it sucks, it's anthropologically unjust
I don't know why it never occurred to me to use a technique like that. And you can mix it up if you like by doing a character shift on the letters you pick out of the site's name, for instance. Thanks for the good advice
Edit: Referring to minor incident's technique of generating site-unique passwords that aren't impossible to remember.
schmads on
Battle.net/SC2: Kwisatz.868 | Steam/XBL/PSN/Gamecenter: schmads | BattleTag/D3: Schmads#1144 | Hero Academy & * With Friends: FallenKwisatz | 3DS: 4356-0128-9671
0
Options
BethrynUnhappiness is MandatoryRegistered Userregular
Another simple password system:
Brand of alcohol + proof of alcohol = alphanumeric password. You can even keep the bottles around, and nobody will realise that your passwords are staring them in the face. 8D
...and of course, as always, Kill Hitler.
0
Options
Lord_SnotЖиву за выходныеAmerican ValhallaRegistered Userregular
edited November 2011
Also, is this a glitch? According to the Steam news channel, there are three daily deals, but neither of the other two are showing as discounted on their store pages.
Aaanndd: The weekend deal is up, Codemasters racing bundle, Formula 1 2011 and Dirt 3 66% off.
Not interested in either, but someone might be. I'm guessing they've had their hands full dealing with the hacking problem.
Yup. I no longer use passwords that have less than 16 characters anymore on sites that also have my credit card information. I also no longer use the same password twice for any site. If it's important enough to require my personal info and credit card info, it's important enough to memorize a new password.
Throwaway accounts, though, I simply don't care about them. Like accounts for the forums on some game I'm playing.
That XKCD comic fails to address dictionary attacks (which are substantially faster) or social engineering (it's way easier to hack into accounts by grabbing the sticky note with the password sitting there on the monitor or simply using the mark's personal info to guess the password), but length is still far more important than confusing shibboleths of syllables. I can reasonably "hack" my brother's passwords, for example, for his penchant of making passwords less than 10 characters in length (typically the absolute minimum) and the fact that he puts "79" in all his passwords (birth date 1979).
0
Options
minor incidentexpert in a dying fieldnjRegistered Userregular
I don't know why it never occurred to me to use a technique like that. And you can mix it up if you like by doing a character shift on the letters you pick out of the site's name, for instance. Thanks for the good advice
Edit: Referring to minor incident's technique of generating site-unique passwords that aren't impossible to remember.
Yep! What I described is the most basic method. It's easy to think up your own tweaks to further customize it, and keep it easy to remember. My personal version of this method involves a seemingly (although not actually) randomly placed capital letter, more than two characters from the site name, and the symbol trick I mentioned.
Ah, it stinks, it sucks, it's anthropologically unjust
That XKCD comic fails to address dictionary attacks (which are substantially faster)
Except, even with a dictionary attack, you're looking at an indeterminate number of words in an indeterminate order, so ...
So the OED has 171,476 words in common use (source). Take 5 random words, and your dictionary hacker has to pick from 171k^5 combinations, or 1.46*10^26 combinations. At 1,000 guesses per second, and assuming it, on average, finds your answer halfway through the full dictionary-picking-process, you're looking at 8.5*10^17 days to crack the code. At 4 random words, you've got 4.95*10^12 days to crack it.
No, this is not particularly vulnerable to a dictionary hack.
or social engineering (it's way easier to hack into accounts by grabbing the sticky note with the password sitting there on the monitor
Which is a vulnerability of all passwords; thus, easier-to-remember = less-use-of-sticky-notes is even more secure.
or simply using the mark's personal info to guess the password),
or simply using the mark's personal info to guess the password),
Ditto.
Basically, stop using any numbers/months that have any actual significance to you. Is your favorite number 13? Great! Now never, ever use it in a password. Were you born in '79? Congrats! Never in a password. November may be your anniversary, but it better not be your goddamn password!
minor incident on
Ah, it stinks, it sucks, it's anthropologically unjust
or simply using the mark's personal info to guess the password),
Ditto.
Basically, stop using any numbers/months that have any actual significance to you. Is your favorite number 13? Great! Now never, ever use it in a password. Were you born in '79? Congrats! Never in a password. November may be your anniversary, but it better not be your goddamn password!
Ayep.
... and how did you know my anniversary was in November? [/estalker]
or simply using the mark's personal info to guess the password),
Ditto.
Basically, stop using any numbers/months that have any actual significance to you. Is your favorite number 13? Great! Now never, ever use it in a password. Were you born in '79? Congrats! Never in a password. November may be your anniversary, but it better not be your goddamn password!
Ayep.
... and how did you know my anniversary was in November? [/estalker]
I've been masquerading as your wife for the last year in an attempt to steal all your passwords.
Ah, it stinks, it sucks, it's anthropologically unjust
or simply using the mark's personal info to guess the password),
Ditto.
Basically, stop using any numbers/months that have any actual significance to you. Is your favorite number 13? Great! Now never, ever use it in a password. Were you born in '79? Congrats! Never in a password. November may be your anniversary, but it better not be your goddamn password!
Ayep.
... and how did you know my anniversary was in November? [/estalker]
I've been masquerading as your wife for the last year in an attempt to steal all your passwords.
or social engineering (it's way easier to hack into accounts by grabbing the sticky note with the password sitting there on the monitor
Which is a vulnerability of all passwords; thus, easier-to-remember = less-use-of-sticky-notes is even more secure.
or simply using the mark's personal info to guess the password),
Ditto.
People will write down the simplest passwords. Conscientious people won't, obviously, but how many times is a hacker going to target a conscientious person who cares about password security? Social engineering also encompasses far more than grabbing the sticky note (which is only the classic example). It involves so many other tools, many of which are constantly used to gain personal information and passwords now, like phishing. It's manipulating the person, not manipulating the program, and people, in general, are fairly easy to hack.
What is best free/cheap indie(or not I guess?) business sim game? I have an itch.
fadingathedges on
0
Options
Triple BBastard of the NorthMARegistered Userregular
edited November 2011
So. Like.
How worried should we be if our current credit/debit card info was linked to our Steam account?
I just got this goddamn card when the neckbeards went after Sony back in April. Now it's happened to Steam? I'm normally not a huge proprietor of the death penalty, but...
In lieu of further apologies, gabe can just give me dota 2. Right now. For free. I'll be happy. I promise.
CorriganX on Steam and just about everywhere else.
0
Options
TetraNitroCubaneThe DjinneratorAt the bottom of a bottleRegistered Userregular
edited November 2011
Hey, Valve, I love you and everything... But why the fuck were the forums and the machine that stores all that information in any way connected?! Your forums are ones of the largest dens of misery, pestilence, and bored teenagers the world has ever seen. The machines that run those forums should be housed in an isolation chamber buried three miles below the surface of the arctic, far, far away from where anyone would even have the chance to look at them.
or a couple random dictionary words paired with random letters & numbers?
For all practical purposes, both ways are pretty damn good. Really, anything over 10-12 characters is a big step up from most people, and puts you above the "low hanging fruit" to the point that you're not likely to get directly hacked anytime soon.
Ah, it stinks, it sucks, it's anthropologically unjust
0
Options
TetraNitroCubaneThe DjinneratorAt the bottom of a bottleRegistered Userregular
edited November 2011
I am of the opinion that entropy will forever be king in the realm of password security - hence, as many random characters as you can manage. Up to and including Alt-code characters that aren't on your keyboard. Of course, that's impractical for reasons of (1) never being able to remember shit, and (2) password requirements not allowing the characters you want. A sufficiently long passphrase is a good compromise, if the service in question will tolerate one. A stupid number of banks and other services won't allow spaces, after all.
I have a crisis Steam Thread, you're my only hope.
I'm getting Skyrim at a midnight release with some friends @ gamestop, pc version. I was planning on getting it, installing from disk, registering with steam, and playing it all night (no classes tomorrow)
What I forgot until now is that my computer doesn't have a disk drive!!!!! Is there anyway I could start the preload now to shave off some waiting time, or can you not preload until you own the game?
I feel so dumb for leaving my disk drive at home now.....
Posts
Hee hee hee.
My Backloggery
Every Steam account gets Black Hats for TF2!
Edit: But yeah I definitely changed my password. Fuck now I'm paranoid.
Free Ep3.
Surprise!
Edit: And, come to think of it, long term goodwill in Steam is worth a LOT more than the money they'll see from Ep. 3. Not that it'll happen, but it might not be quite as crazy as the joke implies...
Ooh, hot, steamy apology sale.
Only the games you buy go into some other random persons account.
Unintended Generosity-em-up!
Also, amongst this disturbing news, console yourself with either Ben There, Dan That & Time Gentleman, Please, or Fate of the World! PM me if you want either.
Blog
Twitter
Battlefield was hacked?
I think they're talking about Battlefield Heroes.
This would not be much of a change for some people here :P.
Speaking of, I still have a key for Sanctum from the first IRB and now a key for Gish from the current HB. First to me PM can have one or both.
The fact that they have possible access to my CC information if they break the encryption is extremely troubling, but I'm not terribly concerned about them knowing my password.
The first part is a generic word that will be the same in every login you use. For example, let's say you choose "terrible"
The second part is a number (as is often required by most sites). For example we'll use "39"
The last part is a couple of letters pulled from the site you're using. For example, you could use the 2nd and 3rd letters of the site. For Google.com this would be "oo"
This would make your google password "terrible39oo"
Chase Bank would be "terrible39ha"
Steam would be "terrible39te"
It's a system I swear by. Highly secure passwords, since there results basically never end up being dictionary words, and they're simple to remember no matter what site you're using. Plus, you'll never need a password manager app. If a password is ever compromised, you can just alter it by changing the order of the components ("terribleoo39"), or going to a backup number. For more security, you can also include a symbol which changes depending on the security level of the site, like a "%" for low security sites and a "#" for high security sites (bank, and anything with a stored credit card).
/Password PSA
Steam: Elvenshae // PSN: Elvenshae // WotC: Elvenshae
Wilds of Aladrion: [https://forums.penny-arcade.com/discussion/comment/43159014/#Comment_43159014]Ellandryn[/url]
Edit: Referring to minor incident's technique of generating site-unique passwords that aren't impossible to remember.
Brand of alcohol + proof of alcohol = alphanumeric password. You can even keep the bottles around, and nobody will realise that your passwords are staring them in the face. 8D
Aaanndd: The weekend deal is up, Codemasters racing bundle, Formula 1 2011 and Dirt 3 66% off.
Not interested in either, but someone might be. I'm guessing they've had their hands full dealing with the hacking problem.
Blog
Twitter
Throwaway accounts, though, I simply don't care about them. Like accounts for the forums on some game I'm playing.
That XKCD comic fails to address dictionary attacks (which are substantially faster) or social engineering (it's way easier to hack into accounts by grabbing the sticky note with the password sitting there on the monitor or simply using the mark's personal info to guess the password), but length is still far more important than confusing shibboleths of syllables. I can reasonably "hack" my brother's passwords, for example, for his penchant of making passwords less than 10 characters in length (typically the absolute minimum) and the fact that he puts "79" in all his passwords (birth date 1979).
Yep! What I described is the most basic method. It's easy to think up your own tweaks to further customize it, and keep it easy to remember. My personal version of this method involves a seemingly (although not actually) randomly placed capital letter, more than two characters from the site name, and the symbol trick I mentioned.
Except, even with a dictionary attack, you're looking at an indeterminate number of words in an indeterminate order, so ...
So the OED has 171,476 words in common use (source). Take 5 random words, and your dictionary hacker has to pick from 171k^5 combinations, or 1.46*10^26 combinations. At 1,000 guesses per second, and assuming it, on average, finds your answer halfway through the full dictionary-picking-process, you're looking at 8.5*10^17 days to crack the code. At 4 random words, you've got 4.95*10^12 days to crack it.
No, this is not particularly vulnerable to a dictionary hack.
Which is a vulnerability of all passwords; thus, easier-to-remember = less-use-of-sticky-notes is even more secure.
Ditto.
Steam: Elvenshae // PSN: Elvenshae // WotC: Elvenshae
Wilds of Aladrion: [https://forums.penny-arcade.com/discussion/comment/43159014/#Comment_43159014]Ellandryn[/url]
Basically, stop using any numbers/months that have any actual significance to you. Is your favorite number 13? Great! Now never, ever use it in a password. Were you born in '79? Congrats! Never in a password. November may be your anniversary, but it better not be your goddamn password!
Ayep.
... and how did you know my anniversary was in November? [/estalker]
Steam: Elvenshae // PSN: Elvenshae // WotC: Elvenshae
Wilds of Aladrion: [https://forums.penny-arcade.com/discussion/comment/43159014/#Comment_43159014]Ellandryn[/url]
I've been masquerading as your wife for the last year in an attempt to steal all your passwords.
Oh the Mental image you have given me!
How worried should we be if our current credit/debit card info was linked to our Steam account?
I just got this goddamn card when the neckbeards went after Sony back in April. Now it's happened to Steam? I'm normally not a huge proprietor of the death penalty, but...
CorriganX on Steam and just about everywhere else.
Me thinks people are going to be pissed.
Also sending out emails to people about this whole matter might be a good idea.
Hopefully nothing wrong happens, because I'm currently pretty far away from my billing address and I don't want to order a new debit card.
A long string of random letters & numbers
A handful of random dictionary words
or a couple random dictionary words paired with random letters & numbers?
For all practical purposes, both ways are pretty damn good. Really, anything over 10-12 characters is a big step up from most people, and puts you above the "low hanging fruit" to the point that you're not likely to get directly hacked anytime soon.
Also, I'd like to point to this artcle about password complexity, if anyone's interested. It's a good read.
I'm getting Skyrim at a midnight release with some friends @ gamestop, pc version. I was planning on getting it, installing from disk, registering with steam, and playing it all night (no classes tomorrow)
What I forgot until now is that my computer doesn't have a disk drive!!!!! Is there anyway I could start the preload now to shave off some waiting time, or can you not preload until you own the game?
I feel so dumb for leaving my disk drive at home now.....