• Hail Guest!
    We're looking for Community Content Contribuitors to Stratics. If you would like to write articles, fan fiction, do guild or shard event recaps, it's simple. Find out how in this thread: Community Contributions
  • Greetings Guest, Having Login Issues? Check this thread!
  • Hail Guest!,
    Please take a moment to read this post reminding you all of the importance of Account Security.
  • Hail Guest!
    Please read the new announcement concerning the upcoming addition to Stratics. You can find the announcement Here!

Account Security Reminder

Nexus

Site Support
Administrator
Moderator
Professional
Stratics Veteran
Stratics Legend
Wiki Moderator
UNLEASHED
There have been some rumors floating around about UO accounts hacked, and at least one person recently has suggested his Stratics Account was taken over by someone else. While there is no evidence that anything malicious has happened to Stratics Server, it seems like common sense to make this post.

As many of you may know it came out last month that 3 Billion (yes BILLION) Yahoo! email addresses and passwords were obtained when Yahoo!'s servers were breached in 2013. While I doubt the people who preformed this nefarious deed were looking to gain access to your Stratics account, as time goes on this data will propagate across the shadier corners of the internet and become easier to obtain by individuals who may desire to exploit or take advantage or the information. This may have been one of the most memorable and serious breaches of personal data, it however is not an isolated occurrence, Google, Microsoft, Mail.ru, and other email providers have all faced hackings in which smaller quantities of data were taken in the past, and new data breaches are occurring all the time.

Malware, and virus' are also a major concern. These if so designed may act as keystroke loggers and transmit your data to hackers, there is no excuse in this day for not having decent anti-virus/malware scans occurring on your hardware regularly. Quality free solutions are available for use, and while they may not offer real time protection as most paid versions do, preforming/having daily or weekly scans scheduled for while you are sleeping at least gives you more protection than nothing. Most importantly convince yourself that, "No Operating System is Safe", this includes products from Apple (ask Charlie Miller). various Linux distributions, Android, and other desktop and mobile OS'. Any computer system, regardless of the operating system is only as safe as the person using it.

So what can you do?
  • Stay aware, news of data breaches such as this always covered by the media.
  • Regularly change your passwords
  • Don't use common passwords.
  • Create Unique Passwords (don't share between accounts/sites)
  • User separate Emails for different accounts
  • Regularly scan your PC for virus' and malware.
  • If at all possible avoid public Wi-Fi
  • Be extremely wary of unsolicited emails
  • Be cautions about links in emails
  • Use anti-virus AND anti-malware tools to check your equipment
If you suspect your Stratics Account is hacked, please email [email protected] we'll review your information and ask the relevant questions to attempt verify the proper ownership of the account.
 

petemage

Babbling Loonie
Stratics Veteran
Stratics Legend
UNLEASHED
Good advice. I like to recommend KeePass Password Safe every once in a while. It's stores all passwords and is even better at generating long and random passwords than those bloody orcs. If you need a password its simply copy&paste from there or you just let the browser remember it.
 

Vixell

Visitor
I would like to delete a post I made recently On UO Atlantic Trading. No one has responded and I may do a better post with pictures in a few days....or not. Please tell me how to delete my useless post. Thanks
 

Captn Norrington

Stratics Forum Moderator
Moderator
Professional
Stratics Veteran
Stratics Legend
UNLEASHED
Campaign Supporter
I would like to delete a post I made recently On UO Atlantic Trading. No one has responded and I may do a better post with pictures in a few days....or not. Please tell me how to delete my useless post. Thanks
I deleted it for you. Posters are unable to delete their own posts/threads, a moderator has to do it.
 

Lord Frodo

Stratics Legend
Stratics Veteran
Stratics Legend
UNLEASHED
How about the most basic common sense rules like do not give your friends your passwords or better yet do not give your girl/boy friend your passwords because when you break up you may be real sorry you did. Here is a good one, even though you have known someone in UO for 20 years does not make them trust worthy enough for your account info.
 

Blackie

Seasoned Veteran
Stratics Veteran
Good advice. I like to recommend KeePass Password Safe every once in a while. It's stores all passwords and is even better at generating long and random passwords than those bloody orcs. If you need a password its simply copy&paste from there or you just let the browser remember it.
There is software out there that specifically looks for computers running KeePass. Don't store passwords on your computer at all is my advice.
 

petemage

Babbling Loonie
Stratics Veteran
Stratics Legend
UNLEASHED
There is software out there that specifically looks for computers running KeePass. Don't store passwords on your computer at all is my advice.
And what is your alternative? Noting 20 character long random passwords on a sheet of paper and typing them in by hand multiple times a day? Using the same password for 30+ different sites? Coming up with 30+ different passphrases to remember? Without a certain level of usability you will achieve no good for the average user if you just scaremonger them into impractical solutions.

The risk of someone stealing your password container (which is also password protected!) is neglectable compared to the risk of someone bruteforcing a weak password on an internet-reachable service.
 

Blackie

Seasoned Veteran
Stratics Veteran
And what is your alternative? Noting 20 character long random passwords on a sheet of paper and typing them in by hand multiple times a day? Using the same password for 30+ different sites? Coming up with 30+ different passphrases to remember? Without a certain level of usability you will achieve no good for the average user if you just scaremonger them into impractical solutions.

The risk of someone stealing your password container (which is also password protected!) is neglectable compared to the risk of someone bruteforcing a weak password on an internet-reachable service.
My response wasn't personal. No, I don't recommend re-using the same password twice. I don't even re-use the same email and often I'll vary my name on it a bit so if I get spam or unsolicited contact I'll know exactly where it came from, which site or service etc.

My personal solution is mnemonic modified phrases. No more pass "words", example start with something like "butterducksplayquackly"

Then apply mnemonic type modifications(rules) specific to you, example:

- Wherever there is a D we double it because double d is better
- Remove the U's because it's about me, not you!
- Start the phrase over again, add the first letter as last
- Upercase whatever comes after C so it's easier to See!
- etc whatever is easier, the more of these the more unique your phrase becomes so whatever you can handle

If butterducksplayquackly is the phrase you choose for your hockey site(ducks fan?) then it would become "btterddcKsplayquacKlyb" with the 4 rules above(go for 5-6+). I've done it for so long that I know my personal rules by heart and using mnemonic phrases helps remember the pre-rule passphrase. Mnemonic stuff works great.

If you forget a pass, change it but apply the same rules, you can write those down safely at first but you'll memorise them in time, just don't write the phrase, ever. If they are only in your head and exist nowhere else they don't have to be short single things. Good brain exercise too.

Whatever works, I'm not against your tool. I'm just saying that if it's not posted or printed anywhere on your computer or desk, literally nowhere but in your brain, it's safer. Phrases aren't hard to remember, I find them easier than words because you can put some context into them. Your personal modification rules aren't hard to remember, put them together and you have a strong and unique(to you) pass system.
 
Last edited:

petemage

Babbling Loonie
Stratics Veteran
Stratics Legend
UNLEASHED
My response wasn't personal. No, I don't recommend re-using the same password twice. I don't even re-use the same email and often I'll vary my name on it a bit so if I get spam or unsolicited contact I'll know exactly where it came from, which site or service etc.

My personal solution is mnemonic modified phrases. No more pass "words", example start with something like "butterducksplayquackly"

Then apply mnemonic type modifications(rules) specific to you, example:

- Wherever there is a D we double it because double d is better
- Remove the U's because it's about me, not you!
- Start the phrase over again, add the first letter as last
- Upercase whatever comes after C so it's easier to See!
- etc whatever is easier, the more of these the more unique your phrase becomes so whatever you can handle

If butterducksplayquackly is the phrase you choose for your hockey site(ducks fan?) then it would become "btterddcKsplayquacKlyb" with the 4 rules above(go for 5-6+). I've done it for so long that I know my personal rules by heart and using mnemonic phrases helps remember the pre-rule passphrase. Mnemonic stuff works great.

If you forget a pass, change it but apply the same rules, you can write those down safely at first but you'll memorise them in time, just don't write the phrase, ever. If they are only in your head and exist nowhere else they don't have to be short single things. Good brain exercise too.
No offence man, but that sounds horribly impractical for the average user. A password manager is some practical middle ground: secure passwords and enough usability to not be a PITA.
 

Omnicron

Stratics Legend
Supporter
Stratics Veteran
Stratics Legend
UNLEASHED
Always nice to have a friendly reminder! Thanks man!
 

MalagAste

Belaern d'Zhaunil
Alumni
Stratics Veteran
Stratics Legend
UNLEASHED
Campaign Supporter
Norton keeps passwords and such for you... as well there is a program called LastPass which Norton also runs and owns it's also pretty good generates and remembers passwords for you... fills out forms and all sorts of things. Rather handy. I just don't use it for super important stuff like my bank, or for things like my CC or Paypal or any of that which has money involved but for the 999999 websites and forums and such, it's really nice.
 
Top