The 0.10.1d account changes

"
Taipion wrote:
"
srnkrkgrd wrote:
Fair enough. Keep 'Password1' as being more secure than 'kødbollermeanskjøttboller' - I'm sure your logic is in no way flawed! ;)


I did not say anything like that.
From your way of argumentation, I conclude you would like to give up?! :D :D :D


Not giving up, but unless you bring some sort of real argumentation, then its irrelevant. Yes it might be a very limited scope of words that some people have, but those same people will use words in passwords of short length that follow some rigid set of complexity rules. So if the rule is that we're talking about a person that will use a very limited set of words then

'beanstastesawesomeeveryday' is more secure than 'Password1' - no matter how you cut it. If you think you can make reasonable argumentation thats not the fact, then maybe you should write a few articles about it proving the majority of security experts writing about it wrong.

    A few quick take-away points:
  • Password strength/complexity is a red herring. Length and a large available character set are typically the only important attributes.
  • The primary defensive measures against password brute-force attacks typically have little, if anything, to do with password strength/complexity.
  • Analysis of user passwords is a red herring. Those passwords almost universally have nothing to do with the cause of the compromise.
  • Even seemingly mundane and ok practices like password expiration can be detrimental.
  • Password reuse may be problematic unless using a tiered approach aligned by your own personal risk tolerances.


The Password Analysis Red Herring

Password Complexity Is Lame

Meh. Editing took part of my port. Short version: This is now past off-topic. PM if you have a need to continue this.

I'm glad GGG improved security, but I must admit that I'd rather see a 3 wrongful tries resulting in a lockdown of the account, which would need a password recovery process to be reopened. Now lets move along. These are not the droids you're looking for!
Last edited by srnkrkgrd#2614 on Feb 25, 2013, 12:59:38 PM
dbl post :\
Last edited by srnkrkgrd#2614 on Feb 25, 2013, 12:58:24 PM
Sorry GGG but last change is bad.

Now i need to retype my password every time i log in. My ISP don't have option of static IP only dynamic.


- from me.
Same to me, every day i get the hint to unlock my Account b´cause my IP changed........
"
AceNightfire wrote:
"
Imaginaerum wrote:
"
sirianstar wrote:
QUESTION TO DEVELOPERS:

Will you implement the restoration of DELETED characters (with all items inside the char at the moment of the delete) ?


Here they state they will not restore items for any reason (but maybe chars?):
http://webcdn.pathofexile.com/forum/view-thread/172532/page/1

People have asked us why we don't restore accounts when they are hacked. The reason is that the outcome of this would be far, far worse for the game. I understand it's hard to see that perspective when you're staring at an empty stash where your items were, but please consider what would happen to the economy if players could request their items to be restored due to theft. It would be very easy to fake an account theft - just ask a friend from elsewhere to log in and take your items before contacting support and asking for a restoration.


That is not the same. They don't restore items because it would double the items on the market then. But restoring deleted character at the moment it got deleted shouldn't be a problem, because it does not mess up the economy or number of items.

I didn't get hacked, but that would be a little bit satisfying for all those who got hacked and lost their characters.


This is indeed a good point.
Invited to Beta 2012-03-18 / Supporter since 2012-04-08
"
gonzaw wrote:
"
VideoGeemer wrote:

They could add a feature that would recognize the **COMPUTER** rather than the physical location. Or maybe even both, but with flexibility. Say it's the same computer, within 100 km or so from the last login, that should be good enough. I mean, who else is going to have almost the same exact system, and be within 100 km of you, and try to use PoE? Compared to how many in the same city but with any number of possible system configurations?

Hell, if system recognition was specific enough, that could be ticked as an option which would override the city thing altogether. If I had the option to select system and state, I'd be good. :)


That is what an IP address is supposed to do :P



No, the IP address only recognizes a computer's *location within a network at a particular time*.

Recognizing the computer would be more akin to the way Windows knows if you've changed your CPU or added more than one PCI card to your system, and wants you to call support to re-activate it to apply to your new spec. It's kind of a pain in the ass when it does that (and maybe it doesn't do that anymore, but as of XP it did) ... but would worg great in this game.

It would require PoE to gather some system specs, however, in order to function.

Invited to Beta 2012-03-18 / Supporter since 2012-04-08
Or if you guys really want security, flag the account based on MAC Address changes. That would solve the problem of IP's changing. Im sure GGG could release a patch that encapsulates the MAC address inside the IP address.
"
VideoGeemer wrote:
Recognizing the computer would be more akin to the way Windows knows if you've changed your CPU or added more than one PCI card to your system, and wants you to call support to re-activate it to apply to your new spec. It's kind of a pain in the ass when it does that (and maybe it doesn't do that anymore, but as of XP it did) ... but would worg great in this game.

It would require PoE to gather some system specs, however, in order to function.

This is what steam does, it creates a GUID for your machine (not sure of the exact method, but they're usually based on video card/hard drive/motherboard serial numbers or the like) and verifies that GUID by sending a code in an email to your email address. Without the code, that GUID can't log in. One of the more effective ways of banning users from games is using a GUID, as well.
How Fusings Work: http://www.pathofexile.com/forum/view-thread/38585/page/3#p1451934

IGN: TheHammer
every time i restart my router, ...unlock code... thats very boring to check email first before i can play, pls find an other solution
Last edited by Nagpur#1409 on Mar 7, 2013, 9:05:30 PM
"
retsnimle wrote:
The MAC addy idea presents its own problems. I move from my desktop to one of my laptops and boom, account locked. So now instead of a different city, you can be locked out by just going to a different room.


Not if it's based off of the MAC of your router or modem.
Never wrestle with a pig. You'll only get muddy, and the pig likes it!

Never argue with an idiot. They'll bring you down to their level, and beat you with experience!

"De plumber fixes de sync with de wrench." - Robert_Paulson

Report Forum Post

Report Account:

Report Type

Additional Info