16 replies to this topic

[Generic UN Here]

Has anyone else had this happen?

When I started up the GW2 client on top is said "Please consider changing your password"

Why? My password is 16 characters long and I've never used it on any other application. Is it just suggesting i change it for the sake of keeping my account safe with different passwords every so often or is it saying my password is weak? Maybe I'm being hacked? (i doubt it though)

Honestly I'm just making sure I'm not the only one.

[Aaren]

I haven't gotten that message, how many seconds does your password get at http://howsecureismypassword.net/ ?

Mine, 15 hours.

[Kamatsu]

ANet announced that they would be requesting all user's change passwords over the next few weeks or so. They are doing this as a part of trying to combat account compromises, by forcing players to change passwords from an old password - any password that they detect has been used in an account compromise, used in an attempted account compromise, or used prior to forced change is being blacklisted. Blacklisting password means these passwords can never be used again on any account - which they are obviously hoping will help aid vs account compromises.

You can read more on their official blog: Mike O’Brien on Account Security

Quote

This all leads to the following request. All existing customers, please change your password. When you change it, the system won’t allow you to pick your previous password, or any password that we’ve seen tested against any existing or non-existent account. Thus, after changing your password, you’ll be confident that your new password is unique within Guild Wars 2. (However, your password only stays unique if you then don’t use it for other games and web sites, so please don’t!)

In the coming weeks we’ll ramp up this call for players to change their passwords, and may require a password change for those users who haven’t already voluntarily changed their passwords.

Edited by Kamatsu, 06 October 2012 - 02:09 AM.

[Rukioish]

Aaren, on 06 October 2012 - 01:06 AM, said:

I haven't gotten that message, how many seconds does your password get at http://howsecureismypassword.net/ ?

Mine, 15 hours.

98 million years

[ogrejd]

Kamatsu, on 06 October 2012 - 02:09 AM, said:

ANet announced that they would be requesting all user's change passwords over the next few weeks or so. They are doing this as a part of trying to combat account compromises, by forcing players to change passwords from an old password - any password that they detect has been used in an account compromise, used in an attempted account compromise, or used prior to forced change is being blacklisted. Blacklisting password means these passwords can never be used again on any account - which they are obviously hoping will help aid vs account compromises.

You can read more on their official blog: Mike O’Brien on Account Security

Oh, joy. Pointless aggravation that will not actually increase security. Those who have been "phished" will most likely fall victim to it again (due to "phishing" requiring a careless and/or gullible target).

[Diz Aster Prone]

Aaren, on 06 October 2012 - 01:06 AM, said:

I haven't gotten that message, how many seconds does your password get at http://howsecureismypassword.net/ ?

Mine, 15 hours.

Seconds?

It would take

a desktop PC

about

35 sextillion years

to crack your password

Edited by Diz Aster Prone, 06 October 2012 - 02:48 AM.

[XgreatArtist]

Aaren, on 06 October 2012 - 01:06 AM, said:

I haven't gotten that message, how many seconds does your password get at http://howsecureismypassword.net/ ?

Mine, 15 hours.

...11min?!?!?!?!

[Aaren]

Well, 35 sextillions years and 98 million years are decent. But XgreatAtrist... You might consider changing your password haha .

Edited by Aaren, 06 October 2012 - 03:23 AM.

[Shadowrose]

Aaren, on 06 October 2012 - 01:06 AM, said:

I haven't gotten that message, how many seconds does your password get at http://howsecureismypassword.net/ ?

Mine, 15 hours.

6 years
412 years
thousand years

trying some old passwords of mine...

I'm addicted to lower/upper case and weird number patterns.

[Chivalry]

Aaren, on 06 October 2012 - 01:06 AM, said:

I haven't gotten that message, how many seconds does your password get at http://howsecureismypassword.net/ ?

Mine, 15 hours.

My Guild Wars 2 password, according to the site, would take 72 quadrillion years to crack, but my password for this site would only take 2,000 years.

That site is a clever way to steal passwords.

Edited by Chivalry, 06 October 2012 - 06:57 AM.

[Healix]

A few weeks ago when they talked about hacking, they said they would flag everyone to reset their password. Anyone that had a password that is in their blacklist would be forced to change their password. The blacklist is a list of all passwords that were attempted to break into accounts.

It also doesn't matter how long it takes to crack your password. You can't brute force the login servers. You would be detected long before you could try 100+ passwords on the same account. Sure, if they got access to the database they could, but that's entirely another issue.

Chivalry, on 06 October 2012 - 06:54 AM, said:

That site is a clever way to steal passwords.

There are sites like that that are specifically designed to steal passwords. Even sites like this one. The easiest way to hack accounts after all is to start a fansite that requires a email/password to login, then make it popular.

[KiDi]

Talking about password safety while you guys type your password into some random site to see how "safe" it is?
Seems legit.

I don't need any website to tell me how safe it is.
I've used the same password on WOW for over 5 years. 3 of those years without an authenticator. Never hacked.
Same password for GW1 from 2004/5 until now. Never hacked.

Pretty sure my GW2 password will be fine.

[Aaren]

Chivalry, on 06 October 2012 - 06:54 AM, said:

That site is a clever way to steal passwords.

KiDi, on 06 October 2012 - 08:00 AM, said:

Talking about password safety while you guys type your password into some random site to see how "safe" it is?
Seems legit.

Who is seriously using a website like that without disconnecting from the internet or at least blocking the site?

We're after all nerds on this site.

[Generic UN Here]

It would take a desktop pc 3 trillion years to crack my password lol. It is 16 characters long after all.

[Elcee]

KiDi, on 06 October 2012 - 08:00 AM, said:

Talking about password safety while you guys type your password into some random site to see how "safe" it is?
Seems legit.

I don't need any website to tell me how safe it is.
I've used the same password on WOW for over 5 years. 3 of those years without an authenticator. Never hacked.
Same password for GW1 from 2004/5 until now. Never hacked.

Pretty sure my GW2 password will be fine.

Given that you can just use a password with the same structure as the real password you want to test, it's useful even for the people wh oaren't paranoid but are just smart enough to know they're being watched through their back window.

Edited by Elcee, 06 October 2012 - 02:04 PM.

[Lord Xaldin]

Hmm... I typed in a lot of "a"'s and it told me it would take infinity years... seems legit.

[Elcee]

Lord Xaldin, on 06 October 2012 - 02:48 PM, said:

Hmm... I typed in a lot of "a"'s and it told me it would take infinity years... seems legit.

Because that's how password guessing works if you're guessing from total scratch, though in this case it didn't get picked up because the person didn't sit down and account for an arbitrary number of a's past the first 10 or so.

Edited by Elcee, 06 October 2012 - 03:18 PM.