Account Breach incident
Forum Index > Core > Announcements > News Archive >
Firstly, I'm honestly so disgusted in people who think this sort of behavior is okay. It really isn't and I really hope I never bought from that user in the past.
Secondly, for those worried about weak passwords, I really recommend what Niet said about using a password manager. I use Chrome for my internet browser and whenever I want to make an account on a site I'm registering on for the first time, Chrome's password manager can make an automatic password made up of numbers, letters, symbols etc. And then all you need to do, to log in to the site is let it autofill the password for you, so you don't need to remember the one it generated for you. It's a lot safer than using something like "password1" or something that can be easily guessed at.
this is probably a no-brainer, but: the person responsible for this has been suspended, right? i wouldn't rest easy if this person was still among us...
forum avatar is furina from genshin impact
I was probably one of the first accounts affected, and I'll take total blame for it for overusing a weak password. But if it wasn't for someone asking if I had lost a certain Pokemon Which happened to be a misplaced dex-trade, so double win I wouldn't have known, since nothing big was taken. A month of HM I had forgotten I had, a Shiny Charm, and some random albinos from my gumbled up storage fields and my hunt extras fields. I would have noticed the missing albinos and Shiny Charm at some point (I know I have exactly 35 Charms and I fill my storage fields in numerical order), but it would have been too late at that point, since I got everything back because of my trade history.
Since it seems like nothing can really be done to protect accounts on the password side outside of using a stronger password, I was thinking a notification Probably an optional one could be added that would tell you when your account was last used, either when logging in or when reloading a tab that had been open for awhile. Maybe give the IP address of the last log-in and your current one to help. Maybe have it be non-optional, but only show up when your current IP address is different from the last used IP address?
I don't know how feasible that would be coding wise, but if it's possible, it seems like a useful feature. Since prevention seems to be something that can't get an update to help, then an alert system would be the next best thing, since as I mentioned earlier, I wouldn't have noticed the breach in time without the alert I got from another player.
On another note, and I don't know how this factors into the adversion to sending an email for 2FA, but maybe we could add a notification email, like many other sites use, that will send you an email whenever a new IP address is used to access your account. It'd be similar to the other feature I suggested, but there's never too many alarm systems if it can help protect something you worked hard to get.
Buying Sapphire Orbs! PM me if you're selling.
Profile picture by BananaLizard.
Mimikyu/Sakura (FE) fusion.
Maybe change the login system?
Instead of using your username and password *that you have now changed*
You use your accounts email and password?
I can't look at Garth's profile and be like "awe yeah, his email is ×××××÷×@%%%.com" I'd have to guess it. A lot. Or be told it
Another alternative:
Login name
Password
And your sitewide username.
Ie:
ShiroUsagi - login name
××××× - password
Bo-mi - username
Thanks for telling us Niet. Just changed my password to be save. As for 2fa would it be possible to use the google authenticater? Cause that way unless the person can somehow find the corresponding mobile device and get into it to grab the code even if they get the password they can't do the code part. Unless they are the phone owner of course. X3
Blazey| She/Her | Asexual | UK
My current focus is Wishforge/Dex, check my trade shop for Pairs etc. I am always happy for more Specials
Shiny Albino and Melan
as I don't have many.
Will you give me a hug?
I hoard SnomsCurrent Score: 0 Credits
Charizard Perm: Sei Avatar: Made by blazebrem
Offical Charizard X image also used.
Sig by BlazebremI wouldn't be against either requiring your email address or a 2nd username to log in. There's no way, that I know of, to find out someone's email from their PFQ account without someone telling you, so it'd probably be one of the easiest things to implement without big changes. PFQ already gives every account an ID number that not even the accountholder knows except in certain situations. The log in could be changed to require email, password, and the hidden account ID (Or a 2nd ID could be generated to keep the first hidden still). That would make it much harder than just guessing passwords for a certain username.
Why not make all passwords to include at least 8 digits, 1 small letter, 1 big letter, 1 number and 1 symbol (like !/$)
that System is commonly used and would make a "password" or"123" into a "Password1!" which is (still not the best) but already significantly better than a simple "password"
made by cindacuil from PF1
☼ My Trade Shop ☼made by cindacuil from PF1
D/S/A UFT, over 2.2k Free Dexes, Boxes, ZC and more~
Frusky design by PFQ ♥ Avatar made by Mollin~QUOTE originally posted by Arebani
Why not make all passwords to include at least 8 digits, 1 small letter, 1 big letter, 1 number and 1 symbol (like !/$)
that System is commonly used and would make a "password" or"123" into a "Password1!" which is (still not the best) but already significantly better than a simple "password"
QUOTE originally posted by Arebani
Why not make all passwords to include at least 8 digits, 1 small letter, 1 big letter, 1 number and 1 symbol (like !/$)
that System is commonly used and would make a "password" or"123" into a "Password1!" which is (still not the best) but already significantly better than a simple "password"
Cannot post: Please log in to post