Loading...

Top
PFQ Banner

This is PokéFarm Q, a free online Pokémon collectables game.

Already a user? New to PFQ?

Account Breach incident

Forum Index > Core > Announcements > News Archive >

Pages: 1234567··· 222324

Hakano Riku's AvatarHakano Riku
Hakano Riku's Avatar
👍 1
Posted 06/Aug/2020 12:33:42 (3 years ago)
Edited 06/Aug/2020 12:40:43 (3 years ago)

QUOTE originally posted by Bo-mi

QUOTE originally posted by Arebani

...
This was already talked about It doesnt stop someone from being able to do something like Password1$
"Password1$" is still more secure than "password". Not only that, but it's pretty easy to exclude keywords like the typical "password" keyword, or making sure users don't include portions of their username in their password, et cetera. There's a number of things a programmer could do to make sure users don't/can't use insecure passwords, I mentioned a few earlier ^^ Even if they can, it's on the user to create a secure password regardless.
Avatar of Dian Rubens from Spice & Wolf
Type Race Score: 0
Type Race Clicklist: HERE
Avacyn's AvatarAvacyn
Avacyn's Avatar
👍 4
Posted 06/Aug/2020 12:49:01 (3 years ago)
Just because one person did bad and profited from the RMT means everyone loses it? I don't know, the passwords could have a obligatory combination of numbers+letters+special characters or something to make it more secure.

QUOTE originally posted by Niet

I'll admit, I'm confused as to why people sell ZC for USD in the first place. Like... selling it cheaper than the site does makes no sense because you're deliberately losing value (you have 100 ZC, you sell it for less than £1 - and yes, $1 USD is MUCH LESS than £1). Selling it for more than the site does makes no sense because the buyer can just buy from the site.
Me, as an artist, get paid with ZC or other ingame currency because people have those currencies and not USD. If I earn ZC that way and I need money, I will ask if someone wants to do the trade. Both get what they're looking for and the currency keeps running in the site, the small amount I lose in the trade does not matter much. So I'm against taking the RMT away. Let's enforce the change of weak passwords if needed and punish the people who make a bad use of the system.
Check Svetty's and Lawless' shop! uwu
Garthic [Jamie]'s AvatarGarthic [Jamie]
Garthic [Jamie]'s Avatar
👍 0
Posted 06/Aug/2020 13:04:31 (3 years ago)
Edited 06/Aug/2020 13:04:50 (3 years ago)
"One" is not the number you're looking for, as I said earlier. We've talked about people sorting their passwords out for a reason before, too :p For a reason. This reason. This just happens to have occurred on a larger scale than it normally does and warrants being brought forward so people are aware. Normally it's "friends" sharing passwords or a roommate. Someone looking over a shoulder or things like that - and then doing something malicious. This was rather more. Of course, they're not on-site anymore. This is 'Full removal' territory - no other way about it (as in, yes, the perpetrator has been banned).
Thunderjaw's AvatarThunderjaw
Thunderjaw's Avatar
👍 4
Posted 06/Aug/2020 13:18:11 (3 years ago)
I'm honestly shocked this has been going on. Very disrespectfull and just plain wrong. I'm glad it was found out though, in before more damage would have been done! Instantly changed my password as well. Maybe, I don't remember it seeing pass by but its possible, a way to 'prevent' it in the slightest from happening is to have an e-mail go out to the e-mail adress when an unauthorized IP address has accessed your account and you need to give permission? I don't know, just popping an idea here ^^ (again not sure if anyone suggested it already!)
Useful links: Journal: The Thunderclaw Follow me on these too if you'd like to know me! Youtube: CommandoReptilio Twitch: CommandoReptilio Instagram: GeckoCommander
art by Shadowfeathers of Thunderjaws OC Steve, edited by MossDragon for Thunderjaw's use only
Meg277's AvatarMeg277
Meg277's Avatar
👍 0
Posted 06/Aug/2020 13:20:14 (3 years ago)
Yikes.... I feel so bad for the people affected by this. I need to double down and beef up my passwords.
All art and coding by Shiro.
Just a happy vulpix
Niet [Adam]'s AvatarNiet [Adam]
Niet [Adam]'s Avatar
👍 12
Posted 06/Aug/2020 13:20:39 (3 years ago)
I have started looking into options for 2FA and - again no promises - I'll see if it can be implemented as an option. But I want to be clear: the people who most need 2FA are those who can't or won't use it. That is to say, the schoolchildren who don't know better and share their passwords with their "friends", then those "friends" decide to "prank" them by putting rude stuff in their Trainer Card. Or the people who don't have phones so can't access 2FA in the first place. Or people who see it as a nuisance, and aren't security-conscious enough to realise its benefits. These people often re-use passwords, making themselves vulnerable in the first place. So I'll be considering it as an option, but it is absolutely not a solution to this problem.
Clip from Pokémon anime, re-lined by me
-- OMNOMNOM!
Featured story: Injustice Feedback welcome!
Timberline's AvatarTimberline
Timberline's Avatar
👍 0
Posted 06/Aug/2020 13:25:44 (3 years ago)
I know some sites implement a lock feature after a certain amount of time offline. Perhaps that could help here. Assign a lock code to a user that they are responsible for keeping safe themselves. Should they ever stay offline long enough to warrant it, they just enter the code, then login as usual. I'd definitely make it an opt in/out feature. I haven't spent or earned any money off this site (yet) but it is disappointing this happened. Before reading the comments, I didn't realize how helpful to some people the feature was.
Faded's AvatarFaded
Faded's Avatar
👍 0
Posted 06/Aug/2020 13:56:19 (3 years ago)
Edited 06/Aug/2020 14:38:42 (3 years ago)
I'm glad you're taking action against this! A quick little feature suggestion that may potentially help is some sort of password strength bar? For example if you put in a five letter password when resetting/making your account it'll say "password strength: weak". A lot of social platforms do that and while it can't help if people choose weak passwords, it can definitely give new and old users an idea of how secure they're making their account. Apologies if anybody already suggested this here, just put me down in the yes vote if you're thinking about it already :p Quick edit: I'm not sure exactly what 2FA is but I assume it's two step verification (from what I saw online, looking it up)? If you do decide to implement it into pokèfarm, maybe make it so that people can verify being logged in through email instead of only the phone notification, since it is a requirement to have when making an account. What if you can also give people the option to add/remove their number/email in options or somewhere, with some sort of pin (that the user made) or email/phone verification to change/remove the login verification option. (I know I shouldn't call out any site here but to make what I mean more understandable, I'm thinking what roblox does when logging in and changing the verification login method.)
{ Translation: Hello! }
BlankSmile's AvatarBlankSmile
BlankSmile's Avatar
👍 8
Posted 06/Aug/2020 14:10:34 (3 years ago)
Edited 06/Aug/2020 14:11:35 (3 years ago)
Thank you for looking into 2FA! While it certainly won't help everyone, what matters is that it'll help the people who care about their own account and the security of it. People should be able to feel more at ease about the security of their account. In the given examples, there's honestly nothing you can really do about those people, I don't think that's a problem you specifically need to solve. Account security is ultimately something that requires both the user and the site to work together in unison. If there's people who give away their information with ease, the only one to blame in that situation is themselves. It's a learning experience that everyone has to go through eventually, the blame does not go to the site in a case like this. As for those who don't have a phone and can't access 2FA, I actually happen to be one of those people and as an alternative I've used both Authy and WinAuth on my computer and they seem to work perfectly fine. Some people will indeed see it as a nuisance and avoid using it for that reason, I can recall people saying something along those lines the last time we had a discussion involving account security. However, those who care the most about their accounts will be able to feel more at ease with 2FA. I believe that is what matters most. Having an additional layer of security can only be a good thing.
Omanyte's AvatarOmanyte
Omanyte's Avatar
👍 1
Posted 06/Aug/2020 14:23:28 (3 years ago)
Personally, I heavily rely on 2FA. I know it's a terrible thing to do, but I typically use the same or similar passwords for basically everything (I've been working on changing this.) It's a massive weight off of my shoulders to not have to remember 20+ different passwords and rely on 2FA to keep my account secure, regardless of the password. It'd be a huge help to me, and I'm sure quite a few other people.
Shop
|
Journal
Type Race Score: 0 Credit

Pages: 1234567··· 222324

Cannot post: Please log in to post

© PokéFarm 2009-2024 (Full details)Contact | Rules | Privacy | Reviews 4.6★Get shortlink for this page