Account Breach incident
Forum Index > Core > Announcements > News Archive >
For those who use Chrome: A recent update gave you the ability to have it auto-gen you a strong password and for it to auto-remember it (not good if you're using a public computer!!) this password has all the positives about a strong password: it's long (I think at least 16 characters), has a mix of upper and lowercase letters, numbers, and symbols..
Also: pins are...for lack of a better word, dumb. The less numbers in a pin the easier it is to crack, and thhose randomly generated "ensure you aren't a bot, and answer this stupid math question" thing really only works for sign ups.
If I have to go get a pin everytime I log in from a new location/device I'd have to stop playing PFQ. I have so many different IPs I cross through while at work, it's no longer funny. Now assume I log in from 12 of those (2 stable) that's 12 pins on day one and 10 pins every other time until I finally log in enough that it's rarer to get a pin.
Now imagine how frustrating that would be to have to get a new pin everytime you log in? Most 2 step verifications don't require you have to go back and forth--it's usually something right there.
Plus, security questions aren't all that secure. Let's say we need to add three questions, and my three are as follows: "What's your pet's name? What's your mother's maiden name? What city were you born in?" Anyone who knows me well enough (or has found my online family tree, which is semi-public), can have the answers to those in about 5 minutes. They only really work to ensure that you utterly give up, especially if you answered different to that first question than you would now.
I'm all for 2FA but please, for the love of Sally, do not use pins or security questions, it's just too much hassle..
Avatar by the best lizard ever, Bananalizard
#standwithEMS #ELM
Score: 0
Finally finished reading through the rest of this announcement and I'm glad the thief was named, even though I already knew who it was thanks to some other people who found out before I did.
I'm beyond disgusted they could do something like this instead of saving up and earning their melans themselves, instead of resorting to the 'easy way out'. Guess they got their 'dream team', but at the cost of getting banned.
I always thought "wow that user could afford to dish out such a huge amount on just ONE melan legend, I wish I could get a job that paid that well." I legit just thought it was some person with a high end job lmao.
QUOTE originally posted by selocon
For those who use Chrome: A recent update gave you the ability to have it auto-gen you a strong password and for it to auto-remember it (not good if you're using a public computer!!) this password has all the positives about a strong password: it's long (I think at least 16 characters), has a mix of upper and lowercase letters, numbers, and symbols..
Also: pins are...for lack of a better word, dumb. The less numbers in a pin the easier it is to crack, and thhose randomly generated "ensure you aren't a bot, and answer this stupid math question" thing really only works for sign ups.
If I have to go get a pin everytime I log in from a new location/device I'd have to stop playing PFQ. I have so many different IPs I cross through while at work, it's no longer funny. Now assume I log in from 12 of those (2 stable) that's 12 pins on day one and 10 pins every other time until I finally log in enough that it's rarer to get a pin.
Now imagine how frustrating that would be to have to get a new pin everytime you log in? Most 2 step verifications don't require you have to go back and forth--it's usually something right there.
Plus, security questions aren't all that secure. Let's say we need to add three questions, and my three are as follows: "What's your pet's name? What's your mother's maiden name? What city were you born in?" Anyone who knows me well enough (or has found my online family tree, which is semi-public), can have the answers to those in about 5 minutes. They only really work to ensure that you utterly give up, especially if you answered different to that first question than you would now.
I'm all for 2FA but please, for the love of Sally, do not use pins or security questions, it's just too much hassle..
profile picture sprites created by https://pokefarm.com/user/sojussimblr
QUOTE originally posted by Lovino
QUOTE originally posted by selocon
For those who use Chrome: A recent update gave you the ability to have it auto-gen you a strong password and for it to auto-remember it (not good if you're using a public computer!!) this password has all the positives about a strong password: it's long (I think at least 16 characters), has a mix of upper and lowercase letters, numbers, and symbols..
Also: pins are...for lack of a better word, dumb. The less numbers in a pin the easier it is to crack, and thhose randomly generated "ensure you aren't a bot, and answer this stupid math question" thing really only works for sign ups.
If I have to go get a pin everytime I log in from a new location/device I'd have to stop playing PFQ. I have so many different IPs I cross through while at work, it's no longer funny. Now assume I log in from 12 of those (2 stable) that's 12 pins on day one and 10 pins every other time until I finally log in enough that it's rarer to get a pin.
Now imagine how frustrating that would be to have to get a new pin everytime you log in? Most 2 step verifications don't require you have to go back and forth--it's usually something right there.
Plus, security questions aren't all that secure. Let's say we need to add three questions, and my three are as follows: "What's your pet's name? What's your mother's maiden name? What city were you born in?" Anyone who knows me well enough (or has found my online family tree, which is semi-public), can have the answers to those in about 5 minutes. They only really work to ensure that you utterly give up, especially if you answered different to that first question than you would now.
I'm all for 2FA but please, for the love of Sally, do not use pins or security questions, it's just too much hassle..
The 2FA I use for most of my accounts is the kind that generates a new 6 digit (numbers only) code in an app every 30 seconds or so. You enter that number every time you log in on a new device (it's typically cookie-based, not IP). Most people use an app on their phone like Google Authenticator to generate the codes, but these days there are a lot of options including some that run on desktop or sync your codes across devices (technically less secure, but very convenient).
The purpose is that if someone guesses or tricks you into giving up your password, they won't have your app-generated code, and there's no way to effectively guess or collect it since it changes so often. It's still technically vulnerable to certain types of social engineering etc but that can get pretty tricky to pull off.
Static PINs you have to memorize are no better than a password. Same with security questions.
Example
The point is, it basically makes it so that you are required to have your phone on you (or whatever device has your registered authentication app) in order to log in successfully. Preliminary review of things looks like it should be possible to implement on PFQ as an option.
Oh my God, am I glad I am not too rare. Although I do remember some eggs being mysteriously hatched some time back while I was offline. I hope she didn't guess my password I definitely didn't procrastinate changing. I'd die if my bacon baby was stolen, and report it on the spot. Thank you everybody who helped
cy/fev. he/they pronouns. find me at @scorkaji on discord if you need me
avatar is official Honkai:Star Rail art, edited by me. pkmnpanel code
King's Shield
Forme-Change Item
(: 0)
A mysterious shield that enervates attackers. Aegislash could make good use of this.
Sells for 500
Likes:
Bitter food
27%
Calm nature
avatar is official Honkai:Star Rail art, edited by me. pkmnpanel code
QUOTE originally posted by Duusu
Was karenkhor IP locked as well? While she may have been account locked, what is stopping her from making another account?
Icon is from "Obey Me!", by NTT Solmare Corp.! || My Trade Shop! || Delta Hoarders United!
Collector of special water deltas!
Oh wow. I seriously expected not to recognize the user at ALL, but that is a name I have seen far too often.
I don’t remember trading with them in the past few months, but I have most DEFINITELY traded with them over the past few years. Quite frankly I’m shocked, and it makes me wonder if they were pulling similar things back then as well.
QUOTE originally posted by Duusu
QUOTE originally posted by Duusu
Was karenkhor IP locked as well? While she may have been account locked, what is stopping her from making another account?
Cannot post: Please log in to post