![]() |
|
Fort Knox level account protection here - Printable Version +- Southperry.net (https://www.southperry.net) +-- Forum: Maplestory (https://www.southperry.net/forumdisplay.php?fid=15) +--- Forum: Maplestory Discussion (https://www.southperry.net/forumdisplay.php?fid=31) +--- Thread: Fort Knox level account protection here (/showthread.php?tid=21772) |
Fort Knox level account protection here - Phoenix - 2010-01-19 You can change your password up to twice a day (Resets at 12am PST). But this is a great method =] Still screwed if they find out the email attached and hack your account via redeeming pass. Fort Knox level account protection here - Takebacker - 2010-01-19 Spideyjvc Wrote:I'm not sure how you can check your email for your own account, to tell you the truth. http://wiki.answers.com/Q/How_do_you_find_your_email_on_Maplestory @above: That isn't likely to happen, since these are not targeted attacks. It's just a quick hit and run. If they can't get into your account, they'll move on to the next one immediately. Fort Knox level account protection here - IllegallySane - 2010-01-19 Spideyjvc Wrote:The last thing you want to do is verify if you know the email by resetting your password. You'll never get that password email, and thus lose your temp password. Wait. Resetting your password, to verify your e-mail? :f6: If there's a way to ScrewedVille, this has got to be it. Fort Knox level account protection here - Throes - 2010-01-19 Thanks bunches, dear. Locked both the hubby's accounts, since he doesn't have access to MS at the moment anyway. Now I can rest easy and not worry about DCing overnight. Fort Knox level account protection here - SpikeAi - 2010-01-19 Spideyjvc Wrote:So what do you do? Does anyone know if the passwords were encrypted in Nexon's database? I was under the impression that md5 was near imposable to crack but a simple google search seems to prove that wrong (I didn't test it tho). So i suppose it could have been encrypted and the hackers just ran a crack algorithm on all the passwords and it wouldn't matter. I guess this isn't really the place for this kind of question... but does the MD5 algorithm creating non-unique strings make it more or less vulnerable? Anyways, great find. You are surely a critical thinker. Fort Knox level account protection here - Russt - 2010-01-19 Spideyjvc Wrote:The last thing you want to do is verify if you know the email by resetting your password. You'll never get that password email, and thus lose your temp password. You can request a PIN reset via email. If I remember correctly, it doesn't go into effect unless you receive the email and click the link. Or what Steve suggested. Fort Knox level account protection here - Hotshot - 2010-01-19 BombsAway Wrote:It's clear that their goal isn't to get anything, it's just revenge because they were treated badly. And they're taking it out on everyone. Then why would they bother to strip accounts and sell everything for mesos in shops rather than npc the stuff? The simply can't target people and are going on accounts at random, but there's so many accounts to go through (and so many are worthless), that it just takes a while. Fort Knox level account protection here - Hiepocrite - 2010-01-19 . Fort Knox level account protection here - Sarah - 2010-01-19 Hotshot Wrote:Then why would they bother to strip accounts and sell everything for mesos in shops rather than npc the stuff? The simply can't target people and are going on accounts at random, but there's so many accounts to go through (and so many are worthless), that it just takes a while. Because it's easier to enjoy revenge when there are tangible benefits. Fort Knox level account protection here - Russt - 2010-01-19 Hm, would they even bother with an account with only a couple mil of items on it and no characters above 40? I'm wondering if I should bother taking any safety measures or not. Even if I do lose what I still have left on MS, it wouldn't matter much, but it'd still be pretty jarring. Fort Knox level account protection here - CrimsonJohnny - 2010-01-19 Awesome! Now I can protect my account! That is, if my email wasn't dead and Nexon wasn't ignoring my ticket to change it. How long on average does Nexon take to answer tickets again...? Fort Knox level account protection here - Goals - 2010-01-19 Why go though the trouble of typing up a hard password with a variety of hard symbols when one symbol will render the entire password useless. Locking your account should only take like 30 seconds at most. I would set up a general unuseable password for all my accounts on a wordpad to save time. Thanks a million though! I will be using this as my permanant account guard. ^__^ Hiep Wrote:How much safer would it be to use special characters like !@#$%^&*()_+./;'][? And do upper case letters make a difference? Any single special character will make the password 100% safe. The main problem is if the hacker cracks your email, I think. Fort Knox level account protection here - Spideyjvc - 2010-01-19 Goals Wrote:Why go though the trouble of typing up a hard password with a variety of hard symbols when one symbol will render the entire password uselessBECAUSE IT'S PRETTYFUL! Come on, why would you want ☆LetMeSing★ as a password?! Goals Wrote:Any single special character will make the password 100% safe. The main problem is if the hacker cracks your email, I think. Those work? I haven't tested them. Fort Knox level account protection here - MysticHLE - 2010-01-19 Spideyjvc Wrote:BECAUSE IT'S PRETTYFUL! Come on, why would you want ☆LetMeSing★ as a password?! I think he means only 1 single special character is needed along with the minimum requirement length. There is one thing I'm skeptical though about this method...and that's how the server translates/encodes and stores these special characters. It's quite possible that these special characters that we're entering ends up getting turned into arbitrary regular characters upon storage. I'm not sure what kind of input templates Nexon server accepts/stores with...but take URL character codes for example...a %20 actually denotes a regular space character. So it may very well be possible that we enter our password as "©password" but it ends up being stored as "$2Dpassword" or some other sort, which would of course, prevent us from accessing our account from both the game and website since we wouldn't know that © gets turned into $2D upon encoding and storage. And of course at the same time, it might be entirely hashable still. Just putting this out here for the possibility of this occuring. It may not be as fail-proof as we think - but let's hope it is. Fort Knox level account protection here - Russt - 2010-01-19 MysticHLE Wrote:I think he means only 1 single special character is needed along with the minimum requirement length. (Disclaimer: I don't really know what I'm talking about.) Well, that's an issue with character encoding. I doubt that Nexon's site transforms ©password into anything else, since © is in the default "Western" character codepage (ISO-8859-1). For one thing, posting to Southperry doesn't do anything with it either; it shows up as a literal © in the source code. However, if passwords don't handle Unicode (which is probably true), then Japanese characters or anything else not on the codepage will be turned into a sequence of other symbols, probably something like ÆÕ¼. Chances are, though, that this still produces an unusable password. And in any case, entering in the same password with the same special characters and the same codepage in use should convert to the same other symbols and be accepted as a password, so if it doesn't, then you're probably safe. Fort Knox level account protection here - MysticHLE - 2010-01-19 The thing is, if it doesn't encode it into anything else and is stored as it is, it doesn't quite fully explain how the web forms for logging into your account on the site would not work while the resetting password form does. I would think it would be standard practice to use a same input form for a password field? Nonetheless, here's still hoping that this method works. lol Fort Knox level account protection here - SpikeAi - 2010-01-19 MysticHLE Wrote:The thing is, if it doesn't encode it into anything else and is stored as it is, it doesn't quite fully explain how the web forms for logging into your account on the site would not work while the resetting password form does. I would think it would be standard practice to use a same input form for a password field? Nonetheless, here's still hoping that this method works. lol 1) Go to Nexon.net 2) In upper left right under where it says "free signup" click the option "already a member click here" When you do this the "free signup" button is replaced with login fields. Under the login fields there are 3 options
So easiest way to use this technique to protect your account is to first, do a Find ID. Then check your email. If you received an email and the ID is the account you intended then you will have the information (email, id, and birthdate) required to reset your password. ============================== (Disclaimer, I'm not a cryptography expert, this is just hypothesis) I was also kinda curious about the storage of the passwords. Like what MysticHLE pointed out. Has anyone tried the same passwords just with the special characters stripped out. Example: ©opy©at = opyat. Stripping those characters might be a byproduct of security against sql injections. Also I thought that the hashes used will may create collision prone keys (IE possibility that multiple passwords that once encrypted, are the same). If this is true upon decryption an alternate (yet functional) password may be returned to the hacker and render this method useless. Fort Knox level account protection here - Shidoshi - 2010-01-19 Guess I'll be taking a break from MS for some time. I'll change my password into something unusable and find some game to fill my time inbetween... Fort Knox level account protection here - Rhayn - 2010-01-19 Russt Wrote:Hm, would they even bother with an account with only a couple mil of items on it and no characters above 40? I'm wondering if I should bother taking any safety measures or not.Probably depends on their mood at the time. If they've just had a couple of juicy hits, they might not bother. But then again, they bothered to npc (probably) clean 3x equipment, and shift 50+ slots of ores and refined stuff. Fort Knox level account protection here - Kawasari Mimoto - 2010-01-19 Interesting solution. I was going to say your plan could be backfired, but I forgot that the hacker does not know your dob, which technically means you're safe, because without knowing that, they cannot alter the current password on the site even if they have your current info. Nice going, Spidey ...for a man. |