FYI: check and change login passwords ASAP

Printable View

Show 40 post(s) from this thread on one page

10-08-2022, 08:31 AM
VelKallor

Quote:

Because not everyone else can access those, as we're not from the US/EU?

I am in Aust , I have the software token / one time pad for mobile.
10-08-2022, 08:59 AM
Shibi

This attack is a pretty simple one. It's just plugging in details scraped from other hacks and leaks over the years.

If you use a password manager, and don't reuse your passwords you are as safe as you ever are.
10-08-2022, 09:19 AM
KatieConnr

Quote:

Originally Posted by AngelCheese77

Keep in mind, the picture below is what the REAL log in to the Lodestone looks like https://na.finalfantasyxiv.com/lodestone/

FAKE SITES will have jibberish letters like .xya inserted and the OTP on the same page as your name login and password.

https://i.imgur.com/TfnTNsZ.png

Holy tabs Batman!!
10-08-2022, 09:42 AM
VelKallor

Quote:

If you use a password manager, and don't reuse your passwords you are as safe as you ever are.

Perhaps

Better safe than sorry later, Shibi. Password security is a big deal.
10-08-2022, 10:23 AM
SaberMaxwell

Can't recommend password management software enough for something like this too.
10-08-2022, 10:57 AM
Aurikai

Using OTP with FFXIV login is painful, bad enough you need to enter password every time, but OTP also. There's a thing called OAuth that issues security tokens once you pass all authentication checks so you don't need to provide this stuff every time, apparently Blizzard can implement this but not SE. Cumbersome login processes always forces bad security habits by users.
10-08-2022, 11:03 AM
SaberMaxwell

Quote:

Originally Posted by Aurikai

Using OTP with FFXIV login is painful, bad enough you need to enter password every time, but OTP also. There's a thing called OAuth that issues security tokens once you pass all authentication checks so you don't need to provide this stuff every time, apparently Blizzard can implement this but not SE. Cumbersome login processes always forces bad security habits by users.

Convenience and security are ever on opposite sides of a spectrum.
10-08-2022, 11:13 AM
Aurikai

Quote:

Originally Posted by SaberMaxwell

Convenience and security are ever on opposite sides of a spectrum.

No they aren't, OAuth is easily fixes this, this isn't host based security, doubt you have a clue about IAM systems, so not surprised you would say something that naive.

Lots of banks and other institutions use that same technology to ease logins, even Office 365 does, even Blizzard, so you're just making excuses for SE spending poorly on security because you lack knowledge of how it works.
10-08-2022, 11:16 AM
SaberMaxwell

Quote:

Originally Posted by Aurikai

No they aren't, OAuth is easily fixes this, this isn't host based security, doubt you have a clue about IAM systems, so not surprised you would say something that naive.

My guy, I merely stated a pretty standard security adage which holds true almost no matter what. It's why "layered defenses" are better no matter what kind of system you're trying to create. No need to get hostile.

"No authorization or authentication standard is guaranteed to protect your information. If your information is available online, it’s susceptible to being stolen. If hackers breach a server of any service that you use, they could potentially take your login information or personal information, like name, address, and credit card information. [...] What makes OAuth great is that it restricts how many third-parties know your passwords. No, that doesn’t mean your personal information is 100% safe. But, by reducing how many entities have your passwords, you’ll lessen the chance that your passwords will get compromised."
10-08-2022, 11:24 AM
Aurikai

Quote:

Originally Posted by SaberMaxwell

My guy, I merely stated a pretty standard security adage which holds true almost no matter what. It's why "layered defenses" are better no matter what kind of system you're trying to create. No need to get hostile.

"No authorization or authentication standard is guaranteed to protect your information. If your information is available online, it’s susceptible to being stolen. If hackers breach a server of any service that you use, they could potentially take your login information or personal information, like name, address, and credit card information. [...] What makes OAuth great is that it restricts how many third-parties know your passwords. No, that doesn’t mean your personal information is 100% safe. But, by reducing how many entities have your passwords, you’ll lessen the chance that your passwords will get compromised."

No you stated a blanket statement that had nothing to do with the topic at hand, which was OAuth would make it easier for users to login. Saying nothing is 100% secure is like saying you should never drive or fly because cars aren't 100% safe, it's pointless thinking and completely dismissive. You can make excuses for SE not implementing that technology all you want, nothing you've said has provided any relevant counter arguments for why they shouldn't.

Show 40 post(s) from this thread on one page