Just Saw One My FC Members Shouting RMT... AKA Hacked...

**SIXTYONESIX** · 09-13-2013 10:31 PM

Make your password longer than 8 characters and you don't need a token.

ForgetThisPasswordNever
IHateRMTWithAFieryPassion
BillLikesToPickHisNose.

Passwords like that have so much entropy that it would take thousands of years to crack, and they are much easier to remember than a random string of BS letters and digits. Don't get me wrong, a security token is a really good idea, but if you can't get one for some reason, this is the next best step.

**Tupsi** · 09-13-2013 10:35 PM

Originally Posted by blowfin

No, a lot of people are being compromised without doing anything dodgy

Sorry, Blowfin, but you will never know this 100% even if you say you do.

**Ryamatsu** · 09-13-2013 10:40 PM

Originally Posted by Rath

Just be careful with your software token. Mine gives passwords that do not work anymore. It was working fine but has not since yesterday. Removal also fails. Will be on the phone with support as soon as it opens.

Do you use the keychain or Phone App? Phone App has option to re-sync with the server so the passwords will hopefully clear up. Hard tokens... sorry might be in trouble there. Sad thing is once you remove it, it's gone forever. SE might give you a replacement for free, but I thought that was just for dead batteries.

Good luck friend.

**KisaiTenshi** · 09-13-2013 10:47 PM

Originally Posted by blowfin

No, a lot of people are being compromised without doing anything dodgy.

HA! No, it's one of three things:
a) They bought gil, power leveling, or some other scammy thing that you give your login info to
b) There email was compromised and password was "reset"
c) One of the related SSO (Single Signon)'s were hacked. eg.
Steam (was hacked in 2011), PSN (was hacked some time in 2011) , Xbox Live was hacked in March 2013 (which means your MSN(outlook/hotmail)/Skype is also compromised), SquareEnix was hacked in 2011 as well. So... well if you haven't changed your passwords on all of these services since march, chances are one of them is the compromised one.

**Dschlitz** · 09-13-2013 10:50 PM

Yikes! I registered the app token today.
I am afraid to register my physical token from the CE because I dont want to accidentally lose the token.

**KisaiTenshi** · 09-13-2013 10:51 PM

Originally Posted by SIXTYONESIX

Make your password longer than 8 characters and you don't need a token.

ForgetThisPasswordNever
IHateRMTWithAFieryPassion
BillLikesToPickHisNose.

Passwords like that have so much entropy that it would take thousands of years to crack, and they are much easier to remember than a random string of BS letters and digits. Don't get me wrong, a security token is a really good idea, but if you can't get one for some reason, this is the next best step.

That's not how they do it. Lookup Rainbow tables. Many backends don't use a salted password hash, so all they have to do is "for each (rainbowtable) {cat stolenpasswords | grep (passwordhash)}" and they have a list of accounts to hack. No bruteforcing required.

**Rath** · 09-14-2013 12:01 AM

Originally Posted by Ryamatsu

Do you use the keychain or Phone App? Phone App has option to re-sync with the server so the passwords will hopefully clear up. Hard tokens... sorry might be in trouble there. Sad thing is once you remove it, it's gone forever. SE might give you a replacement for free, but I thought that was just for dead batteries.

Good luck friend.

Using the android app. Where is the resync option?

Thread: Just Saw One My FC Members Shouting RMT... AKA Hacked...

Thread Tools

Search Thread

Display