PSA: Real Money Traders and Account Security

[Endy]

Ranebow, you make a lot of assumptions in your arguments. It is true that social engineering attacks are always a risk, but given the standards applied to gold farming in general, it has a miniscule chance to be involved here. If it was an inside job, it would be true that no amount of caution on our part would solve the problem, but as not every account has been cleaned out on a given server, this is obviously not the case. Unfortunately, as the processing power of the common PC rises, so too does the ability to brute force. Studies in the IT industry have shown that a large percentage of compromised information outside of user error is caused by brute force methods, and the number has been on the rise since the early 2000's. I don't have a link handy, but I encourage you and all others who are curious to do research on the subject.

Also, 'modern' iterations of browsers update almost as often as antivirus suites to plug holes and bugs in the programs, as do operating system updates. If such methods as described are too dated to work or moot, this would not be necessary. However, the fact that these issues need to be fixed is proof enough that security can be circumvented, and it does indeed happen all the time. Security is not something you slap on and be done with; any IT professional will tell you the same thing. Please try not to spread misinformation by drawing only on your own experiences as a source. The fact is, nothing you do will ever completely secure you against all attacks. However, layering security provides deterrents which are effective against all but the most dedicated attackers, and they have much bigger targets than you or I.

Just as well, my topic is about what the user can do in regards to the specific problems that are likely in play as far as people's accounts being compromised. It may well be a social engineering scheme, unlikely as it may be, but that's out of the general user's hands.

[Endy]

Bumping to keep information on frontpage.

[Jessikia]

This should be stickied so it can stay on the front page!! Some really good advice

[Kraggy]

This should be stickied so it can stay on the front page!! Some really good advice

It's the same advice every MMO forum contains, it's nothing new, no one should have learned anything from it.

[Endy]

There is always someone new who hasn't been told or seen such guidelines. If you've seen it before and have nothing to learn, please move on.

[Elcien]

Being in network security as a profession, I disagree strongly about complex passwords being pointless. Yes, cracking tools will consider every string but if your using a 64 bit or 128bit complex password then this would take a lot of time and a lot of effort to break. The sad fact is that the vast majority of security breaches are caused by people using the same password for every single online service... Not to mention the potential for Squares servers to be insecure themselves (think back to the psn hack a year or so ago and that fact that all passwords were stored in an insecure unencrypted database...

Solution: Download a soft token or buy one of Squares own.

[Endy]

People reusing passwords is indeed a problem and should be addressed in the post. I will add that at the first opportunity.

However, there is still no real point to complex passwords because the number of possible combinations remains the same regardless. Using encrypted ciphers is not something in the standard user's control and is dependent upon where you're putting in your password as far as the context of the post is concerned, so such was omitted. As is the idea of an internal breach causing a security concern. This post provides information on what the USER can do, in the context of Final Fantasy XIV. Please do not post misleading or out of context scenarios.

As well, the vast majority of repeated passwords found in multiple security studies were simple strings of letters and numbers, often eight characters or less. You can be certain that attackers will know that, especially those whose jobs it is to profit from bad security (such as RMTs), and it's a simple matter to set priority scripts in crack attempts.

[Endy]

Bumping to keep active.

[Endy]

Bumping to keep active.

[Endy]

Bumping to keep active.