A question to people who have been hacked..

[Myros]

I'm now growing increasingly paranoid with all the hacked account threads.

I feel compelled to ask the following to the gamers with a hacked FFXIV account, what was the strength of your password?

You can use the following tool to check: https://www.microsoft.com/en-gb/secu...d-checker.aspx

As far as I'm concerned, I used a completely unique password for FF XIV. The password is, supposedly, "Strong". Yes, I'm still paranoid.. and I'm slightly curious about the strength of the passwords of those hacked accounts.

[Pronsolo]

Make sure to use security token, if you can't afford the key chain version there is a free version for both android or iphone.

[worldofneil]

Strong password or not, there's still the possibility of your account being compromised. Easiest way (with everything, not just SE) is for someone to get access to your email account and just reset your passwords to wherever because 99% of places will send a reset password link, so make sure your email account is just as protected!

But like the above said, just add a security token. Although with security you can never say something is 100% secure, adding a security token makes it pretty much as secure as you're going to get. Someone would need either your emergency removal password for the security token, they'd need your actual token (phone or hardware device) or they'd need your serial numbers/address to be able to convince SE they're you to be able to remove the token from you account via a phone call etc. Unless someone really hates you, that's just not going to happen.

[lordjoosie]

Strong password or not, there's still the possibility of your account being compromised. Easiest way (with everything, not just SE) is for someone to get access to your email account and just reset your passwords to wherever because 99% of places will send a reset password link, so make sure your email account is just as protected!

But like the above said, just add a security token. Although with security you can never say something is 100% secure, adding a security token makes it pretty much as secure as you're going to get. Someone would need either your emergency removal password for the security token, they'd need your actual token (phone or hardware device) or they'd need your serial numbers/address to be able to convince SE they're you to be able to remove the token from you account via a phone call etc. Unless someone really hates you, that's just not going to happen.

This is actually the best response I've seen in a while. If you've ever experienced SE's password recovery you'd understand the issue with it. I once forgot my password on FFXI. I hit the I forgot password button, and they sent me an email. I pressed a button on the email and typed in a new password. Within 3 minutes of saying I lost my password, I was logged into my account.
It's notoriously easy to get into someone's hotmail or gmail or other free web email, and once you have access, changing the password is a simple matter. I wouldn't be surprised if a lot of the hackings involved contact information on other MMO websights> take control of email account> reset password> shout till your lungs fall off.

[Flaee]

e 99% of places will send a reset password link, so make sure your email account is just as protected!

This. To log into my mail box from another computer they send me a text on my phone with a code. So if SE sends password reset confirmations to my mail box, hackers can't change it. (they still can log on my account, sadly)

[Panthur]

When i changed my pword, i never got a confirmation email notifying me that i was in fact, changing the password. Found that rather odd. I did get the email regarding recurring payment has starting tho! pfft.