Damn, lost everything....

"

Hyaon wrote:

"

Drahken wrote:

"

Hyaon wrote:

You NEVER tell others your password, not even your family.. I would not trust my family with mine! I don't even let them use my PC. Bad bad bad idea.

uhhhh not everyone has their own PC. Some families share them.

Then you will have to prepare yourself for bad things happening such as account theft. One good, savvy family member and 3 not-savvy family members tends to turn a PC into a infected pile of mess. For example, one of my relatives was called up and told she had a problem with windows.... she agreed to let them 'fix' it and installed all their crap. What may seem BLINDINGLY OBVIOUS to us may not be to other people.

I agree with you, and my fiance is only allowed to screw up her tablet... not my pc. but my point is not everyone has this luxury.. sometimes its a few brothers/sisters etc playing these games sharing one pc

Strange goings on around here lately.

I have had a feeling that my POE account was hacked once, strangely enough though, nothing was taken.

I actually had more currency than when i had last logged on, I know this because i burn through my currency like a madman, but when i logged back on and looked in my stash there were a few alchs that i am certain were not there, also, i was in the process of completing the sharp and cruel quest had gotten the dagger and gem but hadnt poisoned the tree yet. When i went to find the tree i realized it had already been done and i had the vaal ruins wp and pools and streams wp already.

My only guess to how this happens is that i was almost a victim, then they saw my awful awful gear and my pile of currency equal in value to roughly a gcp, and decided "fuck it, im gonna help this guy out" because a pile of wisdom scrolls and a couple of lower orbs just must not have seemed worth it.

This was about a month ago but i figured nobody would believe this scenario as being possible, but seeing how many people are getting hacked lately there might be a few hackers out there that dont do it for greed or monetary gain but instead just really enjoy fucking with peoples heads.

Regardless of how it happened i know i did not have those alchs or WPs prior to that login.
Edit. Needless to say I went and reset all my passwords linked to my E-mail used for this game and everything has been fine since then, even though some surprise alchs was pleasant to find.

"

So what, I`m not supposed to trust him or what? He wouldn`t share it (the password) to others.

Thing is, it's against the Terms of Use agreement of PoE; to wit: "Confidentiality of Passwords: You must keep all password and login information associated with your Member Account confidential and not disclose such information to any third party or allow a third party access to your Member Account without first obtaining Grinding Gear Games’ written consent."

"

cryptc wrote:

On the matter of passwords and brute force

This would be correct if brute force loggers didn't use dictionaries and whole words first.

(They do)

Ouch! That sucks man.

I had a level 70 temp, 40 shadow and like 30 marauder. Exact same thing, hacked just like that...
Although I did research and I found out weak passwords can be guessed out quite easily by password-bots that constantly try every password. But look at it this way, you'll start fresh with a mind full of knowledge, I used it to my advantage and I'm nearly back to where I was, even richer (although I have been busy irl ;)

Gl, don't give up, make a really complex password. You'll thank me in the long run!

"

gurkenrudel wrote:

This would be correct if brute force loggers didn't use dictionaries and whole words first.

(They do)

Even so, it's still true. Password length and randomness are ultimately the most important factor in making a password secure against brute force attacks, so a 25 character password consisting of English words is generally quite a bit more secure (as long as the words are chosen by a truly random system) than an 8 character password consisting of letters, numbers, and characters, while still being much easier to remember.

There's a well known system known as Diceware, which basically involves a publicly accessible list of 7,776 short words, each which is preceded by a 5 digit number. You roll 5 dice, then look up the word on the list that corresponds to the dice results. You take around 5+ words in this manner, put them all together, and that's your Diceware password.

This system has been mathematically shown to generate passwords that are secure enough to be used for cryptographic purposes, even in the case where the attacker knows that Diceware was used and restricts their brute force search to the diceware word list. If the attacker doesn't know that, then brute forcing will take even longer, since they will be forced to use a much larger and more general word list.

One thing to note also, not sure if the game is the same as the forum, but after 5 failed attempts, you have to wait 120 seconds. That should make even the easiest passwords much more time consuming to "brute force".

More likely its as others have said, its more likely a system where your password is one you have used elsewhere.

If you use Gmail(and Yahoo I think) you can attach an authenticator to your email account so even if you gave out your password, unless they were on your machine, a lock would be triggered and the culprit could not get into your email period.... I hope someday GGG adds a 2 step process to their login, as this would eliminate the ability for an account to be hacked without possessing that authenticator and not just based of guessing.

"

There's a well known system known as Diceware, which basically involves a publicly accessible list of 7,776 short words, each which is preceded by a 5 digit number. You roll 5 dice, then look up the word on the list that corresponds to the dice results. You take around 5+ words in this manner, put them all together, and that's your Diceware password.

Yeah. If there's any flaw in the XKCD comic approach, it will occur if the words chosen, typically, are from a relatively small list of words. Let's say that the general list of words used risks getting down to choose 1 from 3000. Then the complexity of the password is 3000^^4.

I think that's 8.1x10^^13. Still large, but weaker than as stated.

I read this great little article a while back titled something like "Password lists no longer considered harmful." It argued that if one could adopt a list of passwords that is highly complex in exchange for having a written list, that the risk of getting compromised due to the written list was astronomically less likely than getting compromised to due a hacker compromising your password once and finding your pattern.

It's pretty common even for users who actually vary their passwords to have a pattern like this:

<variance><common part><variance>. Dumb example: password7, password8.

So there is a risk that if your password is owned once by a bad guy, he may know them all. As you can see from the above, numbering sequence, a hacker might correctly guess that you're using a sequence, and try that sequence elsewhere.

Soon after Diablo 3 had been launched, half of forum consisted of "was hacked" threads. There were numerous conspiracy theories and hypotheses, the most popular was that your pw somehow got stollen when you play public games

When you can sell game loot for real $$, it happens all the time

"

When you can sell game loot for real $$, it happens all the time

I don't recall a single confirmed case of such a thing happening when the Authenticator was in use. This implies that all such compromises were user security-hygiene related, and never a compromised of blizzard's internal servers.

--C