Read more.User information stolen in Steam security breach.
Read more.User information stolen in Steam security breach.
Makes you wonder why people who are making bucket loads of cash from Internet based services aren't employing people who know how to architect a secure solution. It's like a bank storing all it's cash in hessian bags in the reception.
See also Oids's thread
And then inviting the whole neighbourhood in for an open-house cheese and wine party.
I can't log in, can't get past the stupid human checker pattern crap thingy.
FFS , getting well pissed off with all these hacker attacks. Now got to go and check everything and keep an eye out for odd account activity.
Passwords needs to be a thing of the past. Every site should have a one random security question instead.
Ie birth town, first child names, hair colour etc etc
All random questions that are easy to remember.
Valves game client Steam has not been touched... it was their forums and database that got hacked, big difference. In any case I'll go randomly generate some new Steam passwords.
I don't have a forum account, only a support one which I think is separate again. I tend to use Paypal for steam payments although I wonder how my account details are stored on there... I'll check that this weekend to be safe. In any case my credit card is limited and my debit card only ever has just enough in it for my monthly bills, never more, just-in-case someone gets my details they can't do significant damage to my finance.
Not if its done correctly.
My online banking asks for my user name, password then three random characters from 6 pre answered questions. I'm very happy with that. If someone is willing to get all the information to hack that , then they are welcome to the £5 in my account!
Problem is everywhere online wants you to sign up with a user name and password. Most people will use the same user name and password over and over again. Then something like this happens and then you back to back track and change everything. Hopefully if you have any sense , anything related to money has different credentials , but I bet some people out there keep those details the same too.
I think the optional security Facebook has with it notifying you if someone logs onto your account from a different IP address is a good feature.![]()
I feel that security is worse and a friend of mine studying database systems agrees(referring to random questions with only a few characters asked for). Some forums I'm on have better security because I use randomly generated 21 character passwords that use all possible characters. Of course my weak point is accessing my password manager but that has an equivalent strength password and second security factor in the form of a personal grid which makes it impossible to crack without getting hold of both bits of information which are both encrypted in my account so you need to crack the passwords before you can get access to the passwords. Each factor of authentication is highly durable and as long as my password is longer than 12 characters would take a very long time to crack.
As far as I know the best way to secure an account is allow the person to use a password but insist on having another factor on top of that- something people cant get control of easily and is not going to be easily linked with the account such as a mobile number you send a code to. This way the hacker has to somehow have access to your phone information in addition to cracking your password. Other multi-factor options are to send a code in an email, Google Authenticator or use a Yubikey.
As such I am happy with Valves system of authorised computers and any new connections require a secondary code sent in email. I have the same with my Google account and Facebook, my bank seems to be the least secure online destination at the moment using multiple passwords that are all easy to crack.
This reminds me actually, a few years back before I signed up I asked on Hexus about Steam; whether it was trustworthy/safe and was flamed by one member who essentially called me stupid, how could such a big/popular company be risky? You see, this is why I ask these questions.Sure no-one could have known at the time but to be so sure a company is safe is simply ignorant.
Some people just can't get this sort of thing through their thick skulls.
I've signed up to a few sites recently which include an online wallet of some description, that I'm sure in some people's cases will hold several thousand pounds, and their password restrictions are comical. One required a password 7 characters long (not 8, not 6, exactly 7), and another one had to start with a number, could be only letters and numbers, and could be no longer than 8 characters.
Uncrackable.
watercooled (11-11-2011)
Well my bank only lets me USE a 5 characters of my password combined with a 6 number pin.... When I took them to task about only using 5 characters. The response was...
Blah...
We take security very seriously
Blah Blah....
Your wrong
Blah Blah.
You can have longer passwords....
Blah..
They completely missed the point, The password boxes/number boxes are pre populated with character postions before you account number is entered. This As 5 characters is the shortest password this means that ONLY the first 5 characters are ever used! After all it cannot "know" you have a longer password. I did explain this fully in my email report but they were do stupid to be able to work out what the problem was and gave me a boiler plate answer.
Dumb asses its been like that for 5 years.
(\__/) All I wanted in the end was world domination and a whole lot of money to spend. - NMA
(='.*=)
(")_(*)
I think my bank have taken a step in the right direction, now they ask for your password and, provided you get that right, you go to the next page where it asks for 3 random characters out of your 'memorable information' with a drop-down list (guards against keyloggers).
The security leak wasn't the fault of Valve engineers though - it's VBulletin's fault (IMO).
Anyways, if they're to get into my Steam they will need my Steam username and password, my email username and password, and my phone. How I love 2-step verification![]()
There are currently 1 users browsing this thread. (0 members and 1 guests)