Get a "strong" password to protect against hackers

[Quantact]

This thread was inspired by a similar thread from Gaia Online. The thread, made by the former Gaia moderator, (their equivalent of GM,) Paakun is right here:

http://www.gaiaonline.com/forum/gaia...hot/t.7146477/

At the time of this thread's creation, I was unable to secure Paakun's permission to use his thread, because he seemed to have quit that site in late November and I did not have his contact info. However, there is now hope of contacting him, so if he requests, I will take this thread down or edit it to his liking. However, with the endless hackings I have seen on Maple Story, I think it's past time for a similar thread to appear here.

////////////////

What this thread is:

This is a thread on "password strength" and to a lesser extent other security measures. Using is will create a "strong" password for your Maple account which, while not "hackproof," (nothing is,) will ensure that most people attempting to use software to crack open your account will FAIL. Paakun told me that a password created as in this thread would deter bank-cracking software for around TWO HUNDRED years. The thread will also educate you to a couple common security threats which are taken lightly by Maplers, causing them to lose their valuable accounts.

Do not post your password here, or anywhere, or you will seriously risk compromising the security of your account.

/////////////////

To use it: Go to this page:

http://www.mytsoftware.com/dailyproj...n/PassGen.html

- Select "Base95"
- Select "length 10" (note: if you want, select another length 8-12, but I'd suggest no shorter than 8.)
- Write the password down and type and retype it around 100 times. Keep it written down in a safe place, (your private email is good for this,) until your fingers can type it out without you thinking about. Eventually, you will not be able to say what your password is, but you will easily be able to type it.

If you do not trust this software, or if the password generator URL is not currently functioning, (it does that sometimes,) you may simply slap your keyboard, add characters, subtract characters, and end up with something similar. As long as it contains capital letters, small letters, numbers and special characters, is long enough and is made in a fairly random fashion, it'll do the job. Use the following procedure:

1. Slap your keyboard a few times until you get a combination of small letters that reads like gibberish. In my case this resulted in "inogaerif"
2. Replace some of the small letters with capital letters "InogaEriF"
3. Add some numbers in a random fashion. "In56oga3EriF"
4. Add some special characters in a random fashion. "In(5(6o+ga3*EriF"
5. If you wish, take out some of them so the password is 8-12 characters long; however, make sure the end result retains small letters, capital letters, numbers and special characters. In my case, I ended up with "In(5(+g3*riF," which is a 12 digit strong password.

Special characters such as "^" and "+" ARE supported by Maple Story. You may use them in your password.

While the password that appears either from the slapping or from the pass generator may seem impossible to memorize, eventually a password such as "_+.&<NM=D4" will be as easy for you to write as the word "hotdog." Trust me on this, I have used passwords such as "_+.&<NM=D4" for roughly 2 years, and with practice it really is that easy. I can type my password in no more than two seconds. However, while a hacking script working against your account will crack open the word "hotdog" within minutes, the password "_+.&<NM=D4" will be another matter. The sort of people who can crack "_+.&<NM=D4" will not be the sort of people who play Maple Story. They'll be robbing Swiss banks.

////////////////

Why do it?

You will essentially be trading about an hour of your time for a lot of security. If you're going to play Maple for a year or two, spend an hour doing this. It's worth it.

Ideally, your account name and other info will not become known to anyone and so no one will even get the chance to attempt hacking your account. If it does become known somehow, or if you maybe made your account name the same as your character name, the password will be the only real protection you have. Your pin is completely worthless because a pin cracker will break through it, and those are easy to get.

Accounts DO get hacked. Today's R.I.P. thread was this one, in Scania:

http://www.sleepywood.net/forum/show....php?t=1409931

That thread ultimately led to this one. I am SICK of seeing this sort of thing. This Bowmaster fellow appears NOT to have trusted his account info to the hacker, and he appears to have known about the hacker. My guess is he changed his info, though I admit I didn't ask. I once met a very skilled hacker on Maple, and while I am not permitted to discuss his tools on Sleepywood, I will say the stuff good ones like him use is pretty disturbing. The "top 10" lists on Sleepywood especially create a problem with such people, as the hacker might see a godly account posted on one of the lists, and then has incentive to use a hacking script on the account he knows is worth billions. If you have a strong password, and take the time to memorize it, good luck to the fucker trying to steal your account. Gaia Online has a lot of concern about this matter, and to the best of my knowledge about that site, (which is pretty extensive,) NO ONE with a strong password has ever gotten hacked through scripts, even though unlike Maple you have to crack only the password and not the account name.

//////////////

Note: A strong password is WORTHLESS if anyone knows about it. Worthless. This is very important. If your password is "_+.&<NM=D4" and you give it to the wrong person, it may as well have been "hotdog" and the hacker scripted you. In fact, most hackings involve the hacker worming his way into the account-holder's trust, and then cleaning out the account. The sort of betrayal I have seen for mesos can scarcely be described. We're talking about billions upon billions of mesos, and some of the highest level accounts in Maple. The one thing that almost all such incidents have in common is that the victim never sees it coming. Neither will you.

Keep in mind that your situation may change. Much as you love your friends, and even family, friends, brothers and sisters HAVE hacked on Maple in the past. I personally played with my best friend of 13 years who, upon the termination of our friendship, stole 150 million mesos from me. On my server, xRagingHeart's best friend sold his info to a hacker, (pre-2x 13x account destroyed and robbed, and the best friend was caught red-handed with xRagingHeart's Dex earring in her shop,) Chamukoo was was robbed by the person he shared with, (mostly pre-2x 15x account cleaned out, resold by the hacker to its owner, and deleted due to inadequate security,) ivluleMan was nearly cleaned out for 5 billion by the same guy who cleaned out xRagingHeart due to sharing with him, and then ivluleMan HIMSELF cleaned out StrafeStyle for over 2 billion mesos. (I was very good friends with ivluleMan, was completely shocked by this, and never saw it coming, personally.) One of my friends trusted the info to his 10x WK to the wrong person, and the account simply dissapeared. These are just the ones I've personally been at the scene for. Peripherally speaking, the horror stories just keep piling up on a daily basis. I mean, do I really need to go on? Sharing is a very dangerous and convoluted world. The single best gesture of protection on your part is to never share your account info with ANYONE. It's as Paakun says -- your password is like your underwear. You might trust your friend, but you still wear your own underwear.

///////////////

Addendum: the bowman I cited above was NOT pass cracked. Thanks pyesp. There is apparently an exploit that allows the hacking of an account if the hacker knows the account name and birthday. Therefore, a strong password on Maple is a protective factor if the hacker knows the account name only. It may not protect you if the hacker knows your birthday. Such details of your account should be kept to yourself under all circumstances. Even your best friend or brother whom you might trust your account to need not know the birthday to your account, because that would allow them to change the pass. Why would the person you're sharing with need to know that info? Hopefully Nexon is aware of this security problem, but until it's dealt with we must create our own security.

In creating your account name itself, mix letters with numbers. A hacker might randomly guess and target the account name "Steph" but he will not randomly target an account called "0Steph78."

Birthday is a horrible security question in my opinion. When making a new account, do not use your actual birthday, as every person who knows you for a while will eventually find out what your birthday is. No one really has reason to know that you were born in Mobile, Alabama, or Kagoshima, Japan, (and asking this will look suspicious,) but your birthday will get out there. Especially when your birthday comes around and your friends throw you a party in Free Market. If your real birthday is currently locked in, tell strangers that you are one year and a few days older/younger than you actually are because disclosing your true birthday in such a case may create a security risk for you. If you can create another birthday for another account, put your birthday, (and all your other security info,) in your email account or another secure place where you will not lose it. Some people I have known used information that they lost and were unable to change passwords for their accounts.

/////////////

Finally, beware of keyloggers. There are some safe sites, such as hidden-street, sleepywood, and Nexon's official site. But generally, do not go to random sites and do not click on random links. This goes especially for links advertising hacks or meso selling, which are "shady" sites linked to Maple. If a person is okay with using godmode, (and puts it on his site,) he may well be okay with placing a keylogger on that site to clean your account out. Learn the safe sites, and do not go to the others. It's also possible to get a keylogger by chatting with someone on MSN or AIM.

If you suspect your computer has been infected with a keylogger, immediately go to another computer, and change all of your info. Do not log onto Maple from the original computer until you have reliable software diagnose and eliminate the keylogger. Such software will, of course, tell you if your computer is safe and you do not need to worry.

[AntiSocial]

See, what I hate about most of the "OMG I GOT HACKED" threads, is this:

In fact, most hackings involve the hacker worming his way into the account-holder's trust, and then cleaning out the account.

You got scammed, not hacked, scammed.

[Quantact]

Quote:

Originally Posted by AntiSocial

See, what I hate about most of the "OMG I GOT HACKED" threads, is this:

In fact, most hackings involve the hacker worming his way into the account-holder's trust, and then cleaning out the account.

You got scammed, not hacked, scammed.

That's very true. However, script kiddies play the game too. Yeah, scammers are prevalent, but what's the real difference between cracking an easy password and activating godmode? That's why I presented both sides of this matter. While you don't want your password in anyone's hands, it really can't hurt to go that extra mile.

There was a news story a while back about an actual hacker who played Habbo Hotel stealing 4,000 Euros worth of virtual property on that game. The European police busted him and pressed charges. Some of the accounts I am aware of on Maple are worth almost that much, and cracking just one account will not really make the news.

[SiThBoY]

This is a good thread. ;o; I normally use http://www.pctools.com/guides/password/ for my password, or just reset it from the MapleStory/Nexon site.

I remember my passwords by splitting them up into parts and then trying to remember each part. Sometimes, you can see words in your password. If I see a password that I like, I try and remember it as a sentence or phrase.

e.g. h-ber4spestABRu (a random one I just found)

Hi, I'm Bera's pest. ABRA KADABRA!

It works well, and it's easier to remember it that way for some people.

ofc, you have to remember what your password is too and be able to type it properly. This is just extra. ^____^

EDIT: lolgaia.

EDIT2: the pctools site isn't as secure as the one you have up there, but it's still pretty good. I think that the passwords it generates are much easier to remember, but that's my opinion. My memory is horrible.

[Oversoulx2]

That's awesome. Well said, and thanks for the pass. generator. Hopefully more people will make more secure passwords, not give out their own personal info, and not fall for stupid scams.

[Nezarin]

The same would work for PINS as well. I know some people that like to use PINs like 1337, 0000, 1111, 2222, 3333... etc., etc..

[Frz]

Quote:

Originally Posted by Nezarin

The same would work for PINS as well. I know some people that like to use PINs like 1337, 0000, 1111, 2222, 3333... etc., etc..

Yes I use 1337 almost everywhere. I find pins pointless and annoying. A 4 digit pin provides no noteworthy security strength and can be cracked within 5 minutes.

[Fishicorn]

Pshh my password is like HaI8e9tU7tTa9y712c6S (not joking)
No one will ever get my account.

[realgeneric]

This is actually quite good, except you should select the lowest (3.5 bit) setting, because Maple doesn't allow characters such as { or + in your password.

I've been using random* passwords ever since I learned passwords existed, as I never trusted real words. For the first password I ever made, I envisioned that the keyboard was actually a piano, and I played a "measure" of a song I liked onto microsoft word, looked at what I wrote, and memorized it.

*Not generated by random number generators.

[Quantact]

Quote:

Originally Posted by Fishicorn

Pshh my password is like HaI8e9tU7tTa9y712c6S (not joking)
No one will ever get my account.

That quality is really good, but if you include a couple special characters, (%, ^, #, etc.,) it'll be even stronger.

Quote:

Originally Posted by realgeneric

This is actually quite good, except you should select the lowest (3.5 bit) setting, because Maple doesn't allow characters such as { or + in your password.

I've been using random* passwords ever since I learned passwords existed, as I never trusted real words. For the first password I ever made, I envisioned that the keyboard was actually a piano, and I played a "measure" of a song I liked onto microsoft word, looked at what I wrote, and memorized it.

*Not generated by random number generators.

Thank you.

Maple allows special characters to the best of my knowledge. Both the passwords I used on MS included a few special characters. Try testing it out. 3.5 will not provide adequate security in my opinion.