My account has been hacked (solved)

Elsonso

Draxuul wrote: »

The part where he says not written down , yeah that is a smart move , but the part where he says exactly how many characters his password consists of is not so smart.

Unless he is not actually using 16 characters and is simply trying to mislead any hackers who took the bait.

Some of those password crackers are able to test over 16 000 different combinations per second.

Go for it.

If you think that knowing his password is 16 characters long makes it easy, then you should have no trouble at all.

16,000 combinations per second. Right. You try to log into ESO one time per second and let me know how that goes.

Khami

RSram wrote: »

The only thing that keeps making sense is that my entire ESO account is corrupted. I have been having problems with all three of my characters since the 2.5 update.

When was update 2.5 launched? Last patch was 1.3.5

Draxuul

lordrichter wrote: »

Draxuul wrote: »

The part where he says not written down , yeah that is a smart move , but the part where he says exactly how many characters his password consists of is not so smart.

Unless he is not actually using 16 characters and is simply trying to mislead any hackers who took the bait.

Some of those password crackers are able to test over 16 000 different combinations per second.

Go for it.

If you think that knowing his password is 16 characters long makes it easy, then you should have no trouble at all.

16,000 combinations per second. Right. You try to log into ESO one time per second and let me know how that goes.

Clearly you missed the whole point of my post and clearly you`re one of the lost causes i was reffering to at the end of the post that you so carefully cut in half when you quoted me.

I wasn`t speaking only about ESO passwords, those notions should apply in general, not just for your ESO account.

Plus i never claimed to be interested in hacking anyone`s account , i`m trying to give advice to people to make sure their account doesn`t get hacked.

I don`t even know why i`m even arguing with you. I`m obviously wasting my time trying to make you understand my reasoning considering you failed to understand a rather clear message .

Seems to me like you simply enjoy arguing for the simple sake of arguing.

Draxuul

Xehmnus_Rayne

The issue was apparently solved so can we please stop arguing?

RSram

The16 character limit was just a number that I threw out there in response to an ill informed post.

There is a DoD and NSA formula that once you get past 9 characters in a complex password, there is not enough computing power for an average hacker to crack it (as long as dictionary words or simple patterns aren't used and the hash used to store the password uses strong "keyed" encryption").

In my post, I stated that I used 16 character passwords, which is meaningless unless you can crack the AES key of the hash table which is stored on the server that you know I frequently visit.

The most important process in the user/password scheme is how the password is store on the system, and the length of the password. Each additional character adds an exponential level of complexity and time.

Before the Common Access Card (CAC), user accounts on classified systems were only 15 characters long.

There are several problems with single factor authentication (User name/password, or pin numbers):

1) Key loggers on either the client/or server side can capture the user name and password.

2) Man in the middle attacks and captures the user name and password before it gets sent encrypted to the server.

3) Except for the DoD, commercial entities follow no standard when it comes to password complexity, length, or method of storage (banking institutions are included). Ignorance of the DoD standard and security, or a small IT budget is why some web sites only allow Alpha-Numeric characters, or passwords less than 16 characters

4) Social Engineering is always the easiest and fastest way to breach any system because humans are the weakest link in any security system. I don’t know how many times I turned over a keyboard and found a password taped to the bottom of it, or a text file on a user’s computer that had all of their passwords and banking information on it!

The only item that I worry about is number 3 because I have no control of how a company processes and stores my user name and password data. When possible, I use two factor authentication on web sites that allow it, such as google, and my bank.

RSram

Khami wrote: »

RSram wrote: »

The only thing that keeps making sense is that my entire ESO account is corrupted. I have been having problems with all three of my characters since the 2.5 update.

When was update 2.5 launched? Last patch was 1.3.5

I was referring to 1.2.5

RSram

lordrichter wrote: »

Draxuul wrote: »

The part where he says not written down , yeah that is a smart move , but the part where he says exactly how many characters his password consists of is not so smart.

Unless he is not actually using 16 characters and is simply trying to mislead any hackers who took the bait.

Some of those password crackers are able to test over 16 000 different combinations per second.

Go for it.

If you think that knowing his password is 16 characters long makes it easy, then you should have no trouble at all.

16,000 combinations per second. Right. You try to log into ESO one time per second and let me know how that goes.

I believe that if you had a 16 character password that is complex using the following character ranges:

lower case letters = 26
upper case letters = 26
digits = 10
punctuations & special characters = 32

The number of passwords that can be derived is: 94^ 16.

I could be off a little on this but you guys get the idea of the huge number of permutations.

According to one web site a modern PC would take 412 trillion years to crack one of my 16 character passwords if it were not encrypted.

But all of this is a mute point if the user names and passwords are not correctly encrypted on the ESO database server which was what I was initially worried about.

When the Russian hackers stole the databases of 1.2 billion users. What the news didn't state was that most of the data was encrypted. So yes they breach the security of thousands of companies, but it doesn't mean that they can access the data.

Draxuul you are correct in you initial statement that it wouldn't be smart to let a hacker know the length of the password if he had direct access to the un-encrypted password. but Lordrichter is also correct that guessing my password (knowing just the length) would be impossible using just the ESO logon interface.

OK I guess we are getting off topic here, so the discussion of passwords is close as far as I'm concerned.

My main issue was that I wasn't hacked, it was some type of glitch that caused me to see the wrong names and characters, but after re-installing the game, everything works now.

Thanks for all the responses.

DieAlteHexe

Moot point...mute is to silence. Unless that's what you meant, of course.

Must say that I'd probably run around in circles and shout if what happened to you did to me as well. That'd be an eye-opener.

KhajitFurTrader

RSram wrote: »

I use 16 character complex passwords that ARE NOT WRITTEN DOWN!

While password length and complexity (and there are some strange notions out there about what complexity encompasses) are important, it is much more important not to use the same log-in name/password combination twice, anywhere. Ever. This way, if one location's security gets compromised, the other is still intact.

RSram wrote: »

I do full off line scans once per month (computer is booted from AV disk), I never go to unsafe sites, and I have been going online since 1984, I have NEVER, REPEAT, NEVER been hacked PERIOD!

I am a retire network security administrator. My router is setup no to response to external requests.

I wonder, if you have experience this long, why are you using the term "hacked" at all? There used to be times when "hacking" meant the creative use of physics/mechanics for practical jokes (cf. The Jargon File, a.k.a. The Hackers Dictionary), and later on, creative coding. It was the 90's media which constantly confused hacking with cracking, and thus the term stuck with the general populace.

And to pop that bubble of a false sense of security:

• A virus scanner can only find things it knows about. "Heuristical" or behavioral scans are a scam, mostly. There are a lot of things out there that no scanner knows about, because those things know how to outsmart it (including terminating itself if it senses the presence of a scanner or VM). This cat-and-mouse game has been, is, and will be going on for a very long time. The time frames in which new signature files are released are still too long to prevent damage from being done.
• Any website, not only the obvious ones, can be compromised without anyone knowing about it, at the very moment you visit it. And yes, there are a lot of zero day exploits in all current browsers only a few people know about. Again, the patch cycles, while getting smaller and smaller, are still too big to not present big windows of opportunity. Keep in mind that the probability of an infection with a hitherto unknown malware by just browsing to a popular site is always greater than zero.
• A firewall/router that drops any unsolicited incoming packets (which is the default behavior, btw) is not, and never has been, a protection against malware opening connections on innocuous ports and sending out information from within. And nine times out of ten, that malware has been using an attack vector in which the user was an active participant, at least in one step of the way.

Talrenos

RSram wrote: »

Logged today and all of my characters were renamed and the physical characteristic were changed. Anyone else experience this.
If after reinstalling the game doesn't fix this then I had it with this F*n game, I canceling my subscription. I not letting someone else play on my money!

Sorry, I cry "LOAD OF BS" on you. How does one change the name of a character? You Don't. You can't. Physics changed? Again, You Can't. Did someone login and delete your chars then totally recreate new ones for you and play them so you might not notice? Um....No...

Lastly, This game is slowly dying, why would anyone want anything you might have?