These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE General Discussion

 
  • Topic is locked indefinitely.
12Next page
 

Password Restrictions

Author
Nereni Valacon
RoidRagers
#1 - 2011-10-28 10:05:44 UTC
Seriously CCP, the restrictions you are arbitrarily placing on account passwords (such as not being able to reuse old passwords) is more restrictive than the corporate password restrictions at my job! Is there any chance of you guys easing up on the ridiculous restrictions that are currently in place for account passwords? I don't appreciate being forced to live under rules devised to save idiots from themselves.

PS. I've already filed a petition about this, but I've had absolutely no luck in getting my point across.
Cannibal Kane
Viziam
Amarr Empire
#2 - 2011-10-28 10:18:35 UTC  |  Edited by: Cannibal Kane
You need to have your Companies IT staff fired for bad security practices.

Re-using old password is the number 1 nono in any environment.

"Kane is the End Boss of Highsec." -Psychotic Monk

Tedril Goveko
Br0wn Coat5
The Gorram Shiney Alliance
#3 - 2011-10-28 10:20:34 UTC
Hacker Alt detected, passwords too hard to crack, must make them easier.




Lol
Mr Kidd
Center for Advanced Studies
Gallente Federation
#4 - 2011-10-28 10:23:00 UTC
Nereni Valacon wrote:
Seriously CCP, the restrictions you are arbitrarily placing on account passwords (such as not being able to reuse old passwords) is more restrictive than the corporate password restrictions at my job! Is there any chance of you guys easing up on the ridiculous restrictions that are currently in place for account passwords? I don't appreciate being forced to live under rules devised to save idiots from themselves.

PS. I've already filed a petition about this, but I've had absolutely no luck in getting my point across.



If you're reusing passwords then don't bother changing it. Your problem solves it self.

Don't ban me, bro!

Nereni Valacon
RoidRagers
#5 - 2011-10-28 10:25:59 UTC
Cannibal Kane wrote:
You need to have your Companies IT staff fired.

Re-using old password is the number 1 nono in any environment.


Perhaps you'd care to explain why? Nobody knows my passwords, I don't share them with anyone. I don't re-use passwords at work anyway, FYI. My point is that if a policy is good enough to protect access to commercially sensitive company data, it's certainly good enough to safeguard virtual spaceships. I'd put money on CCP's IT environment not having a similarly restrictive policy.
Florestan Bronstein
Ministry of War
Amarr Empire
#6 - 2011-10-28 10:26:36 UTC  |  Edited by: Florestan Bronstein
Cannibal Kane wrote:
You need to have your Companies IT staff fired for bad security practices.

Re-using old password is the number 1 nono in any environment.

during my military service passwords on our PCs expired after one month and reusing the last 3 passwords was blocked.

so the password was always the same word with the month's number attached to it, e.g. pass01, pass02, ..., pass12
(only the hashed password was stored, so there was no way for IT to detect/block this)

really helped to increase security.


The only ones using good passwords (afaik) were J2 - but they would have done that anyways, IT policy or no IT policy.
Nereni Valacon
RoidRagers
#7 - 2011-10-28 10:27:14 UTC
Mr Kidd wrote:
Nereni Valacon wrote:
Seriously CCP, the restrictions you are arbitrarily placing on account passwords (such as not being able to reuse old passwords) is more restrictive than the corporate password restrictions at my job! Is there any chance of you guys easing up on the ridiculous restrictions that are currently in place for account passwords? I don't appreciate being forced to live under rules devised to save idiots from themselves.

PS. I've already filed a petition about this, but I've had absolutely no luck in getting my point across.



If you're reusing passwords then don't bother changing it. Your problem solves it self.


Good point, but I already changed the password again (I think I had it reset or something). Now I can't change it back to what I want it to be.
Sable Moran
Moran Light Industries
#8 - 2011-10-28 10:35:33 UTC  |  Edited by: Sable Moran
Nereni Valacon wrote:
more restrictive than the corporate password restrictions at my job


Could you tell us what company you're working for so I'll have the option of not doing any kind of business with them.

Nereni Valacon wrote:
Is there any chance of you guys easing up on the ridiculous restrictions that are currently in place for account passwords?


Knowing screegs I know it won't happen.

Nereni Valacon wrote:
save idiots from themselves


Idiot like yourself?

Nereni Valacon wrote:
PS. I've already filed a petition about this, but I've had absolutely no luck in getting my point across.


So form that we can deduce that CCP has in fact at least one GM that has a set of working brains, splendid.

On a more constructive note; Algorithms are your friends. They are really handy to generate a whole slew of easy to remember but difficult to crack passwords.

Sable's Ammo Shop at Alentene V - Moon 4 - Duvolle Labs Factory. Hybrid charges, Projectile ammo, Missiles, Drones, Ships, Need'em? We have'em, at affordable prices. Pop in at our Ammo Shop in sunny Alentene.

Sturmwolke
#9 - 2011-10-28 10:43:51 UTC  |  Edited by: Sturmwolke
Nereni Valacon wrote:
My point is that if a policy is good enough to protect access to commercially sensitive company data, it's certainly good enough to safeguard virtual spaceships.


That's a very lax company IT policy, which won't pass the rigors for many med-large entities nowadays.
What CCP has implemented regarding the password re-use is fairly standard practice across the industry.
Infact, they're fairly loose in certain aspects like quarterly or periodic mandatory password change, given the circumstance.
Nereni Valacon
RoidRagers
#10 - 2011-10-28 11:27:24 UTC  |  Edited by: Nereni Valacon
Sturmwolke wrote:
Nereni Valacon wrote:
My point is that if a policy is good enough to protect access to commercially sensitive company data, it's certainly good enough to safeguard virtual spaceships.


That's a very lax company IT policy, which won't pass the rigors for many med-large entities nowadays.
What CCP has implemented regarding the password re-use is fairly standard practice across the industry.
Infact, they're fairly loose in certain aspects like quarterly or periodic mandatory password change, given the circumstance.


My employer does implement mandatory password changes as well as blocking the re-use of the last 6 passwords used, but this thread is not about my employer or their IT practices. The point that I'm trying to make here is that I'm against CCP prohibiting the re-use of ALL previous passwords. It's not standard practice at all in any organisation I've ever worked for (not that that even matters, see above) and it's a ridiculous overextension of security as far as a computer game is concerned. EVE is not a place of employment, nor is it critical that players' accounts are locked down to such a degree. Why should I have to endure policies implemented for the sole benefit of some moron who can't keep his own account/password secure?
Jokerface666
Intergalactic Expeditionary Corp
#11 - 2011-10-28 11:36:52 UTC
Nereni Valacon wrote:
Seriously CCP, the restrictions you are arbitrarily placing on account passwords (such as not being able to reuse old passwords) is more restrictive than the corporate password restrictions at my job! Is there any chance of you guys easing up on the ridiculous restrictions that are currently in place for account passwords? I don't appreciate being forced to live under rules devised to save idiots from themselves.

PS. I've already filed a petition about this, but I've had absolutely no luck in getting my point across.

Get rid of yor it staff dude, i'm not kidding!!!
Nereni Valacon
RoidRagers
#12 - 2011-10-28 11:37:24 UTC
Sable Moran wrote:
Nereni Valacon wrote:
more restrictive than the corporate password restrictions at my job


Could you tell us what company you're working for so I'll have the option of not doing any kind of business with them.

Nereni Valacon wrote:
Is there any chance of you guys easing up on the ridiculous restrictions that are currently in place for account passwords?


Knowing screegs I know it won't happen.

Nereni Valacon wrote:
save idiots from themselves


Idiot like yourself?

Nereni Valacon wrote:
PS. I've already filed a petition about this, but I've had absolutely no luck in getting my point across.


So form that we can deduce that CCP has in fact at least one GM that has a set of working brains, splendid.

On a more constructive note; Algorithms are your friends. They are really handy to generate a whole slew of easy to remember but difficult to crack passwords.


I don't appreciate your insults or your poor attitude. Please don't post in this thread if you have nothing useful to contribute.
Sturmwolke
#13 - 2011-10-28 11:41:19 UTC
Nereni Valacon wrote:
The point that I'm trying to make here is that I'm against CCP prohibiting the re-use of ALL previous passwords. It's not standard practice at all in any organisation I've ever worked for (not that that even matters, see above) and it's a ridiculous overextension of security as far as a computer game is concerned.


That's a fairly narcissistic way of thinking.
Why do you consider it ridiculous - in the face of account hacks and clamour by the community for two-factor authentication?

P.S Incidentally, two-factor authentication's also another industry standard practice.
Tanya Fox
Doomheim
#14 - 2011-10-28 11:43:21 UTC  |  Edited by: Tanya Fox
I'm not toatally sure what you are refering to.

If you mean you are being requested to change your password on a regular basis, I've not come across that as yet.

If you mean you are just trying to use an old password, then I'd ask why would you want to? Because it's good practice not to use old ones.

Because people tend to have so many passwords for different accounts these days, we tend to write them down anyway. So a new password you're unlikely to forget.

Your employer is doing it wrong, unless the part of the system you have access to is non-sensitive.

It's good to see that CCP does take security seriously.
Nereni Valacon
RoidRagers
#15 - 2011-10-28 11:46:15 UTC
Sturmwolke wrote:
Nereni Valacon wrote:
The point that I'm trying to make here is that I'm against CCP prohibiting the re-use of ALL previous passwords. It's not standard practice at all in any organisation I've ever worked for (not that that even matters, see above) and it's a ridiculous overextension of security as far as a computer game is concerned.


That's a fairly narcissistic way of thinking.
Why do you consider it ridiculous - in the face of account hacks and clamour by the community for two-factor authentication?

P.S Incidentally, two-factor authentication's also another industry standard practice.


Indeed, two-factor authentication is an industry-standard practice... one that CCP does not engage in as far as I'm aware. If anything, that's what the focus should be on, not on making it as difficult as possible to manage passwords under the pretext of making something more secure.
Nereni Valacon
RoidRagers
#16 - 2011-10-28 11:49:49 UTC
Tanya Fox wrote:
If you mean you are just trying to use an old password, then I'd ask why would you want to? Because it's good practice not to use old ones.


Yes, this is what I'm referring to. To answer your question, I guess I just have my way of doing things. I'd rather have the freedom to do such a thing than to be forced into a fa├žade of security.

Quote:
Your employer is doing it wrong, unless the part of the system you have access to is non-sensitive.


I've already said that this thread is not about my employer. I was merely using them as a point of comparison, not a point of debate.

On a good note, thank you for at least being constructive in your post.
Sturmwolke
#17 - 2011-10-28 11:52:07 UTC
You forgot to answer the question.
Nereni Valacon
RoidRagers
#18 - 2011-10-28 11:54:55 UTC  |  Edited by: Nereni Valacon
Sturmwolke wrote:
You forgot to answer the question.


Apologies, I was trying to work it into an edit of my reply.

The whole idea of convincing people that something is secure when it really isn't is what I find ridiculous. There is at least one scenario that I can think of where a previous password hasn't been compromised, yet still cannot be used: if a player resets their account password (through forgetting it or whatever) then tries to re-apply that password later on to the account, they can't do it under the current system. That's my main concern here, the current password policy isn't a properly thought-out one, and it's not the sort of thing I expect from a computer game.

None of this is to say I'm against better security in EVE: I'm all for real improvements to account security, ones that provide tangible benefits such as two-factor authentication (not difficult to do either, CCP, hint hint). I just don't like this whole 'illusion of security' nonsense that's going on at the moment.
Tanya Fox
Doomheim
#19 - 2011-10-28 12:17:30 UTC
Nereni Valacon wrote:
Sturmwolke wrote:
You forgot to answer the question.


Apologies, I was trying to work it into an edit of my reply.

The whole idea of convincing people that something is secure when it really isn't is what I find ridiculous. There is at least one scenario that I can think of where a previous password hasn't been compromised, yet still cannot be used: if a player resets their account password (through forgetting it or whatever) then tries to re-apply that password later on to the account, they can't do it under the current system. That's my main concern here, the current password policy isn't a properly thought-out one, and it's not the sort of thing I expect from a computer game.
.



Again why use the old one? There's no reason not to use a new one.

Already said people tend to write them down, you soon get used to the new one (in most cases) even if it's 16 characters or longer as long as you use it on a regular basis.
Sturmwolke
#20 - 2011-10-28 12:20:16 UTC
Nereni Valacon wrote:
The whole idea of convincing people that something is secure when it really isn't is what I find ridiculous. There is at least one scenario that I can think of where a previous password hasn't been compromised, yet still cannot be used: if a player resets their account password (through forgetting it or whatever) then tries to re-apply that password later on to the account, they can't do it under the current system. That's my main concern here, the current password policy isn't a properly thought-out one, and it's not the sort of thing I expect from a computer game.

None of this is to say I'm against better security in EVE: I'm all for real improvements to account security, ones that provide tangible benefits such as two-factor authentication (not difficult to do either, CCP, hint hint). I just don't like this whole 'illusion of security' nonsense that's going on at the moment.


Nothing is secure. Those policies are not there to "convince" people that everything's secure, nor give an illusion that everything's secure.
They're there to mitigate the occurences of unauthorized use, form a multi-barrier blocks and as a general deterrent (to easy hacks).
Being a computer game has nothing to do with what you're implying when personal credit details are at risk.

You need to correct your perception.

Should CCP make an exception to your case, your majesty?
12Next page