Forums

Better Passwords

Quick find code: 14-15-577-66077109

of 3
Trustifarian
Aug Member 2018

Trustifarian

Posts: 100Iron Posts by user Forum Profile RuneMetrics Profile
How hard is it to add symbols to passwords at this point? Would make make me feel much more secure. With a recent data breach of over 773 million emails in the "Collection 1" file, I think it's time for an added layer of security for accounts. I've existed in a virtual space since Nam. I have passwords everywhere. I don't feel safe with so many of these old passwords floating around. Can anyone provide a simple answer on this?

19-Jan-2019 09:20:35 - Last edited on 19-Jan-2019 09:21:17 by Trustifarian

Tuffty
Jan
fmod Member
2003

Tuffty

Forum Moderator Posts: 135,046Ruby Posts by user Forum Profile RuneMetrics Profile
If you are that worried just change your passwords to where ever you log in.

Nice simple answer.

Out of the millions of millions of names and passwords stolen you are worried about 1. If it's going to happen it happens. No matter what security you have it will happen.

Stop worrying. Why lose sleep over it.
Comprehensive Account Security
What did one eye say to the other eye? Between you and me something smells.

19-Jan-2019 10:25:41

Thunder†Jinx
Feb Member 2010

Thunder†Jinx

Posts: 13,266Opal Posts by user Forum Profile RuneMetrics Profile
If you want a secure password you're better off having a passphrase of 30+ characters than a short password with symbols.

You only have yourself to blame if your password isn't secure enough.
Darkness rises when silence dies.

Save time and money
join
Fast Sc
friends chat for BXP across many skills!

19-Jan-2019 10:25:59

Daibhi
Sep Member 2017

Daibhi

Posts: 863Gold Posts by user Forum Profile RuneMetrics Profile
Collection 1 is just an amalgamation of older data breaches because 360 million of them are Myspace (happened in 2008) and 164m LinkedIn (2016) accounts - I wouldn't be surprised if that Ashley Madison one is also included in it. Plus it's a Runescape account.. it's not like there's much value in it.

Not to mention our passwords aren't even case sensitive so there's no point even worrying about it because, even if you do uppercase, lowercase and numbers (symbols have never worked: ŠŃŪÕť…ů” etc.), if you type your entire password to log into the game in caps you can still log in.

19-Jan-2019 10:49:42

Moneybucks
Nov Gold Premier Club Member 2018

Moneybucks

Posts: 7,264Rune Posts by user Forum Profile RuneMetrics Profile
Actually, OP is right here. RS passwords are not case sensitive, and don't permit the use of symbols.
It's been this way for years.
And, what's more, there should be no reason for it (other than convenience for Jagex), because they shouldn't be storing the passwords, they should be storing the result of a cryptographic algorithm based in part on the password and in part on a secret 'salt' value. The fact that there are password restrictions suggests this may not be the case, which is a concern given it flies in the face of best security practice.

Thunder Jinx is actually correct in essence, but somewhat disingenuously so, as having a long passphrase and the use of multiple character types are not mutually exclusive and should be combined for optimal defence.

Nobody expects to get buggered, but why make it easy. Simple things, like complex and long passwords, are easy to implement but significantly increase the difficulty/cost of an attack. Be that something low-tech like some guy trying to run multiple guesses (which the RS applet does prevent against to its credit) or something high-tech, like some guy who got a hold of the password list trying to crack/reverse engineer the afore-mentioned cryptographic algorithm.

That said, it's been this way for years, Jagex clearly doesn't give enough of a shit to address it, for whatever reason (and they've never given one), so OP, the best thing you can do is use as long a password as is practical and make sure to implement 2FA (which doesn't apply on the website, incidentally). Also take every precaution to protect your associated mail account, as if that's compromised it can be used to compromise your RS account too.

Rant over - I work in this field and have done for some 10-12 years. General stupidity keeps me in a job, so I should encourage it, but the idealist in me still finds it tiresome when simple protections are either refused or aren't provided.
Moneybucks

19-Jan-2019 12:14:24 - Last edited on 19-Jan-2019 12:18:42 by Moneybucks

Trustifarian
Aug Member 2018

Trustifarian

Posts: 100Iron Posts by user Forum Profile RuneMetrics Profile
Appreciate the meaningful responses. I was certainly a little buzzed off the sauce when I posted this, but it just blows my mind that symbols and case sensitivity are not yet implemented.

I have a username login on this account, so I shouldn't see any need to worry. While my accounts are secure, there are tons of accounts that are not. If one were so inclined they could potentially use these lists maliciously on older accounts and scap up a bunch of rs3(lol) rares. The older lists are entirely more concerning, because older breaches likely have weaker password standards and this potentially brings one's password closer to those able to be used here.

19-Jan-2019 20:58:33

Aubrey666

Aubrey666

Posts: 555Steel Posts by user Forum Profile RuneMetrics Profile
I use a different password for all of my accounts, and I like to use challenging passwords as well as the two-step authentication. If one thing is compromised, then everything is likely still in a good state. I do think it would be a good idea to add symbols to it, but you can make a good password without it too (good suggestion!).

Just an fyi for any other readers: Pass phrases are very popular. It's using a phases instead of a word or two for your password, and it's often followed up by partitioning the words, scrambling them a little bit, and replacing some of the letters with numbers. Some places will buff it up by front-loading the phrase with a pin or even a token. You could do something as simple as:

(arbitrary pin example 5640) I love my cat
i lo my ca
Resulting in 5640il0myc4

It's a non-sensible password to anybody else, but it's easy for you to remember a pin and a meaningful phrase.

I don't doubt its imperfections, but it's good enough and practical. Putting locks on your doors wont make it impossible for people to break in, but it adds time and effort, and that's generally good enough to keep people out. You're playing a chance game and you want the odds to be in your favour.

19-Jan-2019 22:33:58

Dong†U†Dead

Dong†U†Dead

Posts: 20,552Opal Posts by user Forum Profile RuneMetrics Profile
I just use a selection of numbers and letters, sometimes I have words and numbers. But they say adding symbols (upper case), wouldn't protect your computer any more than how it is now for the simple fact if you have a trojan on board they will get your password with symbols or not. I also use a different email for my accounts than what I do for my everyday stuff. So all my family and friends don't see my RS emails - no one does.

Just make sure you have a bank pin and authenticator.

I actually need to get an authenticator for my email.
~~~Short Stories~~~
Quick find code: 49-50-834-66087549
Written by me :P :D

20-Jan-2019 01:03:27

Final†Feud
Apr Member 2014

Final†Feud

Posts: 10,972Opal Posts by user Forum Profile RuneMetrics Profile
Most people use the same password across multiple log-in platforms and sites.

I think the issue lies moreso in the fact that people aren't regularly changing their passwords on a daily basis, but I agree with you OP - case sensitive/symbol enabled passwords would be a nice addition.

Oh, and Authenticator is amazing.
Quest Cape Skill Requirements
The Official Guide Directory
You have been kicked from the channel.

20-Jan-2019 01:28:45

Quick find code: 14-15-577-66077109Back to Top