|
Your donations keep RPGWatch running!
Security Breach
January 14th, 2019, 03:00
I visited the Codex some years ago, just not to my liking. I'll hang around here until they kick me out! 
SasqWatch
January 14th, 2019, 03:04
Originally Posted by RagnarisMe neither. There are more than enough other places of internet to occupy my interest(s).
I did not resort to visiting the, well, other place.
--
Toka Koka
Toka Koka
The Smoker
Original Sin 1 & 2 Donor
January 14th, 2019, 09:09
Hash by itself is weak. You have to toss in some salt. Still if the algorithm is known it becomes weak for folks using weak passwords. Anyway there are many papers on the topic but brush up on your math. The best intercept is before the hash.
Originally Posted by rjshae
If you aren't already, you might consider investigating SHA-3 for secure hashing, although SHA-2 is still pretty good.
Lazy_dog
RPGWatch Donor
Original Sin 2 Donor
Original Sin 2 Donor
January 14th, 2019, 09:50
Originally Posted by Capt. Huggy FaceI can't finish their review most of the time…
I know you didn't ask me, but I couldn't finish that review. I thought it was a load of pretentious tripe. And the Codex turns my stomach. It's just chock full of toadies so desperate to appear undenIably clever but not really having the chops. It's like 6th-grade chess club over there.
Guest
January 14th, 2019, 10:33
Originally Posted by azarhalThis is a security check if the mail can be found in https://haveibeenpwned.com/. The data in there is real and means that your account has been a subject of a leak at some point in time. If you didn't change the passwords on those sites, it would be wise to do so. Also on sites that you use the same passwords, if any. One can also subscribe on that site for security updates if a new leak is added.
I got one too, in my spam folder…but I had accounts on all the thing listed. :/
On a different tune - I would rather like two factor authentication implemented on RPGWatch.
Watchdog
Original Sin 1 & 2 Donor
January 14th, 2019, 14:38
Originally Posted by BundyoWhich one? SMS with giving away my phone number? Never. Just no. I refused to do it on Steam and I constantly click skip everywhere that's bugging me with that notoriety.
I would rather like two factor authentication implemented on RPGWatch.
https://www.kaspersky.com/blog/2fa-p…l-guide/24219/
https://www.cnet.com/how-to/why-you-…-verification/
I'd rather leave a site or service before accepting SMS authentication.
--
Toka Koka
Toka Koka
The Smoker
Original Sin 1 & 2 Donor
January 14th, 2019, 17:12
Originally Posted by joxerThe one in Steam doesn't work with SMSes - you need to use their mobile app for authentication. It is actually a form of time-based OTP (TOTP), so you can authenticate with any OTP generator that supports it, for instance KeePassXC.
Which one? SMS with giving away my phone number? Never. Just no. I refused to do it on Steam and I constantly click skip everywhere that's bugging me with that notoriety.
https://www.kaspersky.com/blog/2fa-p…l-guide/24219/
https://www.cnet.com/how-to/why-you-…-verification/
I'd rather leave a site or service before accepting SMS authentication.
Watchdog
Original Sin 1 & 2 Donor
January 14th, 2019, 19:42
Originally Posted by youYep. Ideally the password change page would include strength testing with an option for two-factor authentication and Captcha, then force everybody to change to the new standard.
Hash by itself is weak. You have to toss in some salt. Still if the algorithm is known it becomes weak for folks using weak passwords. Anyway there are many papers on the topic but brush up on your math. The best intercept is before the hash.
Periapt vs Paronomasia
RPGWatch Donor
January 14th, 2019, 20:46
Yes but for a forum like this that is probably overkill. I mean the most they will get is your email but then again if they stole the database they have your email…
Originally Posted by rjshae
Yep. Ideally the password change page would include strength testing with an option for two-factor authentication and Captcha, then force everybody to change to the new standard.
Lazy_dog
RPGWatch Donor
Original Sin 2 Donor
Original Sin 2 Donor
January 14th, 2019, 20:54
Since the link posted here allows you to change passwords with only access to the old password… doesn't that put inactive / rarely used accounts at risk? Because they may not change their password in time?
SasqWatch
January 14th, 2019, 21:13
Originally Posted by BundyoTo use Steam phone malware for authentication you need to give them your phone number.
The one in Steam doesn't work with SMSes - you need to use their mobile app for authentication. It is actually a form of time-based OTP (TOTP), so you can authenticate with any OTP generator that supports it, for instance KeePassXC.
It's called Steam Guard and the first thing it asks you is to provide them the phone number so they can sell it to 3rd parties.
--
Toka Koka
Toka Koka
The Smoker
Original Sin 1 & 2 Donor
January 14th, 2019, 21:47
I'm so sick of every damn Web-based account I have hounding me for my phone number, which I never give them.
Aging Gamer
Original Sin 1 & 2 Donor
| +1: |
January 15th, 2019, 00:40
I'm one of those troglodytes who doesn't own a mobile/cell phone, so I can't do any form of SMS !! 
Ah the joys of being old!!!!
Ah the joys of being old!!!!
--
If God said it, then that settles it!!
Editor@RPGWatch
If God said it, then that settles it!!
Editor@RPGWatch
On The Razorblade of Life
Super Moderator
RPGWatch Team
RPGWatch Team
January 15th, 2019, 00:41
Originally Posted by CorwinThen we are the last two on Earth without one.
I'm one of those troglodytes who doesn't own a mobile/cell phone, so I can't do any form of SMS !!
The Elder Spy
RPGWatch Team
Original Sin 1 & 2 Donor
Original Sin 1 & 2 Donor
January 15th, 2019, 01:02
Originally Posted by CacheperlNo, as changing your password means you are sent an email, with a link you need to click in order to activate the change.
Since the link posted here allows you to change passwords with only access to the old password… doesn't that put inactive / rarely used accounts at risk? Because they may not change their password in time?
--
In the beginning the Universe was created. This has made a lot of people very angry and been widely regarded as a bad move. Douglas Adams
There are no facts, only interpretations. Nietzsche
Some cause happiness wherever they go; others whenever they go. Oscar Wilde
In the beginning the Universe was created. This has made a lot of people very angry and been widely regarded as a bad move. Douglas Adams
There are no facts, only interpretations. Nietzsche
Some cause happiness wherever they go; others whenever they go. Oscar Wilde
Cave Canem
Administrator
RPGWatch Team
RPGWatch Team
January 15th, 2019, 03:50
Originally Posted by HiddenXThree!
Then we are the last two on Earth without one.
--
Doing Let's Plays Reviews in English now. Latest Video: Encased
Mostly playing Indie titles, including Strategy, Tactics and Roleplaying-Games.
And here is a list of all games I ever played.
Doing Let's Plays Reviews in English now. Latest Video: Encased
Mostly playing Indie titles, including Strategy, Tactics and Roleplaying-Games.
And here is a list of all games I ever played.
Wastelander
January 15th, 2019, 23:52
Just trying to say that there is no need for a phone number and SMSes for two factor authentication and increased security. A simple TOTP generator can be used for authentication (which does basically the same as your bank login tokens) - like how for instance 2FA is implemented in the completely OSS Mastodon and GitLab.
Watchdog
Original Sin 1 & 2 Donor
January 16th, 2019, 13:54
I'm not going to write a mod for vbulletin myself, so I would just select this one: https://www.dragonbyte-tech.com/stor…ntication.314/
--
In the beginning the Universe was created. This has made a lot of people very angry and been widely regarded as a bad move. Douglas Adams
There are no facts, only interpretations. Nietzsche
Some cause happiness wherever they go; others whenever they go. Oscar Wilde
In the beginning the Universe was created. This has made a lot of people very angry and been widely regarded as a bad move. Douglas Adams
There are no facts, only interpretations. Nietzsche
Some cause happiness wherever they go; others whenever they go. Oscar Wilde
Cave Canem
Administrator
RPGWatch Team
RPGWatch Team
January 17th, 2019, 03:22
Not familiar with that specific mod but I've implemented TOTP with QR code for in-house tools and now that I'm familiar with it I would be willing to use it here. I dont like email or sms variants because it can be annoying to get to when needed. Not putting my phone number out there regardless as I get enough spam on my phone and is harder to ignore than email.
There are many free clients for TOTP from Microsoft, Google, Red Hat, including ones for Windows and iOS. Desktop clients are hard to use with just QR code as no camera but with the uri and copy+paste they are fine.
Also I thought self-salting systems like argon2, bcrypt or scrypt are current security hashing recommendations though bcrypt is no longer generally recommended but better than sha+salt. But again its not like my bank account info is stored here so not too worried either way.
There are many free clients for TOTP from Microsoft, Google, Red Hat, including ones for Windows and iOS. Desktop clients are hard to use with just QR code as no camera but with the uri and copy+paste they are fine.
Also I thought self-salting systems like argon2, bcrypt or scrypt are current security hashing recommendations though bcrypt is no longer generally recommended but better than sha+salt. But again its not like my bank account info is stored here so not too worried either way.
Keeper of the Watch
Original Sin 1 & 2 Donor
| +1: |
|
|
All times are GMT +2. The time now is 09:30.