No posts to display

newest oldest most liked
Subscribe to:
Fenrir Wolf

Nope. I use ridiculously long multi-word sentences whenever I’m allowed to. Tricky to type in when I can’t see what I’m writing? A little. Secure when you’ve 6-8+ unusual words in your password? Definitely.

Easy enough to remember, too, unlike the character-spam some people can use which can actually be algorithmically easier to guess. XKCD did a thing on this, I believe. Worth reading.

My more important passwords have sentences of a total of over 20 words, they haven’t been hacked. It’s just good password hygiene, really. In the past, the vast majority of passwords were obtained via mere guessing. This is why many systems today have human verification and a limited number of login attempts.

That might be frustrating, but it really is for your own good. Unlike two-factor authentication which really doesn’t do nearly as much to protect one’s security as people believe. It’s really more of a placebo effect not unlike any kind of pointless security theatre. It’s meant to make you personally feel more safe without actually being safe.

Unfortunately, most security is an illusion. The one and only protection you have against identity theft is the one that most people never use: The human mind.

I remember years ago trying to teach a gaming site about social engineering. I try to be a good Samaritan, but human beings can be hateful, terrible creatures who’re often not worth it. Sometimes the compulsion to just fob off the lot of them to the whims of fate is louder than empathy. Not often… sometimes, though.

Anyway, I brought it up in an effort to teach them about how easily a person can be behaviourally hacked, or even programmed, by relying on certain key features of the human condition that don’t always work in our favour. I was soundly mocked for it. It was funny, yes, but not helpful to them.

My favourite line was “my school doesn’t teach social engineering, I suppose I’ll have to take regular engineering instead.”

Such ignorance compounded by such arrogance. It’d be bloody funny, if it wasn’t blatantly sticking one’s head in the sand. Something that ostriches don’t do, but humans certainly do.

I refer to people as humans a lot, don’t I? Odd quirk. As an autistic person I’ve had the pleasure of being informed of my inhuman or subhuman status regularly enough for the message to be received. I’m an alien that doesn’t quite fit into the human genus, got it! Thanks for the lesson!

Do I sound bitter? Eh, just a little. Probably every other autistic person too, for that matter. Neurotypicals…

I swear the lot of you will destroy yourselves and take us with you.

Some days I understand how a dragon feels.

Where was I? Ah, yes. The best tool you can use to protect yourself from the ills of the world is the one you were born with, your very own brain. Other tools can be helpful in notifying you of suspicious activity, but a computer can’t really keep you safe. Let alone safe from yourself.

There’s too much trust placed in that outcome. Which is ludicrous, really, since the programs protecting you are erroneous things programmed by fallible creatures who’re all too prone to PEBCAK.

Every living human is prone to PEBCAK.

Even those of us who aren’t quite so human. PEBCAK is probably Universal wherever seating and manual input methods exist. And the reason most people get hacked? PEBCAK. So much PEBCAK.

In most cases, hackers can only PEEK and POKE because you’ve invited them in with open arms and begged them to do so.

TL;DR: Friends don’t let friends click links in emails.


Multi-world passwords aren’t inherently safer; they are just easier to remember for the same password strength. Which, to be fair, does mean that despite not being safer they are often a better idea for those that don’t use some kind of password manager, digital or not.

2FA, on the other hand, isn’t just a placebo; as long as the process to remove a lost authenticator from the account isn’t exploitable 2FA is really good at increasing security. It’s not a foolproof method, though; for example, trojans can bypass it (by capturing the authenticator-generated code as the user enters it and passing it to the hacker, or a login bot, in real time). This means someone who becomes lax with security due to excessive trust in 2FA will be more vulnerable than a security-conscious user without 2FA.

BTW, my most secure password ever was Supercalifragilisticexpialidocious. Only with sprinkled spelling errors, random capitalization, and a third of the letters changed for numbers or symbols. Easy to remember for me, nearly impossible to guess even for those that knew which word I used as the basis for the password. I only stopped using it because it was too annoying to type every time, both due to the length and to how I had to keep pressing and releasing the shift key all the time while typing it.

Nicole Roman

My WoW account was hacked in 2010. I talked to a Blizzard rep on the phone and a few days later all my stuff was waiting for me in the mailbox in-game. This incident prompted my husband and I to buy autheticators, something we had discussed doing since they were introduced in 2008.

James Mock

I had my Dungeon Fighter Online account hacked and they stole everything and deleted most of my characters. I was devastated.

Teala Te'Jir

Wow account back in 2010 was hacked. Got everything back, the Admin that handled my account did a great job. It was after that we got the authenticator and never had an issue again.


Luckily I have never been hacked, but I have had 2 factor authentication on absolutely everything (even if I had to pay ), for some reason it just stuck in my head that I need it.
I do often get messages from my EA account though with my login verification number written in Russian lol, I wonder how often they will try before finally giving up.


I lost my first WoW account, the one I had since vanilla. I was mostly crushed to lose my main character, whom I had a sentimental attachment to. A few months later, I managed to get the account back long enough to transfer my main to my new account, before the hackers managed to take the account back again.

But I lost basically all sense of game progress. The only things I had left was my main character and whatever random items they hadn’t vendored. It was a relief to have my old character back, but sometimes I wish I had been smart enough to hold onto that original account a bit better. It would have been fun to have all those rare achievements and items that you can no longer get. I had the entire set of the original Wildheart set, the penguin Pet from merging with before it was required, things like that. A bit of a shame.

I also had my Origin account hacked once, which was very scary since it had my credit card saved. But all the hacker did was download a free game on it… And customer support helped me get it back within minutes.


I’ve had both WOW and EQ2 accounts hacked. In the WOW case, I had stopped playing a while before and so I just sort of ignored it. Got an email some time later that the account had been banned for selling gold. Maybe a year or two later I got talked into going back for a bit and so I worked with Blizz to get access to the account. Silver lining, the character the gold seller had been using had I think 50k gold on them at the time, which was far more than I had had when I stopped playing.

EQ2 was a little worse. The hacker got access to my account while I was playing and I got logged off and then couldn’t log back on because they’d changed my password. Took about 12 hours to get then-SOE support to respond, by which time the hacker had sold everything of value. I got a rollback on the account and the bank, and while it wasn’t perfect I think I ended up with a loss of maybe 10 plat worth of value, almost totally insignificant.

Both were my fault. I’d been reusing an easy password and using it on forum accounts as well. I could have had my account hacked any number of places and they could have gotten access to the game accounts

Lily Cheng

Yes, once in Age of Wushu. I had lost items totaling in worth over $600 (You could buy in-game currency with money, it was a P2W game after all). This was before they implemented 2FA.

The worst part about it was that Snail Games absolutely denied the fact their own systems were hacked.

The reason I say this is because there were multiple forum posts at the time where people were asked to check their email accounts and security logs. Basically every single person that replied stated that they could see attempted logins from China. Even emails that people had made specifically only for logging into the game.

Additionally, before anyone goes on about common sense security, I do not re-use passwords, I scan my computer for malware/viruses regularly and all the other usual questions people ask that pits the blame on the user.

The primary issue I had with the hacking at the time was it was so painfully obvious an issue on their side because I ran multiple alt accounts in the game, I logged into all those accounts on the same computer on the same connection on the same everything.

None of my alternate storage accounts were hacked, the biggest kicker was the value of my alt accounts was larger than my hacked main account (there was a limit to how much silver you could hold per character).

Sarah Cushaway

Once back in 2007 or ’08ish –got an authenticator after that fiasco.

Oleg Chebeneev

Nope. Never.