• Fur Affinity Forums are governed by Fur Affinity's Rules and Policies. Links and additional information can be accessed in the Site Information Forum.

"Your account has been hijacked/disabled."

Status
Not open for further replies.

Verin Asper

The Smart Idiot
I'm complaining because you're banning a user for refusing to change a password.
Then keep the same password I say...just they dont have no right to whine when their account is hacked into I say.
Its gonna be these same folks who dont change their pass that will bitch, whine, groan, etc... about how their account was hacked into.

Them banning the person is like them smacking them upside the head saying they are morons for putting back the same password that is on a list for Gaia's Sake.
 
Personally I rarely change my password on sites like FA... and use the same password for the majority of low-level stuff (except for IRC, for the obvious reason that mistakes happen), which I change only occasionally, maybe once every 2 years, or if I get a notice that a site may have leaked personal info. Main reason is I don't care, and if someone goes through the trouble of braking my password and hijacking my account, it only serves to give me an excuse to abandon it and spend less time online on sites like this.

Anything of significant personal value or 'security value' of course is a different matter, and I use 20-character passwords that I change at least bimonthly... including any personal or financial sites, email things are registered to, or that financial or personal information might pass through.

However I highly approve of mocking people who fail to change their password after they KNOW it's been compromised.
 

Pawfan

New Member
I agree with Net-Cat to a point. Where my thought comes in is....This is the
first time that I have been made aware of such a dictionary of passwords. I am
sure, I'm not the only one naive to this, since I don't spend much time on the
internet. I did check the list, and I'm glad my password(s) was not listed. But I will
pay closer attention to this and hopefully, get a friendly warning to make an ajustment
on site usage before getting in real trouble.
 

kamperkiller

Art Whore

krisCrash

Member
Re: "Your account has been hijacked."

Yes, exactly. People should be free to do this as they please - as long as they agree not to complain about it if it gets hacked.
I actually had this argument with Livejournal staff once, and to them, my account being compromisable makes my friends' info compromisable, makes LJ compromisable. This is irritating but probably true; in that case you are not only responsible for yourself. And the same can be said for people who have actually built a network on FA.

Seriously.. admins of other sites( like myself >.> <.<) can easily look at password lists.
Yes, same. Or fairly easily look it up per user.

Think about the exact average intelligence of a person. Then think, half the people in the world have a lower intelligence than that. Then you'll see exactly what the problem is. >.>
Not how a statistic normal distribution works :p Luckily. The majority of people should have roughly normal intellect.

I'm complaining because you're banning a user for refusing to change a password.
If a site decides that a user must follow rule A and user does not follow rule A, it should be fine to ban them. Rules are rules :rolleyes: you can't moderate a site where rules aren't always rules.

#100 ;o
 

Konda

Member
The idea is to assume that it is possible that your password has been compromised and you just don't know it yet, (attacker is being quiet, hasn't gotten around to doing something to you, /etc/shadow has been stolen, etc.). The probability of this goes up over time, and drops to 0 when you change your password.

I see.. thanks.
 

ohtar

Overworked & Underpaid
See, now there is where my password is amazing. Its not a word.
I had an account on a site back in jr high that when I signed up, gave me a default password consisting of a seemingly random assortment of letters. Instead of setting it to something that wasn't retarded to the nth degree, I spent the next 4 years memorizing the sequence. Now, even if i ramble it off aloud to someone I usually loose them after the 3rd or 4th character.
XD
 

foozzzball

Lazy and Fuzzy
Okay. That's scary. I was on the list, but I hadn't been notified anywhere - nor did I get booted off FA. o_O
 

Mikau

p00p m00se
Sometimes it helps remembering your old passwords during your high school years when you were in computer class.
 

Niran

New Member
See, now there is where my password is amazing. Its not a word.
I had an account on a site back in jr high that when I signed up, gave me a default password consisting of a seemingly random assortment of letters. Instead of setting it to something that wasn't retarded to the nth degree, I spent the next 4 years memorizing the sequence. Now, even if i ramble it off aloud to someone I usually loose them after the 3rd or 4th character.
XD

Oh yeah, I remember those passwords... I really hated typing them in when they gave them to me so I could change my old password when I forgot them...

But you do have a point that your password is stronger than a lot of people's, but (not to make you feel bad or anything, just using that type of passphrase as an example to post a fact for other users to read while they swim through this topic) are not entirely safe. A password consisting of all random numbers or letters are definitely safe from people outside of the internet, however, which is nice. This is because an exploiter can easily use programs that... well, I'm not good at explaining, but here's a slightly visual representation:

Say the password limit is 6 characters, that gives the exploiter/hacker person a base to start with. Now, an unfortunate user is using a password that consists of all numbers during this time and is the unintentional target of this event.
So the process begins: (it can also begin at 0)
"111111" ... failed attempt
"111112" ... failed attempt
"111113" ... failed attempt
and so forth until the passphrase is found. Don't get me wrong, this is faster than it seems since they're just making the computer count: what they were made to do in the first place. This also works for letters as well, but takes much longer because they have to cycle through 26 different symbols (obviously much longer than the numeric 9 [or 10 with 0]) or more if something is capitalized, effectively increasing the count to 52 different symbols per space.

Programs such as these are most often used in sites that allow an unlimited number of passphrase checks upon logon without a sort of time limit. Websites that enforce a passphrase check limit before incurring logon downtime make the use of said programs slow, and are highly unfavourable compared to other, less secure, sites.

Of course this is still MUCH safer than dictionary passwords people often use. These consist of common words or combinations of words or a word backwards... and requires only a simple tool that contains a dictionary's worth of words in it to check for passwords forwards, backwards, and in combinations. Slight, common alterations to the words (such as capitalizing the beginning letter) can also be easily checked if Mr. Exploiter sees that as a possibility.

Of course, this means no password is permanently safe, which is probably the whole point of this discussion, and dictionary passwords are probably the least safe (even in other languages). I personally recommend adding numbers or letters or corrupting the base word of the passphrase, but try not to make it too obvious (e.g. your birthyear after your password, a single number/letter afterwards, etc.). This will make your password saf-ER for a longer period of time (so you don't have to change it every 5 days. ... Ew.).

Really, like the administrators and good people said, the best way to prevent this from happening is to change your password now and then, which, admittedly, I don't even do (on purpose, anyway. Although my password changes sometimes, especially when I forget my last password...).

#####

Sorry for the long post, but I really wanted to throw this info out. Not to insult anyone, but to inform the uninformed (they're not stupid, they just don't know!) of what they can do to improve their passwords. See? Isn't information nice when no one beats on other people by calling them dumb? This isn't the subject to be doing that: passphrases are a serious matter and the un/misinformed public needs to be dealt with immediately in order to keep our glorious community safe from harm. GLORIOUS.

Also, please, do not complain about the administrators "banning" people for using the same password. They're not actually being banned, but are being given a sturdier warning than a message telling them that their passphrase is unsafe, of which then they can still regain access to their account. Especially don't denounce the admins if you don't have any other particular problems with it than "liberties" and/or that you are already safe or allegedly safe, just for the sake of attacking other people. There is no need to bemoan the administration for doing that they believe is best in this large community, and personally they're doing much better than some of the admins I've seen dealing with the exact same problem.

Last paragraph in short: Please do not argue for the sake of arguing, this is not the time to do so. Instead, be more constructive to the uninformed and show them what to do, instead of grieving upon something they are unwittingly doing. Thank you!
 
Last edited:

Toaster

Member
Re: "Your account has been hijacked."

UPDATE (Added to original post.)

If your account is on this list, you were one of the 738 users whose password matched the list. Changing it back to what it was is a bad idea, especially since we're issuing bans to people who do it multiple times. Password have been elided. People whose passwords didn't match were excluded.

thats alot of dumb people >.<
 

reddragon420

New Member
In my opinion those who don't change hacked/stolen/guessed/ect passwords are asking to be hacked again and again or they just plain don't give a shit ... i think this is pretty dumb on their part because they invite more people (hackers/hijackers whatever the hell ya wanna call em) to keep attacking the site that the passwords are used on or even give them the idea that other stuff may be possibly borkable ... basicly what i am trying to say is change the stolen password so not only you (those that this applys to know or will know who they are) but the site itself is more safe from hacking ... i myself am not on this list as far as i can tell but i do feel bad for those that are however there is only one thing they can do and that is change their login info ... those that keep using the old password i dont feel sorry for you if and when you get banned
 

WarMocK

I like to nuke ^^
In my opinion those who don't change hacked/stolen/guessed/ect passwords are asking to be hacked again and again or they just plain don't give a shit ...
... but start whining and insult the BAD admins from FA because they didn't protect them. :p
Unfortunately, this is a common habit these days. :-(
 

ohtar

Overworked & Underpaid
So the process begins: (it can also begin at 0)
"111111" ... failed attempt
"111112" ... failed attempt
"111113" ... failed attempt

id feel bad for someone who takes the long way with mine. 10 characters, all letters, no numbers, allowance for repeating letters... that's what... 26 to the power of 10? (grade 10 math. never passed it. couldn't pass it. hate it.) then multiplying the whole thing by 2 to allow for case sensitivity...
christ thats a LOT of possible combinations.
Hell, Id give the hacker a freaking trophy.

or at least a cookie. :)

I know im not perfectly safe. there's no such thing in this day and age. No matter what precautions you take, no matter how careful you are, there are holes in every security procedure once you know where to look.
But be damned if I'm not making things harder for the little fuckers along the way >:)

Now I'm curious. I'm gonna go exhume my TI83+ from the exile of the second drawer from the bottom and find out how many combinations there are in my password. o.0
 

SerFox

I heart pink
You know, I think it's a bit unfair to keep resetting it.

I mean, they obviously don't want the account... Why make the admins go to all this trouble?
 

Delphinidae

Competitively intelligent.
Re: "Your account has been hijacked."

Oh, yeah, that's just what the world needs. More automatic enforcement of rules that smart people should be exempt from entirely. We certainly don't have enough of that.
Smart people don't share your stance.
 

Vore Writer

Dog faced God
I'm complaining because you're banning a user for refusing to change a password.

If people are too damn lazy to change their password, then they shouldn't be allowed to use the site.
 
Status
Not open for further replies.
Top