Welcome to Gaia! ::


Quotable Conventioneer

8,000 Points
  • Person of Interest 200
  • Conventioneer 300
  • Forum Sophomore 300
Scared of Hackers?


The Good News:

- Gaia is as secure as any other PHP message board, so the odds of Gaia itself being hacked are zilch and none.
- Even if Gaia were to be hacked on a massive scale, it'd be easily detectable and the Mods would be able to correct it via a rollback or other large-scale action because they keep backups.

The Bad News:
- Most 'hackings' on Gaia come from either giving out your password, or somehow having a form of malware on your computer, including keyloggers.
- Most keyloggers come from wares, porn, or other software 'hacks' and spyware that may be on your computer. If you're doing naughty things online, you're at risk.
- Stop Using Internet Explorer 6. Internet Explorer is full of holes and exploits, and most of these bad programs I mentioned above are designed to work with IE 6 because it's the most popular browser on the internet. If you're worried about what program to use instead, Firefox is easy to install, updates much more often, and will help you see fewer popups.
- If your password is 'password', you'll still get hacked no matter how careful you are. You have a password for a reason, after all.

That's where this guide comes in.

HOW TO MAKE A SECURE PASSWORD:


Know your Character Classes.
Most 'professional' hacking tools use a brute-force password cracker, which basically means if they know it's a six-character password or longer, they start with 'aaaaaa' and cycle through all the letters to 'zzzzzz' until they hit on yours. NOTE: This is just an example, NOT necessarily how all crackers work.

There are 26 possible combinations for each character space that the cracker attempts, meaning that there are 26 to the 6th power (26^6) combinations the cracker tries. But note in our example it only used lowercase letters! If you include uppercase letters, it becomes 52^6, which is a MUCH bigger number! And if you include numbers? It's 62^6!

Now those are big numbers, sure, but a computer can crunch them really, really fast if it wants to. The more different types of characters you use in your password, the harder you make your password to crack. And the longer you make your password, the more combinations it has to try! If you have a password that's nine letters long that uses numbers and both cases of letters, that's 62^9, which is... well, let's just say that cracker will likely freeze up first.

Make a password YOU will remember.

It's tempting to just lay down a random swath on the keyboard and go 'okay, that's my password', but think about it. If you can't remember it, you'll have to write it down somewhere you'll see it, and if anyone else sees it, suddenly THEY know your password too!

This is a type of hacking known as social engineering, and it means that they manipulate you into giving them this sensitive information. You have to make a password you'll remember!

How do you do it? It's real easy!

Come up with a phrase of personal significance to YOU, not to your favorite football team, or a popular anime, or your high school, unless it's a really obscure reference from within one of those things. For our example, let's use:

Courtney Gears

(Props if anyone gets the reference smile ) Anyway, it its current form it's a little easy for anyone who knows you to get this one. So, let's codeify it. We'll start with the all-lowercase version:

courtneygears

We'll capitalize certain letters that we think stick out in our brains:

CourtNeyGears

We'll 1337-ify it up a bit:

C0urtNeyGear5

And, if we can, we may as well slip in an 'extra' character class outside of the ones we mentioned before:

C0urtNey!Gear5

And voila, we just made a password that uses four different character classes, AND is thirteen characters long! It's that simple! Best of all, it's easy for you to remember, because all you have to think of is your original phrase, and after a few tries, you'll remember your special way of mangling it!

We could have also come up with _c0urtn3yGEARS, or CoUr7#nEy#ge4rs, or all sorts of combinations, just from this one phrase!

Make sure to practice typing your new password a new times (in notepad, perhaps) to train your fingers to typing it, and remember: Don't tell anyone your new password, or it's useless!

(and FYI, No, my password is NOT Courtney Gears in any way shape or form. It's just an example. Don't use my example for your password either.)

Dangerous Ladykiller

this should be in the guides subforum, this spot is for asking questions.

Newbie Noob

As much as Ratchet and Clank is a great game, I think it's stupid to tell people to stop using Internet Explorer 6. I use it, and never get spyware. Even if you happen to get spyware, regular scans (perhaps weekly, or even monthly) of Ad-Aware and Spybot are more than enough to keep your machine protected.

Quotable Conventioneer

8,000 Points
  • Person of Interest 200
  • Conventioneer 300
  • Forum Sophomore 300
kage-ookami4
this should be in the guides subforum, this spot is for asking questions.
Bah, I hate being one forum off.

Still, with the recent announcement, it should stay here for at least a little while to deal with the influx of people gonking over having to change their passwords.

@Pie32: I just prefer FireFox in general because it updates for patches more often and has some built-in protection that IE doesn't, so for less savvy users, I still think FireFox is safer for them. But hey, keep using IE if it really bothers you.

Dangerous Ladykiller

instead of fire fox, i prefer to use IE 7. it fixes the holes of IE 6.
One last thing...

No matter what the messages in your Inbox say...

Gaia's employees will NEVER EVER ask you for your password.

The reason for this is that all developers and the Moderators who need to have access to password-protected data already have direct access to it.

We just don't need your password.

We don't lose backups (it's impossible), we don't ask third-party companies to do anything for us that would ever require your password; there's just no reason to ever give your password away to anybody...including us.

So when you open a PM that has a link in it and it takes you to some lame site that copied our graphics and looks like Gaia and that asks for your username and password, you will now know that it's garbage, and that you should report it as a scamming attempt.

And in the meantime, choose strong passwords, and change them fairly often (see the first post in the thread; it's right on target).

Quotable Conventioneer

8,000 Points
  • Person of Interest 200
  • Conventioneer 300
  • Forum Sophomore 300
Oh, and as a secondary note for people reading this:

I'm planning to make a 'simpler' version of this guide for newblets. What parts of the guide, if any, do you think are hard to follow or need a better explanation?
Awesome! I was going to write up something similar to stick in my journal, but this said exactly what I wanted to say xd I think that you've written it out very clearly so the newblets shouldn't have too much trouble. They may not get the part about social engineering? I know that a lot of people tend to use loved one's names or other easy to find personal information as passwords, and never really think why its a bad idea.
Here is a random password generator. Hard to remember but will make a long time to be cracked if someone can find how.
Of course you need to remember it.

Quotable Conventioneer

8,000 Points
  • Person of Interest 200
  • Conventioneer 300
  • Forum Sophomore 300
Resuka
Here is a random password generator. Hard to remember but will make a long time to be cracked if someone can find how.
Of course you need to remember it.


Random's cool, but the idea of my post is to create a password from an easy-to-remember phrase, that's hard to actually get right even if you tell the phrase to someone else without telling them how it's mangled.

If I could find/make a program that would do the mangling for me, that'd be good though.

Quick Reply

Submit
Manage Your Items
Other Stuff
Get GCash
Offers
Get Items
More Items
Where Everyone Hangs Out
Other Community Areas
Virtual Spaces
Fun Stuff
Gaia's Games
Mini-Games
Play with GCash
Play with Platinum