Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Discussion: Heartbleed Vulnerability and your Passwords

  1. #1

    Default Discussion: Heartbleed Vulnerability and your Passwords

    Feel free to ask questions in this thread, this is related to the post in announcements.

    The original announcement is here:
    http://forums.ageofconan.com/showthread.php?p=2094176

  2. #2

    Default

    Talking about security, last year we complained about the item shop not being secured by SSL at all.

    http://forums.ageofconan.com/showthread.php?t=182157

    It was said to be brough up with the billing director at that time(you?)

    http://forums.ageofconan.com/showpos...0&postcount=13

    And to this day when i enter the url https://www.ageofconan.com/itemstore

    It brings up a page that has http://aocshop.funcom.com in a frame, this means the shop does not handle our username and password in a secure manner. It just masks it as secure if you have a browser that does not tell you that a site has unsecure elements.

    To go a bit more technical you run the store for AoC and TSW on the same server(or behind the same server/router), and because of limits in the software used or the knowlege of the people that manage it you can only redirect ssl requests to one of the two sites that are aoc and tsw shops.

    So to end i would like to say it is good that you inform your customers about the hole in the wall, just dont forget where you have no wall at all.
    I am Stian ingame...

  3. #3

    Default

    I hadn't actually heard about that one. I'm sure we do have a certificate for aocshop.funcom.com, so its an oversight thats for sure.

    I believe the game currently uses the http version, but it also doesn't use your game password.

    We should still switch, I'll look into it. Thanks

  4. #4

  5. #5

    Default

    ... how about allowing us to use special characters in our passwords. Nothing screams " we're using old tech" than what FUNCOM has right now.
    "Always review over the Social Guidelines before posting on the forums"

    "Please put "Illinois ftw" in your reply to ensure you read all of this ..." -VORBIZ-

  6. #6

    Default

    Quote Originally Posted by Mustaine View Post
    ... how about allowing us to use special characters in our passwords. Nothing screams " we're using old tech" than what FUNCOM has right now.
    Actually its down to supporting older products. Anarchy Online doesn't support it at the moment, and because our account services are shared amongst all the games, it means none of them support it.

    In the grand scheme, the difference is negligible. For an 8 character password, with 13 special characters usable (which seems to be able the standard), its only 4.5x more combinations. At 16 characters its 21x more.

    That is why I recommend picking a much longer password, going from 8 to 12 is almost 15 million times harder to crack. If you go to 16, you're in the million billion times harder range (no I didn't make that up).

    (Also a lot of the complaints related to special characters are that people can't use the password they use elsewhere)

  7. #7

    Default

    Quote Originally Posted by Lucien View Post
    Actually its down to supporting older products. Anarchy Online doesn't support it at the moment, and because our account services are shared amongst all the games, it means none of them support it.

    In the grand scheme, the difference is negligible. For an 8 character password, with 13 special characters usable (which seems to be able the standard), its only 4.5x more combinations. At 16 characters its 21x more.

    That is why I recommend picking a much longer password, going from 8 to 12 is almost 15 million times harder to crack. If you go to 16, you're in the million billion times harder range (no I didn't make that up).

    (Also a lot of the complaints related to special characters are that people can't use the password they use elsewhere)
    Is AO getting the AoC or TSW version of the DW tech?

    I might play AO if someone would give me a bloody beta key =D

  8. #8

    Default

    Quote Originally Posted by stiiixy View Post
    Is AO getting the AoC or TSW version of the DW tech?

    I might play AO if someone would give me a bloody beta key =D
    Follow this link and you'll get one!
    http://www.anarchy-online.com/wsp/an...1005,1070,1088

  9. #9

    Default

    Quote Originally Posted by Fass View Post
    Follow this link and you'll get one!
    http://www.anarchy-online.com/wsp/an...1005,1070,1088
    That's a link to the client. I was after testing access to the new client using the new engine (which doesn't exist yet anyway?), but yeah I've already side-tracked this thread =P

    Sorry about that.

  10. #10

    Default

    AO Beta access is tied to your account and billing status, not any 'keys' (if you got a multi-month paid sub, you're able to play the beta at present).

    (sorry for sidetracking)

    As for passwords, last time I tried one of my big (16-char) passwords in AO, it didn't like that length, so using shorter.
    Last edited by burmese; 11th April 2014 at 10:39.
    Dagget,
    President of Ayredian Nightfall

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •