Go Back Age of Conan Global Forums > Community Forums > English Forum > General Forums > General Discussion
Reload this Page Discussion: Heartbleed Vulnerability and your Passwords
Reply
Old 10th April 2014, 08:57     Lucien is offline   #1
Lucien
Billing Manager
   
Lucien's Avatar


Default Discussion: Heartbleed Vulnerability and your Passwords

Feel free to ask questions in this thread, this is related to the post in announcements.

The original announcement is here:
http://forums.ageofconan.com/showthread.php?p=2094176
Reply With Quote
Old 10th April 2014, 10:44     Civilix is offline   #2
Civilix
Guardian Aquilonian
   
Civilix's Avatar

Vessia

EU Crom PvE
Default

Talking about security, last year we complained about the item shop not being secured by SSL at all.

http://forums.ageofconan.com/showthread.php?t=182157

It was said to be brough up with the billing director at that time(you?)

http://forums.ageofconan.com/showpos...0&postcount=13

And to this day when i enter the url https://www.ageofconan.com/itemstore

It brings up a page that has http://aocshop.funcom.com in a frame, this means the shop does not handle our username and password in a secure manner. It just masks it as secure if you have a browser that does not tell you that a site has unsecure elements.

To go a bit more technical you run the store for AoC and TSW on the same server(or behind the same server/router), and because of limits in the software used or the knowlege of the people that manage it you can only redirect ssl requests to one of the two sites that are aoc and tsw shops.

So to end i would like to say it is good that you inform your customers about the hole in the wall, just dont forget where you have no wall at all.
__________________
I am Stian ingame...
Reply With Quote
Old 10th April 2014, 11:05     Lucien is offline   #3
Lucien
Billing Manager
   
Lucien's Avatar


Default

I hadn't actually heard about that one. I'm sure we do have a certificate for aocshop.funcom.com, so its an oversight thats for sure.

I believe the game currently uses the http version, but it also doesn't use your game password.

We should still switch, I'll look into it. Thanks
Reply With Quote
Old 10th April 2014, 15:24     Lucien is offline   #4
Lucien
Billing Manager
   
Lucien's Avatar


Default

Its fixed now
Reply With Quote
Old 10th April 2014, 18:01     Mustaine is offline   #5
Mustaine
 
   
Mustaine's Avatar


Default

... how about allowing us to use special characters in our passwords. Nothing screams " we're using old tech" than what FUNCOM has right now.
Reply With Quote
Old 11th April 2014, 08:20     Lucien is offline   #6
Lucien
Billing Manager
   
Lucien's Avatar


Default

Quote:
Originally Posted by Mustaine View Post
... how about allowing us to use special characters in our passwords. Nothing screams " we're using old tech" than what FUNCOM has right now.
Actually its down to supporting older products. Anarchy Online doesn't support it at the moment, and because our account services are shared amongst all the games, it means none of them support it.

In the grand scheme, the difference is negligible. For an 8 character password, with 13 special characters usable (which seems to be able the standard), its only 4.5x more combinations. At 16 characters its 21x more.

That is why I recommend picking a much longer password, going from 8 to 12 is almost 15 million times harder to crack. If you go to 16, you're in the million billion times harder range (no I didn't make that up).

(Also a lot of the complaints related to special characters are that people can't use the password they use elsewhere)
Reply With Quote
Old 11th April 2014, 09:06     stiiixy is offline   #7
stiiixy
 


Default

Quote:
Originally Posted by Lucien View Post
Actually its down to supporting older products. Anarchy Online doesn't support it at the moment, and because our account services are shared amongst all the games, it means none of them support it.

In the grand scheme, the difference is negligible. For an 8 character password, with 13 special characters usable (which seems to be able the standard), its only 4.5x more combinations. At 16 characters its 21x more.

That is why I recommend picking a much longer password, going from 8 to 12 is almost 15 million times harder to crack. If you go to 16, you're in the million billion times harder range (no I didn't make that up).

(Also a lot of the complaints related to special characters are that people can't use the password they use elsewhere)
Is AO getting the AoC or TSW version of the DW tech?

I might play AO if someone would give me a bloody beta key =D
Reply With Quote
Old 11th April 2014, 09:09     Fass is offline   #8
Fass
Necromancer 
   
Fass's Avatar

{Circle of Eternity}

Crom PvE
Default

Quote:
Originally Posted by stiiixy View Post
Is AO getting the AoC or TSW version of the DW tech?

I might play AO if someone would give me a bloody beta key =D
Follow this link and you'll get one!
http://www.anarchy-online.com/wsp/an...1005,1070,1088
Reply With Quote
Old 11th April 2014, 09:58     stiiixy is offline   #9
stiiixy
 


Default

Quote:
Originally Posted by Fass View Post
Follow this link and you'll get one!
http://www.anarchy-online.com/wsp/an...1005,1070,1088
That's a link to the client. I was after testing access to the new client using the new engine (which doesn't exist yet anyway?), but yeah I've already side-tracked this thread =P

Sorry about that.
Reply With Quote
Old 11th April 2014, 10:35     burmese is offline   #10
burmese
Member

Ayredian Nightfall

Crom PvE
Default

AO Beta access is tied to your account and billing status, not any 'keys' (if you got a multi-month paid sub, you're able to play the beta at present).

(sorry for sidetracking)

As for passwords, last time I tried one of my big (16-char) passwords in AO, it didn't like that length, so using shorter.
__________________
Dagget,
President of Ayredian Nightfall

Last edited by burmese; 11th April 2014 at 10:39..
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


All times are GMT. The time now is 09:04.

Top

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.