Capitalization on Blizzard Passwords - Page 2

Post a Reply

Prev 1 2 3 4 5 6 Next All

ZerGuy

Poland204 Posts

July 19 2011 17:12 GMT

#21

It's not a major flaw, it's harder to make it ignore the casing. Really. It's one command more. They do it on purpose.

Lysergic

United States355 Posts

July 19 2011 17:12 GMT

#22

I'm honestly not surprised, considering all the flaws bnet 2.0 has. There's just so many simple little things with easy fixes that most programmers would consider bad programming found in the user interface and functionality of bnet.

bakesale

United States187 Posts

July 19 2011 17:13 GMT

#23

On July 20 2011 02:04 busbarn wrote:
Well, if someone gets your password say through a keylogger which is the most common. It doesn't really matter anyway. I have a hard time seeing how making it read upper and lower cases different makes a difference in security. It's still symbols. Maybe someone can explain it too me,

It only makes a difference if someone is trying to crack your password by guessing (dictionary attack). Having case-sensitive passwords adds 26 more symbols, increasing the number of possible "words" to choose from when guessing. So, technically, it is harder to crack a password in a system that distinguishes upper and lower case.

Dulkan

Germany24 Posts

July 19 2011 17:16 GMT

#24

have to agree that this really isn't a big deal. Nobody will try to brute force crack your password for a battle.net account. Virtually all "hacks" of blizz-accounts are done via a keylogger and in that case it doesn't matter whether your password is 12345 or a 50-character monstrosity of lower case, upper case, numbers and special characters.

Carush

United States356 Posts

July 19 2011 17:20 GMT

#25

also, what's with all the bnet hate threads this week

whether it's indirect or direct i feel like I've seen WAY to many of these last few days

Badfatpanda

United States9719 Posts

July 19 2011 17:21 GMT

#26

On July 20 2011 02:20 Carush wrote:
also, what's with all the bnet hate threads this week

whether it's indirect or direct i feel like I've seen WAY to many of these last few days

Where did I say I hated bnet? I don't even think this is that big of a deal but I thought people should know...go to one of the "this is why bnet sucks, this is how I could do it better" threads and post there.

TheOnlyOne

Germany155 Posts

July 19 2011 17:25 GMT

#27

On July 20 2011 02:12 ApBuLLet wrote:
I don't really think this is as big of a deal as people are making it out to be. People tend to panic a bit when they feel like they or their property is at risk, and rightfully so. However, the vast majority of the time people get their accounts stolen is due to some sort of keylogging malware, in which case the a case sensitive password system would not matter, because your hacker would know anyway. The only thing I can see it being good for is if somebody is trying to guess your password or something like that. Case sensitive passwords make that a million times harder I would imagine, as you'd have to guess the password and the patter of lowercase/uppercase.

So overall, yes I think it is bad and there is no reason not to have case sensitive passwords for that little bit of extra security, but in reality I don't really think it is that big of a deal. I'm not going to worry about it personally

I think implementing a "feature" for case recognition is done super quick, its no work.

It is a good thing and "should" be in games anyway, so Blizzard should just do it and everyone is happy.

So no matter what, if the features is done so quick, just do it, nothing to lose.

aksfjh

United States4853 Posts

July 19 2011 17:27 GMT

#28

On July 20 2011 02:21 Badfatpanda wrote:

Show nested quote +

Post was possibly inspired by lysergic. Not sure why he decided to come in here to tell us how much he hates bnet. I found this bit of info out months ago, but I'm glad you posted about it.

Tofugrinder

Austria899 Posts

July 19 2011 17:28 GMT

#29

caseinsensitive passwords and without numbers and signs are just as good as to have your password the same as the login. The password should be _always_ more than 10 characters with small/big letters, numbers and signs. So this is in my opinion a real big problem. For sc2 it might just be bad, but for wow this could end desastrous because people have their account data saved up

Otolia

France5805 Posts

July 19 2011 17:32 GMT

#30

My password is still too strong for anything remotely script-kiddy-ish. But no case sensitivity makes me think they have a partnership with Microsoft

windsupernova

Mexico5280 Posts

July 19 2011 17:32 GMT

#31

Haha, not even that. Most of the time when they lose control of their accounts its because they fall for some social engineering scheme.

Still, I didn´t know about this.Ehhhhh, while it would be nice as long as you follow the rules for a secure password(not using common words,mixing up symbols, letter and numbers, etc) you should be fine.

Ehh anyways Blizzard should fix this to give their customers peace of mind, but this isn´t nearly as bad as it seems.

Probe1

United States17920 Posts

July 19 2011 17:39 GMT

#32

Not a big deal. You can buy an authenticator or just add numbers.

Phayze

Canada2029 Posts

July 19 2011 17:41 GMT

#33

Ironically, most people who have their accounts hacked use the same password for forum boards and that is how hackers get their information. Hacking website databases is much easier than sifting through potentially millions of keystrokes through mass keylogging (and the bandwidth required!!), and it turns out most people use the same password for everything, or keep everything gaming related as one password etc. This is how you get caught, and having it ignore casing on full caps or full non caps passwords wont change a thing. Honestly it's good that blizzard implemented it, when I used to use a simpler password it was quite aggravating to mash the caps lock key a few times until it lets me log in.

Bobbias

Canada1373 Posts

July 19 2011 18:04 GMT

#34

Brute force isn't the only way to break passwords... Cryptoanalasys is a far larger threat, all things considered. It's bad practice to ignore case, but the real question is how blizz stores the passwords,a and which algorithms they use.

Of course, using the same password as somewhere else is FAR worse than either of these risks. Anyone who's been following the LulzSec hacks should be aware of this...

Vipsanius

Netherlands708 Posts

July 19 2011 18:08 GMT

#35

Basically what this means is that the hashing algorithm ignores capitals. Shouldn't be that big of a deal, considering blizzard is doing a lot for people that got their accounts hacked. Still, it's a flaw in security that should not have been there in the first place.

Blasterion

China10272 Posts

July 19 2011 18:12 GMT

#36

o.0" Really?

/downloads Authendicator

Glowbox

Netherlands330 Posts

July 19 2011 18:14 GMT

#37

On July 20 2011 03:04 Bobbias wrote:
Brute force isn't the only way to break passwords... Cryptoanalasys is a far larger threat, all things considered. It's bad practice to ignore case, but the real question is how blizz stores the passwords,a and which algorithms they use.

As far as I know Blizzard uses the SRP6 protocol ( http://en.wikipedia.org/wiki/Secure_remote_password_protocol ) for the login.

MyNameIsAlex

Greece827 Posts

July 19 2011 18:18 GMT

#38

WHAT?

I cant believe it... Blizz so stupid once again...

Akill_

United Kingdom80 Posts

July 19 2011 18:19 GMT

#39

Looks like blizzard decided this design decision would inevitably increase their authenticator sales.

+ Show Spoiler +

joke: they probably have hackers on payroll helping convince authenticator sales too, haha

ballasdontcry

Canada595 Posts

July 19 2011 18:23 GMT

#40

If you have a smartphone, the authenticator apps are free for all 3 major platforms (iOS, android and BB). no reason not to get it if you have a smartphone

Prev 1 2 3 4 5 6 Next All

Please or register to reply.

Capitalization on Blizzard Passwords - Page 2

Completed

Ongoing

Upcoming