Forums
Password with special chars
Quick find code: 278-279-869-66194880
Miu
said
:
Having capitalization/special characters will help password strength.
Length > complexity in terms of brute forcing, but the mere introduction of case-sensitive text and more characters will improve account security - even for people that don't use them, since any brute force attempt would have more variables to consider. It is considerable but I find 'a fingerprint-confirmation' far more important and, frankly, more bulletproof.
Just 1 fingerprint, your own choice which one, and nothing more.
This also rules out handing over mobile devices to other people, sharing an account with RuneScape Authenticator on it, sharing all the same account.
Having capitalization/special characters will help password strength.
Length > complexity in terms of brute forcing, but the mere introduction of case-sensitive text and more characters will improve account security - even for people that don't use them, since any brute force attempt would have more variables to consider. It is considerable but I find 'a fingerprint-confirmation' far more important and, frankly, more bulletproof.
Just 1 fingerprint, your own choice which one, and nothing more.
This also rules out handing over mobile devices to other people, sharing an account with RuneScape Authenticator on it, sharing all the same account.
13-Jan-2021 20:26:57
2_Tron
said
:
Miu said :
Having capitalization/special characters will help password strength.
Length > complexity in terms of brute forcing, but the mere introduction of case-sensitive text and more characters will improve account security - even for people that don't use them, since any brute force attempt would have more variables to consider. It is considerable but I find 'a fingerprint-confirmation' far more important and, frankly, more bulletproof.
Just 1 fingerprint, your own choice which one, and nothing more.
This also rules out handing over mobile devices to other people, sharing an account with RuneScape Authenticator on it, sharing all the same account.
Introducing fingerprint authentication is an entirely different topic than the one at hand.
I do not understand the general resistance to introducing case-sensitivity and symbols. It is simple math, really, for anyone intent on brute-forcing a password. Assume a super short password of, say, length 12. If we proceed with the current case insensitive a-z and 0-9 characters only, we get
4,738,381,338,321,616,896 combinations
If we allow case sensitivity, we get
3,226,266,762,397,899,821,056 combinations
If we then also allow characters, say !@#$%^&*()+_, we get
26,963,771,415,920,784,510,976 combinations.
A player need not actually use this, but someone brute-forcing passwords cannot assume that they do not. As such, even if no one actually changes their passwords or employs symbols, such an introduction inherently strengthens every password. Increase the password length to a more reasonable 30, and we get 30^62 combinations, for instance, without even including symbols.
Ultimately, however, in this particular case, brute-forcing passwords is hardly a realistic concern, and I agree with the sentiment that time is better spent educating users on how to adequately secure their computer, phone, and e-mail.
Stand up for what is right, even if you stand alone
Miu said :
Having capitalization/special characters will help password strength.
Length > complexity in terms of brute forcing, but the mere introduction of case-sensitive text and more characters will improve account security - even for people that don't use them, since any brute force attempt would have more variables to consider. It is considerable but I find 'a fingerprint-confirmation' far more important and, frankly, more bulletproof.
Just 1 fingerprint, your own choice which one, and nothing more.
This also rules out handing over mobile devices to other people, sharing an account with RuneScape Authenticator on it, sharing all the same account.
Introducing fingerprint authentication is an entirely different topic than the one at hand.
I do not understand the general resistance to introducing case-sensitivity and symbols. It is simple math, really, for anyone intent on brute-forcing a password. Assume a super short password of, say, length 12. If we proceed with the current case insensitive a-z and 0-9 characters only, we get
4,738,381,338,321,616,896 combinations
If we allow case sensitivity, we get
3,226,266,762,397,899,821,056 combinations
If we then also allow characters, say !@#$%^&*()+_, we get
26,963,771,415,920,784,510,976 combinations.
A player need not actually use this, but someone brute-forcing passwords cannot assume that they do not. As such, even if no one actually changes their passwords or employs symbols, such an introduction inherently strengthens every password. Increase the password length to a more reasonable 30, and we get 30^62 combinations, for instance, without even including symbols.
Ultimately, however, in this particular case, brute-forcing passwords is hardly a realistic concern, and I agree with the sentiment that time is better spent educating users on how to adequately secure their computer, phone, and e-mail.
¸,.•
Mexk
•.,¸
Stand up for what is right, even if you stand alone
¨`'°«„¸¸„»°'
.............................
'°«„¸¸„»°'´¨
13-Jan-2021 21:51:20
Mexk
said
:
2_Tron said :
Miu said :
Having capitalization/special characters will help password strength.
Length > complexity in terms of brute forcing, but the mere introduction of case-sensitive text and more characters will improve account security - even for people that don't use them, since any brute force attempt would have more variables to consider. It is considerable but I find 'a fingerprint-confirmation' far more important and, frankly, more bulletproof.
Just 1 fingerprint, your own choice which one, and nothing more.
This also rules out handing over mobile devices to other people, sharing an account with RuneScape Authenticator on it, sharing all the same account.
Introducing fingerprint authentication is an entirely different topic than the one at hand.
I do not understand the general resistance to introducing case-sensitivity and symbols. It is simple math,... I said, it is 'considerable' ... but the higher goal Jagex/JMods are reaching out too is that precautions made will do circumvent a larger area than just making it harder to guess passwords.
As being said a few times in this thread the higher goal of Jagex/JMods is ultimately to stop trading/sharing accounts mostly done by 'gold farmers/real-world traders' which is still the largest damage done to RuneScape/Jagex forcing them to invest large sums of money to protect RuneScape/Jagex/The RuneScape Community making them pay for the abuse done by 'gold farmers/real-world traders'.
Just using 'passwords with special chars' will mostly affect regular players/Jagex but leave the damaging part 'gold farmers/real-world traders' unharmed and free to continuing their treacherous enterprises.
So you may continue discussing a superfluous addition that will cost us eventually more money, thus The RuneScape Community paying a higher future price.
2_Tron said :
Miu said :
Having capitalization/special characters will help password strength.
Length > complexity in terms of brute forcing, but the mere introduction of case-sensitive text and more characters will improve account security - even for people that don't use them, since any brute force attempt would have more variables to consider. It is considerable but I find 'a fingerprint-confirmation' far more important and, frankly, more bulletproof.
Just 1 fingerprint, your own choice which one, and nothing more.
This also rules out handing over mobile devices to other people, sharing an account with RuneScape Authenticator on it, sharing all the same account.
Introducing fingerprint authentication is an entirely different topic than the one at hand.
I do not understand the general resistance to introducing case-sensitivity and symbols. It is simple math,... I said, it is 'considerable' ... but the higher goal Jagex/JMods are reaching out too is that precautions made will do circumvent a larger area than just making it harder to guess passwords.
As being said a few times in this thread the higher goal of Jagex/JMods is ultimately to stop trading/sharing accounts mostly done by 'gold farmers/real-world traders' which is still the largest damage done to RuneScape/Jagex forcing them to invest large sums of money to protect RuneScape/Jagex/The RuneScape Community making them pay for the abuse done by 'gold farmers/real-world traders'.
Just using 'passwords with special chars' will mostly affect regular players/Jagex but leave the damaging part 'gold farmers/real-world traders' unharmed and free to continuing their treacherous enterprises.
So you may continue discussing a superfluous addition that will cost us eventually more money, thus The RuneScape Community paying a higher future price.
14-Jan-2021 13:01:48 - Last edited on 14-Jan-2021 13:49:32 by 2_Tron
Quick find code: 278-279-869-66194880 Back to Top