Page 8 of 9

Re: So I heard Blizzard is losing customers

PostPosted: Fri Aug 10, 2012 11:25 am
by Nikachelle
KysenMurrin wrote:I'm not aware of any limits on my debit card apart from £250 on ATM withdrawals. At least I can't find a single thing mentioning any limits on my bank's website. I think the most I've used it for, though, was booking flights and hotel earlier this year for about £850.


Restrictions are at a personal level. They would've been included when you first got your debit or credit card (in the fine print) and can fluctuate at any time as the bank sees fit. The web site would be unlikely to list limits as they are different for every person based on personal transaction history.

I seriously just want to stress that just because people are not aware of limits, does not mean that they don't exist.

Re: So I heard Blizzard is losing customers

PostPosted: Fri Aug 10, 2012 11:41 am
by halabar
There's another thing about this that pisses me off.. My WoW email address is a "clean" address that I use for a few other services. If that email address starts getting spammed to death, and I have to create a new address to use on all those services, I will be quite upset, and though I don't expect Blizz to answer, I'll send them an invoice for my time cleaning that up.

Re: So I heard Blizzard is losing customers

PostPosted: Fri Aug 10, 2012 1:33 pm
by Fridmarr
Nikachelle wrote:
Fridmarr wrote:I'm 100% certain. In fact I recently used it to drop a rather hefty down payment on a new car. Because of the balances that I maintain at my bank (mostly stemming from my mortgage loan which counts towards that balance) I have a "premium" account that doesn't really have many limits.

That's an assumption then. Just because you can drop a lot of money on a car in one go (even if you paid the entire amount outright) doesn't automatically mean you have zero limits on your account in terms of spending. (For example, my bank's limits used to be $15 000 in a single transaction. Over the years, this has come down significantly, but I can see how that kind of limit would lead people to assume that they had no limits whatsoever.)

Your account type does not dictate expenditures allowable (although your varied accounts will of course reflect how much leeway the bank is willing to give you since you'll already have a very large loan with them due to your mortgage). It's actually your card, not the account, that controls the outward flow of your money. If you are a typical large spender and usually hit high weekly amounts on your account, then the bank will gradually increase your limit so that you can spend more and more (similar to how credit card companies will often up your credit limit if you are consistently getting close to the total loan amount).
Sorry, I'll be more explicit. Yes, I'm 100% certain, no I'm not making an assumption. I probably shouldn't have given that example. The feature is tied to my account type because that account type is backed by another credit account to deal with overdrafts.

Anyhow, we are getting way off topic, my point was merely that a person placing fraudulent charges on a debit/credit card can still cause quite a bit of pain, even if those transactions ultimately get removed.

Re: So I heard Blizzard is losing customers

PostPosted: Fri Aug 10, 2012 3:56 pm
by Nikachelle
No way. There is no way that you have a debit card that does not have a limit (unless your name is Bill Gates or something - and even then, I don't even know if it's viable for the system to accept no limits - there HAS to be a limit somewhere). Overdrafts ups your available limit based on your credit availability but does not allow you to exceed the total limit available via the card. Your limit may be insanely high (over 2 million for example), but there is no way that you do not possess a limit on your card.

Re: So I heard Blizzard is losing customers

PostPosted: Fri Aug 10, 2012 6:21 pm
by degre
Shoju wrote:I don't know how it is in canada, but in the US, the "fear" of Identity Theft is rampant.

I run my businesses website through paypal. Even the merchant account, because instead of our small business trying to stay ahead on security measures, it's Paypal's bill, and I'm ok with paying a little more per transaction to keep it that way.

You would be blow away by how many people still call in to give me a card over the phone because they just can't stand the idea of putting that info online, because "WHAT IF THEY STEAL MAH IDENTITY!?"

Which is funny, because they decide not to trust the website while they trust you, who could steal their identity all the same because they are giving you all the info you need.

Re: So I heard Blizzard is losing customers

PostPosted: Sun Aug 12, 2012 7:21 pm
by Skye1013
Yes, but anyone could be behind a computer system. If you have someone on the phone, there is at least a little bit of accountability associated with it. That being said... nothing prevents people from tapping phones (other than illegality... but they're already breeching that by trying to steal identities anyway.)

I went in and changed my password. I'll probably go in today and change my security questions. Beyond that:

1) If my account gets hacked, it's just a game, and it can be restored

2) If I suffer from identity theft, it's mostly just money (could be credit rating issues until it gets cleared up, though even that comes down to money in the long run), and it can be restored

Either way, I don't really blame Blizzard. No matter how in depth your security is, someone will ALWAYS find a way around it. It's simply a matter of time. Blizz is doing everything they can, and have notified people of the issue. If they tried to cover it up, THEN I could possibly see blaming them and cancelling my account.

Re: So I heard Blizzard is losing customers

PostPosted: Sun Aug 12, 2012 7:43 pm
by Koatanga
Speaking of security, and not meaning to derail, but just a little rant:

Why the heck do so many password validation processes insist on capitals and numbers in a password? It would take years longer to hack "thisiskoatangassupersecretpassword" than "1Bfq7r!#" by brute force methods. If you ask someone to make a password containing caps and numbers that is at least 8 characters long, most people will stop at 8 characters, because they don't want to remember more gobbledygook. But encouraging a minimum-length password only reduces the time a brute-force method would take to hack it.

Re: So I heard Blizzard is losing customers

PostPosted: Sun Aug 12, 2012 9:12 pm
by Skye1013
There is an XKCD comic about that.

I think this is it, but it's not loading for me, so I'll double check later (if someone else doesn't before I get around to it.) http://xkcd.com/936/

Re: So I heard Blizzard is losing customers

PostPosted: Mon Aug 13, 2012 12:46 am
by rodos
Do note that "standard English prose", like thisiskoatangassupersecretpassword, is not necessarily a great password because there's a lot of predictability in word-order and most people will actually choose words from a small subset of their vocabulary.

Using truly random words from a very long list is, however, a good way to come up with a memorable password. Basically, you're chosing a few (4-5) tokens from a very big set (many thousands), rather than a few more (8-10) from a much more limited set (~70 upper case, lower case, numbers and symbols). Because there's less random items, and they're items that you are likely to be able to make a mental image of, such a password is easier to remember than "!;Q7$wNVz".

More info: http://www.diceware.com/

Re: So I heard Blizzard is losing customers

PostPosted: Tue Aug 14, 2012 11:07 am
by Shoju
I was actually told by a popular website that my password I was trying to use was TOO LONG.

Re: So I heard Blizzard is losing customers

PostPosted: Tue Aug 14, 2012 11:10 am
by KysenMurrin
I tried to set a too-long password for WoW a little while ago. Took me a week to realise, because all it does is stop adding letters when you keep typing past the limit.

Re: So I heard Blizzard is losing customers

PostPosted: Tue Aug 14, 2012 11:12 am
by mavfin
KysenMurrin wrote:I tried to set a too-long password for WoW a little while ago. Took me a week to realise, because all it does is stop adding letters when you keep typing past the limit.


Yeah, it stops at 16 chars, I believe, but that's still a nice length that is a bit difficult to brute-force.

Re: So I heard Blizzard is losing customers

PostPosted: Tue Aug 14, 2012 11:14 am
by Flex
The XKCD comic is pretty good. Key things is to never collapse spaces, if the password doesn't allow spaces replace spaces with another special character.

Re: So I heard Blizzard is losing customers

PostPosted: Tue Aug 14, 2012 11:31 am
by Fridmarr
Koatanga wrote:Speaking of security, and not meaning to derail, but just a little rant:

Why the heck do so many password validation processes insist on capitals and numbers in a password? It would take years longer to hack "thisiskoatangassupersecretpassword" than "1Bfq7r!#" by brute force methods. If you ask someone to make a password containing caps and numbers that is at least 8 characters long, most people will stop at 8 characters, because they don't want to remember more gobbledygook. But encouraging a minimum-length password only reduces the time a brute-force method would take to hack it.

It depends what you are referring to as brute force. In the case of english sentences, standard dictionaries (password specialized) are regularly employed to send various strings at the authenticator. That's by far the more common attack and in that case random characters are far more secure than a sentence. Random characters probably won't be broken by that method at all.

Now in this case, the perps have the password hash on hand, so they can send a set of characters at the hash algorithm until it spits out the same hash. In that case, neither password is secure but as you said longer passwords take much longer to derive than shorter ones. However, for you to gain much of an advantage there, you have to be dealing with someone who has the hashed value, which they only get by breaking in in the first place.

So I think the random character password works better against the vast majority of attacks.

Re: So I heard Blizzard is losing customers

PostPosted: Wed Aug 15, 2012 6:59 am
by degre
You also need to keep in mind that not only the password has to be secure, but you need to remember it.

I employ a number of different passwords and I don't believe I'd be able to remember a bunch of 1Bfq7r!# pass, more likely I'll have to write it down somewhere and what's the point in having a secret password if you have to write it where can be found?

As for myself, I use acronyms and they've served me well for years, I take a sentence easy to remember and use the first letter of each word, I usually end up with a 9/10 characters password which is as random as 1Bfq7r!#, but I can actually remember and I don't need to write it down or reset my pass every other use cause I've forgot it.

Re: So I heard Blizzard is losing customers

PostPosted: Wed Aug 15, 2012 8:42 am
by Worldie
I have used the same password for everything for over 15 years and I only got hacked once (i was stupid enough to be keylogged, i suck). I think if you are able to just keep your computer secure any password would do.

Re: So I heard Blizzard is losing customers

PostPosted: Wed Aug 15, 2012 9:34 am
by degre
Not any, but I sort of agree, my first password did get hacked eventually, but that was stupidly easy and I'm impressed myself that was able to last for 7 years, and I'm still not sure if it was cracked or was an internal breach.

Re: So I heard Blizzard is losing customers

PostPosted: Wed Aug 15, 2012 9:42 am
by fuzzygeek
I tend to tell people to use a system to generate passwords, instead of using the same password everywhere.

Like, take the first four letters of the domain, reverse them, and add a word (or word salad) to the end. So a password at failsafedesign.com might be liafC@ts1!, while the battle.net password would be ttabC@ts1!

(this is, obviously, not the algorithm I use, but you get the idea)

Nothing to write down, and easy to remember a site's password years later.

Re: So I heard Blizzard is losing customers

PostPosted: Wed Aug 15, 2012 10:47 am
by bldavis
i use a variation of the same password for almsot everything, but different capitalization and symbol placement for each service
if you are going to brute force, ok gratz on bruteforcing a9 digit long pw
if you are going to guess, you better know me back in HS when i was taking french

Re: So I heard Blizzard is losing customers

PostPosted: Wed Aug 15, 2012 10:54 am
by KysenMurrin
I have two basic passwords that I use several variations on for most things (one I made up in school, the other was an alphanumeric automatically generated for an email account). For WoW I stopped using those and instead come up with a phrase (either at random or by association with a previous password) then mess about with the spelling and characters.

I never use one that means anything in particular to me.

Re: So I heard Blizzard is losing customers

PostPosted: Wed Aug 15, 2012 11:00 am
by Worldie
My password is a old nickname of mine, anyone who knows me since 10 years or so knows it :P

Re: So I heard Blizzard is losing customers

PostPosted: Wed Aug 15, 2012 11:07 am
by bldavis
Worldie wrote:My password is a old nickname of mine, anyone who knows me since 10 years or so knows it :P

this is mine too
i havent been known by it since my jr year of hs, 11 yrs ago?
the symbols and numbers are completely unrelated to this nickname though

Re: So I heard Blizzard is losing customers

PostPosted: Wed Aug 15, 2012 11:09 am
by Lieris
All my passwords are randomly generated using a password manager.

... except my WoW password. I figure because I have an authenticator doodad and mobile phone security alerts enabled I can get away with it and BNet doesn't allow for very good passwords to be made anyway.

Re: So I heard Blizzard is losing customers

PostPosted: Wed Aug 15, 2012 4:37 pm
by rodos
Worldie wrote:I have used the same password for everything for over 15 years and I only got hacked once (i was stupid enough to be keylogged, i suck). I think if you are able to just keep your computer secure any password would do.

This is going to bite you in the arse eventually. You might be secure, but the sites you're giving this password to are probably not. I'm pretty careful, and have never to my knowledge been compromised at my end through phishing or keylogger. However, my paypal was illegally accessed (sent $300 to Taiwan) when it was using my "everywhere" password. In other words, someone got a bunch of email addresses and passwords from a compromised site (a forum, or some other website), and tried the same combos in PayPal.

Same reason you should always have a completely unique password on any email accounts you have. A lot of sites use email address as a username, and if you use the same password there as on the email account then you've just given that site, and anyone who breaks it, access to your email. Since email is usually used for password reset features, you've probably just given them access to every online account you have.

Re: So I heard Blizzard is losing customers

PostPosted: Wed Aug 15, 2012 5:32 pm
by bldavis
which is why i have different email passwords
most things use the same base one, but email ones are completely different