Gm Password? Possible Solution to avoid getting hacked
Hey guys
I've been posting on basil a lot and I always see these threads about people getting hacked etc. And I've seen various attempts to try to protect the account. Of course, the efforts that are put into protecting the account is not in vain. I've seen numerous attempts at trying to conceal or even "lock" the account and it got me thinking.
Why not issue a GM Password? In theory, it would [i]bann[/i] the user (temporarily) until he or she enter the GM Password. So even if the hacker were able to crack your original password, it would be rendered useless because the account is "locked"--meaning they can't log onto your account.
The way it would work is:
[b]>>[/b]Log into account Via Maple Story Website (Hey, bear with me. It's an attempt at a possible solution.)
[b]>>[/b]Request GM Password
[b]>>[/b]Nexon auto-banns your account and at the same time gives you the GM Password. Must be written down.
Bam. No one can access that account. Ever. At least I would hope so.
Want to log in?
[b]>>[/b]Go back to website
[b]>>[/b]Enter log information and GM Password
[b]>>[/b]Run Game
[b][i]FORGOT GM PASSWORD?[/b][/i]
GM Password will expire after xxx amount of days you request it.
[i]At this point, I'm out of ideas. Suggestions are clearly welcome :s[/i]
Look, I don't claim to be a pro-savvy computer nerd or anything, and I know hackers will find a way to deter this but at least it's an idea.
I'll be honest--this is not my original idea. It only came to me because I know some hackers who get banned and obviously can't access their account--and it also came from AdventTJ's idea with the Alt Codes. I'd imagine the GM passwords would be something similar to that. Any sort of character that cannot be recreated. I guess like a captcha? Idk.
Guys, if you have any other ideas that would benefit the community, then please post! Remember that Nexon can only do so much and every little bit helps. It's our items that we so desperately work hard to obtain that makes us unique. It flaunts how much dedication we have in the Maple World.
and I made a poll!
32 Comments • Newest first
@SageonX:
If it's an image, then they can take screenshots every time you click.
but i'm not that smart
[quote=sonny]Keyloggers can still go on your account because they can read every key you press so it's the same thing as typing a regular password besides your account being locked and it has GM in its name.
I disagree with your idea.
EDIT: or nexon can leak your password[/quote]
You can't keylogg an image if isn't typed. Its like a captcha.
Keyloggers can still go on your account because they can read every key you press so it's the same thing as typing a regular password besides your account being locked and it has GM in its name.
I disagree with your idea.
EDIT: or nexon can leak your password
@irpielover: I suppose all we can do is try. Of course this isn't 100% fool-proof, but it is a start in the right direction. Of course having two passwords would confuse a lot of regular players--but you can have the option to lock the account for quite a bit of time. I don't think hackers would very much enjoy cracking a GM password if it takes them xx amount of tries via bruteforce. (Do they even still do that?)
Yes, the database leak is indeed a tragedy and should have never happened.
[quote=irpielover]@SageonX: So what you're saying is, basically, we should just use the "lock-account" method? That's what it's sounding to me. Also, aren't we unable to write ALT+number codes in passwords? With the exception of copy and pasting the already written codes in the bar[/quote]
Yep. Lock-Account method.
Yes sir, we are unable to duplicate the Alt + Codes with the exception of copy-paste.
I'm no expert on this, it just seemed like a realistic idea that should be shared. Improvements is a must if we are to progress any further! >.<
@Confiscable: I love you too, Justin
What makes you think that the alleged hackers aren't able to just get [i]one more password?[/i]
Yeah... Not such a good idea. I like the concept though. Two passwords is more protection, and more protection is good.
[quote=goner666]OR... avoid download keyloggers [/quote]
You do realize there have been hackers that got the account info from Nexon's database right? There have been a few leaks of the account info in the past 6 months, and a lot of the leaked account info has been posted across the internet. I don't have any keyloggers on my comp, nor have I EVER shared my account info, and I was hacked back in December. Keyloggers have nothing to do with these recent hacking outbreaks, and if you don't believe me keep living in your fantasy world where only keyloggers can get you hacked.
@irpielover: I nvr said i was uncrackable, the TS said that.
[quote=irpielover]Nothing digital is 100% secure, everything is crack-able. Stop acting like you're so high and mighty because you know what they say: "The bigger they are, the hard they fall".
OT: Would this password have to be sent to your e-mail? Now that's 2 things hackers could use to get your info and leave you without anything at all: Your nexon ID and e-mail address. Unless Nexon were to make an auto-generator of GMPs (Game Master Passwords), then that'd seem to work for a while... thought I doubt Nexon would go through the trouble of all that just to keep their "security" running smoothly, as they so claim it to be.[/quote]
Its an on-screen issue. It'll just display the images/characters and you have to copy them down on a piece of paper.
It takes some getting used to--having to run back to the website after logging out to lock your account. The code won't be sent in an email because I know it can get compromised.
It sounds good in theory, but it's not fast enough to prevent you from losing everything.
Other ideas:
>Introduce IP lockdown; you can only log-in to the game with your specific IP address
or
>Authenticator; iPod/computer app that generates a random string and must be used at log-in (see WoW authenticator)
@SageonX: Hacker can request a mumble jumble on your account and they can log in anyway.
@xvboomvx: its more of a #sE@lG&qC&K<w(5!H pattern
[quote=kokass970]http://us.battle.net/support/en/article/battle-net-authenticator-faq
We need something like this.[/quote]
I think PayPal has something similar to that. It's a great idea!
@Bob11111: its basically a temporary password you receive when you request one. It also bans your account so no one can log on.
If you want to log on, it's easy. Just use the GM password that was given and you're all set to go! Unlocked account and all!
A lot of you are suggesting to use mac addresses and such to help verify the computers. This is all good and such, but remember, it's still a childrens game. It may just deter some young ones away from making an account since a lot of them may not be tech savvy at all.
[quote=kokass970]http://us.battle.net/support/en/article/battle-net-authenticator-faq
We need something like this.[/quote]
I have one for my SE account, for FFXI and FFXIV. Although, in those games even if you get hacked getting things back isn't so hard.
why not, like taiwan ms, as i watched my cousin played it, make an unlimited storage npc, which needs a lock to open the contents? that has kept many items for my cousin, which allowed him to make max mesos every 2 weeks
a mix of:
[quote=kokass970]http://us.battle.net/support/en/article/battle-net-authenticator-faq
We need something like this.[/quote]
and
[quote=AznPaint]A version of steam's method. Only one computer.
Want to move to another computer? Activation by email. Only.[/quote]
with another form of PIC in-game(example: a different one for each character.)
I barely understand this. Are you saying Nexon gives us a password of mumble jumble and we are forced to use it?
Maybe make it so the account owner can assign certain mac adresses to use the account. If they want to add/remove one, use personal info such as bday/name to be allowed to change it. Mac addresses can change though, so allow the user to log in through the website to change it without authorization.
Here's it simplified.
1. Log in as usual
2. User prompted that this mac address is not authorized, if he/she wants to authorize it, enter personal info to add.
3. User can continue in game
The user can also remove that mac address from the authorized list whenever they want, with the personal info.
@LazyLazyLazy:
I don't actually that 3x 2 hrs each day not to mention with those familiar hack leeches back then. Wasn't hard at all and i don't even train on regular days ahha
Its a great idea but i think it will have loads of problems with the sending of a password if people would just make a cryptic password with letters and numbers in it this wouldnt happen the hackers use keyloggers sure but the chance he hits the exact combination of the randomness of your password is very low, but like someone in the thread said steam version would be good to use. But very good idea thumbs up for your creativity
[quote=SageonX]I'm sure it's just a matter of time until your account gets compromised.[/quote]
40 character password is way too long for anyone even bothering to try.
@AznBubblePop: Ur not too lazy to grind hours a day to achieve dat lvl?
[quote=LazyLazyLazy]@SageonX: I don't get hacked cuz I have a good 40+ password that I change each few days and delete temp files and cookies when needed. Thats where viruses like to hide in my comp.[/quote]
Man i am to lazyy to do that o.o
[quote=kokass970]http://us.battle.net/support/en/article/battle-net-authenticator-faq
We need something like this.[/quote]
I've been wanting this and posting it on Nexon forums until my face turned blue from the effort. It's as perfect a solution as possible. The only way to access your account is by physically stealing something from the victim. And I'm sorry, but if someone is going to break into your house, the last thing to worry about is your 14 attack work gloves that give you 9 percent more dexterity on an online pirate.
@LazyLazyLazy: Whatever man. If you believe you're fully protected, fine.
@SageonX: And your thread is not helping.
@Uglamore: Y thx, I try
[quote=LazyLazyLazy]@SageonX: I don't get hacked cuz I have a good 40+ password that I change each few days and delete temp files and cookies when needed. Thats where viruses like to hide in my comp.[/quote]
I'm sure it's just a matter of time until your account gets compromised.
@SageonX: I don't get hacked cuz I have a good 40+ password that I change each few days and delete temp files and cookies when needed. Thats where viruses like to hide in my comp.
[quote=mymainacc]Awhile back i saw a thread like this. Well, not the same thing as yours but a way to protect your account A LOT better.
The idea was just like Steams security.
You want to log in maple on a computer
When you attempt to log in , you will receive an email that is an activation code to allow your account to be accessed on your copmuter
To log in on a different computer the same process must happen.
Your idea is a start but not very efficient. It would get rather annoying and probably be very buggy.[/quote]
That's pretty cool. My idea would avoid the email thing since there's a chance it can be compromised. I'll admit that my idea isn't fool proof, and neither is any other security out there. Hackers exist and will eventually find a way to get around the system, but no one is really offering much of a solution--just criticism.
[quote=LazyLazyLazy]Your not helping us with ur theories[/quote]
Exhibit A. lol Surely if you have time to criticize you can offer a solution, no? If not, I can safely assume you have nothing positive to contribute to this idea.
In which case, I would like to see you get hacked.
EDIT: Oh, I realized he used the wrong 'your'. It should be [b]you're[/b]. The [b]'re[/b] means [b]You are[/b].
Your not helping us with ur theories
Awhile back i saw a thread like this. Well, not the same thing as yours but a way to protect your account A LOT better.
The idea was just like Steams security.
You want to log in maple on a computer
When you attempt to log in , you will receive an email that is an activation code to allow your account to be accessed on your copmuter
To log in on a different computer the same process must happen.
Your idea is a start but not very efficient. It would get rather annoying and probably be very buggy.