Things We Would Love To See Added/Changed

[sidusar]

I often do use different usernames for different services. Tends to confuse people though.

That's why you should use odd characters in your passwords, make them long, impossible(ish) to guess, and please, please don't use the same password everywhere.

Yep, that's the password dillema. At any time you're probably going to be registered with between 20 and 50 online services, and ideally you should have a different password for each one. And every single password should ideally be string of totally random characters, case-sensitive and including number and odd characters. And at least 20 characters long. And you should have all those passwords in your memory, writing them down isn't safe either.

My hat's off to anyone who actually manages to do that though.

So far I've suffered more annoyances from forgetting one of my complicated passwords yet again and having to go through all the hassle of getting my account back, than I have from getting any account broken into.

[iceaxe68]

I often do use different usernames for different services. Tends to confuse people though.


Yep, that's the password dillema. At any time you're probably going to be registered with between 20 and 50 online services, and ideally you should have a different password for each one. And every single password should ideally be string of totally random characters, case-sensitive and including number and odd characters. And at least 20 characters long. And you should have all those passwords in your memory, writing them down isn't safe either.

My hat's off to anyone who actually manages to do that though.

So far I've suffered more annoyances from forgetting one of my complicated passwords yet again and having to go through all the hassle of getting my account back, than I have from getting any account broken into.

Modern web browsers will remember your passwords for you, and many other applications (such as games) will do the same. Granted, if you switch machines you have to jump through the reset hoops, or somehow manage to remember. It's a pain, but at least for services that store sensitive data, it's worth it. For most online services though, the data they store is not so dangerous, so you can use a less secure but more easily remembered password there. Especially if the personal data you entered in the first place was completely bogus.

As for worrying about someone getting the passwords from your browser storage: If someone evil gets administrative access to your machine, or even worse, physical access, you've got bigger problems than somebody stealing your game identity.

[sidusar]

That's what I mean, passwords are always a trade-off between being secure and being convenient.

And well, sooner or later *something* will happen that requires you to enter the password manually again, and if you've been using the auto-remember function until then, it's a lot less likely you'll remember it.

The reset hoops are another issue. It's not unusual that it's easier to break in through those than it is to crack the password.

[mufeline]

Constant vigilance!

I'm trying to use "tiered" approach myself - different passwords and usernames at work (and even then divided between regular user and administrative ones), home servers and workstations, games and finally forums and stuff... But usually I try to keep my passwords at least longer than 10 characters, unless the service cannot allow longer passwords.

There has been some "funny" events when IM window has popped up in the apprpriate moment and after hitting enter I've noticed that I just had written my password onto chat... talk about *major* d'oh.

Using the same username/password (or similar passwords) sadly gives advantage to determined attacker if he or she is wanting to cause real mayhem using someone else as scapegoat in different places.

Just as a comparison to Ryzom, I've just installed Asherons Call for testing, and from the original "big three" at least UO and AC uses completely separated forum/game username and password - and both without any artificial limit to the length of password (sentences can be actually quite secure as passwords as long as they arent direct quotes from somewhere...)