RSNL.eu, if you don't know, is one of the Dutch fansites of RuneScape. Today they've been hacked and several accounts have been compromised afterwards on RuneScape. A couple of months ago, something similar happened to RuneVillage, so I'd like to use this event to remind you all that you really need to have different passwords for each site! If you use the same password everywhere, it won't take long until one of those sites gets hacked and your password is available to other people.

It's hard to remember all those passwords you've used on other sites, but in fact there's no need to learn them all by heart! There are several tools available which allow you to store passwords in an encrypted database that can only be opened by you with a master password or through other means (like a certain decrypting file that needs to be present on your computer). Macs have keychains that can be used, but I'm not too familiar with Macs, so I can't provide much information there. What I can talk about is the program that I've been using for quite a while now: KeePass.

Basically, all passwords you enter in KeePass are stored in one file. Though it's not advisable, it is almost harmless should a hacker be able to retrieve such a file, unless he can bypass the protections enabled on the file. There are 3 ways to protect the file (you can choose yourself which ones you want to activate): a master password, a decryption file and an authentication with your computer's Windows User Account. I chose the first two ones only because I want to use that database on several computers (at home, on laptop, at work, ...). I need to supply both the master password and that file to open the database and retrieve the passwords I've stored in there. This makes it possible for me to have different passwords on ALL sites, yet I only have to remember one password.

There are plenty of these applications around, such as LastPass, 1Password, ... I just happened to have been presented that program by a colleague at work and I was satisfied with the functionality it provided. So if you were ever wondering what the best way would be to put strong unique passwords on all sites, you should be aware that there are tools out there that can accomplish this easily. Of course, we're still trying to protect our site as much as possible, but you should never depend on others for your online security...

Greetings,
Glodenox

__________________
XML, SOAP, XSLT, JavaScript, SQL, Java, CSS, PHP, Scheme, JSP, C#, ASP.NET, VB.NET, PL/SQL, Visual Basic 6.0, C/AL and C (sorted well to less known).

Alternatively, just write your passwords down.

Now I'll just sit back and wait for the onslaught of ill-conceived claims that doing so is a huge security risk...

__________________

Imagine a perfect beach
Without a mermaid
Imagine a perfect hideaway
Without a time
Imagine a perfect Eden
Without a friend, without a serpent
"Feeling lonely and content at the same time,
I believe, is a rare kind of happiness"

correcthorsebatterystaple is the only password I'll ever need.

(But thanks for the heads-up!)

__________________


.

.Legendary themed months are back! Maybe.

!!!!!!!!!!!!!!!!!!!!!!!!

hey thanks glode!

EADWULF: thats [youtube]Z3sLhnDJJn0[/youtube]

__________________

That's such a huge risk! Hackers from all over the world are perfectly willing to pinpoint my computer's location, fly or drive to this household, pick out my computer in specific, and tear through my room for the written documentation of what my user names and passwords are! How dare you, of all intelligent people on this website, suggest such an asinine approach to how I manage the accounts of recreational websites online?

__________________

Goten is dead!

A good way to remember passwords is take a sentence that you can remember, such as: "The orange pony bit my face 2 times." take the first letter of each word or the next number in sequence to make the password. Using capitalization is good too. So that phrase would give you the password: Topbmf2t , a very secure passwor and easy to remember because its a funny phrase and not random characters.

thats what i do anyway, and i dont ever have to write passwords down.

alternatively, a way to write down passwords securely is to create a good "master" passphrase first. for example, qr56hg . you memorize that and create a symbol to represent it on paper, like a star (*) or smiley face. then i come up with 3 or 4 additonal letters and numbers that will be unique to each site and append it to my master phrase. so if i chose "35cd" for my runevillage password, i would write it down like this on paper: *35cd but the whole password is actually: qr56hg35cd (a good password). you only need to remember one master phrase (you can use the sentence trick from above) and the unique number can be written down. as long as you never let your master phrase get compromised, its a pretty secure way to write down passwords.

__________________

<3 sammich
Visit the RV Chatroom Today! The Coolest Place in RuneVillage!

Or to cut the middleman and just use a password like correct horse battery staple.

__________________

Because most brute force methods don't usually check for word combinations or anything...

__________________

Imagine a perfect beach
Without a mermaid
Imagine a perfect hideaway
Without a time
Imagine a perfect Eden
Without a friend, without a serpent
"Feeling lonely and content at the same time,
I believe, is a rare kind of happiness"

Sadly enough, someone was able to get into my e-mail account today. I had put up a Hotmail account as recovery account, and it seems that Hotmail stupidly added a security question that asked for my birthday (which isn't very hard to find at all). I wasn't aware I even had any recovery settings at Hotmail as I created that account in the early years of Hotmail, while I didn't even have internet at home. Luckily however, the changes that I made after our previous (and first) hack had the effect that the retrieved information could not be downloaded from the server, so that's an improvement.

So everybody: check your account security at your e-mail accounts and make sure that your recovery questions aren't so simple to figure out! We're still running over all settings to make sure that everything is secure again and actions will be taken to prevent this from happening in the future.

EDIT: also, the hacker contacted me and it *appears* he wanted to test our security and wasn't interested in data. He was able to find my address by looking through the hacked records from tip.it, which apparently includes all passwords in plain text. So if you have an account there, the password it used is completely insecure now!

Kind regards,
Glodenox

__________________
XML, SOAP, XSLT, JavaScript, SQL, Java, CSS, PHP, Scheme, JSP, C#, ASP.NET, VB.NET, PL/SQL, Visual Basic 6.0, C/AL and C (sorted well to less known).

*Shudderss*
That would be freaky if some untrustworthy jerk knew my address

__________________

What's he gonna do with your address? Send you pizza?

__________________
There is a village, which is hidden in the shadow of a mountain.
Everybody is suffering from a lack of light.
One day, the eldest of this village leaves for the mountain with a teaspoon in his hands.
The others ask him what he intends to do.
He replies that he is going to move the mountain.
"But you will never succeed!" they cry out.
"No, i will never succeed, but somebody has to start."

~~~The Wising Up Song - Misty's Big Adventure

Hidden: 

Kikori wrote:

Runevillage the forum is pretty well much done. Runevillage the group will eventually die, but as long as we're still friends with each other in the end, it's still a pretty big thought in our heads. Runevillage the family is forever, no matter where we settle down. If absolutely nothing else ever comes of Runevillage in the future, that alone is a pretty damn awesome thought.

Good guy hackers pointing out security flaws for us to fix?

__________________
Add me on Steam! Click this thingy!
If you're in the Runevillage group, it makes it easier to identify you!

Hidden: 

Kikori wrote:

Topsummoner wrote:

Riptide wrote:

I used to get you and J@n mixed up. Except your funnier. And nicer. Happy 21st bro!

Oh man Jan, you just got zinged by Riptide. How much does THAT suck?

Well, statistically speaking, slightly more than a giant suckusaur. A dire one.

PenguinGuy wrote:

Lets see if I remember how to play...

EX REX IS MAFIA SCUM FOURTHVOTER UNVILLAGE BLAH BLAH BLAH SCUM BLAH WINE IN FRONT OF ME BLAH BLAH META GAME BLAH BLAH BLAH SMELLS OF ELDERBERRIES BLAH

Right?

if you had my address, would you order me some pizza?

__________________

Sure, I'd pay for it with your credit card, too.

__________________
Add me on Steam! Click this thingy!
If you're in the Runevillage group, it makes it easier to identify you!

Hidden: 

Kikori wrote:

Topsummoner wrote:

Riptide wrote:

I used to get you and J@n mixed up. Except your funnier. And nicer. Happy 21st bro!

Oh man Jan, you just got zinged by Riptide. How much does THAT suck?

Well, statistically speaking, slightly more than a giant suckusaur. A dire one.

PenguinGuy wrote:

Lets see if I remember how to play...

EX REX IS MAFIA SCUM FOURTHVOTER UNVILLAGE BLAH BLAH BLAH SCUM BLAH WINE IN FRONT OF ME BLAH BLAH META GAME BLAH BLAH BLAH SMELLS OF ELDERBERRIES BLAH

Right?

oh sure! you will pay for my RS membership too?

__________________