Moderator: Content Admins
Bronze_D wrote:Tydus wrote:I imagine they have a very good security layer and have made the conscious chose to disable case sensitivity so that people have less trouble entering their passwords and they have less stupid tech support phone calls tickets from people being unable to log in. I find this answer makes a lot more sense then the idea that a multi-billion dollar company hasn't figured out high school level security. As i said, if they have a system in place to deal with brute force hacking, then having case sensitivity is pretty unnecessary.
Hmmm, good point, or you know... they probably also would just say, if you got hacked then you should've purchased an authenticator and while at it we have a great offer of mobile phone app premium service including auction service for the low low cost of...
incidentally it's a bit odd that they would want to cut the need of having tech support handle ppl who can't log in and spend the resource for special team to handle hacked account instead... i mean either way, you have to spend the resource.
Well, where I was coming from is that in the case of Blizzard, dictionary cracking and third party website hacking is far more significant than brute force. I expect Blizzard to have basic protections against brute force, but they can't guard against user error.
Unique passwords is the safest bet.
Bronze_D wrote:incidentally that just make any reduction on the password security layer worse.
if we assume that ppl uses exact identical password for both then they would fall to it guaranteed.
but if they varied it instead, then the degree in which they vary it often times are within a certain range from the other passwords, reducing the password permutations magnify the size of password that will get pished from the insecure source.
Bronze_D wrote:Oh i am sure a good portion of them are cracked in that manner with identical passwords, but as i said if they vary the passwords from one place to another, the common pattern ppl use is to vary it within certain range (with case sensitivity being one of the permutations), so let's say 100 ppl have their passwords identical, those accounts r goner essentially, another 50 say vary theirs with extra upper/lower case pattern (gone as well now since blizzard have no case sensitivity), and another 50 may have further modifications to their passwords with modified alphabets (safe until breached using permutations generator), and the rest with completely different password are safe.
Whether it makes financial sense to them or not is anyone's guess, but chances are they are not exactly concerned either way on how the case ends up as long as it can be moved to final state ie: recoverable, or not. Beyond that they have no need to care what happens next of course.
Either way though, non case sensitivity would just make it that much more vulnerable to dictionary attack as well so frankly i am still at a loss as to why they would open the gap there.
I mean perhaps i am missing something here, but logically you would've just setup a deeper recovery system to avoid the tech support from having to deal with the missing password cases rather than opening the password barrier wider especially to dictionary attack, but that's just from my angle i can see here.
BorisBC wrote:Pro tip - if you have to spew in a car, spew down the (inside) front of your shirt. Trust me, it's a lot easier to clean spew off yourself than the interior of a car.
Users browsing this forum: No registered users and 10 guests