Security Update Discussion

First Riot Post
Comment below rating threshold, click here to show it.

Epos

Recruiter

08-23-2013

Quote:
Originally Posted by ROCKETMAAAN View Post
Can someone help me? everytime i try to change my passowrd its always to weak and im kind of getting mad....
Try to randomly right down capital and lowercase letters, with numbers, not including any personal information, i.e. birth date, year of birth, anything like that, and just keep that and copy it from paper or save into a .txt document and keep somewhere safe on your computer and copy and paste.


Comment below rating threshold, click here to show it.

Winterfal1

Senior Member

08-23-2013

Way to **** the bed Riot games. I can't believe you idiots lose everyone's info to hackers and then you have the audacity to send me this email that states "As a measure to make your accounts safer, within the next 24 hours we'll require players with accounts in North America to change their passwords to stronger ones that are much harder to guess."

NOBODY GUESSED OUR PASSWORDS TO BEGIN WITH, THEY WOULD ALL BE SAFE IF YOU DIDN'T LOSE THEM DON'T YOU THINK RIOT GAMES? And now.. I can't access my account because my password won't work lol and I can't change my password because the old one won't work. So I can't play the account I have spent lots of money on because riot ****s the bed like a bunch of f*cking amateurs. Great, and you send me an email that tries to spin it like it my fault that YOUR security sucks because my password isn't 15 random digits??

Ridiculous.

I am downloading dota2 right now.


Comment below rating threshold, click here to show it.

Grigorian Tutor

Senior Member

08-23-2013

There are no posted guidelines or requirements not even in the red thread that is suppose to be the macro thread on this issue.

Seems to need at least one number and 7 other characters
Repeating characters carry less weight possibly increasing the number of required characters
Numbers seem to have less weight then others if you use a lot of numbers


Comment below rating threshold, click here to show it.

snakeyes11

Junior Member

08-23-2013

this is ****ing stupid i tried it and it was taking for ever so i exited it then i try again and now it dont work so great job riot u ****ed up again congrats


Comment below rating threshold, click here to show it.

MeowMixWarrior

Senior Member

08-23-2013

Should we continue to wear our Tinfoil hats? I've fashioned one to look like Roy's hat from R.I.P.D (by the way sub par movie lacked sufficient comedy and action).

Questions though

1.) How long do we avoid drinking the tap water?
2.) Can I go back to using my phones or do I have to continue using my carrier pigeon?
3.) Will I have to burn anything that is written on paper?
4.) Will I need lead walls to keep my safe or is a mile deep bunker safe enough?
5.) Can I go back to posting on GD with my computer or do I have to continue typing on a typewriter and viewing GD on my etch a sketch?


Comment below rating threshold, click here to show it.

Shaithias

Junior Member

08-23-2013

Why didn't you salt and encrypt the passwords, and what type of attack was it? sql injection? session hijacking? what? Also, longer passwords really starts to cut into utility vs security issue. Security wise, 8 digits with multiple caps special symbols, letters and numbers should be fine. What is not fine is not setting up a tiered defense strategy that assumes your outer layer of security is breached at all times. You should have whitelisted the computers you allow to look at your files. You have a database, and a single function that takes a username and password. The database name is hidden inside of the function hardcoded in. the function is a boolean and returns allowed to log in == true or false!!! The function runs on a dedicated computer and is whitelisted to have database access. If you want me to design you a security suite, I am still in college, but would love to come work for you guys.


Comment below rating threshold, click here to show it.

ULT skunkodor

Junior Member

08-24-2013

I got that nice little questionnaire from support early this morning and thought yay finally getting somewhere. I filled out the entire thing and now almost 24 hours after I have heard from support there has been no response to the additional information provided. I just want to play my account again and we are now approaching day 3. So much for those good bundles.


Comment below rating threshold, click here to show it.

Zthach

Junior Member

08-24-2013

Quote:
Originally Posted by Winterfal1 View Post
Way to **** the bed Riot games. I can't believe you idiots lose everyone's info to hackers and then you have the audacity to send me this email that states "As a measure to make your accounts safer, within the next 24 hours we'll require players with accounts in North America to change their passwords to stronger ones that are much harder to guess."

NOBODY GUESSED OUR PASSWORDS TO BEGIN WITH, THEY WOULD ALL BE SAFE IF YOU DIDN'T LOSE THEM DON'T YOU THINK RIOT GAMES? And now.. I can't access my account because my password won't work lol and I can't change my password because the old one won't work. So I can't play the account I have spent lots of money on because riot ****s the bed like a bunch of f*cking amateurs. Great, and you send me an email that tries to spin it like it my fault that YOUR security sucks because my password isn't 15 random digits??

Ridiculous.

I am downloading dota2 right now.
I am sorry for your loss, but I doubt it was Riot's password leak that this happened; if your password is changed/lost, it's probably because it was easy to guess, or the hacker did an offline attack on your e-mail and got that and phished to get your LoL password. That only applies to easily guessable passwords; computers can try low length passwords, and with the USERNAMES they have, they might find yours. But, probably not the passwords themselves as Riot released that the passwords were salted and hashed, and unless you have the exact salt with that password AND the hash function it's impossible to perform an offline attack on it. I would bet it's your username that was taken, and you could probably ask Riot to change username or something on that degree. Again I am sorry, but you might get another account and Riot could recover your information about your previous account.


Comment below rating threshold, click here to show it.

Tigx

This user has referred a friend to League of Legends, click for more information

Member

08-24-2013

I find this extremely aggravating, I HATE coming up with new passwords, I'd rather just get a new credit card, much easier. This feels like something happened internally and we're the ones being punished for it :/ And if my password isn't good enough for you and isn't 23423487203487 characters long maybe I'll just go back to wow or something this is silly.

......not happy Riot, but I've invested too much to throw you away. It'll take some time for me to love you again, so prepare for a cold shoulder.


Comment below rating threshold, click here to show it.

Gizmo Era

Senior Member

08-24-2013

I work for my state's government. The standard 8-digit password(combo of upper/lowercase, numbers and special characters) I use for my login at work, where I deal with people's social security numbers & other personal info, is not enough for your security.

This is a video game.

My job is real life.

What?

I feel strongly enough about this where I'm not changing my password. The system didn't generate an "okay" message until I had input 15 characters. That is ridiculous. You might want to rethink your metrics OR your security.

Shoot me a mass email once you've decided to change your password restrictions.