Security tips for avoiding account hackers

[RedBean]

Can't believe it has been suggested yet, but the easiest method to come up with a strong password is to identify a sentence, then use the first letter of each word as your password. It's easier to remember the sentence, and makes a strong password.

Example:

"I really do like Lee Jones, he listens to his users!"

makes the password:

IrdlLJ,hl2hu.

[ImsaKidd]

[ QUOTE ]
Can't believe it has been suggested yet, but the easiest method to come up with a strong password is to identify a sentence, then use the first letter of each word as your password. It's easier to remember the sentence, and makes a strong password.

Example:

"I really do like Lee Jones, he listens to his users!"

makes the password:

IrdlLJ,hl2hu.

[/ QUOTE ]

This is a weird sentence though. One of the tips I heard was to remember a song title or phrase. Raindrops keep falling on my head =

rkf0mh

or something like that.

[Percula]

Lee,

While this post is a good, and contains some good advise, I think there is a lot more that PokerStars can do to help protect their customers.

The very first thing I think you and your IT staff should be looking at is using secure tokens for authentication. If EBay/PayPal can do it, so can you. This step in and of its self eliminates theft from all but physical thefts.

(For more information on secure tokens, refer to this URL... VeriSign )

The next thing you should be looking at is requiring strong passwords, expiring passwords with a history, and unlinking the username that controls money from the screen name that is displayed while playing.

Do these two things, and you will be the most secure poker site on the net.

[MicroBob]

Agree 100%.

Don't think it appropriate that the name everyone sees at the table should also be the log-in name to get into the site.
Everybody already has half the equation right there to try to break into your account.

Prima and some other sites have completely different log-in's from the name you use at the table.


My bank has the 'expired pass-words' thing for accessing my online-account.
Many sites I know require a certain length or number of digits or SOME minimum requirement for password-security.

If I tried to set my password as LeeJones the site wouldn't let me because it woudl say that the password is not secure enough, I have to have at least 3 digits, whatever.

Doing something like this would force many people to be safer with their passwords.
Yes, most should be smart enough to know how to do this on their own. But Stars can also push their customers in the right direction like some other sites seem to do just to avoid as many headaches as possible.

[Rainbow Warrior]

[ QUOTE ]
[ QUOTE ]
You'd trust an on-line downloadable program with all your passwords??
Sounds insane.
I'd rather write them down in my own home with a numeric code(plus or minus shift on numbers/letters) that only me and one other person know.

[/ QUOTE ]

KeePass, one of the programs mentioned, is very reputable and safe.

[/ QUOTE ]

(playing paranoid devil's advocate because 100% safe means what??)

"...and Keepass is FREE!! So, therefore, they make money by...hmmm...let's see now...OH NO!!!"



Actually, I'm unfamiliar with Keepass and have no reason to trust or distrust them. AFAIK none of the hacked accounts we've read about on 2+2 used Keepass.

However, it's just another case of us giving outsiders with brilliant PC skills (eg: PT, PAHUD, etc.) access to computers that they know have important monetary data.
I allow my e-mails to be scanned daily. I trust, but I wonder.

Have I stepped over the line here??

[wonderwes]

Dear Lee,

As you can see the 2+2 community always welcomes to hear your posts. Obviously you wrote out the recommendations given by your security staff, some of these could be a bit revised.

One security program you forgot to mention was SnoopFree. It is an excellent program to warn you if any particular .exe is trying to gain access to your machine.

One thing Pokerstars should do is also keep a listing of security question. Ultimate Bet has this feature. If you had 2 security questions per user, it would help verification a lot.

It can't be easy to stay ahead of hackers but I hope you will revise this and post some kind of FAQ later on the poker stars website.

[HostJacob]

Since it's late at night in IOM and Lee is likely asleep, I'll answer a few questions...

[ QUOTE ]
Don't think it appropriate that the name everyone sees at the table should also be the log-in name to get into the site.

[/ QUOTE ]

This is only really a problem against dictionary hacks (unless I'm missing something). We have a different defense against that, in that if you enter the wrong password too many times (and it's not a huge number), your account will be locked entirely until you contact support. No dictionary hack could succeed on Stars.

[ QUOTE ]
If I tried to set my password as LeeJones the site wouldn't let me because it woudl say that the password is not secure enough, I have to have at least 3 digits, whatever. Doing something like this would force many people to be safer with their passwords

[/ QUOTE ]

Our site requires this as well - your password must be at least 8 characters long, and contain both numbers and letters. You cannot set your password to "LeeJones" on PokerStars - feel free to try, and you'll see the error message.

[HostJacob]

[ QUOTE ]
What happens if I die and no one knows how to log into my PokerStars account?

[/ QUOTE ]

Your family should contact PokerStars support. They will let your family know what is necessary to provide in order for us to cash out your funds and send them to your family.

[Percula]

[ QUOTE ]
Since it's late at night in IOM and Lee is likely asleep, I'll answer a few questions...

[ QUOTE ]
Don't think it appropriate that the name everyone sees at the table should also be the log-in name to get into the site.

[/ QUOTE ]

This is only really a problem against dictionary hacks (unless I'm missing something). We have a different defense against that, in that if you enter the wrong password too many times (and it's not a huge number), your account will be locked entirely until you contact support. No dictionary hack could succeed on Stars.

[/ QUOTE ]

Opps, big mistake. So now if I want to mess up someone that I know is going to be playing say the Sunday million MTT, all I have to do is try and login as their screen name with the wrong password until the account is locked out.

No big deal IF support is VERY fast in verifying and reactivating the account, but if they are not, I have just done a denial of service attack on another player. Hell a decent script kiddy could get their hands on a good sized PT DB and dos a few thousand accounts at once.

Edit to add...

And it is a none issue if the screen name and account names are different.

[_And1_]

[ QUOTE ]
Don't think it appropriate that the name everyone sees at the table should also be the log-in name to get into the site.
Everybody already has half the equation right there to try to break into your account.

Prima and some other sites have completely different log-in's from the name you use at the table.

[/ QUOTE ]

Word, the fact that your screenname and login is the same is just cr*p, Lee/you/PS should implement a diffrent login/screenname.