• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

STEAM | April 2014 - Insert witty title here.

Status
Not open for further replies.

Dr Dogg

Member
RE: Password security. When you use a password security service (1password, Lastpass, Keepass, they're all fine), you need to remember one strong password of 15-20 characters.

I can't remember about 1password as it's been a while since I've used it but lastpass does use Googles authenticator for the added 2 factor benefit. Unless you do a silly thing like me and leave your phone in your car whilst away.
 

StAidan

Member
Having trouble setting up my PS4 controller from Broforce's options menu, can I change it from a .ini file or something?

I had the same issue with my Wii U Pro controller. I was able to coax it into cooperation by resetting Broforce's gamepad settings using the keyboard, and then reconfiguring the controller once all the settings were blanked out.
 

Grief.exe

Member
RE: Password security. When you use a password security service (1password, Lastpass, Keepass, they're all fine), you need to remember one strong password of 15-20 characters. I use a pretty strong password, it's nice. Then all of the applications that you protect can have ultra-strong incomprehensible passwords.

I'm going to update my Steam password, just updated it..

Here's what my old Steam password was:
H<}/CH9VgZ6X<xPKW3CJ4jsvD7U(Cdj4]boAM.DMRX*xDRM8]Y

Here's what the one before that was:
$&jH<YviNrGo4wXjP}TB66c6f6eJoKpZ
Pitifully insecure as you can see.

All of my passwords for every site are like this.

Do you write your passwords down Stump?

I have a similar password for my email, but everything else is very security, easy to remember, passwords.
 
I don't remember because I don't give a shit about the game, but did Far Cry 3 see anything like the PC whining outrage that DS2 is getting?

I don't know what source that Gamespot stream is using but let's be fair, Far Cry 3 looked a lot closer to the set of images on the left side.
 

aku:jiki

Member
Savant has very nice spritework and, from what I heard, a cool soundtrack... But that gameplay is just stupid.

Also finally beat OFDP. All the various non-typical levels (daggers, defender, nunchaku, etc) were awesome and well worth the price and time spent, but the mob rounds got pretty damn old about halfway through. Beating the last third of the game was kind of a chore.

RE: Password security.
Geez, 50 characters? I stick to like 10. I'm an absolute nobody with nothing really worth stealing, no one's going to spend the time brute-forcing even my 10.
 

Stumpokapow

listen to the mad man
Geez, 50 characters? I stick to like 10. I'm an absolute nobody with nothing really worth stealing, no one's going to spend the time brute-forcing even my 10.

It would take me more effort to generate a 10 character password than a 50 character password because I'd have to lower the default password strength I have set in my generator.
 
password security

Good advice, just changed my steam pwd with a 25 char full of funny characters (from a 16).

I guess two factor authentication remains the best. I mean, If I'm not mistaken hotmail couldn't even handle passwords longer than 16 chars before the security haul months ago.
 

Stumpokapow

listen to the mad man
Good advice, just changed my steam pwd with a 25 char full of funny characters (from a 16).

I guess two factor authentication remains the best. I mean, If I'm not mistaken hotmail couldn't even handle passwords longer than 16 chars before the security haul months ago.

Two factor auth is ideal, yes. I turn it on on any service that allows it.
 

Evrain

Member
Just gotten my paws on MGR:Revengeance, do you think it is acceptable for me to be almost feeling sexual pleasure at the prospective of cutting down a Metal Gear Ray?
Jokes aside, it's almost like turning back time by roughly fifteen years, when I bought a new PC for the sole purpose of playing MGS (and Heavy Metal: FAKK2)
 

Stumpokapow

listen to the mad man
whats going on, EA got hacked?

A critical vulnerability with OpenSSL, an open source technology that is used to implement SSL connections on probably more than half the internet, can be exploited to expose user information and SSL keys. The vulnerability was disclosed yesterday. A patch is available, but every service you use needs to deploy it. Some have, some haven't. In the meantime, logins pretty much everywhere are vulnerable. The way it can be exploited is a little random and not the kind of targeted user dump you're used to from hacks so it's likely that the fallout will be less than usual, but it's still a BFD. Steam is one of the services that was affected, however, Valve appears to have deployed the patches.

Nothing to do with EA or Valve, rather an upstream technology.
 

Knurek

Member
RE: Password security.I'm going to update my Steam password, just updated it..

Here's what my old Steam password was:
H<}/CH9VgZ6X<xPKW3CJ4jsvD7U(Cdj4]boAM.DMRX*xDRM8]Y

All of my passwords for every site are like this.

I'm more fond of passphrases. If a service allows long passwords, pretty sure 'goat_simulator_in_Polish_would_be_symulator_kozy_and_spelunky_is_the_best_damn_game_ever_created' would be as strong as yours, and much easier to remember without using external apps.
 

Stumpokapow

listen to the mad man
Is that the best service?

There is no best and worst, they're all fine, and more importantly they're all exponentially better than not using a password manager.

Lastpass is free, but stores your heavily encryped passwords on their servers so if you are terrified of that prospect, you would avoid them (I personally wouldn't avoid them, they have their shit together). If you want to use Lastpass on your mobile phone, it's $1/month.

KeePass is free free, but not supported by a professional software company. It's sort of the DIY/roll your own kind of option. If you want to sync your passwords across devices, you'll need to use a cloud service like DropBox. The files it synchronizes are super encrypted and the mere act of synchronizing them is not a security risk.

1Password is fairly expensive ($35-50 for a license, plus upgrade fees every few years, plus $10 or so for the phone app) but has in my opinion the best UI of the three. It's also a Mac-focused service; it works fine and looks great on Windows but it looks especially great on Mac. I primarily use Macs. If you want to sync your passwords across devices, you'll need to use a cloud service like DropBox. The files it synchronizes are super encrypted and the mere act of synchronizing them is not a security risk.

Personally I use 1Password because my former employer made the mistake of offering to buy me software and so I got them to buy me a license, and in their lack of foresight they bought the license under my name rather than theirs. Cha-ching.
 

Dr Dogg

Member
If I pre-order Wolfenstien I get access to the Doom beta...what year is it?

It's a pretty slick looking trailer filled with nothing but cinematics, scripted moments and small snippets of actual gameplay:

https://www.youtube.com/watch?v=ATk...outube.com/watch?v=ATkxa5XSD18&has_verified=1

Not actually on Steam either, yet. I'm assuming this and the next Doom will be Steamworks.

Bethesda Softworks so pretty much 99.99% recurring that it will be Steamworks. Doom 4 god know when and what state that will be in but hey it's free.

Not too keen on a new more serious Wolf (though glad its not gone the serious and realistic route) but as an added bonus to that vid you posted was another classic Carmack vid.

Might be worth a view for all the Dark Souls lighting sceptics as to how demanding lighting is in games.

From what I've seen, LastPass is the best password manager around. I've been using it for years.

I've used 1Password, LastPass and KeePass and really, for me it all comes down to personal preference. 1Password has been on sale a few times and has better app support but LastPass works fantastically even without a subscription and combined with Xmarks is a great portable solution.
 

Come on, what would a facebook developer know?

The issue with the Heartbleed bug is that it was not disclosed responsibly by one of the teams that was working on it. Normally when something like this happens, the patch is released, then people upgrade, then the vulnerability is disclosed. One of the teams working on it did disclose responsibly, and another did not.

This is the reason why it was not disclosed responsibly:
http://techrights.org/2014/04/08/howard-schmidt-codenomicon/

Pretty ugly, actually.

Sadly, no surprise there.
 

Thorgal

Member
Do people keep a back up of keypaas and the like around on a USB stick or external hardrive ?

It is the main worry i have with using something like Keypaas because it is still on your hardrive .

As soon as that gives up the ghost your passwords are gone with it +since most of them are created as total gibberish, writing them down somewhere as a backup would be a pain and remembering them an impossibility .
 

zkylon

zkylewd
i can't be bothered with them password softs

i just use random bowie song names + random numbers and hope no one cares about the little money i have
 

derExperte

Member
I'm more fond of passphrases. If a service allows long passwords, pretty sure 'goat_simulator_in_Polish_would_be_symulator_kozy_and_spelunky_is_the_best_damn_game_ever_created' would be as strong as yours, and much easier to remember without using external apps.

Maybe, though existing words are always bad. And will you be able to remember 50 of those? Because using the same multiple times is a big no-no and I'm almost at 200 accounts with totally different passwords. There are methods to remember halfway decent phrases but it's so much more comfortable using a program and knowing you're safe. Plus, a very important aspect, I can change any of those 200 passwords in an instant and don't have to remember the new one.

Do people keep a back up of keypaas and the like around on a USB stick or external hardrive ?

I back the password files up as I back up everything.
 
Do people keep a back up of keypaas and the like around on a USB stick or external hardrive ?

It is the main worry i have with using something like Keypaas because it is still on your hardrive .

Personally I use http://www.truecrypt.org/ to create a file on my harddrive. Once mounted, I store a text file in there with all my passwords, I then back that file up.

It means all my passwords are easy to access, I can use whatever crazy password I want for different sites and the list is always relatively secure (with multiple passwords on the file no less).

Just another option.

For these games, Syder arcade and Hoard are pretty cool.

ModBot said:
Instructions for participants:
I am giving away 7 Steam keys. To enter this giveaway, send a PM to ModBot with any subject line. In the body, copy and paste the entire line below that corresponds to the key you want (if you include more than one game, you will be blocked from entering).

Rules for this Giveaway:
- Only GAF members who are NOT junior members are eligible for this giveaway.
- If you are a lurker you are not eligible for this giveaway. You need five or more posts in either the current Steam thread or the previous one to be eligible
- This giveaway has a manual blocklist. The giver has identified members who abuse giveaways and restricted them from participating.
- Do not trade keys you win off-site to enrich yourself. Don't try to claim games you have no interest in collecting or playing. Don't claim games to give them to friends off-site.
- If the key is already taken you will not receive a reply. Replies may take a minute or two:


X-Blades -- MB-060BAF7D593611C3 - Taken by FiveElementNinja
Syder Arcade -- MB-0C06F7E1DB0128FE - Taken by Tellaerin
Savant Ascent -- MB-CFB255E41379FA6F - Taken by alr1ght
Planets Under Attack -- MB-934EAF5B8D86EC9A
Knights & Merchants -- MB-BC37F0F62C0E51E9 - Taken by BernardoOne
Rune Classic -- MB-78DCDB45BDE9F575 - Taken by bobnowhere
Hoard Complete Pack -- MB-44EC86686D483AF8
 

Cheddahz

Banned
...what have I done
O1FQeak.png
 

Stumpokapow

listen to the mad man
I'm more fond of passphrases. If a service allows long passwords, pretty sure 'goat_simulator_in_Polish_would_be_symulator_kozy_and_spelunky_is_the_best_damn_game_ever_created' would be as strong as yours, and much easier to remember without using external apps.

If something is easy for you to remember, it's because you have a set of rules that allow you to remember it. Those rules reduce entropy, and an attack taking advantage of those rules would crack the password. Attacks against passwords are not bruteforce, they typically use rulesets. The ruleset for yours would be, say, 10-15 english language words with at most one character substitution and capitalizing at most the first letter of each word. And now we've reached the point where yours has dramatically less entropy than mine, because mine is not generated by any rule. I assume you've chosen to use passphrases because there was an XKCD comic.

It's also worth noting that on sites with poor password security practices (limit: 32 characters; limit: 16 characters, etc) your method collapses into almost no entropy, maybe 28-30 bits or so at most, and that's assuming your word-choices come from a Shakespearean vocabulary and are chosen at random--in reality since you attempt pseudo-understandable sentence structures the entropy would actually be significantly lower? My method collapses into... uh... I guess around 76^16 possibilities with no ruleset, so that's 99.96 bits of entropy.

Some articles discuss these novelty password rulesets and the idea of trusting your passwords and your memory instead of a secure encrypted password manager:
http://blog.agilebits.com/2012/11/08/dont-trust-a-password-management-system-you-design-yourself/

This is a direct reply to the XKCD comic:
http://blog.agilebits.com/2011/08/10/better-master-passwords-the-geek-edition/
"The strength of a password creation system is not how many letters, digits, and symbols you end up with, but how many ways you could get a different result using the same system."

I don't need easy to remember passwords because I don't remember or know my passwords. Remembering or knowing my passwords would make them weaker, still. External apps make my passwords more secure. That's a good thing. I'd rather trust a safe in my house than "securing my belongings without external tools or devices".

This is a very famous book that has absolutely nothing to do with cryptography or passwords, but which is super interesting. It talks a little bit about information entropy in a section on Godel's incompleteness theorem and those chapters help explain, conceptually, how information presented in different forms can be seen to be equivalent, and this is a key concept to understand how entropy matters more than length or obtuseness of your password:
https://en.wikipedia.org/wiki/Gödel,_Escher,_Bach
 

styl3s

Member
There is no best and worst, they're all fine, and more importantly they're all exponentially better than not using a password manager.

Lastpass is free, but stores your heavily encryped passwords on their servers so if you are terrified of that prospect, you would avoid them (I personally wouldn't avoid them, they have their shit together). If you want to use Lastpass on your mobile phone, it's $1/month.

KeePass is free free, but not supported by a professional software company. It's sort of the DIY/roll your own kind of option. If you want to sync your passwords across devices, you'll need to use a cloud service like DropBox. The files it synchronizes are super encrypted and the mere act of synchronizing them is not a security risk.

1Password is fairly expensive ($35-50 for a license, plus upgrade fees every few years, plus $10 or so for the phone app) but has in my opinion the best UI of the three. It's also a Mac-focused service; it works fine and looks great on Windows but it looks especially great on Mac. I primarily use Macs. If you want to sync your passwords across devices, you'll need to use a cloud service like DropBox. The files it synchronizes are super encrypted and the mere act of synchronizing them is not a security risk.

Personally I use 1Password because my former employer made the mistake of offering to buy me software and so I got them to buy me a license, and in their lack of foresight they bought the license under my name rather than theirs. Cha-ching.
I downloaded 1password for free.. What's the difference between the paid and for free version? i don't need it for my phone or anything just for my PC.
 
Bethesda Softworks so pretty much 99.99% recurring that it will be Steamworks. Doom 4 god know when and what state that will be in but hey it's free.

Not too keen on a new more serious Wolf (though glad its not gone the serious and realistic route) but as an added bonus to that vid you posted was another classic Carmack vid.

Might be worth a view for all the Dark Souls lighting sceptics as to how demanding lighting is in games.

Yeah, I'm not too enamoured with what they're showing of the new Wolfenstien. I don't know how excited I'll be at the prospect of a heavily scripted and cinematic, corridor crawler. Apparently they'll be showing off some gameplay for it soon.

Also, all that talk did was make me think about the fact that John Carmack is now an employee of Facebook and won't be doing any more QuakeCon talks.
 

Stumpokapow

listen to the mad man
Personally I use http://www.truecrypt.org/ to create a file on my harddrive. Once mounted, I store a text file in there with all my passwords, I then back that file up.

It means all my passwords are easy to access, I can use whatever crazy password I want for different sites and the list is always relatively secure (with multiple passwords on the file no less).

Just another option.

It is relatively secure in the sense that if someone gets the Truecrypt partition, they'll get nothing. It's quite insecure in that if someone gets the text file, they'll get everything, and your mechanism for coming up with the passwords, even if it feels random, is probably not truly random. Definitely better than password reuse or whatever dumb stuff most people do, but if I were you I'd move to KeePass (you can still Truecrypt your KeePass files if you want to). It's a pretty painless move, totally free, etc.

I downloaded 1password for free.. What's the difference between the paid and for free version? i don't need it for my phone or anything just for my PC.

I don't believe there is a free version of 1Password. If you downloaded something, it'll presumably lock you out after entering a few passwords. You need a license. If you want free, LastPass or KeePass is your best option.
 

styl3s

Member
It is relatively secure in the sense that if someone gets the Truecrypt partition, they'll get nothing. It's quite insecure in that if someone gets the text file, they'll get everything, and your mechanism for coming up with the passwords, even if it feels random, is probably not truly random. Definitely better than password reuse or whatever dumb stuff most people do, but if I were you I'd move to KeePass (you can still Truecrypt your KeePass files if you want to). It's a pretty painless move, totally free, etc.



I don't believe there is a free version of 1Password. If you downloaded something, it'll presumably lock you out after entering a few passwords. You need a license. If you want free, LastPass or KeePass is your best option.
Guess i will go with LastPass.

I primarily just need it as a backup in case i forget my password and somehow lose my book that has my passwords in it. It's a extra tool basically.
 

Tellaerin

Member
For these games, Syder arcade and Hoard are pretty cool.

Thanks for Syder Arcade, man. Be nice to have something to unwind with once I get done changing all my passwords. -_-;

(And apparently having my Sims 3 account linked to my Origin login means that... I change my Origin password and can't log into the game. And after Googling, I see that other people have had the same problem, and the fix appears to be "contact customer service to get it sorted". Joy.)

Thanks for X-Blades, I think.

I actually thought about putting in for that one out of morbid curiosity, after seeing Turfster more or less describe it as the worst thing in existence. Let us know how
bad
it really is, man.
 

MRORANGE

Member
Well it's Wednesday over here and it's my birthday.

aVAHktj.jpg


Turning 25 feels old man.

ModBot said:
Instructions for MRORANGE:

Instructions for participants:
I am giving away 24 Steam keys. To enter this giveaway, send a PM to ModBot with any subject line. In the body, copy and paste the entire line below that corresponds to the key you want (if you include more than one game, you will be blocked from entering).

Rules for this Giveaway:
- If you are a lurker you are not eligible for this giveaway. You need five or more posts in either the current Steam thread or the previous one to be eligible
- This is a free for all! You can enter for multiple games on the list below. Send an individual PM for each game you'd like to win.
- If you won a game from ModBot in the last day, you are not eligible for this giveaway.
- I really appreciate thank you messages, but please send them to me (MRORANGE, not ModBot!) via PM instead of in thread.
- This giveaway is a raffle. The winners will be selected by random draw 24 hours after the draw was created. Any games not claimed after that point will be given away first come first serve.
- This giveaway has a manual blocklist. The giver has identified members who abuse giveaways and restricted them from participating.
- Do not trade keys you win off-site to enrich yourself. Don't try to claim games you have no interest in collecting or playing. Don't claim games to give them to friends off-site.
- If the key is already taken you will not receive a reply. Replies may take a minute or two:


Jagged Alliance Collection -- MB-049CC595C699DEC2
Disciples III Resurrection -- MB-4263641417F8D7E1
Natural Selection 2 -- MB-1757010D89D2255E
Dungeons DLC Pack 1 -- MB-D9C05F97A3C86443
Alien Spidy -- MB-E66A6F1D121E1A8B
Ion Assault -- MB-29013ABACDBBE691
Type Rider -- MB-A7D3F6F2452ECE34
Bridge Constructor -- MB-1F1D59171E2EB461
Ravensword Shadowlands -- MB-7C264B5A6333E1E4
X-Blades -- MB-F487F86B03381142
Tank Operations European Campaign -- MB-43C7C8E2F6558D34
Little Inferno -- MB-E1F8544CC75B51CA
Super Hexagon -- MB-DEDD69287B42EEF3
Knights & Merchants -- MB-38C1A311EA81CA11
Tropico 3 Gold -- MB-53F7584B6B94FF7F
Dungeons The Second DLC -- MB-85DDF7643316982C
Sine Mora -- MB-19DF5EE155A64712
Rune Classic -- MB-53DD90B878F4808F
Dollar Dash -- MB-6AEBD914A3F620EA
Planets Under Attack -- MB-B332B00016E6BD51
Dungeons Steam Special Edition -- MB-87E6255A744A0358
SkyDrift -- MB-4C88921728A7E4B1
Broken Sword 2 -- MB-3131BD787EFFD77B
Hoard Complete Pack -- MB-61FF537FBCA0583E

t1397084467z1.png
 
It is relatively secure in the sense that if someone gets the Truecrypt partition, they'll get nothing. It's quite insecure in that if someone gets the text file, they'll get everything, and your mechanism for coming up with the passwords, even if it feels random, is probably not truly random. Definitely better than password reuse or whatever dumb stuff most people do, but if I were you I'd move to KeePass (you can still Truecrypt your KeePass files if you want to). It's a pretty painless move, totally free, etc.

You are probably right, I'll check it out.

thx bruh. Savant looks pretty interesting.

It does look interesting. Unfortunately I gave up on it pretty quickly, because I didn't find it any fun to play (the controls just felt off). Hopefully you can scratch the surface.

Turning 25 feels old man.

Happy birthday... but I'm saying that through gritted teeth right now.
 
Status
Not open for further replies.
Top Bottom