You need to understand that there are things beyond your control, so people learn your info. You registered in some random server or game 10 years ago? Dude sold your acc info, 10'000 peoples info for 1$ or something, so they drop them in warmane and 1 or 2 maybe works, cleaning them out pays back. There are always some people who use same pass everywhere for 10 years.
-
Forum Veteran
-
Member
Moral of the post. Your account is your responsibility to keep secure. They have tools to help, but in the end it's all on you. Don't open a forum OMG I GOT HACKED CAUSE R DUMBS. Change your password on a regular basis. Don't reuse passwords. Don't use the same password for multiple log in sites. Simple ****.
-
Member
So then I take it, I should write a guide on how to secure accounts? because i can.
And Guess what, the purpose of Google Authentication is not just make brute-force attacks obsolete, but also to add an access prevention layer.
You should not be able to eliminate Two-Factors authentication using just an email without additional verification requirements, it's just right on website page.
I admit IT security isn't easy, and as a rule no system is 100% penetration proof, this is to say stop blaming.
Also, every system has a weak point, identifying the weakest point is where you start.Edited: July 3, 2022
-
Moderator
Access to the email account is required for that. If you compromise both your Warmane and Gmail account at once shouldn't be something we have to cover you for.
If they are entering both a correct username and password, it's because they already had figured the pair out. The attempted access should be a warning for the owner to change their credentials (even more so if the same are used in other services, what way too many people do, and which likely leads to many of the stolen accounts here).
You're correct, though, that every system has a weak point, and it's shared across all of them: the user being negligent.
-
Member
Except what he gained was access to email account only, then he proceeded to recover username, then recover password, then reset Google Authenticator.
And this is the weak point , that I was reluctant to post about, and all can be done on website, no need for anything else:
Warmane tools basically provide all that for you, so know I could not have compromised my warmane account.Edited: July 3, 2022
-
Moderator
So you're agreeing that the weak point is the user being negligent? Because they don't get their email stolen (which requires knowing the address, knowing the password - and it being the email they used to register with us when it comes to removing 2fa) because "2fa can be deactivated by email."
-
Member
And if the page provided no specific feedback to what was wrong: username/pass/auth, someone who tries to guess/brute force will never know what was wrong, and will not be able to identify "wrong passwords/User names" that were tried to eliminate them from the list.
But hey , this is how it is on every website including Google, Microsoft, Yahoo, and I don't understand why.Edited: July 3, 2022
-
Member
I am saying one cannot compromise both Warmane and email account at once as you said, it only takes an email account.
As for the user being negligent:
do you know what are Yahoo email leaks? Breaches?
In-fact I have seen many on google groups complaining about the same.
Knowing the specif email address and password and that it is the email used to register applies only to selective targeting:
When trying to hack a specific someone (packet captures/port vulnerability/..etc).
That's not how it works with email breaches obviously, you already have access to email , then try at website to recover everything.
And no I am not blaming, as I stated no security system is a 100% penetration proof, I am just stating what happened, and how it happened (workflow or "steps")
I know you provided these tools for a reason, and I am not blaming, but they can be abused to provide every other bit of info, meaning losing email enables to bypass everything else.
And yes I know how difficult choices you make between service availability/security, and yes anything can be abused regardless of your best intentions.Edited: July 3, 2022
-
Moderator
1. That takes them knowing the username in the first place - user negligence;
2. Even if user negligence leads 1 to happen, it means nothing if 2fa is being used, it's essentially the same as knowing the username but not the password and being unable to break the password. If 2fa isn't being used - user negligence.
You're trying really hard to reach for something to say the fault is on our end, when it all goes down to the user, no matter how you try to twist it. If the user does the bare minimum to keep their credentials safe, none of your scenarios will happen or matter. What next "if someone points a gun to the player and demands their password it's a weak point, what about that Warmane huh?!?"?
PS: Yes, I know about leaks. That's one of the reasons people are told to change their passwords regularly, to use complex ones, and to not use the same username on multiple services, especially the ones where security is crucial.
-
Member
This was an example of how Google Auth can make things even more secure against brute force attacks, nothing more intended.
Not my intention, nothing is a 100% Perfect.
And yes user negligence can be the issue, no guide on how to secure one's account.
Merely replaying to this post.
-
Member
No, you have made 2-4 posts about this. I'm really starting to think you're just fishing for sympathy or those accounts weren't really yours to begin with. I'm moving off this thread cause it's clear you don't understand how this all works. Have a good one.
Quote
