SoccerProject

i just recognised account of manager XXX with his team XXX was sucessfully attacked by hacker / someone who knows password

his players got to market immediatly for free and his team is in ruins.

he is not first victim of it. i saw managers in past with same issue. then their reaction? quit and curse .. no wonder ...

i propose in such clear cases, when account gets hacked to review the situation by admin and reverse silly operations on the market within this first day

i also experienced the case, when hacker increased significantly the salaries of players. this could be also reviewed and reversed ...

i know the password is each one responsibility, however we are humans, this is game and should bring fun. it would still make no harm to others reversing such actions. the same way as sheriffs put a ban they could reverse ...

We can make precautions and warn managers over and over, they still manage to create 'easy' passwords. There is no way we have time to implement the possibility to reverse all kind of actions an hacker can do to damage a team. There are a lot of things more important to implement first.

It's really not that difficult to choose a decent password ...

well what ever password you choose however long itis can still be hacked. and i think this a good idea

theoretically! but i don't think that putting a password like "h@ck3r]" can be hacked without some very strong resources for which there is no interest to use (to hack an SP account ... to gain nothing). brutal force doesn't apply either since after 3 consecutive password mistakes you get a 5 minutes ban. How much time does such a "hacker for nothing" needs to hack it?

Then do it like this: SoccerProject creates a random password which is difficult enough so that no hacker can easily find it, and that cannot be changed. Everyone has the ability to write down a password or to save it somewhere on the computer. If you do not remember your password you can always have it sent at your e-mail address again.
This way, all easy passwords should be gone.

When people would complain about this, you have strong arguments...
(Eventually: Only SPFA can change their password?)

If someone gets their account hacked, it should be their problem, not SoccerProject's.

If the person is an SPFA member, they should be able to contact someone and get their account back, though - because they are paying for it.

could it be like a two password entry.

like a regular password, and a security question.

e.g.
What was your first school? OR what is your mother's maiden name?

who, other than the user, will know the answer to such questions?

x42bn6 wrote:If someone gets their account hacked, it should be their problem, not SoccerProject's.

If the person is an SPFA member, they should be able to contact someone and get their account back, though - because they are paying for it.

I agree with this... we don't want to make logging in too complicated.

But what kind of passwords did these people use who got hacked? Did you find out? If they're passwords like, '12345' then fine, but if they were more difficult passwords to guess then we might have a problem. Maybe someone has figured out a way to use brute force while circumventing the usual login procedures. Like if you were to login with SPMT and fail 3 times, would you still get locked out? I don't know much about internet security, but could this be possible?

A while ago I read in some kind of computer magazin that the most secure passwords are at least 8 (or 10 I don't really remeber) characters, contain at least 3 numbers and have both capitals and small letters (question: is there another word in English for small letters?). If you have this, the chances of being hacked on a site like SP is pretty small.
And never use your name, birthdate and private stuff like that as a password, because people you know might just get lucky and screw up your account.

So you now all know what a good password is

i suggest that SP makes a second password for managers....when a manager rises more than 5wages...and puts on the TL more than 5players....Sp should request the manager to introduce the second pass....

Red Army - In English, people will often use the term 'lowercase' to denote small letters, but 'small letters' is perfectly correct.

I don't think any more security needs to be employed, personally. If this game required money to pay, then perhaps it would be useful in getting a security certificate so that logins are done over encrypted channels (https:// addresses), which makes things safer.

Most successful attacks are not caused by good hacking but poor password sense.

That said, to prevent excessive login attempts, it would be nice although not needed to impose a CAPTCHA mechanism, where a user has to type in a string of nonsense characters to prevent bots from automated brute-forcing.

question: is there another word in English for small letters

Yes - it's normal to call them 'lower case' letters.

In terms of the hacking, it's also possible to be keylogged very easily these days - it's more a problem for games like WoW and Runescape where the accounts change hands for a fair amount of money. I assume here that somehow getting someone's password (I doubt it is hacking SP itself).

I used to be a GM for Runescape and literally we dealt with thousands of stlen accounts each day, and those were the ones people tried to get back. The majority simply told their password to a 'friend', chose something too easy to guess or got keylogged.