Post Reply Can we get rid of user name only and password to access account?
Posted 5/31/16 , edited 5/31/16
I not sure I word that correctly. What I mean is that people seem to be gaining access to people account to this site more or less. I think the main issue with it is that you need to just put the username and guess the password. Making it only email and password will improve the safety of the account. I mean compared to other sites security measures doesn't take much to crack somebody account here. I think heaven time you guys address the problem.
474 cr points
Send Message: Send PM GB Post
21 / M
Offline
Posted 6/1/16 , edited 6/1/16

KarenAraragi wrote:

I not sure I word that correctly. What I mean is that people seem to be gaining access to people account to this site more or less. I think the main issue with it is that you need to just put the username and guess the password. Making it only email and password will improve the safety of the account. I mean compared to other sites security measures doesn't take much to crack somebody account here. I think heaven time you guys address the problem.


First of all, that specific user got infected with a keylogger software which has the ability to record every single thing you type on your computer. If your computer is virus-free and keylogger-free than you should not worry about this. Also, if your password contains mix letters, signs, and numbers and it longer than 16 words than it's impossible to hijack your account without compromising Crunchyroll server and site. What you can do is ask for two-ways verification, so if another new IP try to access your account, it will need a pass code which will automatically send to your email that you registered with the account every time a new IP try to access your account.
Posted 6/1/16

BoobiesSprinkle wrote:


KarenAraragi wrote:

I not sure I word that correctly. What I mean is that people seem to be gaining access to people account to this site more or less. I think the main issue with it is that you need to just put the username and guess the password. Making it only email and password will improve the safety of the account. I mean compared to other sites security measures doesn't take much to crack somebody account here. I think heaven time you guys address the problem.


First of all, that specific user got infected with a keylogger software which has the ability to record every single thing you type on your computer. If your computer is virus-free and keylogger-free than you should not worry about this. Also, if your password contains mix letters, signs, and numbers and it longer than 16 words than it's impossible to hijack your account without compromising Crunchyroll server and site. What you can do is ask for two-ways verification, so if another new IP try to access your account, it will need a pass code which will automatically send to your email that you registered with the account every time a new IP try to access your account.


I already told them that in a previous thread. From the lack of implementation, I assume zero fuck were giving.
474 cr points
Send Message: Send PM GB Post
21 / M
Offline
Posted 6/1/16

KarenAraragi wrote:


BoobiesSprinkle wrote:


KarenAraragi wrote:

I not sure I word that correctly. What I mean is that people seem to be gaining access to people account to this site more or less. I think the main issue with it is that you need to just put the username and guess the password. Making it only email and password will improve the safety of the account. I mean compared to other sites security measures doesn't take much to crack somebody account here. I think heaven time you guys address the problem.


First of all, that specific user got infected with a keylogger software which has the ability to record every single thing you type on your computer. If your computer is virus-free and keylogger-free than you should not worry about this. Also, if your password contains mix letters, signs, and numbers and it longer than 16 words than it's impossible to hijack your account without compromising Crunchyroll server and site. What you can do is ask for two-ways verification, so if another new IP try to access your account, it will need a pass code which will automatically send to your email that you registered with the account every time a new IP try to access your account.


I already told them that in a previous thread. From the lack of implementation, I assume zero fuck were giving.


I don't know if this site using HTTPS secure connection, but if it does than it will be super difficult for anyone to compromising the server. They can DDOS the site which is pointless and stupid because you get nothing from it rather making the site go super slow.
Posted 6/1/16


I and other people on the site request a two-ways verification. Again zero fuck giving by them apparently. So I insisted on making more difficult for assholes trying to get access to accounts or a two-ways verification. Which apparently zero fucks were giving by them.
474 cr points
Send Message: Send PM GB Post
21 / M
Offline
Posted 6/1/16
[


Maybe they wait for the hacker to launch its attack first, and then put two-ways verification?
Posted 6/1/16



Maybe they wait for the hacker to launch its attack first, and then put two-ways verification?


Doesn't need to be a hacker. Just somebody with free time and a desire to ruin somebody day.
Der Zoodirektor
23405 cr points
Send Message: Send PM GB Post
34 / M / Germany
Offline
Posted 6/1/16 , edited 6/1/16

KarenAraragi wrote:

I not sure I word that correctly. What I mean is that people seem to be gaining access to people account to this site more or less. I think the main issue with it is that you need to just put the username and guess the password. Making it only email and password will improve the safety of the account. I mean compared to other sites security measures doesn't take much to crack somebody account here. I think heaven time you guys address the problem.


The account takeovers have nothing to do with user names. The users who have their accounts usually employ a weak password management. This means that they re-use the same email/password combination across multiple sites/services.
Basically, if only ONE of those services gets hacked, a large part of their online accounts becomes immediately compromised, as logins stolen in hacks are usually immediately run through the login pages of all subscription or payment services in existence.
To do that those criminals use special tools that allow them to add thousands of login details via a simple formatted list and then use a few thousand open web proxies to test each set of credentials once against the login pages of those aforementioned services. This way each proxy IP they use is only getting a single failed login response, or in the worst case manages to log in. The credentials that are working are stored in a list of positive matches, checked for premium status, and afterwards either sold for profit or freely shared.

The whole problem would not exist, if people did not use the same password for more than one service. Just changing or adding a single word or even letter of the password for each website would already eliminate these issues at the root.
We've seen things like users using the same email/password combo on Minecraft servers hosted by random members of the public, as well as on Crunchyroll, Netflix, Origin, AND PayPal.
You must be logged in to post.