Questionnaire on Security

  • Poll
    • Should PokerStrategy use technical means to ensure that every member uses a secure password?

      • 15
        No
        75%
      • 5
        Yes
        25%
      Total: 20 Votes
    • SoyCD
      SoyCD
      Bronze
      Joined: 20.02.2008 Posts: 6,356
      Hey everyone,

      Due to the wave of recent account hacks on various Pokersites we have recently spent a lot of time dealing with the topic of "Online Security".

      During our research on the topic we found out that many PokerStrategy members don't know enough about the topic yet, or have been taking it too lightly. Mostly there were deficits in terms of protecting the computer against security leaks, viruses, and especially password security. This is why we released a small guide on the topic in the news.

      Even though PokerStrategy doesn't actually hold any player funds - meaning there would be no direct financial loss in the case of an account hack of your PokerStrategy account - you should still not take this too lightly. Even if its just someone using your account to "post crap" or to "borrow money" there can be damage.

      We therefore have the following question for you: should we force our users (so you!) with technical means (such as control algorithms) to use passwords of certain security standards? This would not only minimize the probability of account hacks, but also hopefully make the members aware of the importance of password security. Or should we allow our members to use any password they want, even if it is just "12345"?
  • 10 replies
    • Chiller3k
      Chiller3k
      Bronze
      Joined: 16.06.2007 Posts: 4,326
      Hmm I don't know if you should force them to pick a secure password, but for instance a small javascript application would be nice that "checks" the password during the registration and indicates if a password is safe or not (so for instance: Password <= 6 small letters: small security. Password that contain special characters, numbers, small and capital letters with more than 10 characters: high security)

      But I'm not sure if that's realizable.

      Well just my 2 cents =D
    • TheBu11d0g
      TheBu11d0g
      Bronze
      Joined: 25.07.2008 Posts: 2,019
      Originally posted by Chiller3k
      Hmm I don't know if you should force them to pick a secure password, but for instance a small javascript application would be nice that "checks" the password during the registration and indicates if a password is safe or not (so for instance: Password <= 6 small letters: small security. Password that contain special characters, numbers, small and capital letters with more than 10 characters: high security)

      But I'm not sure if that's realizable.

      Well just my 2 cents =D
      +1

      I think forcing people to change their passwords is a bit too strong of an action but if you give them the choice to know if their password they're gonna use is strong or not is a much more viable option.
    • darkonebg
      darkonebg
      Headadmin
      Headadmin
      Joined: 17.01.2008 Posts: 9,508
      The security article was very well written.
      My needed-to-protect sites(Neteller, Moneybookers and the Poker client Im currently playing in) were protected with some random combination of numbers and letters that I had written down on a piece of paper and nowhere else.That was working for me pretty nice.
      After the article though, I installed a software to store the passwords,generated longer and more secure ones,and used a master password .The software(suggested by PS) is free, uses a very nice encryption and comes with an auto-type password function, thus disabling any possible keyloggers or clipboard trojans.
      However, Im still using a medium-security password for the PS site itself(7 chars, letters only,two dictionnary words). Reason is that its easy to remember and type, and that nowadays accounts that dont hold any money or ways to get to some are not subjects to hacker attacks, and even if they were, I doubt that a post or two in the forum would do me any damage.
      =======
      Therefore, I think you should put that security article in a more visible place(sending it on the emails was a good idea), but leave the security measures for PS itself as they are.
    • alejandrosh
      alejandrosh
      Bronze
      Joined: 02.07.2008 Posts: 4,346
      I'm actually using a c++ code and hiding parts of my password inside it then copy/paste ... I hope that's enough.
    • swissmoumout
      swissmoumout
      Bronze
      Joined: 23.02.2007 Posts: 3,385
      i hate it when sites deny registration because of password stuff...I have a few very secure ones for everything money-related (inc. poker sites), but for normal websites, i don't like having to use 153 special characters, there's just no point..

      => no, since there's no serious threat in case of a hack

      it is, however, essential to use different passwords for usual websites and poker programs
    • thunderbird56
      thunderbird56
      Bronze
      Joined: 02.12.2007 Posts: 2,182
      IMO, PS accounts are not important and I think they're not the target of hackers. There is no need to implement any password stuff...
    • Gerv
      Gerv
      Bronze
      Joined: 07.05.2008 Posts: 17,678
      Making an article about good anti-x programs that are a must for poker players would be nice :)

      Some people only have an AV or even worse: no AV/AS things at all!

      - Gerv
    • iMilk
      iMilk
      Bronze
      Joined: 22.07.2008 Posts: 23
      This may be taking it a bit too far, or too technical, and I don't know if it's possible either.
      But I just thought of something like in your personal information you could write your IP-adress or maybe the two-three IP-adress that you check pokerstrategy from the most. If you try to log into your pokerstrategy account from other places/IP-adresses you would get an e-mail, where you have to confirm that you're logging in.
      This is not really thought over, it was just something that crossed my mind.
    • tcs35
      tcs35
      Bronze
      Joined: 31.01.2009 Posts: 3,583
      In my opinion virus scanners, spyware scanners, etc are useless. On my network all I have is a firewall on my router and everything else disabled. I have never recieved a virus, trojan or keylogger with my current firewall. It is how you use the internet is how you get the viruses. If people go on sites they don't know what they are and it ends up downloading a back door trojan / keylogger. You will probably lose your accounts, people just need to take time on the internet and they will be fine. On the password bit, all my passwords are different, they contain numerical numbers, letters and brackets, etc. I have a password generator which will give you a 99% secure password.
    • swissmoumout
      swissmoumout
      Bronze
      Joined: 23.02.2007 Posts: 3,385
      Originally posted by iMilk
      This may be taking it a bit too far, or too technical, and I don't know if it's possible either.
      But I just thought of something like in your personal information you could write your IP-adress or maybe the two-three IP-adress that you check pokerstrategy from the most. If you try to log into your pokerstrategy account from other places/IP-adresses you would get an e-mail, where you have to confirm that you're logging in.
      This is not really thought over, it was just something that crossed my mind.
      this would only work with fixed IP addresses, whereas most are dynamic (they change every day or so).
      Also, like thunderbird56 said, PS accounts don't need to be secured, since they don't actually hold any important information.