Website & forum behaviors

[Thefilth]

Could you - if possible - post the name of the suspected private server in question? This would indeed help other people to know if they are in any immediate risk.

Who cares? It's their own fault. Right?



No, but seriously. Thanks for posting the update. Some of us were quite concerned, as I'm sure you've seen on the support forums.

[JCarrill0]

Does this mean I can have my account back?

[Soupa]

Go to:
https://en.nostalrius.org/login

Type in your account name but leave password empty. Then click "Forgot your password?" text. Follow the instructions in the email you receive. You could add [email protected] to your email contacts.

The GM team.

Wait a second here Pottu, didn't nostalrius back then when you first launched it in march 2015 required no email to create an account ? How can I change my password then without having registered an email during the creation of my account ? Am I missing something ?

I think this is an interesting concern that would probably be useful to have answered.

[Diametra]

I point to this post in this thread viewtopic.php?f=45&t=29113 from some time back where i had suggested using the in-game feature to change PW.

Greetings,

you need to have access to the email account that you used to register your account with. There is no other way.

The GM team.

Also from my own recent digging into the situation where I am asking if this can be verified:

In answer to my own above question, and this is relevant to the topic. After following this suggestion:

I has the same issue Robo - Chrome worked for me
But again, must be logged out on the website when starting the reset feature or it wont work on any browser

I was able to attempt to register my old pre-email verification account however, I received 'this username is already taken". I assume the username field to register an account is the account name field..has to be. So...if all this is true, if an original, pre-email account is hijacked and the ingame command to change PW no longer works, you cannot change the PW and would be sharing your account with a hijacker of your account in perpetuity. Can anyone else verify this?

[Conchi]

I have a question.
When i log into the main website and clic on "account", i only see "hello user, enjoy your stay on nostalrius!"

I just want to know whether it is normal or not ?

[Uzephi]

http://imgs.xkcd.com/comics/password_strength.png

Th@tsr14 = 3 days.... "That's Rank 14" with a slight twist, but only 8 letters still making it easy due to how software cracks passwords.

IjgaDNfm30BD = 25 thousand years... a simple sentence abbreviated: I just got a Dodge Neon for my 30th Birthday...

Choose your password wisely. Used the below site to test these simply created passwords from the top of my head.

https://howsecureismypassword.net/

Edit: used http://www.passwordmeter.com/ first one that ranked 3 days through a regular password cracker was ranked 73% secure... Second one 83%... add a "!" at the end and it jumps to 99% if you want to use that site... first password with a ! at the end jumped from 73% to 89% so some sites out there weigh certain password differently depending on the cracking algorithm they are using.

[Dreez]

http://imgs.xkcd.com/comics/password_strength.png

Th@tsr14 = 3 days.... "That's Rank 14" with a slight twist, but only 8 letters still making it easy due to how software cracks passwords.

IjgaDNfm30BD = 25 thousand years... a simple sentence abbreviated: I just got a Dodge Neon for my 30th Birthday...

Choose your password wisely. Used the below site to test these simply created passwords from the top of my head.

https://howsecureismypassword.net/

Edit: used http://www.passwordmeter.com/ first one that ranked 3 days through a regular password cracker was ranked 73% secure... Second one 83%... add a "!" at the end and it jumps to 99% if you want to use that site... first password with a ! at the end jumped from 73% to 89% so some sites out there weigh certain password differently depending on the cracking algorithm they are using.

you forgot the automatic lock out nost has, limiting brute force attempts

[Uzephi]

you forgot the automatic lock out nost has, limiting brute force attempts

True, but if you shared your password with another site, and it got compromised (like was stated in OP) a hash match does how the first linked page does and can try 4bil per second to match that hash. So if you use a regular, or even abnormal 8 character password that hash can be duplicated within 3 days on a normal desktop using a hash match.

[Benevael]

You can also use a password keeper application to store your passwords. The way this works is you have a master password that unlocks it, then it keeps a database of passwords that you can cut & paste. Once you get into the habit of cutting & pasting passwords, you can literally have a password at max complexity and never forget it, and use a different password for everything that requires it.

One of these is called 1Password, works on Mac, PC, iOS and Android.

Example password at the complexity I have set for WoW logins myself: w]r4/u7F]q2HN8$U
(This is not an actual password, just an example). 412 trillion years to guess that one with current technology.

But note that as the previous poster just said, if you have the same password on another private server though, it does not matter HOW complex your password is, it can be used to hack you here.

[nab423]

So if my account gets hacked by a gold seller, and then spams on my account and I get banned, do I just lose my account forever or is there a process to get it back?

This hasn't happened to me (knock on wood), but I want to know if there is a process in place for people who this has happened to.