Mabinogi Secondary Password System

    It's time to boost your account security with the Mabinogi Secondary Password system! Beginning August 23rd, 2012, we have implemented a new feature for your safety. All players will need to create a secondary password upon logging in. Here are some guidelines to help you make a secure passowrd: (LMFAO "Password" is spelled wrong.)

    - Your password must be between 6-16 characters in length.
    - You cannot use your Nexon Account ID, and it cannot be the same as your primary account password.
    - It must contain at least one letter and one number.
    - Try to avoid using dates or names as these are easy to guess.

    After you have created your password, you will need to enter it each time you log in. Please note that you will have 5 chances to enter the correct secondary password. If you are unable to enter it correctly after 5 tries, you will need to reset it. Visit our website to reset your secondary password.

    Thank you for your continued support, and we wish you safe and happy travels!

    -The Mabinogi Team-

    *NOTE*
    Please note that you will need to have access to the email address attached to your account in order to use the reset feature.



    Source
    This article was originally published in forum thread: Mabinogi Secondary Password System started by Craddle View original post
    Comments 11 Comments
    1. Niuu's Avatar
      ''it cannot be the same as your primary account password.''

      Lies
    1. Osayidan's Avatar
      I have mixed opinions about this...
      People will make crappy passwords anyways, for starters.
      Then there's the primary reason people get "hacked", they give their info away to people they thought they could trust. You can have 20 layers of passwords and they won't help there.
      There's also key logging which can easily be distributed via mods/hacks that so many people seem to be eager to go download, if they can keylog one password they'll keylog the other one too (even if it's via a on-screen keyboard).

      Finally there's the situation(s) where people supposedly got database access to passwords or something like that, chances are if this happens again they'll just need a bit more time to brute force a second password's hash instead of just one (CPU power is easy to get). If nexon is smart then they'll be saved in 2 separate databases though so hopefully it will at least stop this from happening again.

      So while this is certainly a good thing (despite all the whiny little kids who will bitch about inconvenience) I don't think it's going to help any with the most common issues.
    1. Froglord of DESTINY!!!'s Avatar
      maplestory has this
      People still get hacked
    1. Angel's Avatar
      Quote Originally Posted by Osayidan View Post
      If nexon is smart then they'll be saved in 2 separate databases though so hopefully it will at least stop this from happening again.
      This is true, however I highly doubt that Nexon would have done this.
      Nexon has never been a company that cares about it's customers privacy and safety.
      As an example, a hacker in EU managed to get access to everyones account.
      How? They saved the passwords in plain text.

      But ah well, it's a little bit inconvenient,
      but it still is an extra layer of security.

      And Osayidan, mind explaining how a key-logger is able to log the second password aswell?
      Kind'a interested in how that.
    1. Kingofrunes's Avatar
      I personally don't find this an inconvience at all. Are people that fucking lazy and terrible at remembering that they can't enter another simple 6 characters?

      It's the price you pay sometimes for extra security. That reminds me...I should add 2 step security to my Gmail account while I'm at it
    1. Osayidan's Avatar
      Quote Originally Posted by Angel View Post
      And Osayidan, mind explaining how a key-logger is able to log the second password aswell?
      Kind'a interested in how that.
      I haven't touched mabi yet since this was announced so one of two ways...

      If it's a standard password box where you type it in then it's simple... it just keylogs whatever keys you press.
      If it's an on-screen keyboard similar to the maplestory PIN, that moves the keys around, most decent keyloggers these days can take screen shots on mouse click events so it will know where your cursor is each time you clicked.
    1. Dracius's Avatar
      I always wanted them to link a fingerprint scanner to the password.

      But no game ever does that, because lolprogramming.
    1. Kingofrunes's Avatar
      Well, I'm not worried so much about keylogging and that sort of thing. I'm more worried about people social engineering customer support to get information to gain access like that one story about a guy who had his entire digital life erased due to some people social engineering Apple, Amazon, and Google.

      There is a reason why I don't mod, I don't trust people at all and I'm very careful about what I download. Not to mention, I keep up to date on my antivirus. So at this point, I'm more worried about database leaks (changing password every so often alleviates this somewhat) and social engineering. Social Engineering, is one of the greatest threats to security. Your system is only as secure as your weakest link.
    1. Osayidan's Avatar
      Nexon doesn't really interact with anyone so I don't think they'll get social engineered.
    1. Murasaki's Avatar
      Quote Originally Posted by Osayidan View Post
      I haven't touched mabi yet since this was announced so one of two ways...

      If it's a standard password box where you type it in then it's simple... it just keylogs whatever keys you press.
      If it's an on-screen keyboard similar to the maplestory PIN, that moves the keys around, most decent keyloggers these days can take screen shots on mouse click events so it will know where your cursor is each time you clicked.
      This keyboard does have a scramble option. I guess that could work better if people actually bothered, maybe?
    1. otto's Avatar
      Maybe it's because I have a crap character and plenty of alts to switch to if shit goes down, but i just think it's annoying. Honestly im more worried about Nexon doing something dumb than I am of hackers :T