| Most important is why ? An anime list account, heck you don't win anything with it. Troublesome weird stuff, anyway thanks for the reminder. |
 |
| Any advice on people that log into MAL with a another social media account like me? |
| Mankind knew that they cannot change society. So instead of reflecting on themselves, they blamed the beasts. |
| I don't know why I'm getting locked out of my account over one attempt at logging in due to mistyping. Said I had too many attempts on my home ip, but I only failed once? Not sure if this is working as intended. I had to switch over to mobile data to login |
zzzeallyOct 28, 2017 2:48 AM
| hacking to MAL accounts is just a waste of time like... Ur just hacking someone's list and what u are going to do about it? srsly |
 |
| 2 factor auth is becoming standard. Would love to see something like Authy/Google Authenticator support. Those of us that are savvy enough to use password managers (with randomly generated passwords ill never remember) with 2fa auth, this should stop a good percentage of brute forces. When can we see something like this? Anime is srs buisiness. edit: If you get 2fa auth, I'll link my paypal for supporter. <: |
braveshinedOct 28, 2017 7:12 AM
| I didn't change my password because it longer more than 10 words. |
| FOREVER ALONE!! YAAAAAAH! |
Faederwulf said: Two-step verification doesn't have to be mandatory, they could make it an option you can turn on/off. Finally A good Idea!  |
 |
| I havent changed my password since the day I signed up for MAL, guess these hackers dont think im worthy of hacking... ;-; |
 |
| But whats point of even hacking account? And its a lot harder when your password have 2 words, example " pass word " than symbols and upper letters and other things. |
“Normal is an illusion. What is normal for the spider is chaos for the fly.” |
| Thnx for announcement admin this is what we need remind it to other new user as well. Wish this wont happened to MAL. |
 Fools set the rules in this world. Just take a look around. It's undeniable. — Noctis  |
| Only thing you should be worried about is having your username taken from you, and considering that after the ancient SSJ Master hack on the databases long before 2015 I keep a back-up on my lists every few months Considering how highly anal the password requirements are my password for MAL is not something I've copied anywhere else Also if we're going two factor please be Google Auth style where you don't need to link your phone number for it, I spent a few days fighting Apple over my old phone number being unassailable where with Google I just scan a QR code and it's easy to access from there on out |
Cnon said: Are passwords still sent in plaintext?? What is point of changing passwords if they can spoof it? This. This is kinda...very important. |
| Avatar character is Gabriel from Gabriel DropOut. |
| I'm just going to point out that using lower case, upper case, numbers, and symbols in passwords doesn't help nearly as much as it used to. Since those are the norm, any brute force method is going to take that into account. What is still effective is extending password length. Every character added is another multiplier to how long it will take to crack the password. A password made up of 50 lower case letters is going to beat a 10 character password made up of any combination of characters every single time. Of course, it is still better to use all of those other characters as much as possible, I'm just pointing out that length is more important than variety in passwords these days. EDIT: Though I see some people beat me on the punch on this one. Just make sure you aren't making your long password in the form of a sentence. Using unrelated words is better. Using no words at all is best. |
HraktuusOct 30, 2017 1:18 AM
| Omne Solum Forti Patria |
| why all seems so worried. bruteforce is very hard unless you use common words or repeating words. if ur password is unique, maybe until you die they don't even successfully brutefurce you. Just like bruteforcing a WPA2 which contains my full name and my ic number. even ur password is very strong, theres something called keylogger xD but overall myanimelist should be okay since it do encrypts its connection... unlike my high school management system, i can get client credentials by using wireshark... cause they use http only... i don't think its so easy to be hacked lol... unless u use password like aabbccdd, that's ur problem |
 |
| I just use my facebook login to log in, don't even remember password. Time to go look into that. 🤔😂 |
hazekashi said: Back in the 1970s, one of the engineers who built the early internet sent out a memo: Passwords need to have uppers, lowers, digits, emoji, special characters, Russian letters and katakanas. That will make it un-hackable! (With 1970s technology.) I wish I could remember his name. He recently gave an interview admitting he was wrong, 40 years later. Those $00per H4xx0rz passwords are actually the worst kind. They're just as easy to crack, but impossible to remember. So what does everybody do? Write them down! A much more secure system is to use 6-8 ordinary words that are random but easy to remember. Brute forcing your ampersands is easy, but 6-8 words is 30-40 letters, and NO computer can brute force a password that's long. I wonder if MAL would let you use "battery sent apple your tsumugi honey awful"? That would be true if Katakana and other special character actually existed in 1970 :^) |
| optional plans : strengthen mal security like blizzardapp/steam overkill? i don't think so i know someone already suggested this, but no harm to bring it up again |
 |
| Who even uses same password on all websites? Those people are probably just regular users who don't own anything worthy to be hacked. |
| Haters always gonna hate. |
| Wouldn't it be better if you used a password that was long and consisting of multiple uncommon words? Something about the entropy and length of it being harder to brute-force is what I have read. |
| Rational rations of rational discussions are good! |
| Yeah it would be bad to be hacked but meh its only a list of anime and manga so its not losing much but thanks for the warnings |
 |
LoveTheLizard said: hehexdMan I bet they hack accounts in order to add Boku no Pico to all them anime lists. The hacker dream. |
Slemmen447 said: Actually, numbers, upper/lower case and special symbols don't make passwords any safer. It's a common misconception. Password safety should actually be measured strictly by length. Combining 5 medium-length words into a password, kind of like AwesomeEsotericMasterPsychologyLord, is much safer than a password like M@iBiggButt6996. More options per character means that shorter passwords have more possible combinations. |
 |
| i've taken y measures too. Arakura said: You're right. password length is a one part of it but i if i know the length of Ur pass i can use a rainbow table to generate passwords. But mixing up words like u did is a very good idea. Because many password generating tools try random letters and characters.More options per character means that shorter passwords have more possible combinations. |
TonhaoNoXablau said: I don't even know my password hahaha I login through Facebook... Probably I'm in even more danger lawl Any affiliated accounts, (linked accounts) should have different passwords. If they're different you're fine, unless they want to steal your Facebook as well. (But honestly Zuckerburg datamining your real information is much more dangerous than getting your Facebook hacked.) Anyone know what spawned this urge to hack MAL's DB? |
| Lie until what you want to be true becomes truth. Lie until you can't remember what's a lie and what isn't. Lie until you aren't lying anymore! Figures  |
JohnTron said: TonhaoNoXablau said: I don't even know my password hahaha I login through Facebook... Probably I'm in even more danger lawl Any affiliated accounts, (linked accounts) should have different passwords. If they're different you're fine, unless they want to steal your Facebook as well. (But honestly Zuckerburg datamining your real information is much more dangerous than getting your Facebook hacked.) Anyone know what spawned this urge to hack MAL's DB? If you mean SSJmaster, afaik, he got banned and hacking the site every every year was his way of politely asking to be unbanned. With guro and scat porn LoveTheLizard said: Man I bet they hack accounts in order to add Boku no Pico to all them anime lists. The hacker dream. YES. Well, that's what I'd do. Fill up everyones list with Yaoi and rate them all 10/10 lol OT: My password is so obvious it's a wonder no-one hacked me yet. |
     |
| As a system admin, I am honestly surprised that MAL hasn't been hacked in the 2 1/2 years that I have been on here because from what I have seen, a lot of the code running on the back-end seems really outdated... The API is still XML and uses HTTP basic authentication to verify lol... All an attacker would have to do is write a simple script to try a bunch of user:pass combos on https://myanimelist.net/api/account/verify_credentials.xml and log the combos if the status code is 200. I could write something to do this in 5 minutes if I wanted to. Using software like fail2ban would not be an efficient method of stopping this either. A lot of code obviously just needs to be rewritten. |
Redlotusx said: Does this mean remaking the site or just make some complex modification to the site Vampire? It would involve rewriting the API and authentication mechanism(s), which would require some database modifications too. None of these modifications would be complicated. They would be rather simple but tedious. In my opinion, they should at least:
|
| SSJMaster vs Xinil Season 3 already? Sweet! |
 |
| I am curious to ask this so, when did all this so called hacking start...? Is it still anything to worry about? I personally havent gotten hacked or had anything happen to me. But i still worry a lil now an then |
|
| This website is vulnerable to brute force attacks because half of the information is known: username Stop using our public username as part of the login process and the problem will be much reduced. (example: login using registered email address instead of username) |
  |
More topics from this board
» [Challenge] You Should Read This Manga 2024 ( 1 2 3 4 5 )Kineta - Feb 23 |
207 |
by Shin_016
»»
Yesterday, 7:32 PM |
|
» Try MAL's New Mobile Site! ( 1 2 3 4 5 ... Last Page )Xinil - Feb 15, 2015 |
423 |
by RED-clover12
»»
Yesterday, 10:19 AM |
|
» Planned 5hr Maintenance, Thursday April 25 @ 1am-6am PTKineta - Apr 22 |
0 |
by Kineta
»»
Apr 22, 8:10 PM |
|
» New Site Update: Peak Anime 🗻 ( 1 2 3 4 5 )Kineta - Mar 31 |
213 |
by Lancelot73
»»
Apr 21, 4:28 AM |
|
» Heavenly Easter Delusion: Devil and Dolce ( 1 2 3 4 5 ... Last Page )Kineta - Mar 27 |
3331 |
by Terra_strong
»»
Apr 17, 8:26 PM |