Password Change Request [important]

peppy

Here since the beginning

Topic Starter

peppy 2010-10-11T05:37:27+00:00

Hi again (it seems like only yesterday that I last posted an announcement!). This is a request to everyone to please change your password. Any accounts that don't have their password changed within a couple of weeks will be temporarily deactivated (requiring email reactivation). You can do this easily here. I suggest you make it at least 8 characters if possible. Read on for the reasoning behind this.

Recently there was a brute-force attack on many users' accounts, which was in turn used to negatively affect the rating of a beatmap. This was corrected quickly afterwards, but it remains true that many of your accounts are currently vulnerable due to a someone farming account passwords. If your password was quite secure (not a common dictionary word) then it is likely you are safe.

I have taken measures to ensure this doesn't happen again, so once you change your password you can relax. I realise this should have probably been in place from the beginning, but unfortunately was overlooked (sorry).

Thanks for your time!

peppy out

tldr version: CHANGE YOUR PASSWORD HERE PLEASE (especially if it was 'password' or 'abc123' etc.)

edit: if you want to keep your current password and you believe it is secure enough, change it to something else then back again, please.

anonymous_old

0 posts

Here since the beginning

anonymous_old 2010-10-11T05:56:05+00:00

I'm eager for someone from #osu to log in as me.

[Sean]

149 posts

Joined November 2009

[Sean] 2010-10-11T06:47:15+00:00

I've been meaning to change my password...

LaVolpe024 wrote:
Frosty wrote:
wow i want some too

A shirt or a kebab?

jericho2442

osu! Alumni

1,918 posts

Joined March 2009

jericho2442 2010-10-11T07:07:15+00:00

kk ive changed mine and will pass the word onto ppl i kno over this too

OSU! needs more Techno, Trance and other NON-Japanese related songs!

My Angel, princess and soulmate ♥
BounceBabe

Aoitenshi

711 posts

Joined February 2009

Aoitenshi 2010-10-11T07:14:30+00:00

Good one peppy, Now I have no clue my next password. But yeah, this is for the best.

Time to help a bit.

Use something like '153ELaIsMolSm' as password, if you can remember, use several capital letters. Signature number is great too, like my 053 in Ain053, It's certainly not because Ain052 won't work. Just pick your favorite number (Preferably 3 Digit like 423), EXCEPT, 13 and 666 as they are known as Devil's number and IS quite popular. Don't put your username or something familiar or related as password, they are just easier to guess.

Galkan

Global Moderator

2,023 posts

Joined September 2009

Galkan 2010-10-11T07:17:39+00:00

I have already changed my password yesterday (and it's hard to guess), must I change it again to avoid deactivation? Just want to know.

Derekku

COOL DUDE

7,270 posts

Joined March 2009

Derekku 2010-10-11T07:23:49+00:00

Galkan92 wrote:
I have already changed my password yesterday (and it's hard to guess), must I change it again to avoid deactivation? Just want to know.

peppy wrote:
if you want to keep your current password and you believe it is secure enough, change it to something else then back again, please.

Galkan

Global Moderator

2,023 posts

Joined September 2009

Galkan 2010-10-11T07:25:54+00:00

Whoops, I didn't notice the edit.

vivere

752 posts

Joined April 2009

vivere 2010-10-11T08:01:27+00:00

Changing password O.O

Edit: Uppercase, lowercase and numbers! Buahahahaha

♥

▬▬▬▬▬▬▬▬▬▬▬▬▬ஜ۩۞۩ஜ▬▬▬▬▬▬▬▬▬▬▬▬▬
ＳＨＵＴ　ＵＰ　ＡＮＤ　ＥＮＪＯＹ　ＴＨＥ　ＭＵＳＩＣ！
▬▬▬▬▬▬▬▬▬▬▬▬▬ஜ۩۞۩ஜ▬▬▬▬▬▬▬▬▬▬▬▬▬

arien666

6,290 posts

Joined May 2009

arien666 2010-10-11T08:43:23+00:00

Noticed on Korean forum anyway :3

Also, changed pw :3

Yup, just signature meow

Waryas

Waryas 2010-10-11T09:25:17+00:00

Sigh.
Changed.

qlum

481 posts

Joined October 2008

qlum 2010-10-11T09:50:33+00:00

no need to change for me 14 random letters and numbers is secure enough for me

anonymous_old

0 posts

Here since the beginning

anonymous_old 2010-10-11T11:15:31+00:00

Ain053 wrote:
Good one peppy, Now I have no clue my next password. But yeah, this is for the best.

Time to help a bit.

Use something like '153ELaIsMolSm' as password, if you can remember, use several capital letters. Signature number is great too, like my 053 in Ain053, It's certainly not because Ain052 won't work. Just pick your favorite number (Preferably 3 Digit like 423), EXCEPT, 13 and 666 as they are known as Devil's number and IS quite popular. Don't put your username or something familiar or related as password, they are just easier to guess.

A better suggestion:

Make your password a piece of text. It could be some quote from literature, lyrics from a song, or dialog from a movie. As long as it's not "never gonna give you up" or something else which is easily guessable (though Rick Rolling hackers does sound like fun).

The only problems with using passphrases are that some sites limit the number of characters in your password and sometimes the chosen text is in a dictionary or is easy to brute force.

If you're really paranoid, throw in some numbers and punctuation or use  .

(As if this information matters.)

Vanmonky

986 posts

Joined June 2009

Vanmonky 2010-10-11T11:23:57+00:00

qlum wrote:
no need to change for me 14 random letters and numbers is secure enough for me

peppy wrote:
if you want to keep your current password and you believe it is secure enough, change it to something else then back again, please.

osu!, I love you.

Vanmonky

986 posts

Joined June 2009

Vanmonky 2010-10-11T11:32:57+00:00

strager wrote:
Ain053 wrote:
Good one peppy, Now I have no clue my next password. But yeah, this is for the best.

Time to help a bit.

Use something like '153ELaIsMolSm' as password, if you can remember, use several capital letters. Signature number is great too, like my 053 in Ain053, It's certainly not because Ain052 won't work. Just pick your favorite number (Preferably 3 Digit like 423), EXCEPT, 13 and 666 as they are known as Devil's number and IS quite popular. Don't put your username or something familiar or related as password, they are just easier to guess.
A better suggestion:

Make your password a piece of text. It could be some quote from literature, lyrics from a song, or dialog from a movie. As long as it's not "never gonna give you up" or something else which is easily guessable (though Rick Rolling hackers does sound like fun).

The only problems with using passphrases are that some sites limit the number of characters in your password and sometimes the chosen text is in a dictionary or is easy to brute force.

If you're really paranoid, throw in some numbers and punctuation or use  .

(As if this information matters.)

Just a side note. If you want the strongest password you ever had, use definitely [b]12 characters[/] of lowercase, uppercase, and numbers. I once read an article about this. Password which consist of 12 characters is hard to be hacked by some of hacker's application.

osu!, I love you.

nonoh_old

24 posts

Joined February 2010

nonoh_old 2010-10-11T12:11:43+00:00

VanMoNky wrote:
I once read an article about this. Password which consist of 12 characters is hard to be hacked by some of hacker's application.

Good to know, my password just happens to be 12 characters :9

well it was before I changed it for this.

wmfchris

osu! Alumni

5,072 posts

Joined March 2008

wmfchris 2010-10-11T12:42:40+00:00

Everyone should change the password since this is good for this game ._<

BTW here is a strong password generator for those who're lazy to think of your new password~
http://strongpasswordgenerator.com/

For myself I think 30-digit prime with half of them being random stuffs inside it would be secure enough orz

Blog | Retired | 85 * 2 = 190, do you know why? | Maths consultant of osu
Saturio ♡ wmfchris //我雖然來不及參與妳的過去，但是妳的現在和未來裡都會有我

Shael_old

Shael_old 2010-10-11T14:34:13+00:00

My password was safe but I'll change it anyway ^^

Orkel

osu! Alumni

450 posts

Joined September 2008

Orkel 2010-10-11T14:57:06+00:00

changed.

Sakura

osu! Alumni

7,979 posts

Joined March 2010

Sakura 2010-10-11T17:31:49+00:00

I was thinking of changing my password sometime soon anyways, thanks for warning us peppy, i changed my password

I bloom in spring

Verdisphena

4,240 posts

Joined June 2010

Verdisphena 2010-10-11T18:52:56+00:00

Changed ~~

❝ It’s not that people can’t love you if you don’t love yourself. It’s that you won’t feel it because it’ll always seem like you don’t deserve it.
— But It’s Not a Matter of Deserving (#53: January 11, 2014)

FurukawaPan

649 posts

Joined August 2008

FurukawaPan 2010-10-11T18:56:39+00:00

pass changed.

Is there any way to check if my account was accessed by someone other than myself during the vulnerable time? a login history view or something that shows IP?

A Ha Haa~

Esupanitix

393 posts

Joined June 2009

Esupanitix 2010-10-11T18:59:01+00:00

Brb changing password; but besides when I get unbanned, who would want to log in as me and wh- okay now I see.

Not using StrongPasswordGenerator.com, because the password is too damn long for me to remember. Especially if it's eighteen characters. >_<

Yes, I get it, my profile doesn't show up to anyone but me. I don't understand it either, but surely there are better conversation topics than my lack of a viewable profile.

I color my greentexting green because I [REDACTED] feel like it.

Powerdrone

464 posts

Joined October 2009

Powerdrone 2010-10-11T20:27:52+00:00

Weegee you so silly.

I always have my browser remember my osu! password. =P

Maps

Daft Punk - Aerodynamic Pending
Chrissy Chlapecka - I'm So Hot WIP
Slayyyter - Devil WIP

crystalsuicune

6,436 posts

Joined May 2008

crystalsuicune 2010-10-11T23:54:51+00:00

Powerdrone wrote:
Weegee you so silly.

I always have my browser remember my osu! password. =P

What about public computers?You can't use cookies with those.

BTW,changed my password yesterday.

Powerdrone

464 posts

Joined October 2009

Powerdrone 2010-10-12T01:28:05+00:00

crystalsuicune wrote:
Powerdrone wrote:
Weegee you so silly.

I always have my browser remember my osu! password. =P
What about public computers?You can't use cookies with those.

BTW,changed my password yesterday.

I remember my password, duh. I just have it saved on my browser so I don't have to type it in all the time.

Maps

Daft Punk - Aerodynamic Pending
Chrissy Chlapecka - I'm So Hot WIP
Slayyyter - Devil WIP

Pokebis

2,047 posts

Joined April 2008

Pokebis 2010-10-12T03:10:58+00:00

And you can take a USB key with you or sync something, but that's kind of unsafe.
On that note, though, who would log onto the osu! forums on a public computer? I sure wouldn't.

It ends.

ekopret8ks

ekopret8ks 2010-10-12T04:00:16+00:00

The sequence of events before the osu! website crashes.

Just kidding, Good job peppy

K2J

872 posts

Here since the beginning

K2J 2010-10-12T07:09:53+00:00

Pokebis wrote:
On that note, though, who would log onto the osu! forums on a public computer? I sure wouldn't.

Why not? Afraid of copyright disputes? The sheer pinkness in public? Sure, you don't have a client, but that doesn't mean you can't check up on maps you're following / making.

Retired, lurks for cool Storyboards

Jarby

2,963 posts

Joined August 2008

Jarby 2010-10-12T07:44:12+00:00

K2J wrote:
Pokebis wrote:
On that note, though, who would log onto the osu! forums on a public computer? I sure wouldn't.
Why not? Afraid of copyright disputes? The sheer pinkness in public? Sure, you don't have a client, but that doesn't mean you can't check up on maps you're following / making.

I'd personally find it a nuisance to have to change my password when I get home which seems like a reasonable thing to do after logging on to the forum on a public computer.

Azure_Kite

osu! Alumni

3,217 posts

Joined February 2009

Azure_Kite 2010-10-12T10:38:09+00:00

Or you could, you know. Make sure it doesn't save your password by not checking the save box, and log out when you leave.

Jarby

2,963 posts

Joined August 2008

Jarby 2010-10-12T11:01:32+00:00

Azure_Kyte wrote:
Or you could, you know. Make sure it doesn't save your password by not checking the save box, and log out when you leave.

I don't trust those filthy computers and their monstrous spyware! I guess.

Aoitenshi

711 posts

Joined February 2009

Aoitenshi 2010-10-12T13:32:56+00:00

Jarby wrote:
Azure_Kyte wrote:
Or you could, you know. Make sure it doesn't save your password by not checking the save box, and log out when you leave.
I don't trust those filthy computers and their monstrous spyware! I guess.

I rather use 2nd ID to log in.

SPOILER

YEAH LIKE IT'S ALLOWED TO CREATE 2ND ID IN OSU

K2J

872 posts

Here since the beginning

K2J 2010-10-12T15:00:49+00:00

Ah, I see. As a university student, my perception of "public" means "log in using your student ID", so there's an extra layer of security that makes me not too worried.

Retired, lurks for cool Storyboards

awp

osu! Alumni

11,869 posts

Here since the beginning

awp 2010-10-13T23:30:23+00:00

peppy wrote:
edit: if you want to keep your current password and you believe it is secure enough, change it to something else then back again, please.

This is just general curiosity, but: what does the above accomplish?

Twally Spocks is best pony ♥
Proud user of Etna Sliders.
~~You'll never pierce my admintium armour.~~ Turns out, someone did!

Gabi

2,554 posts

Joined December 2008

Gabi 2010-10-13T23:39:38+00:00

Avoiding getting your account deactivated probably

~Wa wa wa Wasuremono~

SPOILER

_

peppy

19,315 posts

Here since the beginning

Topic Starter

peppy 2010-10-14T02:24:25+00:00

Gabi wrote:
Avoiding getting your account deactivated probably

Nice deduction work!

Azure_Kite

osu! Alumni

3,217 posts

Joined February 2009

Azure_Kite 2010-10-14T02:41:27+00:00

I giggled.

Hamuko

4,714 posts

Joined April 2009

Hamuko 2010-10-14T19:07:14+00:00

vivere wrote:
Changing password O.O

Edit: Uppercase, lowercase and numbers! Buahahahaha

mine is numbers, Upper and lower and upper and numbers and lower and upper and lower and numbers.

I want to eat the moon.

Numbbi

226 posts

Joined September 2009

Numbbi 2010-10-15T06:51:33+00:00

I guess changing password is a must now. :c

Don't want to get deactivated.

Hyguys

1,272 posts

Joined May 2010

Hyguys 2010-10-15T18:13:32+00:00

My password is reeaaaaallly secure :3

eru

2,885 posts

Joined November 2009

eru 2010-10-16T15:12:14+00:00

question over here

peppy wrote:
Any accounts that don't have their password changed within a couple of weeks will be temporarily deactivated (requiring email reactivation)

if they still don't change their password within months, will they get permanently deactivated?

it's just the internet. if you feel that you can't take what's written here, go watch porn, it will lift up your mood a little.
blog | last.fm

Ephemeral

Inland Empire

3,945 posts

Joined April 2009

Ephemeral 2010-10-17T01:33:55+00:00

the only accounts that ever get permanently deactivated are the ones that are used for cheating in some fashion or another

i don't think there's ever been an inactivity purge and i doubt there ever will be

Zetta

334 posts

Joined December 2009

Zetta 2010-10-17T04:54:58+00:00

Pass is all changed and I'm glad peppy added the password protection to the forums too.

So if you type your password on any post it comes up as *'s

*******

See,

FurukawaPan

649 posts

Joined August 2008

FurukawaPan 2010-10-17T06:30:32+00:00

Zetta wrote:
Pass is all changed and I'm glad peppy added the password protection to the forums too.

So if you type your password on any post it comes up as *'s

*******

See,

Somehow I'm not feeling the temptation to test that out.

A Ha Haa~

Mara

4,906 posts

Joined November 2009

Mara 2010-10-18T03:42:53+00:00

Zetta wrote:
Pass is all changed and I'm glad peppy added the password protection to the forums too.

So if you type your password on any post it comes up as *'s

*******

See,

That password is kinda weak, you know...

KcLKcL

29 posts

Joined June 2008

KcLKcL 2010-10-18T14:25:30+00:00

Okay, just changed by password

bagnz0r

bagnz0r 2010-10-19T05:23:40+00:00

I'm not changing mine, it's strong enough for brute-force to take 5 centuries.
And I don't feel like remembering another one complicated password.

James2250

osu! Alumni

4,059 posts

Joined July 2008

James2250 2010-10-19T06:07:25+00:00

bagnz0r wrote:
I'm not changing mine, it's strong enough for brute-force to take 5 centuries.
And I don't feel like remembering another one complicated password.

Then don't forget about

peppy wrote:
edit: if you want to keep your current password and you believe it is secure enough, change it to something else then back again, please.

Zelos wrote:
Definition of James2250: modding machine who is better than kawaii

Galkan

Global Moderator

2,023 posts

Joined September 2009

Galkan 2010-10-19T12:59:20+00:00

James2250 wrote:
Then don't forget about

peppy wrote:
edit: if you want to keep your current password and you believe it is secure enough, change it to something else then back again, please.

He meant he's not changing to OTHER psw and he stays with this one he's got by now.

Sign In To Proceed

Don't have an account?

Password Change Request [important]

LaVolpe024 wrote:

Frosty wrote:

Galkan92 wrote:

peppy wrote:

Ain053 wrote:

qlum wrote:

peppy wrote:

strager wrote:

Ain053 wrote:

VanMoNky wrote:

Powerdrone wrote:

crystalsuicune wrote:

Powerdrone wrote:

Pokebis wrote:

K2J wrote:

Pokebis wrote:

Azure_Kyte wrote:

Jarby wrote:

Azure_Kyte wrote:

peppy wrote:

Gabi wrote:

vivere wrote:

peppy wrote:

Zetta wrote:

Zetta wrote:

bagnz0r wrote:

peppy wrote:

Zelos wrote:

James2250 wrote:

peppy wrote:

New reply