Basic Password Security

Failure to follow basic password security and practices is one of the main causes for account breaches and account loss. Following the following advice will help you maintain your account safer:

1. Basics

When generating a password make sure that it is sufficiently strong for that type of an account. For example, an account on Dissidia Forums is not your bank account or personal email, so you don't need to go crazy with 10 or more characters. A password between 6-8 characters including atleast a couple of numbers and/or maybe a symbol is good enough. Never use your username as a password or a word found in a dictionary. NEVER EVER share passwords across accounts. This is the worst you can do. All of your passwords should be unique.

Tips:
a. Never use birthdays, age, and other important numbers as passwords, or attach them to passwords;
b. Do not use your name or other peoples name related to you;
c. Words or phrases from books, movies, anime, etc.;
d. Anything else in your public profile and or significance to you that others may or may not know or you can possibly disclose in the future
e. Avoid these passwords at all costs:
easy passwords
top 500 passwords


2. How to make good passwords:

The best passwords are those which are easy for you to remember and hard for others to guess. Try making your password sufficiently random. Use a site like random.org to generate a password for you: http://www.random.org/passwords/ .

3. Safe Account Practices:

Account breaches may occur at any time even with strong passwords, but you can help minimize the chances and or damages by following the following tips:

a. DO NOT share passwords across account (worst thing you can do) - one breached account compromises all other account with the same password. I Repeat do not share passwords with other accounts.
b. DO NOT give people your password if someones asks for it.
c. DO NOT authenticate with an IRC in a channel which is visible to other users, as missing a /(slash) may result in a leak when executing a command like /msg NickServ IDENTIFY <password>. Instead either have a client log you in or if you are using a web-based chat client that does not take username and password, use another empty channel or use one of the system channels or avenues (status, nickserv, etc) and do it there. In our web-based client there is a tab called status. Do your username authentication there. If you leak your password in there no one will see it.
d. DO NOT use the same password for the forum account and the IRC.
e. You password doesn't have to be crazy for IRC, but make atleast 4-6 characters.
f. Have recovery mechanisms in place for your password.

3. What to do in case of a breach:

a. Try to login into your forum or irc account and change the password before someone else does it.
b. Get in touch with the staff for forum account breaches, and notify the staff for IRC account breaches as well but take the extra step to contact #help on IRC Highway and request your password to be reset.
c. If you had shared passwords (and you should not) change the passwords on those accounts as well.


Finally this information applies to Dissidia Forums Accounts and Dissidia IRC channels, but please take care of your online identity and accounts in general. Practice password security and get in habit of using strong passwords, and defend yourself from social engineering ploys and avoid leaking passwords. If you would like to learn more I advice you to read these articles:

http://www.schneier.com/blog/archive...rd_advice.html
http://www.symantec.com/connect/arti...word-practices
http://www.security.duke.edu/password.html

Feel free to contact user staff if you have questions.