1. There is no such thing as a "pending" ban or Steam admin. Anyone threatening your account is a scammer trying to scare you. Read more.

Which e-mails are the safest?

Discussion in 'SteamRep General Discussion' started by Sari, Mar 24, 2013.

  1. Sari

    Sari Helpful Member

    Messages:
    2,450
    Steam:
    STEAM_0:1:50710336
    So recently a few people that I know have gotten their accounts hacked, and they said it was because a hacker somehow got into their e-mail addresses. So my question is: are certain e-mail accounts safer than others, and if so, which ones are the safest?
  2. AcesGamer

    AcesGamer User

    Messages:
    1,141
    Steam:
    STEAM_0:0:19877328
  3. Zyddie

    Zyddie New User

    Messages:
    131
    Steam:
    STEAM_0:0:23306550
    Safest would be to have your own mail server tbh, all the web emails are all the same in safety.
    Problem isnt the emails tho it is people picking easy passwords, a brute force attack will always get the easy passwords within a few mins as a lot of people are using like 0123456789 or Ilovemummy or something stupid that is related to them in someway.

    Personally i have quite a few emails spread out and only lost one which was my own damn fault but it was my spam email so gg hackers =P
    Just pick a good password that has nothing at all to do with you like traveltothemoon6273 or something silly and your a hell lot safer than most ^^
  4. DataStorm

    DataStorm Retired Staff

    Messages:
    3,448
    Oz' dak1ne likes this.
  5. VenGanZa

    VenGanZa User

    Messages:
    1,651
    Steam:
    STEAM_0:0:32312479
    Really? Why use rubbish?

    Any decent login system will always have denial of further pass attempts beyond xx tries from xxx IP. You have a right to know if this is the case with an email provider, and if you do not check or ask, who's fault is it?
  6. DataStorm

    DataStorm Retired Staff

    Messages:
    3,448
    1. Edited your reply to make the quote correct
    2. The account lock system after X tries within a Y amount of time can be defeated in 2 ways:
    - Spaced timing of brute force. Basically, if there is 5 tries in 5 minutes max, then they space all tries with 61 second, defeating the rule.
    - Simultaneous attempts to login by the thousands of, loads of implementations of the lockout system are vulnerable to that. they do a couple thousand, and wait till after the lockout to retry from another proxy. It basically works because the system has to serve a lot of access around, and the counter isn't filled (locked out) when this is tried. The answer is a delay before granting access, awaiting other attempts to let them count into the attempts, check the lockout and then decide on login. Not many implement this, for "user friendly" reasons, while its only needed for 5 seconds tops to wait. A different technique to deter is requiring to "fail" the login if from a new IP, and requiring to login again (a form of validating the IP).

    On blocking the IP's, there is no use in that, more then enough proxies around the globe.
  7. VenGanZa

    VenGanZa User

    Messages:
    1,651
    Steam:
    STEAM_0:0:32312479
    DS, good systems implement permanent lockout after say 3 failed attempts. This is why I do not use any 3rd party email system, and the sensitive systems I use all require me to contact support if I fail to input pass as per 3 max attempt limit :)
  8. DataStorm

    DataStorm Retired Staff

    Messages:
    3,448
    Most mail or other web companies working public cant do perm account lockout, too much support requests. So after X tries in Y minutes, you are locked out of your account for Z minutes. For their users to require to phone in on support would cost them simply too much. That you in a smaller closed environment have such, that is security implementations by the ICT deparment of that entity, which doesn't translate well to public environments with millions of users.
  9. Zyddie

    Zyddie New User

    Messages:
    131
    Steam:
    STEAM_0:0:23306550
    ^ what the CatOrca said.
  10. Dronefly

    Dronefly Caution on SteamRep

    Messages:
    353
    Steam:
    STEAM_0:0:41413966
    ^^ What the abomonation of a cat said.
  11. Chaos

    Chaos Retired Staff

    Messages:
    1,393
    Steam:
    STEAM_0:1:33058557
    Well I recommend gmail for most. Use 2 factor and register your phone.
  12. Dronefly

    Dronefly Caution on SteamRep

    Messages:
    353
    Steam:
    STEAM_0:0:41413966
    I used it and got tired of it. I strongly recommend creating a steam only or online game communities/websites/etc only email and enabling that feature but the fact that we live in such a mobile world i find it too annoying to constantly do these verifications.
  13. DataStorm

    DataStorm Retired Staff

    Messages:
    3,448
    Indeed, as I recommended in that linked guide, create a separate email address for those. For your "normal" mail, it may be a bit overdone to enable 2-factor. But for those accounts of yours that may be worth thousands of dollars....
    Dronefly likes this.
  14. Dronefly

    Dronefly Caution on SteamRep

    Messages:
    353
    Steam:
    STEAM_0:0:41413966
    once again. the abomonation cat speaks the truth. Ultimately this thread just needs to be locked. erase ALL requests and simply post a link to the guide. It truly is a thorough, complete and VERY VERY useful guide to answer this question.