requesting passwords

[Guest]

Archived from groups: alt.games.neopets (More info?)

I don't know about all of you, but from time to time I get a rash of
password request emails. It appears that someone is attempting to crack
into my email account to get my password, or someone is a complete idiot, or
both as I would assume is the case.

Im sick of this and made the following suggestion to Neo. If you run into
this and like my idea, feel free to submit it worded slightly differently
and suggest the same to your friends. I know it isn't hard to make this
change as many sites I sign up at give me my IP when I do.

"I was wondering if you could include the IP address of someone requesting a
password for an account. There have been a rash of requests lately, which
usually means someone is trying to crack into email accounts to get access
words. If you would include the IP we could report to you when someone
requests a password for an account that is not theirs."

 

[Les]

Archived from groups: alt.games.neopets (More info?)

~*Connie*~ [no@spam.com] said
> I don't know about all of you, but from time to time I get a rash of
> password request emails. It appears that someone is attempting to crack
> into my email account to get my password, or someone is a complete idiot, or
> both as I would assume is the case.

Could your account name just be similar to someone else's and they
occasionally try to log in to yours instead of theirs and request the
password when they cannot figure out why they cannot get in?

I mean, what is the advantage to anyone of requesting that your password
gets sent to your email address? Personally, if I was trying to crack a
password I most certainly wouldn't alert the owner of the account by
requesting that an email sent to them on a regular basis.

> Im sick of this and made the following suggestion to Neo. If you run into
> this and like my idea, feel free to submit it worded slightly differently
> and suggest the same to your friends. I know it isn't hard to make this
> change as many sites I sign up at give me my IP when I do.
>
> "I was wondering if you could include the IP address of someone requesting a
> password for an account. There have been a rash of requests lately, which
> usually means someone is trying to crack into email accounts to get access
> words. If you would include the IP we could report to you when someone
> requests a password for an account that is not theirs."
>

What would be the advantage? In the UK, as a rule, we don't have static
IP addresses and you are assigned one for the duration of your session
only and you would need a court order before you could get any info
about the user from the ISP. And again, if I was going to hack into
someone's account, then personally, I would go to some lengths to ensure
that my IP or any other form of ID was masked.

And then there is the question that if you did find out who it was and
where they lived, what would you do? Send the boys round? ))

That all said, can't see any harm in it either.

 

[Guest]

Archived from groups: alt.games.neopets (More info?)

the reason being a lot of people use hotmail and yahoo mail as their primary
email, both of which are obnoxiously easy to crack into with just the basics
of information. A while back a LOT of people lost their accounts to people
who did this. From time to time scams come back... and sadly email is
usually much easier to get into than most people realize. using
mail2web.com and knowing someone's email address, you can more often than
not guess their passwords. Yes, there are smart people out there who use
difficult ones, but there are still a vast majority of people who use simple
passwords, not realizing how easy it is to get into email.

IP's maybe static, but they ARE traceable. by knowing what time an ip was
accessed, you can find out who used it. Yes, it seems like a bit of work to
track down someone who is attempting to hack into something with no dollar
worth, but most neopet accounts represent hours of commitment, and would be
devastating to loose. I would imagine that small extra step of listing an
IP address would make someone think twice before trying that.

And no.. my ID is Not similar to someone else's, and I doubt that is the
case.. as I have heard from many other people who have gotten similar
requests lately. I have an old account, a large store and tons of trophies.
From time to time I find idiots trying to get into my account. I once had
someone try cracking into my account with the send the user name of the
account you want and your password to xxxxx to get the password, but they
stupidly sent it to me instead.


"Les" <les789@hotmail.com> wrote in message
news:MPG.1cf1efbc1d71cf7b989bc2@nntp.dsl.pipex.com...
> ~*Connie*~ [no@spam.com] said
>> I don't know about all of you, but from time to time I get a rash of
>> password request emails. It appears that someone is attempting to crack
>> into my email account to get my password, or someone is a complete idiot,
>> or
>> both as I would assume is the case.
>
> Could your account name just be similar to someone else's and they
> occasionally try to log in to yours instead of theirs and request the
> password when they cannot figure out why they cannot get in?
>
> I mean, what is the advantage to anyone of requesting that your password
> gets sent to your email address? Personally, if I was trying to crack a
> password I most certainly wouldn't alert the owner of the account by
> requesting that an email sent to them on a regular basis.
>
>> Im sick of this and made the following suggestion to Neo. If you run
>> into
>> this and like my idea, feel free to submit it worded slightly differently
>> and suggest the same to your friends. I know it isn't hard to make this
>> change as many sites I sign up at give me my IP when I do.
>>
>> "I was wondering if you could include the IP address of someone
>> requesting a
>> password for an account. There have been a rash of requests lately,
>> which
>> usually means someone is trying to crack into email accounts to get
>> access
>> words. If you would include the IP we could report to you when someone
>> requests a password for an account that is not theirs."
>>
>
> What would be the advantage? In the UK, as a rule, we don't have static
> IP addresses and you are assigned one for the duration of your session
> only and you would need a court order before you could get any info
> about the user from the ISP. And again, if I was going to hack into
> someone's account, then personally, I would go to some lengths to ensure
> that my IP or any other form of ID was masked.
>
> And then there is the question that if you did find out who it was and
> where they lived, what would you do? Send the boys round? ))
>
> That all said, can't see any harm in it either.

 

[Les]

Archived from groups: alt.games.neopets (More info?)

~*Connie*~ [no@spam.com] said
> the reason being a lot of people use hotmail and yahoo mail as their primary
> email, both of which are obnoxiously easy to crack into with just the basics
> of information. A while back a LOT of people lost their accounts to people
> who did this.

The point being you need some basic information, so that must have
involved some kind of scam?

> From time to time scams come back... and sadly email is
> usually much easier to get into than most people realize. using
> mail2web.com and knowing someone's email address, you can more often than
> not guess their passwords.

OK, but they would have to know the email address and as long as the
"hacker" doesn't know yours then requesting the password to it still
isn't going to help them.

> Yes, there are smart people out there who use
> difficult ones, but there are still a vast majority of people who use simple
> passwords, not realizing how easy it is to get into email.

Yep, but again, requesting your password to your email address isn't
going to help someone who is trying to guess your password.

> IP's maybe static, but they ARE traceable. by knowing what time an ip was
> accessed, you can find out who used it. Yes, it seems like a bit of work to
> track down someone who is attempting to hack into something with no dollar
> worth, but most neopet accounts represent hours of commitment, and would be
> devastating to loose. I would imagine that small extra step of listing an
> IP address would make someone think twice before trying that.

But it still doesn't answer the question of what good the information
would do anyone even if they got it. Say you found out that Mr Smith of
Tokyo, Japan had requested that your password be sent to your email
address, how would that help you?

And while the fear of being found out might frighten off children who
wouldn't be able to hack into your account anyway, it would not stop
someone who had the skills to actually do it.

> And no.. my ID is Not similar to someone else's, and I doubt that is the
> case.. as I have heard from many other people who have gotten similar
> requests lately. I have an old account, a large store and tons of trophies.

I am sure that people do try to get into other people's accounts all the
time, which is why it is a good idea to have a good password and not to
fall for any scams.

> From time to time I find idiots trying to get into my account. I once had
> someone try cracking into my account with the send the user name of the
> account you want and your password to xxxxx to get the password, but they
> stupidly sent it to me instead.

Sorry but I don't understand any of that. :-/