Check out our brand new Local Poker Communities! Get updates and interact with poker players in your area.
Visit the United States Poker Community | Visit the California Poker Community | Read more about the Launch of P5s Local

Proposal to Poker Sites re account security

Reply to Thread
  1. SluggerWV SluggerWV is offline A picture is worth a thousand words.

    Posts: 45,410
    Joined: Nov 05

    Feb 6th, 2007 (2/6/2007 4:01pm)

    After reading about Annette's good Fortune in having her hacker bump her account 10K and realizing that is the one time in my lifetime it will work out like that, I recalled a post from an earlier thread stating that all sites should have accounts like bodog's where your account name isnt the screenname that other's see at the tables. I really like that idea and would take it a little farther.

    the sites should have accounts which are at least 7 characters with at least one of these being a letter.

    to sign into your account you would have to match your account name to your screenname and a password - the password should be case sensitive and include at least 2 letters and be at least 7 characters long

    to transfer money or to withdraw money you should have to enter a five character sequence including at least one letter -similar to the 3 digit security number on the back of credit cards.

    my bank has most of these features as security for my online access to my bank account. if my bank can do, then the software should definitely be available for the sites to set up this way

    the inclusion of both case sensitive letters and numbers in the passwords, along with the requirements that they be 7 characters in length, would make it very difficult to hack by random quessing.

    for many of the members on this site, myself excluded, there is a lot of money sitting in an account which is very tempting for our computer hyper literate hacking friends to attack.

    could we get them to do this?

    What are ways this can be improved ?
  2. Da Donkey Da Donkey is offline

    Posts: 12,964
    Joined: May 05

    Feb 6th, 2007 (2/6/2007 4:35pm) in reply to SluggerWV

    I agree, I think Bodog's security is top notch by having account # log in which sometimes I can't even figure out my own damn account # unless I memorize it....instead of using PokerName log in that shows up on the poker screen.

    Excellent suggestion Rank Slugger
  3. MUPokerPlayer MUPokerPlayer is offline

    MO
    United States

    Posts: 17,488
    Joined: Feb 05

    Feb 6th, 2007 (2/6/2007 4:36pm) in reply to SluggerWV

    agreed, requiring alphanumeric case sensitive passwords is a great idea. and it shouldn't be so damn easy to change your password. All you have to do is know someone's screen name and email address associated with the acct (and the password to that email addy), and the site will send you a new temporary password. How about security questions?
  4. WhizKid530 WhizKid530 is offline

    Bethel, PA
    United States

    Posts: 491
    Joined: May 06

    Feb 6th, 2007 (2/6/2007 4:36pm) in reply to SluggerWV

    I love the ideas. All sites should definitely improve their security with all of the instances we've been hearing of recently. Rank Slugger!
  5. SluggerWV SluggerWV is offline A picture is worth a thousand words.

    Posts: 45,410
    Joined: Nov 05

    Feb 6th, 2007 (2/6/2007 4:37pm) in reply to MUPokerPlayer

    security questions great idea mupp
    Thread Starter
  6. Staple Gun Staple Gun is offline

    Lake Orion, MI
    United States

    Posts: 3,166
    Joined: Aug 05

    Feb 6th, 2007 (2/6/2007 4:40pm) in reply to WhizKid530

    These measures would help, although if someone had a keylogger then it wouldnt make a difference. Annette account didn't get hacked because someone guessed her password. All this would do is make the hacker capture a few more keystrokes and then type them in. Then he loses money to someone else and cashes out of that account.
  7. SluggerWV SluggerWV is offline A picture is worth a thousand words.

    Posts: 45,410
    Joined: Nov 05

    Feb 6th, 2007 (2/6/2007 4:41pm) in reply to Staple Gun

    cant remember where it was, but i saw a post saying there was a hacking by guessing the password or by using a program to try multiple passwords
    Thread Starter
  8. bad grr bad grr is offline

    Madison, WI
    United States

    Posts: 1,107
    Joined: May 06

    Feb 6th, 2007 (2/6/2007 4:41pm) in reply to SluggerWV

    sorry, but a keylogger (the current use of most hackers) would be able to dig up the same info regardless of how many passwords and codes and crap you have to type in. Keep working on ideas though.
  9. ZeeDustin ZeeDustin is offline

    San Antonio, TX
    United States

    Posts: 9,458
    Joined: Jan 06

    Feb 6th, 2007 (2/6/2007 4:45pm) in reply to bad grr

    On top of the keylogger resonse, when I get home from work I wont to log on and play, not log on, log on, log on , log on wait and then play.
  10. SluggerWV SluggerWV is offline A picture is worth a thousand words.

    Posts: 45,410
    Joined: Nov 05

    Feb 6th, 2007 (2/6/2007 4:47pm) in reply to bad grr

    what is the best defense against the keylogger? will an anti-virus program by itself stop a keylogger?
    Thread Starter
  11. StnColdKillr StnColdKillr is offline

    Chicago, IL
    United States

    Posts: 1,310
    Joined: Feb 06

    Feb 6th, 2007 (2/6/2007 4:50pm) in reply to SluggerWV

    What about http://www.greenborder.com/ ?

    That supposedly stops keyloggers and heightens your security.
  12. bravecow bravecow is offline

    Sacramento, CA
    United States

    Posts: 1,181
    Joined: Feb 07

    Feb 6th, 2007 (2/6/2007 11:14pm) in reply to SluggerWV

    If someone is niave enough to IM somone they dont really know they are going to be an easy target for getting a keylogger trogen into the box. Then all the villian has to do is read the password. Im's travel in clear text, I was thinking of more on the line of a secret question that only the High Stakes player could ever know along with a password, and that it would have to come only from that user's ip address,Yea I know what a hassle if your travelling, But what a hassle to not have any cash to play! It would be something that was never written down and changed everytime. And, Or a review with a real person before the $$ is ever shipped out of the players account.
  13. ill flu ill flu is offline

    Kailua, HI
    United States

    Posts: 6,055
    Joined: Aug 05

    Feb 6th, 2007 (2/6/2007 11:23pm) in reply to SluggerWV

    I agree but that is not true about Bodog, sure there is an account number that you can use to log in and out but if you type in your poker screen name it also works as a log in.
  14. Broseph88 Broseph88 is offline

    Dayton, OH
    United States

    Posts: 653
    Joined: Jul 06

    Feb 6th, 2007 (2/6/2007 11:55pm) in reply to SluggerWV

    I agree. Email Frenzy? We need to repost when ftpdoug is on tommorow so he can post thoughts.
  15. pokerfellow pokerfellow is offline

    NY
    United States

    Posts: 721
    Joined: Jan 06

    Feb 7th, 2007 (2/7/2007 12:54am) in reply to SluggerWV

    An option I would like to see added to sites is this: Most of us always log in from the same computer, and our cable or DSL providers don't change out IPs almost ever... how about a form on fulltilt's site you can go, enter your IP (or a range of IPs), and have it set so noone other than these IPs can log into your account. This would add an extra layer of security.
  16. kerplunk kerplunk is offline

    Chilliwack
    Canada

    Posts: 25
    Joined: Dec 06

    Feb 7th, 2007 (2/7/2007 12:59am) in reply to pokerfellow

    all the major sites do enough security wise to ensure you play at a secure place. whoever gets hacked, it some way or another leads back to that person. if annette was donk enough to open a zip file from someone, then so be it. just the way it is. there will always be hackers as there will always be people dumb enough to fall for their tactics.
  17. ill flu ill flu is offline

    Kailua, HI
    United States

    Posts: 6,055
    Joined: Aug 05

    Feb 7th, 2007 (2/7/2007 1:16am) in reply to kerplunk

    kerplunk is a good name because your post stinks like poo.
  18. computerb computerb is offline

    Nashville, TN
    United States

    Posts: 10,169
    Joined: Mar 06

    Feb 7th, 2007 (2/7/2007 4:27am) in reply to ill flu

    I think an IP check to allow play is a great idea. If you are logging on to a poker site from any IP other than your home IP, it would greatly enhance security if you had to 'splain yourself. I think Neteller would freeze your account if you tried to access it from out of the country. This seems to me to be pretty basic, and I can't understand why the poker sites don't implement it. The poker sites should already be doing IP checks to check for multi-accounting, so comparing a specific account to an established IP address wouldn't be that difficult.
  19. Shaaarrrp Shaaarrrp is offline

    Arlington, VA
    United States

    Posts: 9,197
    Joined: May 05

    Feb 7th, 2007 (2/7/2007 4:32am) in reply to computerb

    Do you realize how often I and others play on our friends computers???
     
  20. tabz_0000 tabz_0000 is offline

    Bankstown
    Australia

    Posts: 42
    Joined: Jan 07

    Feb 7th, 2007 (2/7/2007 4:44am) in reply to Shaaarrrp

    The best way to stop keyloggers is to have a virtual keyboard that comes up and you click on the letters and numbers to enter your password
  21. Nilzor Nilzor is offline

    Norway

    Posts: 2
    Joined: Feb 07

    Feb 7th, 2007 (2/7/2007 7:15am) in reply to tabz_0000

    One word for you:

    Mouseclickloggers.
  22. Nilzor Nilzor is offline

    Norway

    Posts: 2
    Joined: Feb 07

    Feb 7th, 2007 (2/7/2007 7:43am) in reply to SluggerWV

    kerplunk, staplegun, bad_grr - You've understood how this shit works, the rest of you please try and think more than 1 inch ahead.

    You can have three user names, four secret questions, password 200 letters long with alphanumeric letters, punctuation, braille signs and squirrel sounds - that would not help the second you get a key logger installed. Firewalls and anti virus programs helps a bit, but they are not 100% safe either. There are thousands of people around the world that are able to code a keylogger. Once a new is made, the antivirus needs to be updated. When it comes to firewalls, everyone allow outgoing traffic on certain ports (or else you couldn't be online). The skilled programmers know which are most common. You could turn on application control so that you get a popup each time a new app tries to do internet communication. I for one have disabled this feature because it's so damn annoying. Still I'm not infected with viruses or keyloggers and that leads me to the single best tip that would prevent most hacking cases:

    BE EXTREMELY CAREFUL RUNNING .EXE FILES FROM UNRELIABLE SOURCES

    Everybody talks about ZIP files as the big satan. Zip files are harmless. It's the .EXE files within that EXECUTE that can damage, hence the acronym. The MSN-example of Annette_15 is a typical one. Other sources of infection might programs posted at internet forums, mail, etc. Verify the source! Read about the program more than one place - do a google. It's often as simple as that.

    Other general tips include
    -Never ever tell ANYONE your password.
    -Don't use the same password at a poker site where you have $100k as on forums or other places.
    -Be careful (preferably avoid) playing at internet cafs
    -Keep your eggs in more than one basket. Do you NEED $50k on one site?

    Bottom line: The user should take more responsibility. Like kerplunk, I think the sites basically do enough already (but I don't agree Annette is a donk). What they could do better is 24 hour support so that you could suspend the account on a moments notice if and when the accident occurs.
  23. ChuckSty ChuckSty is offline

    Durham, NC
    United States

    Posts: 2,358
    Joined: Oct 05

    Feb 7th, 2007 (2/7/2007 10:52am) in reply to SluggerWV

    you know what's wild about bodog you can actually put in ur email adress or sc name instead of acccount number and log in that way.
     1
  24. pokerfellow pokerfellow is offline

    NY
    United States

    Posts: 721
    Joined: Jan 06

    Feb 7th, 2007 (2/7/2007 11:17am) in reply to Shaaarrrp

    " Do you realize how often I and others play on our friends computers???"

    That's why my suggestion would just an optional add for people who wanted an extra layer of security.
  25. Askesis_ Askesis_ is offline

    Tampa, FL
    United States

    Posts: 3,066
    Joined: Jan 06

    Feb 7th, 2007 (2/7/2007 1:40pm) in reply to SluggerWV

    I agree with increased security.

    However, how would this have helped Annette? Say her login ID was different from her password....keyloggers still work
     
  26. The Knish The Knish is offline

    Los Angeles, CA
    United States

    Posts: 855
    Joined: Feb 06

    Feb 7th, 2007 (2/7/2007 1:44pm) in reply to Nilzor

    this whole thing is scary

    would be good to have a regular forum for internet protection info
  27. tybme tybme is offline

    Valley Falls, KS
    United States

    Posts: 224
    Joined: Aug 06

    Feb 7th, 2007 (2/7/2007 2:04pm) in reply to SluggerWV

    The sites provide enough security currently. really the only other thing I can see them doing is to add a level of security called software token authentication, but even that is a little weak. (for more on software tokens see this -> http://en.wikipedia.org/wiki/Software_token )

    Really security needs to be maintained by the computer user and not by the site. You don't expect your morgage company to maintain your homes locks and alarms why would you expect the site to maintain more security than banks use for online transactions?

    I am about halfway through a new article for helping to secure your PC. I hope to have it submitted to p5 by Friday.
Reply to Thread