PWO Community, today the Admin team learnt of something that really makes me sad about some of our players. There's an old saying that if you trust people never to make silly mistakes, you set yourself up for a fall. Well, let's just say they'll be quite a few insurance claims now for falling in public.
You see, in recent maintenance to the game's database, we discovered over a thousand accounts within PWO were using either the word "password", or copying their username as their password. This is seriously insecure and avoiding these choices is one of the first lessons of password security - such passwords are easily guessed and offer zero protection against a guilty player gaining access to your account.
The Playerdex has now been updated to prevent people setting either of these as their password for all PWO Services, both for new registrations and for existing accounts changing or resetting their passwords. In addition, after some consideration, we have decided that in the interests of player security, any account that used either "password" or their username as their password will now have had their passwords wiped from the database; and you will need to perform a password reset to obtain a new password in order to gain access into your account. Note that if you no longer have a valid email address, your account may no longer be accessible as a result of this change - we apologise for the inconvenience.
It surprises me that such measures are necessary as many of the Staff of PWO believed our player base was sufficiently smart enough to avoid choosing obvious passwords. To help players know what passwords to avoid in the future, here is a list of ten more passwords that were discovered, as of January 2010, to be used the most by internet users worldwide (study of 22 million internet users):
1. 123456
2. 12345
3. 123456789
4. monkey
5. iloveyou
6. princess
7. rockyou
8. 1234567
9. 12345678
10. abc123
If you are using one of these, or anything similar to them, you should change your password immediately. It's also a bad idea to use any part of your real name as your password; as the study also investigated how many people used names in their passwords - and discovered people's first names were number 11 on the list and many other name-related passwords appear further down.
Thank you for your attention.
In other news, a small Forum enhancement. If you go into your Profile Settings on your Profile today, you will notice a few new options with which to add more about your Pokémon journey to your Profile. In addition to the name of the Guild itself, you can now optionally set the position you have in a Guild; and you can choose your favourite Type of Pokémon to be added to your Forum Profile. Oh by the way, did you know that on anybody's Forum Profile, if you hover the mouse over the "Profile Info" or "Modify Profile" links at the top of the page, you'll see menus with links to search things about that player or, if it's your own Profile, change the way the Forum works for you? Check it out.
TL;DR: If you set your password to "password" or your username, you'll need to reset your password to log in again; and it is no longer possible to use these as passwords.
You see, in recent maintenance to the game's database, we discovered over a thousand accounts within PWO were using either the word "password", or copying their username as their password. This is seriously insecure and avoiding these choices is one of the first lessons of password security - such passwords are easily guessed and offer zero protection against a guilty player gaining access to your account.
The Playerdex has now been updated to prevent people setting either of these as their password for all PWO Services, both for new registrations and for existing accounts changing or resetting their passwords. In addition, after some consideration, we have decided that in the interests of player security, any account that used either "password" or their username as their password will now have had their passwords wiped from the database; and you will need to perform a password reset to obtain a new password in order to gain access into your account. Note that if you no longer have a valid email address, your account may no longer be accessible as a result of this change - we apologise for the inconvenience.
It surprises me that such measures are necessary as many of the Staff of PWO believed our player base was sufficiently smart enough to avoid choosing obvious passwords. To help players know what passwords to avoid in the future, here is a list of ten more passwords that were discovered, as of January 2010, to be used the most by internet users worldwide (study of 22 million internet users):
1. 123456
2. 12345
3. 123456789
4. monkey
5. iloveyou
6. princess
7. rockyou
8. 1234567
9. 12345678
10. abc123
If you are using one of these, or anything similar to them, you should change your password immediately. It's also a bad idea to use any part of your real name as your password; as the study also investigated how many people used names in their passwords - and discovered people's first names were number 11 on the list and many other name-related passwords appear further down.
Thank you for your attention.
In other news, a small Forum enhancement. If you go into your Profile Settings on your Profile today, you will notice a few new options with which to add more about your Pokémon journey to your Profile. In addition to the name of the Guild itself, you can now optionally set the position you have in a Guild; and you can choose your favourite Type of Pokémon to be added to your Forum Profile. Oh by the way, did you know that on anybody's Forum Profile, if you hover the mouse over the "Profile Info" or "Modify Profile" links at the top of the page, you'll see menus with links to search things about that player or, if it's your own Profile, change the way the Forum works for you? Check it out.
TL;DR: If you set your password to "password" or your username, you'll need to reset your password to log in again; and it is no longer possible to use these as passwords.