You need to be logged in to your Sky Poker account above to post discussions and comments.
You might need to refresh your page afterwards.
Security on Sky
Smitalos
Member Posts: 543
Should've brought this up in early posts regarding improvements that we'd all love to see this year, seeing as it's pretty much the most important part of the site that desperately needs tweaking, so...
Pin/Password - 4 to 6 DIGITS
I mean, for real guys?
Most sites advocate UpperCase + LowerCase + Numbers. We have... JUST numbers, 6 characters, limited to only 1,000,000 combos of passwords on the site.
Not to mention the most glaring issue here is that a decent chunk of people have probably chosen something familiar and easy to remember, let's say, I dunno, a significant year to them, a collection of their lucky numbers, DoB of themselves or someone they know, or heck, their Banking PIN.
A mere 10 character password using any valid keyboard combinations, gives us upwards of 6 Sextillion password combos. (that's ~ 6,382,393,305,518,410,000,000 pin possibilities)
We are limited to just a million. 1,000,000 combos.
imo, I'm shocked this hasn't been addressed sooner by management, and I hope I'm not the only one feeling that something desperately needs to be done.
P.s. Seeing as my previous '15+ suggestions for Sky in 2013' thread got ZERO replies from anyone repping SkyPoker up top, I would really appreciate it even if someone were to come in and at least say they're aware of this issue. Thanks.
Pin/Password - 4 to 6 DIGITS
I mean, for real guys?
Most sites advocate UpperCase + LowerCase + Numbers. We have... JUST numbers, 6 characters, limited to only 1,000,000 combos of passwords on the site.Not to mention the most glaring issue here is that a decent chunk of people have probably chosen something familiar and easy to remember, let's say, I dunno, a significant year to them, a collection of their lucky numbers, DoB of themselves or someone they know, or heck, their Banking PIN.
A mere 10 character password using any valid keyboard combinations, gives us upwards of 6 Sextillion password combos. (that's ~ 6,382,393,305,518,410,000,000 pin possibilities)
We are limited to just a million. 1,000,000 combos.
imo, I'm shocked this hasn't been addressed sooner by management, and I hope I'm not the only one feeling that something desperately needs to be done.
P.s. Seeing as my previous '15+ suggestions for Sky in 2013' thread got ZERO replies from anyone repping SkyPoker up top, I would really appreciate it even if someone were to come in and at least say they're aware of this issue. Thanks.
Comments
This has always been a concern of mine. Although am I right in thinking it locks you out after 3 wrong entries? if so at least thats something.
You need to multiply your one million combos of six-digit PINs by the number of possible log-in names.
The log-in name is a nice touch to add a little security to the site, sure. But why add another unnecessary element to account security. Just up the pin to an alphanumeric one. Would be practically impossible to hack if you had a solid one with 10+ characters.
To successfullly log in, you need to enter correctly TWO seperate fields.
User ID (up to 10 digits, letters & numbers can both be used).
PIN - Up to 6 numerals.
Your User ID & your "Screen-Name" are NOT the same thing - or should not be. After first Registering, including User ID & PIN, you are THEN given the opportunity to choose a Screen-Name. Obviously, you should choose a seperate, different, Screen-Name to your User ID.
The same system is used right across the SB&G platform (all sites) & has proved, in security terms, extremely safe & robust.
A 10 digit alpha/numeric User ID followed by a 6 Digit PIN works perfectly. The Business woud NOT advice you use the same Screen-Name as your User ID.
Some extremely large Balances are held safely across the Site as a whole, which has existed for around 10 years now, & there has been no significant history of financial security being compromised. Clients should of course take great care with their own Security.
You're giving people who have no idea that their log-in name is part of their account security (that sure was me for a while, and probably many others), the ability to just choose the same name, and thus, make it INCREDIBLY easy for people to hack their account.
If you have weak security on the site, i.e. a 4-6 digit password with only 1,000,000 combinations, the solution to that ISNT adding another password on top of that. How is that more logical than just allowing/encouraging people to create 10+ character alphanumeric passwords. It baffles me how, instead of confronting the problem, we just create another.
SOME people will have identical names, and it isn't going to take a sophisticated hacker with solid hardware a particularly long time to waltz into someone who does, and just guess their PIN with ease.
To use my "plastic" either at a retail store, or an ATM, I need to enter a 4 digit number, all numerals. That is it.
For my Online Banking, I need to enter a 4 digit (all numerals) entry Code & an 8 letter alpha/numeral code.
For Sky Poker, I need a (up to) 10 digit alpha/numeric code, followed by a 6 digit numeral code. Obviously, my Screen-Name bears no resemblance to my User ID.
the only time it is easy to guess is if your pin was the 4-5 digit of telephone number that is dialled when outsize your area or the year you were born.
Financial security across the SB&G platform is fine, under constant review, & been proven secure for more than a decade. It is designed & managed by people who know exactly what they are doing as to Online Financial Security.
Should you have any concerns, please address them with Customer Care.
Beyond what has been discussed here, it is not in anyone's interests to go into further detail.
Thanks.