Security on Sky

Smitalos · May 2013

Should've brought this up in early posts regarding improvements that we'd all love to see this year, seeing as it's pretty much the most important part of the site that desperately needs tweaking, so...

Pin/Password - 4 to 6 DIGITS

I mean, for real guys?

Most sites advocate UpperCase + LowerCase + Numbers. We have... JUST numbers, 6 characters, limited to only 1,000,000 combos of passwords on the site.
Not to mention the most glaring issue here is that a decent chunk of people have probably chosen something familiar and easy to remember, let's say, I dunno, a significant year to them, a collection of their lucky numbers, DoB of themselves or someone they know, or heck, their Banking PIN.

A mere 10 character password using any valid keyboard combinations, gives us upwards of 6 Sextillion password combos. (that's ~ 6,382,393,305,518,410,000,000 pin possibilities)
We are limited to just a million. 1,000,000 combos.

imo, I'm shocked this hasn't been addressed sooner by management, and I hope I'm not the only one feeling that something desperately needs to be done.

P.s. Seeing as my previous '15+ suggestions for Sky in 2013' thread got ZERO replies from anyone repping SkyPoker up top, I would really appreciate it even if someone were to come in and at least say they're aware of this issue. Thanks.

calcalfold · May 2013

This has always been a concern of mine. Although am I right in thinking it locks you out after 3 wrong entries? if so at least thats something.

GaryQQQ · May 2013

It's much harder than you suggest. They not only have to guess your password, they have to guess your log-in name too (which is different from your screen-name obv, and like the password should never be dislcosed).

You need to multiply your one million combos of six-digit PINs by the number of possible log-in names.

Smitalos · May 2013

In Response to Re: Security on Sky:

It's much harder than you suggest. They not only have to guess your password, they have to guess your log-in name too (which is different from your screen-name obv, and like the password should never be dislcosed). You need to multiply your one million combos of six-digit PINs by the number of possible log-in names.
Posted by GaryQQQ

Log-in name & Screen name can be the same no? If not, they'll often be similar, names or words that hold relevance to the account holder, or at least something that's either easy to guess for a professional hacker, or short enough to just plain hack in the first place.

The log-in name is a nice touch to add a little security to the site, sure. But why add another unnecessary element to account security. Just up the pin to an alphanumeric one. Would be practically impossible to hack if you had a solid one with 10+ characters.

Tikay10 · May 2013

To successfullly log in, you need to enter correctly TWO seperate fields.

User ID (up to 10 digits, letters & numbers can both be used).

PIN - Up to 6 numerals.

Your User ID & your "Screen-Name" are NOT the same thing - or should not be. After first Registering, including User ID & PIN, you are THEN given the opportunity to choose a Screen-Name. Obviously, you should choose a seperate, different, Screen-Name to your User ID.

The same system is used right across the SB&G platform (all sites) & has proved, in security terms, extremely safe & robust.

Tikay10 · May 2013

In Response to Re: Security on Sky:

In Response to Re: Security on Sky : Log-in name & Screen name can be the same no? If not, they'll often be similar, names or words that hold relevance to the account holder, or at least something that's either easy to guess for a professional hacker, or short enough to just plain hack in the first place. The log-in name is a nice touch to add a little security to the site, sure. But why add another unnecessary element to account security. Just up the pin to an alphanumeric one. Would be practically impossible to hack if you had a solid one with 10+ characters.
Posted by Smitalos

Well in theory, yes, but I cannot imagine many people would be so lax as to choose identical User ID & Screen-Names. There should not, & need not, be ANY resemblance between a User ID & your Screen Name.

A 10 digit alpha/numeric User ID followed by a 6 Digit PIN works perfectly. The Business woud NOT advice you use the same Screen-Name as your User ID.

Some extremely large Balances are held safely across the Site as a whole, which has existed for around 10 years now, & there has been no significant history of financial security being compromised. Clients should of course take great care with their own Security.

ACEGOONER · May 2013

The pin is the same number of combinations as getting money out of an ATM. And that is rarely infiltrated.

So I dont have a problem.

Smitalos · May 2013

In Response to Security on Sky:

To successfullly log in, you need to enter correctly TWO seperate fields. User ID (up to 10 digits, letters & numbers can both be used). PIN - Up to 6 numerals. Your User ID & your "Screen-Name" are NOT the same thing - or should not be. After first Registering, including User ID & PIN, you are THEN given the opportunity to choose a Screen-Nme. Obviously, you should choose a seperate, different, Screen-Name to your User ID. The same system is used right across the SB&G platform (all sittes) & has proved, in security terms, extremely safe & robust.
Posted by Tikay10

I'm not disagreeing with you Tikay, RE: the screen name and log-in name should be different. But why is there one in the first place? AFAIK there are very few other poker sites who operate this way, and for good reason. It's confusing, and often leads people into just saying "EFF it", leaving it the same as their online alias, and making the less informed or less intelligent highly exploitable.
You're giving people who have no idea that their log-in name is part of their account security (that sure was me for a while, and probably many others), the ability to just choose the same name, and thus, make it INCREDIBLY easy for people to hack their account.

If you have weak security on the site, i.e. a 4-6 digit password with only 1,000,000 combinations, the solution to that ISNT adding another password on top of that. How is that more logical than just allowing/encouraging people to create 10+ character alphanumeric passwords. It baffles me how, instead of confronting the problem, we just create another.

SOME people will have identical names, and it isn't going to take a sophisticated hacker with solid hardware a particularly long time to waltz into someone who does, and just guess their PIN with ease.

Tikay10 · May 2013

In Response to Re: Security on Sky:

The pin is the same number of combinations as getting money out of an ATM. And that is rarely infiltrated. So I dont have a problem.
Posted by ACEGOONER

To put that in perspective......

To use my "plastic" either at a retail store, or an ATM, I need to enter a 4 digit number, all numerals. That is it.

For my Online Banking, I need to enter a 4 digit (all numerals) entry Code & an 8 letter alpha/numeral code.

For Sky Poker, I need a (up to) 10 digit alpha/numeric code, followed by a 6 digit numeral code. Obviously, my Screen-Name bears no resemblance to my User ID.

craigcu12 · May 2013

if a 4-6 digit pin was really that poor why would bank accounts just use a 4 digit pin number to withdraw cash from machines?
the only time it is easy to guess is if your pin was the 4-5 digit of telephone number that is dialled when outsize your area or the year you were born.

Tikay10 · May 2013

Financial security across the SB&G platform is fine, under constant review, & been proven secure for more than a decade. It is designed & managed by people who know exactly what they are doing as to Online Financial Security.

Should you have any concerns, please address them with Customer Care.

Beyond what has been discussed here, it is not in anyone's interests to go into further detail.

Thanks.

Security on Sky

Comments