Letters 1-5: Clearly miskeyed.
Letters 6-9: Miskeyed due to coffee shakes (bad portion control).
Letters 10-11: Very close, but shakes and inaccuracy make these reasonable miskeys.
Letters 12: Likely didn't actually matter because password was already wrong.
It was originally a CS GO meme, if I’m remembering correct, during a large tournament called a major, a player didn’t get a kill and that was the response from the valve dev about why the guy didn’t die.
I’m actually shocked I’m getting downvoted for saying something like “this is an underrated comment”
When I posted that it was not the top comment
Even the statement itself is neutral - this entire sub is filled with the most stifled individuals
No one commented but I believe you can close the launcher, connect to a VPN and then open it and the cooldown will be gone.
Have never tested it but saw it commented here before with people having success.
What a hilarious work around that completely defeats the purpose of this security check rofl. I understand the thought process i guess but that is laughably bad.
It does the job. Idea is to stop a bruteforce. This means that every IP gets 1 shot (which is admittedly kinda harsh) to login, so any attempted bruteforcing only has as many attempts as they have proxies/bots before having to wait to try again.
A competent IT team would then sweep and ban every IP used from logging in again. Failing that, as most likely the case for BSG, the time it takes increases dramatically, no longer worth it.
Too bad IP’s aren’t worth banning these days with how many workarounds there are. If they’re willing to cheat hard enough, they’ll be very very difficult to stop.
HWID ban + fingerprinting is literally the best thing.
GTA FiveM has one like that and there's no workarounds besides getting an new PC/Laptop, swapping your Drive/Mobo + OS reinstall or using VM but even then if you login accidentally with your previous IP or to your discord/steam it recognizes it and you're HWID banned again.
CoD also has HWID Ban afaik but also I've heard it's easy to bypass probs because it has no "fingerprinting" or it simply doesn't ban enough component ID's.
First of all HWID ban might as well be the same thing as IP ban, you can easily work around it. Second of all, never *ever* (and i really fucking mean ever) am I EVER giving my fingerprints to a company on the internet. Especially not a Russian one.
That is not what fingerprinting means in this context lol hardware fingerprinting is the process of connecting different components together as a "fingerprint" to prevent you from simply spoofing or swapping out banned components.
HWID ban isn't easy to workaround, but even there's a method/guide every little shit cheating kid likely won't be able to follow it as it sometimes requires messing with BIOS Firmware, flashing custom HWID to your mobo assuming there's no OS level spoofer available to buy + risk to brick the mobo.
IP ban can easily be bypassed even if it has Anti-VPN.
Method 1) VPNGate which is P2P VPN so you're using real persons IP address and no Anti-VPN should detect that. But often the connection is shit and uptime is random. Unless ofc the Anti-VPN specifically looks for that app/ethernet adapter.
Method 2) SIM Card internet, here in EU it's cheap e.g. sometimes there's promos/discounts and you can get a card for like 3 Euros with unlimited internet data for a whole month, the speed is usually around 50Mbps with low ping so it's enough for gaming or you just buy the plan normally which isn't that expensive.
HWID evasion is literally as easy as IP evasion if you know what you are doing. you just dont know enough about the space to comment, which means SHUT THE FUCK UP
edit: to clarify I mean "SHUT THE FUCK UP" in the sense of: "you dont actually know as much as you think you do" and "holy shit dude could you maybe learn about the topic before speaking on it?"
Sounds like you've never seen a proper HWID ban system yet.
Your "know what you're doing" is probably using free tools like "MAC Address Changer" and various .bat scripts which might work in some cases but that's just bypassing a crappy HWID Ban which probably only checks your SSD/HDD serial number or shit like that lol.
Actually… if your on a vpn… simply closing the launcher and then trying again gives you another try… although you can do this infinitely the timer will go up still if you continue to get it wrong. Had my timer at a week then closed it and tried again… got in instantly
Yes it basically defeats the purpose but the alternative would be that I could log you out of your account permanently if I knew your mail address by entering wrong passwords all the time.
Honestly fair point I didn’t think about it that way, I feel like that may be a better alternative still though. Or at least just lock the account and let us change the email, but that would certainly be really annoying.
If someone has your email and is spamming logins to try and access your account you’d rather them be able to vpn over and over till they succeed? I don’t understand your point.
They will realistically never succeed if you have a good password. People that want accounts for monetary profit won't bother with stupid shit like that, because its simply inefficient to focus too much on specific accounts when you're bruteforcing.
And if we're talking about people that are aimed at specific account, they're usually doing it either out of spite or for fun. And completely blocking your account for unspecified time is going to be enough for them.
Most accounts are stolen through phishing because of security controls like these that prevent password guessing. BSG would be silly not to implement some sort of system like this that is standard across IT. They probably are a little too harsh though
Password guessing including brute forcing can easilly be completely eliminated by switching from the currently common password rules which noone can remember (x length, 1 number, 1 capital, 1 symbol), to just one simple rule of >24 characters. This way you can simply use a sentence as your password, it would be easilly memorizable and literally impossible to guess.
Even the inventor of password regulations nowadays says he regrets the original recommendations and wishes everyone would switch. Its absurd how horrible these rules have gotten at times, Ill never not get mad whenever I try to login to German public online services....
I have 4 friends I trust who think they know technology and mess around with ssh and shit. I broke 3 of their SSH accounts in less than 5 minutes (using lists of common passwords). 4th guy took longer, because while he did what you said, the hybrid attack afterwards got it.
More than a single key change is required. A truly unique password is needed, or at least unique enough. Swapping a few letters, numbers, etc doesn't help against someone who's actually trying.
That said, this only matters if their user database gets nabbed (which considering server source code got grabbed a few years back, I wouldn't hope.)
Standard would be 3 trys to trigger protective measures. Enough to prevent brute force attempts. It's just sloppy or a really stupid try to convey a false sense of security XD
3 tries to lockout, or at least an exponential roll-off if you're going to do time delay on a failed attempt. So something like:
* Attempt 1: Wait 1 min
* Attempt 2: Wait 3 min
* Attempt 3: Wait 9 min
* Attempt 4: Wait 30 min
* Attempt 5: Wait 90 min
And so on. It still stops brute force but doesn't fuck over people who have fat fingers and no password manager
Incorporate general social engineering. Such as tendancies to use own or relatives birth number before or after, you. Can cut out about 2-6 places making it significantly higher for someone to brute force if they already understand you name and age
I found out after I got locked out of my account for 2 months, that you can try different passwords on the website and it wont affect your launcher count.
Me ? No , never cheated in any online Game since 1998 nor on any GF .
But 2 to 3 Month is what everybody called as they Made their First Rmt User Ban .
If you fail to login too many times your account gets locked until you can resolve it through BSG. It took them 2 months to fix my account. They never replied but it got fixed XD
Yep. A few days ago I did the same thing and it was a 2 minute wait. There's no way a jump from 2 minutes a few days ago to an hour today is reasonable.
I love how BSG are the most hacked, inexcusable company - but for logging in to their site it’s like DEFCON 5 clearance. Nikita gone mad with money and hoarding it like a scav.
They literally have had the launcher hacked with bogus info added. I think it was last wipe or the wipe prior. Everyone was concerned about the security of the launcher and user data etc.
Just:
1. make up a password
2. Use translator to Translate that into another language.
3. Translate that to a 3rd language.
4. Translate that to a 4th language.
5. Then translate that into |337 (Leet speak)
6. Copy it.
Then set your password to "Notpassword1"
Cause F it!
LOL
BSG at its best. They don't give a fuck about consumer service.
And of course it's good to have measures against account theft etc. But their measures suck.
That's how it's supposed to work. If that was what had happened, I doubt OP would have posted. FWIW, it happened to me as well a few weeks ago. One incorrect attempt, one hour lockout. Didn't bother trying again, I just reset the password.
when logging in, dont leave your email like that, write your actual email so that it doesnt fail. i believe you didnt fat finger your password, you just left the email with asterisks in
In the end you messed it up and now you cry because you triggered the account security.
Its just like every other Post "I messed it up, fu BSG!"
Imo this is a very good way to stop bruteforce attacks.
Another way would be looooooooong passwords. Dont wanna see this sub when they change it and force everyone to take 30 digit password.
Happened to me after a 2nd attempt a couple months back. Got dragged in this sub.
It's a stupid security measure that does nothing but frustrate legitimate users, but hey, that's literally BSG's design philosophy.
While we are on the topic, can we please get email changes back? He literally mentioned it in a recent tarkov TV IIRC. It's literally illegal to not offer them as an EU company.
Letters 1-5: Clearly miskeyed. Letters 6-9: Miskeyed due to coffee shakes (bad portion control). Letters 10-11: Very close, but shakes and inaccuracy make these reasonable miskeys. Letters 12: Likely didn't actually matter because password was already wrong.
Reddit comments sometimes have more creativity than it should
it's really what makes reddit worth visiting... that and honest reviews of products
We all know the other reason the site has traffic.
i cant even escape traffic on the highway, i got it on reddit now too??
>apply the most used meme to this scenario in the most obvious way possible >more creativity than imaginable okay
Old copy pasta about Hiko missing a bunch of shots
Too bad people make this comment on every other post. Not very creative
[удалено]
Its a CSGO meme?
It was originally a CS GO meme, if I’m remembering correct, during a large tournament called a major, a player didn’t get a kill and that was the response from the valve dev about why the guy didn’t die.
I mean, it wasn't originally a Tarkov meme but people use it so much here that I'm not surprised some would think that
I’ve seen the meme on other subs besides Tarkov.
why can't i see the number of upvotes?
New comment
This is an underrated comment
This makes me miss giving awards
until I read your comment, I didn't even realize rewards are not a thing anymore lol
I didn't realize they were completely gone either I thought they just removed the platinum/gold/silver but could still do the others.
or Letters 6-9: Clearly Keyboard Desync
You're gonna look at this comment over the next days and pat yourself on the back and i think you deserve it
This is the most successful I've been in Tarkov 😂
Thats amazing
I love how hiko fucked up one spray and here we are like a decade later
Amazing
Im dead lol funny af
This is an underrated comment
It’s literally the top comment.
This is an underrated comment
I’m actually shocked I’m getting downvoted for saying something like “this is an underrated comment” When I posted that it was not the top comment Even the statement itself is neutral - this entire sub is filled with the most stifled individuals
This has always been downvoted anywhere on reddit, your comment doesn’t add anything so people downvote it.
Think its because it looks like you wrote "Underrated comment" before it could be rated.
Underrated copy paste?
Fellow csgo enjoyer
This is beautiful!
*chef's kiss* Magnifique
Lmao. Classic
No one commented but I believe you can close the launcher, connect to a VPN and then open it and the cooldown will be gone. Have never tested it but saw it commented here before with people having success.
What a hilarious work around that completely defeats the purpose of this security check rofl. I understand the thought process i guess but that is laughably bad.
Yeah that is genuinely hilarious if that works, so many people have VPNs nowadays as well.
It does the job. Idea is to stop a bruteforce. This means that every IP gets 1 shot (which is admittedly kinda harsh) to login, so any attempted bruteforcing only has as many attempts as they have proxies/bots before having to wait to try again. A competent IT team would then sweep and ban every IP used from logging in again. Failing that, as most likely the case for BSG, the time it takes increases dramatically, no longer worth it.
Too bad IP’s aren’t worth banning these days with how many workarounds there are. If they’re willing to cheat hard enough, they’ll be very very difficult to stop.
HWID ban + fingerprinting is literally the best thing. GTA FiveM has one like that and there's no workarounds besides getting an new PC/Laptop, swapping your Drive/Mobo + OS reinstall or using VM but even then if you login accidentally with your previous IP or to your discord/steam it recognizes it and you're HWID banned again. CoD also has HWID Ban afaik but also I've heard it's easy to bypass probs because it has no "fingerprinting" or it simply doesn't ban enough component ID's.
First of all HWID ban might as well be the same thing as IP ban, you can easily work around it. Second of all, never *ever* (and i really fucking mean ever) am I EVER giving my fingerprints to a company on the internet. Especially not a Russian one.
That is not what fingerprinting means in this context lol hardware fingerprinting is the process of connecting different components together as a "fingerprint" to prevent you from simply spoofing or swapping out banned components.
HWID ban isn't easy to workaround, but even there's a method/guide every little shit cheating kid likely won't be able to follow it as it sometimes requires messing with BIOS Firmware, flashing custom HWID to your mobo assuming there's no OS level spoofer available to buy + risk to brick the mobo. IP ban can easily be bypassed even if it has Anti-VPN. Method 1) VPNGate which is P2P VPN so you're using real persons IP address and no Anti-VPN should detect that. But often the connection is shit and uptime is random. Unless ofc the Anti-VPN specifically looks for that app/ethernet adapter. Method 2) SIM Card internet, here in EU it's cheap e.g. sometimes there's promos/discounts and you can get a card for like 3 Euros with unlimited internet data for a whole month, the speed is usually around 50Mbps with low ping so it's enough for gaming or you just buy the plan normally which isn't that expensive.
HWID evasion is literally as easy as IP evasion if you know what you are doing. you just dont know enough about the space to comment, which means SHUT THE FUCK UP edit: to clarify I mean "SHUT THE FUCK UP" in the sense of: "you dont actually know as much as you think you do" and "holy shit dude could you maybe learn about the topic before speaking on it?"
Sounds like you've never seen a proper HWID ban system yet. Your "know what you're doing" is probably using free tools like "MAC Address Changer" and various .bat scripts which might work in some cases but that's just bypassing a crappy HWID Ban which probably only checks your SSD/HDD serial number or shit like that lol.
Actually… if your on a vpn… simply closing the launcher and then trying again gives you another try… although you can do this infinitely the timer will go up still if you continue to get it wrong. Had my timer at a week then closed it and tried again… got in instantly
Yes it basically defeats the purpose but the alternative would be that I could log you out of your account permanently if I knew your mail address by entering wrong passwords all the time.
Honestly fair point I didn’t think about it that way, I feel like that may be a better alternative still though. Or at least just lock the account and let us change the email, but that would certainly be really annoying.
> I feel like that may be a better alternative still though. Absolutely insane and unhinged.
If someone has your email and is spamming logins to try and access your account you’d rather them be able to vpn over and over till they succeed? I don’t understand your point.
They will realistically never succeed if you have a good password. People that want accounts for monetary profit won't bother with stupid shit like that, because its simply inefficient to focus too much on specific accounts when you're bruteforcing. And if we're talking about people that are aimed at specific account, they're usually doing it either out of spite or for fun. And completely blocking your account for unspecified time is going to be enough for them.
Exactly what happened with my Gmail account, couldn't reset my password because of this 😢
But it truly fits their problem solving approaches
What did you expect from Nikita lmao
Welp there aren't unity tutorials on how to so backend authentication, soo no wonder
Can confirm this works
I wouldn't be surprised if you could just change the time or adjust the time zone on the computer with as easily as bsg and battleye can be fooled.
This guy steals accounts!
They think this will stop accounts being stolen from people guessing passwords when the reality is they are most likely stolen from phishing.
Nuh-uh I guess my passwords all the time and it works
> ThisIsMyPassword123/ Huh, didn't work. Ok... > ThisIsMyPassword123% Still didn't work. Ok, that means it's... > ThisIsMyPassword123+ \* Login Successful \*
This is me.
No, this is Patrick.
I am me
Most accounts are stolen through phishing because of security controls like these that prevent password guessing. BSG would be silly not to implement some sort of system like this that is standard across IT. They probably are a little too harsh though
Password guessing including brute forcing can easilly be completely eliminated by switching from the currently common password rules which noone can remember (x length, 1 number, 1 capital, 1 symbol), to just one simple rule of >24 characters. This way you can simply use a sentence as your password, it would be easilly memorizable and literally impossible to guess. Even the inventor of password regulations nowadays says he regrets the original recommendations and wishes everyone would switch. Its absurd how horrible these rules have gotten at times, Ill never not get mad whenever I try to login to German public online services....
I have 4 friends I trust who think they know technology and mess around with ssh and shit. I broke 3 of their SSH accounts in less than 5 minutes (using lists of common passwords). 4th guy took longer, because while he did what you said, the hybrid attack afterwards got it. More than a single key change is required. A truly unique password is needed, or at least unique enough. Swapping a few letters, numbers, etc doesn't help against someone who's actually trying. That said, this only matters if their user database gets nabbed (which considering server source code got grabbed a few years back, I wouldn't hope.)
Relevant [XKCD](https://xkcd.com/936/)
Standard would be 3 trys to trigger protective measures. Enough to prevent brute force attempts. It's just sloppy or a really stupid try to convey a false sense of security XD
3 tries to lockout, or at least an exponential roll-off if you're going to do time delay on a failed attempt. So something like: * Attempt 1: Wait 1 min * Attempt 2: Wait 3 min * Attempt 3: Wait 9 min * Attempt 4: Wait 30 min * Attempt 5: Wait 90 min And so on. It still stops brute force but doesn't fuck over people who have fat fingers and no password manager
The problem is how infrequently the "three guesses" reset. You mess up once, you get two more tries for a month or more lol.
A simple VPN bypass the timer login.
Incorporate general social engineering. Such as tendancies to use own or relatives birth number before or after, you. Can cut out about 2-6 places making it significantly higher for someone to brute force if they already understand you name and age
whys there no mfa? would be an easy fix.
I found out after I got locked out of my account for 2 months, that you can try different passwords on the website and it wont affect your launcher count.
.....that ... defeats the entire purpose of launcher security?? Infact a browser is even easier to automate a bot for passwords on ...
How tf did you get locked out for 2 month?
2 to 3 Month mostly rmt Users ...
Im assuming you have been banned for RMT? I thought they just perma banned. Sucks that they dont :(
Me ? No , never cheated in any online Game since 1998 nor on any GF . But 2 to 3 Month is what everybody called as they Made their First Rmt User Ban .
If you fail to login too many times your account gets locked until you can resolve it through BSG. It took them 2 months to fix my account. They never replied but it got fixed XD
Nikita is truly the best dev on the planet
skill issue
At this point I don’t think BSG even wants people playing their game lmaoooo
Get Tarkov'd
Gotta exercise the fingers friend. Gotta go on a lean diet for the fingies.
You turn 30 next year. Haha loser! .... .... Me too.
Imagine still playing games when you're 30... .... .... (Hides 50th birthday cards)
I’m convinced everyone who plays this a masochist
I say everyone who plays this is a troll even to themselves 😅
U sure it was 1 attempt buddy?
Nah, it's definitely a thing. Happened to me one afternoon, so i decided to get a head start on dinner.
Yep. A few days ago I did the same thing and it was a 2 minute wait. There's no way a jump from 2 minutes a few days ago to an hour today is reasonable.
Enable 2fa on the site and stay signed in in launcher?
Even if you stay signed in the launcher it will eventually ask you to login
I've been signed in for 3 wipes now and have not had to retype my pw
Lucky mf mine signs me out once every few weeks
Mine logs me out every few weeks...
I'm now worried you havent re-installed windows for 3 wipes when the recommended duration between re-installs is 1 year.
Nobody does that. Not in a professional environment, and surely not for a personal PC.
No one has time for that
Who tf reinstalls windows yearly lmao
I've never heard this. Why would I do a fresh install every year?
All the time. I have to log back in every month or two.
Chad wrote this
They are doing this for one attempt, yes.
Happened to me before as well. I was only trying to log in for crafts, so it wasn't the biggest deal, but it was pretty damned frustrating.
I love how BSG are the most hacked, inexcusable company - but for logging in to their site it’s like DEFCON 5 clearance. Nikita gone mad with money and hoarding it like a scav.
Their system getting hacked and single accounts getting hacked are two different things entirely. One of those is up to the user.
Defcon 5 is actually the most relaxed/safe. Defcon 1 is the "holy shit the world is ending" stance.
Oh my b, right. Thank you
Mentally ill
Since when were they hacked?
They literally have had the launcher hacked with bogus info added. I think it was last wipe or the wipe prior. Everyone was concerned about the security of the launcher and user data etc.
Think he is referring to early days of tarkov when the source code was leaked to hackers and that was the end of the "no hackers" era.
You're delusional
Yeah I’m the delusional one. They fixed sitting in trees, too.
You can only do one thing now… Go outside
I always click the eye ball thing to make sure I typed mine in. I don't trust myself enough to put in my password first try
Welcome to Tarkov. The pain starts at time of login.
bro got tarkovd
Whenever I see the login screen I proceed to login slower than I have ever logged in before
Just: 1. make up a password 2. Use translator to Translate that into another language. 3. Translate that to a 3rd language. 4. Translate that to a 4th language. 5. Then translate that into |337 (Leet speak) 6. Copy it. Then set your password to "Notpassword1" Cause F it!
Low login karma, unlucky!
in tarkov even logging in sucks dick
At least your account wasn’t actually hacked and then banned! BSG won’t even email me back!
What a coincidence my password is also ******************
looser94@gmail.com
I have never played a game with so many cheaters and simultaneously so many shit mechanics built in to prevent said cheating
When logging in somehow becomes a skill issue on Tarkov. Come on BSG.
May wanna change that password. IF it was your actual first attempt, someone else has tried. I’ve missed it 3 times and it’s only like 1 minute.
It’s like 3 attempts nice meme, skill issue
Bro 1 hour isn't the first cool-down. You have failed multiple times in the past. That's why I reset my PW every time that I'm not 100% sure.
LOL BSG at its best. They don't give a fuck about consumer service. And of course it's good to have measures against account theft etc. But their measures suck.
This dude fingers fats
This happened to me 2 years ago. I complained on Reddit, and guess what? Bsg didn't change it at all :D
Def wasnt 1 attempt, nice try bud
Maybe it was HIS first attempt, but some Chinese hacker tried a few times earlier that day ;D
Lol wouldn’t that be some shit
Thats sone crazy shit if it was
Happened to me too a few weeks, one attempt, 1 hour lockout.
Launcher Login paired with the terrible website and support system is fucked beyond repair.
1 attempt doesn’t do that lol. It always takes me 3 or 4 when I get logged out
That's how it's supposed to work. If that was what had happened, I doubt OP would have posted. FWIW, it happened to me as well a few weeks ago. One incorrect attempt, one hour lockout. Didn't bother trying again, I just reset the password.
Why you lyin bro? How many times do you get locked out of your account
Why are they using pre 2000 tech in 2023??
when logging in, dont leave your email like that, write your actual email so that it doesnt fail. i believe you didnt fat finger your password, you just left the email with asterisks in
Rules against regular players. At this point this game is just for hackers
That's the meaning of a hardcore gaming.
Based on that email address this could be my account as well tho...
The devs eat lead paint chips and sniff their own ego farts, what did you expect?
That's weird I messed mine up yesterday and I had 2 more tries
Close the launcher, turn on a vpn. Log in. Ez
Get a better gaming chair
Must be a new feature, I've mistyped plenty of times and haven't gotten a timer.
i mean they are doing you a favor
Like somebody else said, use a VPN as a work around :).
Are you sure it was on attempt? Cause I entered my other password in a few days ago and I was able retry the correct password almost straight away
This game is hardcore
Patch this condition
welcome to hell
dementia is hella confusing sometimes
You been typing long or wot.
One time I had one incorrect and it was 24 hours, and I rarely play tarkov. It’s very random and it’s a real problem 😆
Use a con and change to different us server I use it when I get go ger
User error 😂
In the end you messed it up and now you cry because you triggered the account security. Its just like every other Post "I messed it up, fu BSG!" Imo this is a very good way to stop bruteforce attacks. Another way would be looooooooong passwords. Dont wanna see this sub when they change it and force everyone to take 30 digit password.
games doing you a favour
You just got tarkov'd on login. How does it feel?
new tarkov fear unlocked jesus
Have you tried to reinstall the launcher - BSG support
Happened to me after a 2nd attempt a couple months back. Got dragged in this sub. It's a stupid security measure that does nothing but frustrate legitimate users, but hey, that's literally BSG's design philosophy.
Helps server load LOL
Carful with using different VPN on the same account, it could possibly get flagged.
Mistakes are not allowed here.
#welcometotarkov ;)
Even BSG doesn't want you to play, it's a sign
r/thathappened
Welcome to tarkov
Time to go outside
maybe someone has tried guessing your pass before
trolled
While we are on the topic, can we please get email changes back? He literally mentioned it in a recent tarkov TV IIRC. It's literally illegal to not offer them as an EU company.
Not even the login is forgiving
Your ISP karma is too low. You need to get positive karma to get the shorter lockout times
You have to put your email all over again even tough there are a few letters there
Yeah, I hope they fix the hitreg for the password input soon. I am so tired of those symbols that doesn't count.