Is it hard to crack pin numbers you put on your account? I'm just wondering because I'm really paranoid with all the CGing so I decided to put PIN numbers on everything on my main.
I believe CGers get your pin number too. So, if you think you were CGed, you should change your password and pin. But if someone only manages to get your password, no, it shouldn't be easy to guess your pin. Just... don't use something easy. Choose a PIN that has meaning to you but is random to everyone else. (Something that isn't your bday)
Okay I'll keep that in mind. I don't think I was CGed but yesterday I was randomly logged out while playing sakhmet solitaire, so I got freaked out and changed my password and added pins.
go thru everything in your account to make sure everything is there..if you really think you were CGed, the CGers are really fast..i reacted within like one or two mins after i was CGed and my 2 items worth a combined 9Mil+ were gone.. changing your password should be good enough..but REMEMBER, we don't know if its just your NEOPETS password they are able to grab..they might have grabbed any and everything else that you logged in using your browser..so just to be sure, change your pass for emails and other important stuff too..
PIN NUMBERS CANNOT BE CG'D! ANYTHING PINNED IS 1000000% SAFE! CG'ers just gain access to your account. if you pin everything you are safe Changing all passwords is also a good idea.
Just to clear up the wrong information in this thread: 1) A CGer can only grab cookies of the site it is on. Offsite CGers do exist, but it requires an exploit on the site. 2) Neopets CGers do not steel your pass. TNT for a while used MD5 to encrypt your pass in the cookie, but that was crackable. They have now switched to SHA1 + Salt which is very secure. There is no way for a neo cger to get your pass now. 3) There is no way for someone to get your pin from a CGer. 4) All you have to do is log out to stop a cookie from being useful. That will then change the salt, which makes the cookie grabbed useless (I believe, but would be wrong, that TNT uses SHA1(SHA1(password) + salt). Which makes it impossible to crack). Btw, this comes from someone who has worked with CGers a lot.
So.. I take this as, we shouldn't be worried about being CGed? And if so.. how did singapore lose his stuff?
I never said that. Someone who is CGing changes their current cookie to match yours, which logs them into your account. They can steel anything thats not pinned, but they will not get your password. Edit: Need to leave for now. If you have any questions just ask, and I will reply when I get back.
Oh, now I understand, I wasn't sure how they'd get into your account with out the pw... but now it makes sense lol. That's good to know!
If you know the email on your account with the pin, you can request the pin number and TNT will email it. So unless Cgers can find a way to get email information as well, you should be good. Either way, they are committing a federal offense using a cger.
oohh..meaning if a visit a dubious website via a neopets link (user lookup, shops, etc), all i have to do is to log in and out and i'll be safe? and they can't actually get any other thing off my cookies? damn..i guess i was too damn slow in logging off and on
Yea, if you logout and log back in it should create a new cookie string, so you would be safe as long as you don't visit the cg page again.