FYI: Steam accounts were hacked (around 10th November)

[LP]

About subnetting or IP manipulation, that really is just a DoS attack.

Subnetting is not a DOS attack, it is a common technique to overcome IPv4 address exhaustion and improving routing performance for local networks connected to Internet.

That was maybe so 5 years ago, but now assume that every password has number and letter (Nobody cares about passwords that don't, thats just stupidity and everyone knows that).

Please, you are just being stubborn, we've replied on this multiple times. Nothing has changed in 5 years. People still prefer to use easy to remember passwords. I personally know people that use such passwords, actually all people I know personally use such passwords with myself being the only exception. If some web site forces you to use letters and different case, people simply use something trivial like John2011. Therefore, your assumption that every password has number and letter is grossly fallacious.

Should everyone switch to random letters and numbers? No, I think this is not necessary. If you are storing some random family photos and use e-mail to talk to some friends, there is no need for ultra-high security. Even if you don't use password at all it's unlikely someone will have interest in your data anyway.

I'm just saying of various techniques you can use with net services, not that they are best and flawless just on their own or without much further planning through the whole thing. Just because you say there are flaws in a techique, do you think nobody uses them?

No, this is a typical logical fallacy called Argumentum ad populum, saying that because others are doing it you should do it as well (check C/C++ vs Pascal thread here on PGD to see how this fallacy is used on geometric scales). You proposed IP banning and IP whitelists, I've demonstrated that these techniques do more damage than good and should not be used at all. Yes, other people might be using them (curiously including the developers of vBulletin). *Should* you ever use these techniques? No, you should use something different that doesn't involve in blocking large user masses.

If you find my arguments reasonable, you may try simply agreeing that you were wrong. This is not a contest and I'm sure everyone including myself will respect you even if you are mistaken about something (as I've said earlier, we are supposedly humans). I've myself edited one of my earlier posts about encryption because I've misunderstood you and was wrong to discuss it any further since I've agreed that breaking properly ciphered document was significantly difficult.

Also, you might think that locking up someones account for hacking attempt is a too harsh method. It's actually reality on many systems, it's just that hacking in general is not that common against certain user accounts. Even a game server as old as Diablo 2 visibly said the player last failed login attempts to see if someone had tried to hack him.

I'm not sure if this is on purpose, but you are doing Red herring. I've never mentioned and never referred to individual account blocking. You recommended IP banning, I've said that this might result in many innocent people being banned, while not resolving the issue. Redirecting the subject to a different topic doesn't support your original argument.