This page is a permanent link to the reply below and its nested replies. See all post replies »
Nuno · Admin
We identified a number of users who don't have a password set on their account (such as users who have signed up with Google/Apple, for example), so the only way to log in is through a link on an email, or using Google/Apple, or by being lucky that the "browser cookie" is still active.
If you are seeing a message to set a password, we recommend you do it to prevent yourself from getting locked out.
If you are seeing a message to set a password, we recommend you do it to prevent yourself from getting locked out.
BetweenKittensandRiots · 36-40, MVIP
@Nuno Hey Nuno I realize I'm threadjacking a bit here apologies to DeWafayer I just wanted to tag you in particular What's good man? Well anyways I just wanted to say I've joined the Password Research village and am something of a Security Nerd and I wanted to say this but Passwords are just inherently insufficient security.
I run Hashcat on my other machine and we live in an era where those kinds of Cracking Skills are becoming more and more widespread and people know about them, I used to for fun Crack AOL staff members accounts to run around causing my own brand of Havoc across the platforms, a stange hobby really given that you spend almost all of it doing other things while you wait for Some Script to either finish breaking into an account or fail.
But I learned a lot doing it from a Security Engineering stand point which is just always more than 8 characters and prioritize security over convenience.
Two factor = Pain in the ass. But it makes certain I keep track of my phone.
additional request: Implement it with Authy not SMS messaging.
II'm asking SW here to Implement 2 Factor Authenication. It's the least intrusive and best security model I'm aware of so far.
We live in an Era of Data breaches going nucking futs. Don't rely on passwords alone.
Most users use bad ones because they prefer convenience, you have to protect them from their own ignorance.
[media=https://youtu.be/sYKcqnzcdZI]
I would urge you to avoid SMS because it's not necessarily encrypted end to end.
there's no such thing as perfect security but there is best practices and 2 factor is part of that model.
I run Hashcat on my other machine and we live in an era where those kinds of Cracking Skills are becoming more and more widespread and people know about them, I used to for fun Crack AOL staff members accounts to run around causing my own brand of Havoc across the platforms, a stange hobby really given that you spend almost all of it doing other things while you wait for Some Script to either finish breaking into an account or fail.
But I learned a lot doing it from a Security Engineering stand point which is just always more than 8 characters and prioritize security over convenience.
Two factor = Pain in the ass. But it makes certain I keep track of my phone.
additional request: Implement it with Authy not SMS messaging.
II'm asking SW here to Implement 2 Factor Authenication. It's the least intrusive and best security model I'm aware of so far.
We live in an Era of Data breaches going nucking futs. Don't rely on passwords alone.
Most users use bad ones because they prefer convenience, you have to protect them from their own ignorance.
[media=https://youtu.be/sYKcqnzcdZI]
I would urge you to avoid SMS because it's not necessarily encrypted end to end.
there's no such thing as perfect security but there is best practices and 2 factor is part of that model.
BetweenKittensandRiots · 36-40, MVIP
DeWayfarer · 61-69, M
@BetweenKittensandRiots have had a few thoughts on this myself yet won't get into the precise details. Just that we no longer live in the 8 bit character world any more. There's more than one way to "skin the cat".
Nuno · Admin
[quote]@BetweenKittensandRiots Also additionally I hope our passwords on the back end are salted and peppered and use a strong algorithm and not md5.[/quote]
As per our Privacy Policy:
[quote]We store your passwords using an encryption/hashing algorithm specifically designed for this purpose. We have no way of knowing what your password is, using the data we store in our database.[/quote]
--
[quote]@BetweenKittensandRiots I'm asking SW here to Implement 2 Factor Authenication. It's the least intrusive and best security model I'm aware of so far.[/quote]
This is something that has crossed our minds and we can consider implementing.
As per our Privacy Policy:
[quote]We store your passwords using an encryption/hashing algorithm specifically designed for this purpose. We have no way of knowing what your password is, using the data we store in our database.[/quote]
--
[quote]@BetweenKittensandRiots I'm asking SW here to Implement 2 Factor Authenication. It's the least intrusive and best security model I'm aware of so far.[/quote]
This is something that has crossed our minds and we can consider implementing.
BetweenKittensandRiots · 36-40, MVIP
@Nuno Well you know my sentiments I gave them away to you after a long history of Terrorizing AOL by breaking into accounts I can honestly say I don't believe in Passwords because it's been over 20 years and the 200 worst passwords are still used to death.
https://brobible.com/culture/article/200-worst-passwords-of-2021/
That list is almost the same as it was in 1999. for as much as Security and breaking into things have been upgraded and changed password hygiene is practically non existent. seriously it's been 2 decades since the I love you virus bug and the most common route of getting infected with a virus for all organizations is over email.
Chew on that for awhile. It's as though the earth stood still on the security front.
[media=https://youtu.be/soZyb6lMx4c]
I might have gotten smarter, almost no one else did.
[media=https://youtu.be/tHUi04CwSFk]
https://brobible.com/culture/article/200-worst-passwords-of-2021/
That list is almost the same as it was in 1999. for as much as Security and breaking into things have been upgraded and changed password hygiene is practically non existent. seriously it's been 2 decades since the I love you virus bug and the most common route of getting infected with a virus for all organizations is over email.
Chew on that for awhile. It's as though the earth stood still on the security front.
[media=https://youtu.be/soZyb6lMx4c]
I might have gotten smarter, almost no one else did.
[media=https://youtu.be/tHUi04CwSFk]