Passwords

Started by MountainDon, May 19, 2010, 11:04:49 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

MountainDon

In the past few days there was a series of attacks by a non-member from a foreign country, trying to gain access to a member account. I will not go into the details of how I know it was not the member or why I consider it to be a malicious attack. That there could be evil intent behind it I'm certain.

I bring this up to remind everyone that it is a person's best interest to use strong passwords. Our forum settings allow people to use simple passwords if they want to, but I discourage that. We could tighten up the requirements to force everyone to use a more complex password, but that is too much like some of the things the government makes us do.

You can find all sorts of hints for making strong passwords.   I myself use upper and lower case letters, some numerals and at least one special character/symbol or punctuation. Longer passwords, 12 -14 or more characters, are also better than shorter ones.  Unfortunately some sites do not allow special characters. Countryplans forum does, at least all the ones I've tried work.

If making up a strong password that you can remember seems to be a daunting task try this. Make up a sentence that you can easily remember. Then take the first letter from each word in that sentence. Capitalize one or more (first, last, every other one). Then add a special character and some numerals.

So perhaps it is time for some of us to take a look at our passwords and improve upon them. Microsoft has a page on strong passwords HERE. They have a password strength tester available too.

Just because something has been done and has not failed, doesn't mean it is good design.

MountainDon

Also note that the email address in your profile should be an account you still maintain. In the event you forget your forum password one of the methods of retrieval is to have the forum software send an email to you with a special link back. So keep that address up to date. You can change the email address in your profile. You can also make your email visible or not visible to other online viewers.

The other method of password retrieval involves a "secret" question. You can set that up under your profile as well. Note that the administrators can not see the answer to your secret question. Neither can an administrator see your password. The secret questions does not involve email so it is very handy if you no longer have the email on record. Of course if the secret question has not been set up you are out of options.

If your member class is Newbie, you will need to make at least one posting in any forum topic to be able to edit your profile.
Just because something has been done and has not failed, doesn't mean it is good design.


Pox Eclipse

Good advice Don.   Many accounts at Fcaebook and eBay have been hacked simply because they used passwords like, "password" or "1234".

I frequently use the titles of books or movies, and add a number that is familiar to me ("DieHard94") to make it easy to remember.  And, no, I just made that one up.   ;D