So, the 'owners' have been hacked!!??
That doe not inspire a lot of confidence...it's really not that difficult...
Password Security
Please take a moment to review your password security, by reading the following advice from the forum owners.
http://www.slotforum.com/forums/index.php?app=ccs&module=pages§ion=pages&id=18&record=250
http://www.slotforum.com/forums/index.php?app=ccs&module=pages§ion=pages&id=18&record=250
1 - 11 of 11 Posts
No, the site hasn't been hacked. It's just that it's a standard http site (just like most others), not a more secure https site.
The advice above is mostly standard stuff that most sites would tell you, if they could be bothered.
The advice above is mostly standard stuff that most sites would tell you, if they could be bothered.
Sadly, those are slightly dated recommendations. Latest best practices are to think "passphrase" instead of "password", and make it long and random. Use upper and lower case, numbers and special characters as *you* the user wishes, not as enforced by a site's complexity rules. 'maryhadagreatbigkitten' is a much better password than '[email protected]'.
https://pages.nist.gov/800-63-3/sp800-63b.html#appA
For sure, choose a unique password for any site still using HTTP instead of HTTPS, as your password is sent in plain text that can be read by anyone with a packet sniffer.
https://pages.nist.gov/800-63-3/sp800-63b.html#appA
For sure, choose a unique password for any site still using HTTP instead of HTTPS, as your password is sent in plain text that can be read by anyone with a packet sniffer.
I've always been taught to avoid using phrases or even words. Instead I was told to use a memorable phrase to generate a password from the initials of the words.
So, for instance "Has Lewis Hamilton won the Formula 1 drivers championship 4 times?" would generate a password "HLHwtF1dc4t?"
Or "Leeds United beat Southampton 7-0 in 1972!" would generate "LUbS7-0i1972!"
I think it's quite a nice way of making a password that to all intents and purposes is completely random, but which gives you some chance of remembering it.
Anyway, however you all do it, make sure your passwords are strong. That means long passwords consisting of upper case and lower case letters, numbers, and symbols.
Also, keep track of all your passwords. You can use a password manager, but personally I just use an address book. I write website names in under the appropriate letter, and stick post it notes next to them with my password phrases on them. Every now and then I'll swap a couple of the post it notes around, and change my site passwords accordingly. Or I'll add a new password to the pool and get rid of an old one.
This might all sound like a lot of work, but in reality it's probably only 5 or 10 minutes a month, which is not a lot to protect yourself. We all lock up our cars, lock our house doors and windows, and maybe switch on the alarm every night. These are basic security measures, and so is using strong passwords.
For those of you who, like myself find all of this a pain, who remember what the internet was like 15 or 20 years ago when security was hardly an issue, and don't think you're going to get caught out, make no mistake, times have changed considerably.
If you use your date of birth in your password, or the name of your favourite football team, or any other obvious words, or combinations, then you're making it easier for the hackers. Similarly if you use the same password for lots of different sites, then a security breach on one site will mean all your sites are compromised. If you don't try to use strong, unique passwords you will get caught out at some point.
I should also add that this advice is not limited to this website, it applies to every website. Even the most secure sites can get hacked, so get yourselves organised, take the basic precautions, and just like you would would lock the doors to your house at night, please use strong, unique passwords.
Apologies for the lengthy post, and sorry to those who might feel this is perfectly obvious, but I'm sure there will be a few amongst us who are less security conscious than they perhaps should be.
If you need any more information or advice on this then please feel free to ask, or if you want to go beyond what the forum owners, stoooo, myself, or anybody else here can provide, then a simple search for "password security" will give you a load of answers.
So, for instance "Has Lewis Hamilton won the Formula 1 drivers championship 4 times?" would generate a password "HLHwtF1dc4t?"
Or "Leeds United beat Southampton 7-0 in 1972!" would generate "LUbS7-0i1972!"
I think it's quite a nice way of making a password that to all intents and purposes is completely random, but which gives you some chance of remembering it.
Anyway, however you all do it, make sure your passwords are strong. That means long passwords consisting of upper case and lower case letters, numbers, and symbols.
Also, keep track of all your passwords. You can use a password manager, but personally I just use an address book. I write website names in under the appropriate letter, and stick post it notes next to them with my password phrases on them. Every now and then I'll swap a couple of the post it notes around, and change my site passwords accordingly. Or I'll add a new password to the pool and get rid of an old one.
This might all sound like a lot of work, but in reality it's probably only 5 or 10 minutes a month, which is not a lot to protect yourself. We all lock up our cars, lock our house doors and windows, and maybe switch on the alarm every night. These are basic security measures, and so is using strong passwords.
For those of you who, like myself find all of this a pain, who remember what the internet was like 15 or 20 years ago when security was hardly an issue, and don't think you're going to get caught out, make no mistake, times have changed considerably.
If you use your date of birth in your password, or the name of your favourite football team, or any other obvious words, or combinations, then you're making it easier for the hackers. Similarly if you use the same password for lots of different sites, then a security breach on one site will mean all your sites are compromised. If you don't try to use strong, unique passwords you will get caught out at some point.
I should also add that this advice is not limited to this website, it applies to every website. Even the most secure sites can get hacked, so get yourselves organised, take the basic precautions, and just like you would would lock the doors to your house at night, please use strong, unique passwords.
Apologies for the lengthy post, and sorry to those who might feel this is perfectly obvious, but I'm sure there will be a few amongst us who are less security conscious than they perhaps should be.
If you need any more information or advice on this then please feel free to ask, or if you want to go beyond what the forum owners, stoooo, myself, or anybody else here can provide, then a simple search for "password security" will give you a load of answers.
If the website does not support an HTTPS connection, all your "secure" password/passphrase are sent in cleartext: this means that anyone that is able to "listen" to your connection is able to read whatever you use.
The idea of having a strong password/passphrase is also important when you have a HTTPS connection not just because this website does not support an encrypted connection.
The idea of having a strong password/passphrase is also important when you have a HTTPS connection not just because this website does not support an encrypted connection.
@JasonB, that's the info that should have been in the post the site owners put up.
I have used eWallet for years as a password manager, and it works well. There is a school of thought that password managers are a single point of failure, but I don't see how our puny human brains can cope with hundreds of unique passwords and keep them straight without writing them down *somewhere*. As such, I think the password manager is the lesser of two evils, be it an electronic one or an offline little black book.
There have been a number of significant data breaches in recent years. It is worth checking from time to time to see if you are a part of those breaches. Plug your email address into https://haveibeenpwned.com/ to find out. You can also set up alerts on there to be told if you are a part of any future breaches.
I have used eWallet for years as a password manager, and it works well. There is a school of thought that password managers are a single point of failure, but I don't see how our puny human brains can cope with hundreds of unique passwords and keep them straight without writing them down *somewhere*. As such, I think the password manager is the lesser of two evils, be it an electronic one or an offline little black book.
There have been a number of significant data breaches in recent years. It is worth checking from time to time to see if you are a part of those breaches. Plug your email address into https://haveibeenpwned.com/ to find out. You can also set up alerts on there to be told if you are a part of any future breaches.
Interesting that my old Gmail address shows that it was hacked but not the iCloud one I now use. Not sure what it actually means as far as security goes but I suspect the days of us Mac users thinking we are immune are long gone.
JasonB's is good advice for setting strong passwords. I use something similar for my banking.
But here? Not so much.
Why use a strong password to protect something that's publicly available?
But here? Not so much.
Why use a strong password to protect something that's publicly available?
So that you don't get locked out of your own account, so that your account doesn't get used to spam the forum, so that your PMs are secure, and so that others can be sure that any PMs sent to you will remain secure.Why use a strong password to protect something that's publicly available?
1 - 11 of 11 Posts
- This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
SlotForum
A forum community dedicated to slot car owners and enthusiasts. Come join the discussion about collections, racing, displays, models, track layouts, styles, reviews, accessories, classifieds, and more!
Full Forum Listing
Explore Our Forums
Recommended Communities
