Hi all
Just to clarify on something I've been pondering on for a while.
Security of forum accounts.
Just to put it out there, an account of mine on another forum was hacked and a tiny change in my personal details. I would have not noticed if I had not checked today as I regularly check in daily a few times. The reason I missed it was because it was just one tiny detail that was changed. Note, the password and email was not changed.
The biggest issue we face daily is invasion of privacy. I have actually requested to have my account deleted over there because it seems that it has been an ongoing problem, and the owner not doing anything about it, numerous of messages going unanswered. Also with me going to the UK, it's just pointless keeping that account alive.
I"m not assuming it to be the same case here. I'm just writing this to give you a few pointers on account security - how to prevent it from being hacked and how to beef up a bit more security on your personal / vendor accounts. This is a really great forum and I don't want to see it go down the drain.
A few security pointers to keep in mind, if you really want a secure account:
The other thing that the administrators can only do is make regular security audits and increase their security defenses, such as using a WAF (Web application Firewall) and refuse ICMP packets from incoming (this is a source of DDOS attacks) plus banning grabbing is a real issue. If it is too much of an hassle, it does pay to have SaaS (Security-as-a-Service) cloud based security if you are using an hosting company that can do all of your security for your business or forum. HIPS (Host-based Intrusion Prevention System) and HIDS (Host-based Intrusion Detection System) also helps if one does a regular security audit to check for false negatives and false positives.
The rest is up to you to safeguard your accounts. If you get hacked, it's actually your own fault if you keep a simple password, not do regular virus and malware scanning, keeping your software updated regularly and do system checks.
Just to clarify on something I've been pondering on for a while.
Security of forum accounts.
Just to put it out there, an account of mine on another forum was hacked and a tiny change in my personal details. I would have not noticed if I had not checked today as I regularly check in daily a few times. The reason I missed it was because it was just one tiny detail that was changed. Note, the password and email was not changed.
I"m not assuming it to be the same case here. I'm just writing this to give you a few pointers on account security - how to prevent it from being hacked and how to beef up a bit more security on your personal / vendor accounts. This is a really great forum and I don't want to see it go down the drain.
A few security pointers to keep in mind, if you really want a secure account:
- Make use of the two-step verification - either email or cellphone number. This is one of the best security measures I've ever seen in today's technology. If it doesn't work as intended, notify the administration as this is an huge security risk if something isn't working.
- Make regular password changes - I'm guilty of this, it's hard enough trying to remember 20 different passwords for 20 different online accounts.
- Password history - don't reuse the same password after 20 changes, it makes things so much easier for an hacker to gain access.
- Password complexity - don't use iamabletohackaccounts. A mix of alpha-numerical and symbols make it so much harder to hack. Something along the lines of this example - !am@bl3t0h@ck - not a easy feat to remember, I agree. But not exactly like this, make it really random to make it much harder to hack.
- Look up Dictionary attacks and Rainbow table attacks - these attacks use a predefined table of words to use for hacking passwords.
- Rainbow table attacks take advantage of older hashing algorithms. Databases should be hashed twice with the latest up-to-date hashing algorithms to thwart off and avoid rainbow table attacks
- Dictionary attacks and brute-force attacks are similar - always trying a combination before moving onto the next guess.
- Dictionary attacks - https://www.hacksplaining.com/glossary/dictionary-attacks
- Brute-force attacks - https://www.hacksplaining.com/glossary/brute-force-attacks
- Look up Dictionary attacks and Rainbow table attacks - these attacks use a predefined table of words to use for hacking passwords.
The rest is up to you to safeguard your accounts. If you get hacked, it's actually your own fault if you keep a simple password, not do regular virus and malware scanning, keeping your software updated regularly and do system checks.
Last edited:
