I usually don't respond to announcements, but I felt this one was particularly important. (I'm considering doing that more often, actually.) Anyways, I've been thinking about changing my password, but to one that's random. How it'd work is that I'd close my eyes and hit keys randomly, then I'd look afterwards at the password. My thinking is that random passwords are more difficult to hack into. However, first I'll want to check to see if I'm even allowed to change passwords. On top of that, should that be allowed, there could be additional problems I may not even be aware of. It's burdening on me partially since I could be far easier to frame due to too many others not even being aware of my existence. I've yet to get into trouble and want to make sure it stays that way.
-
Hi all. We have had reports of member's signatures being edited to include malicious content. You can rest assured this wasn't done by staff and we can find no indication that the forums themselves have been compromised.
However, remember to keep your passwords secure. If you use similar logins on multiple sites, people and even bots may be able to access your account.
We always recommend using unique passwords and enable two-factor authentication if possible. Make sure you are secure. -
Be sure to join the discussion on our discord at: Discord.gg/serebii
Password Security
- Thread starter Serebii
- Start date
Kreis
Still Dirrty
Random letters on your keyboard can easily be hacked into because there are programs out there that can generate several possible password combinations to hack into accounts. It's best to use a combination of letters, numbers, and symbols because it would take the program forever to generate something that matches a password like "MyFavoriteSodaIsDietPepsi&icandrinkatleast5_per_day". That password uses a combination of uppercase and lowercase letters, numbers, and symbols, and it's harder to guess than something like "horses123".
also adding onto what kreis said, length is actually the most important factor because of how cracking programs work. it's more effective to use something like:
paperclipsclipmypaperstogetherandmakesureidontloseanythingineedandgetfantasticgrades
than:
u7p2n&&TI
a combination of both is best but length is very important
note that this applies for ANY password not just your sppf ones. we did not have a break in the system but it appears several people had unsecured email accounts/computers and that is how the person got in.
paperclipsclipmypaperstogetherandmakesureidontloseanythingineedandgetfantasticgrades
than:
u7p2n&&TI
a combination of both is best but length is very important
note that this applies for ANY password not just your sppf ones. we did not have a break in the system but it appears several people had unsecured email accounts/computers and that is how the person got in.
TheFightingPikachu
Smashing!
Okay, since the above post just begs me to ask this, what is the character limit on Serebii Forums passwords?
Playful Latios
@Soul Dew
Well a variable in PHP can hold up to 65,535 characters so that would the maximum length unless it is hard coded in the files to allow less. I really don't like that VBulletin uses MD5 for hashing though because it has collisions.
That was brilliant Ellie (in case you read this)! The length tests the patience of the would-be hackers. Combine that with Kreis's suggestion, and the percentage should be 90+ in one's favor! (Come to think of it, hitting random keys would result in some numbers and symbols in addition to letters, but that might not be as hard to hack into as your combined ideas.) I'm changing my password this afternoon.
Nutter t.KK
can Mega Evolve!
For those with Smart phones and use Gmail: I actually recommend setting up Google Authenticator. This will mean you will need to get your smart phone out everytime you try to use it. It does effectively limit the "keylogger" system.
No one actually log in to my email account unless they insert a code that is generated in the last few minuets on the Google Authenticator app. There are ways for the system to use "Legacy programs" such as Thunderbird or Most other 3rd Party Mail Applications.
Anyway, get access to my email account you need two passwords, One password access to my phone, that's actually easy, except that you can't brute force hack it, after 20 tries you'll need to insert the another password to get in there. At that rate, I should be able to format the device.
No one actually log in to my email account unless they insert a code that is generated in the last few minuets on the Google Authenticator app. There are ways for the system to use "Legacy programs" such as Thunderbird or Most other 3rd Party Mail Applications.
Anyway, get access to my email account you need two passwords, One password access to my phone, that's actually easy, except that you can't brute force hack it, after 20 tries you'll need to insert the another password to get in there. At that rate, I should be able to format the device.