Page 1 of 1

PLEASE READ: Forum/site password strength

Posted: Fri Nov 02, 2007 7:31 am
by xavier
Hello Ogre users,

I've just had to go through and delete a bunch of posts by a particular user who likely had their account compromised; it appeared that a bot had edited a bunch of their posts from the past as well as posted a bunch of recent garbage, plus also changed their account profile information (email address, sig, etc.).

For your sake and the sake of the Ogre site and forums, please make sure you are not using trivial passwords for your Ogre site and forum accounts (for instance, using your username as your password, or using simple dictionary words for passwords).

This sort of attack is easily thwarted with a little bit of diligence on the part of the community, so we thank you in advance for your cooperation! :)

Xavier

Posted: Mon Nov 05, 2007 9:30 pm
by Trosan
Any plans for PHPBB 3 ? :o

Posted: Mon Nov 05, 2007 10:00 pm
by haffax
Trosan wrote:Any plans for PHPBB 3 ? :o
How does this solve the issue?

Posted: Tue Nov 06, 2007 10:45 am
by SpaceDude
If, like me, you don't fancy remembering 100 different passwords for different websites you can use something like KeePass ( http://keepass.info/ ) to store all your passwords in a database with 1 master password to unlock it.

Posted: Fri Jun 13, 2008 8:17 pm
by nullsquared
SpaceDude wrote:If, like me, you don't fancy remembering 100 different passwords for different websites you can use something like KeePass ( http://keepass.info/ ) to store all your passwords in a database with 1 master password to unlock it.
Or, you know, just use Image

;)

Posted: Fri Jun 13, 2008 11:26 pm
by DanielSefton
I store my passwords in my PDA. Got about 250 of them, all random alphanumeric and at least 10 characters long. Not much chance of anyone guessing mine. :roll:
Any plans for PHPBB 3 ?
This really should be considered soon. There are tonnes of security flaws in phpBB2, and bots attack it all the time. phpBB3 is a lot more secure and literally bot-free. 8)

phpBB2 has completely ceased development now. So if an exploit is found, it'll never be fixed.

Posted: Sat Jun 14, 2008 3:18 am
by syedhs
nullsquared wrote:
SpaceDude wrote:If, like me, you don't fancy remembering 100 different passwords for different websites you can use something like KeePass ( http://keepass.info/ ) to store all your passwords in a database with 1 master password to unlock it.
Or, you know, just use Image

;)
Err in a few days from now, Firefox 3 will be officially released. :wink:

Posted: Sat Jun 14, 2008 12:37 pm
by danharibo
phpBB? pfft We use SMF :P

Posted: Sat Jun 14, 2008 12:57 pm
by DanielSefton
danharibo wrote:phpBB? pfft We use SMF :P
Eww. :D

Don't get me wrong, SMF is a powerful piece of forum software. (Especially the modding system.) It just seems a bit too... Basic and unprofessional. But that's my opinion. 8)

I never liked phpBB2 either, but phpBB3 has come on leaps and bounds. It's truly flawless, and the revamped ACP is great to work with.

Posted: Sat Jun 14, 2008 2:39 pm
by nullsquared
syedhs wrote:
nullsquared wrote:
SpaceDude wrote:If, like me, you don't fancy remembering 100 different passwords for different websites you can use something like KeePass ( http://keepass.info/ ) to store all your passwords in a database with 1 master password to unlock it.
Or, you know, just use Image

;)
Err in a few days from now, Firefox 3 will be officially released. :wink:
Good point - I wanted to post the icon instead, but didn't find a suitable size, nor did I feel like manually resizing the gigantic vector-generated one I found on the internet. Have you pledged to the official FireFox Download Day on the 17th? I have :D

Posted: Sat Jun 14, 2008 7:32 pm
by Frenetic
nullsquared wrote:Have you pledged to the official FireFox Download Day on the 17th? I have :D
I probably will, even though I use Opera mostly. :P

One of the main reasons I support Firefox is because it is the anti-IE. As anyone who develops for the Web should know, IE isn't actually software, but an entity forged from pure evil.

Posted: Sat Jun 14, 2008 11:22 pm
by DanielSefton
Frenetic wrote:One of the main reasons I support Firefox is because it is the anti-IE. As anyone who develops for the Web should know, IE isn't actually software, but an entity forged from pure evil.
You can say that again. :lol: IE7 was a massive improvement though. Still not perfect, but compared to IE6, it's like bliss. Oh goodness, the horrors. It took twice as long to get your site to work in both FireFox and IE6 than it did to actually create the website. :shock:

Posted: Sun Jun 15, 2008 12:29 am
by SpaceDude
Sure you can store passwords in firefox or other web browser. But there are several problems with this:

1- This is not very secure at all, they can be viewed by anyone with access to your computer through Tools -> Options -> Show Passwords...

2- You may want to remember passwords which are not linked with a particular website, e.g. password to MSN Messenger.

3- If you need to access your passwords from another computer or PDA there isn't an easy way to transfer them across.

4- It's quite easy to lose all your stored passwords by re-installing your web browser and forgetting to backup.

Posted: Sun Jun 15, 2008 12:35 am
by nullsquared
SpaceDude wrote:Sure you can store passwords in firefox or other web browser. But there are several problems with this:

1- This is not very secure at all, they can be viewed by anyone with access to your computer through Tools -> Options -> Show Passwords...
... -> Show Passwords -> Enter Master Password -> ... -> Profit
2- You may want to remember passwords which are not linked with a particular website, e.g. password to MSN Messenger.
Fair point.
3- If you need to access your passwords from another computer or PDA there isn't an easy way to transfer them across.
Fair point.
4- It's quite easy to lose all your stored passwords by re-installing your web browser and forgetting to backup.
Rofl, I hard-rebooted and didn't close FireFox in the process - it reset to complete defaults, including the removal of all of my saved passwords :lol: