Important Recommendation to Change and Update Passwords

Discussion in 'Global Stickies' started by Hel, Feb 28, 2017.

Thread Status:
Not open for further replies.
  1. Hel

    Hel ✨ Johto's Finest ✨ Forum Moderator

    Show All Badges (4)
    It's possible that you have heard news of Cloudflare having a data breach. Although playstarbound.com uses Cloudflare, our forums were not impacted by this. Cloudflare has contacted us and assured us that no data from any of our sites was compromised.

    Even though we weren't impacted, if your forum password is shared between other sites it may be best to change it.

    Enabling two-factor authentication for your account as an extra security measure is also highly recommended. This will make it so that your account needs more than just a password to login by requiring a token generated from a mobile app or via email.

    Further information can found by searching for "Cloudbleed" if you are interested in additional details regarding the issue or about which major sites may be affected. Again, there's no information to suggest any data here was compromised - but if we get details which suggest otherwise we'll alert everyone right away.

    Stay safe out there.
     
    Last edited by a moderator: Mar 1, 2017
    Hel, Feb 28, 2017
    #1
    Coolwyngs, seth0et0holth, I_am_the_Storm and 6 others like this.
  2. bk3k

    bk3k Oxygen Tank

    They have a pretty good analysis on the official cloudflare blog. It does seem fairly unlikely that any malicious people found and utilized the bug.

    Still it isn't the greatest of ideas to reuse your password on multiple sites. While that is easier, if you do choose to use the same passwords... make sure the sites in question are not important in the least. No email, no banking/credit/taxes/shopping/etc. Nothing that deals with your real private info(Facebook etc). No dating sites. If you have an online persona you consider important, no sites that use this persona/handle.

    Those important sites should each have a password that is
    1. Individual. Never shared with another site.
    2. Reasonably complex password. Something like fsH3h_Tss249$y^M etc. Don't actually use that password(because I just posted it on a public forum post).

    Longer passwords are more secure.
    Passwords with a mixture of lower and upper case are more secure than those without.
    Passwords with numbers are more secure than those without.
    Passwords with symbols are far more secure than those without.
    Passwords including things like your name, your kid's name, your pet's name, or other information that someone might be able to find out somehow - those passwords are less secure than without.
    Passwords that use things like your birthday - or worse - your SSN are terrible ideas. If they ever get dumped in a data breach, that password becomes info about you.

    You might consider a password manager for such things.

    Challenge questions(what you get asked if you forget your password) shouldn't contain the real information about you that could be found on a public profile. For example "what is your dog's name" and you talk about your dog on Facebook, Twitter, etc. It becomes trivial to take your account.

    2 factor authentication - where available - is pretty useful in securing your accounts.
     
    bk3k, Mar 1, 2017
    #2
  3. Coolwyngs

    Coolwyngs Giant Laser Beams

    Okay this is not good at all. Thank you very much for the warning.
     
    Coolwyngs, Mar 2, 2017
    #3
    seth0et0holth likes this.
Thread Status:
Not open for further replies.

Share This Page