BetweenthePipes wrote:Again, today, I had to enter a code from an image to log in, as someone had clearly tried to guess my password. Any chance that Administrators can get some computer guru to chase down who is trying to do this?
Good passwords should be more than 8 characters and should include both letters and numbers. On some sites, passwords can be case sensitive as well (not sure about here). Passwords should not be, say, the ages of your children, the dates of family member birthdays, the names of your family members, etc. Preferably, they have no meaning at all and contain no real words, with one or more numbers in there at various places.
The problem always is that there are so many web sites one might visit which require a password. How the heck to remember them all is the problem (especially as I get older)! I recommend writing them down and keeping the list in some random place NOT beside the computer (in a book on a shelf, somewhere, for example--just remember which book).
As I said earlier, this is a known problem. What I mean by this is that the makers/supporters of phpBB3 software that we're using are aware of the problem and are working on a solution.
Keep in mind that almost no solution could ever be perfect. Determined people that hack sites find ways around new defenses. And finding them is resource intensive and generally difficult to do. And keep in mind that we're not protecting your bank accounts, we're protecting a hockey discussion forum. I don't say that because I take the issue lightly, but we can't afford to pay a guy $200/hour to try to track down some joker kicking of phpBB3 login bots behind proxies and generally from foreign countries only to have him tweak a thing or two and force us to find him (or her, or them) again. And even if we did find him/her/them, then what?
Fortunately, we do have CAPTCHA which, while it's inconvenient, is
the safe guard protecting your account.
Definitely use a good password.
There are two password tracking tools that are free that I'm aware of (and I know there are others that you can pay for).
I won't divulge them here publicly, but if you're interested PM me and I'll give you the information.
One of them I've been using for YEARS. Simple, easy. I tie it to a keyboard shortcut (windows). It's kept my passwords/account information dating back many years. Takes some discipline to use it consistently and keep it up to date, but it's saved my butt many, many, many times. So I'm more than motivated to keep it current.
The other is also good and I know people where I work that love it.
These are far better than keeping a spreadsheet, text file, note paper list. You can back up the encrypted files. Use them on your home network (assuming you want access to it from an PC in your house). Put backups on CD and store in your safe, safety deposit box...you get the idea. Many, many other benefits including the ability to generate passwords of arbitrary complexity based on different password rule strategies that you run into from time to time. Again, very, very simple to use.