1. This site uses cookies. By continuing to use it, you are agreeing to our use of cookies. Learn More.

Password security

Discussion in 'Pit Lane' started by Greenlantern101, Apr 23, 2014.

  1. Greenlantern101

    Greenlantern101 Super Hero And All Round Good Guy Contributor

    Featured Threads:
    22
    How secure are our CTA account passwords?

    Does the heartbleed bug issue affect CTA?

    When we log in is it over HTTPS?
     
  2. Google AdSense Guest Advertisement



    to remove all adverts.
  3. Brogan

    Brogan Running Man Staff Member

    Featured Threads:
    5
    The server this site runs on isn't affected by Heartbleed.

    There is no HTTPS as it's only really required for e-commerce sites.
     
  4. Mephistopheles

    Mephistopheles Banned Contributor

    Well I could swear someone has been typing some of my posts for me...:whistle:
     
    GermanF1 likes this.
  5. Greenlantern101

    Greenlantern101 Super Hero And All Round Good Guy Contributor

    Featured Threads:
    22
    Facebook, twitter, amazon, ebay etc all use HTTPS to sign in.

    I read it was very easy for a third party to be recording passwords that are entered when HTTPS is not used.
    This could be a way getting users passwords which they may also use for other sites including commerce.
     
  6. Brogan

    Brogan Running Man Staff Member

    Featured Threads:
    5
    Yet ironically SSL has had this major bug for 2 years actually making it easier to get passwords, etc.

    I won't be paying for an SSL certificate for the site.
    It doesn't warrant it.

    If we had hundreds of active members logging in and posting then it would definitely by considered.
    But we don't.

    This site does not in any way compare to Facebook, Twitter, Amazon, eBay, etc.
     
  7. GermanF1

    GermanF1 Race Winner Contributor

    Not yet
     
  8. Brogan

    Brogan Running Man Staff Member

    Featured Threads:
    5
    I like your optimism :D

    You'll forgive me however if I don't share it ;)
     
  9. teabagyokel

    teabagyokel Pirelli's Fault Valued Member

    Featured Threads:
    34
    Brogan's first 32 World Domination (Internet Motorsport Forum Pathway) plans have totally failed, so he's moved on...
     
  10. gethinceri

    gethinceri "suck my balls honey" Contributor

    Featured Threads:
    1
    Has the grammar improved?
     
    FB, teabagyokel and Mephistopheles like this.
  11. Brogan

    Brogan Running Man Staff Member

    Featured Threads:
    5
    In case you were interested Greenlantern101, two factor authentication is now available: http://cliptheapex.com/account/two-step
     
    Greenlantern101 likes this.
  12. Greenlantern101

    Greenlantern101 Super Hero And All Round Good Guy Contributor

    Featured Threads:
    22
    Done. :thumbsup:

    Interesting system. I assume the back up codes are only in case I get a hacked or loose my password? I feel like I wasn't paying attention. :embarrassed: Edit: just read it again so yes. See I was paying attention.

    I used the email system. Worked fine. Does the app path support all mobiles (blackberry and windows) or just Andriod and iOS?

    I've written the backup codes down in my little book of passwords. Which if it ever gets stolen will mean I am totally stuffed. I've been thinking of labelling my little book with a sticker to dissuade all interest in its contents. Some thing like 'Research notes into political and economic theory and forecasts on a post democratic society entering Oligarchy' :)
     
    Last edited: Jul 12, 2015
    Brogan likes this.
  13. Brogan

    Brogan Running Man Staff Member

    Featured Threads:
    5
    I assume it's device agnostic so any suitable app should work.
     
  14. Greenlantern101

    Greenlantern101 Super Hero And All Round Good Guy Contributor

    Featured Threads:
    22
    Well thats weird. Just got asked for a code to log in that was sent to my email address. If that's going to happen every 30 days I think I will disable the two step thing.
     
  15. Brogan

    Brogan Running Man Staff Member

    Featured Threads:
    5
    That's the same as Google - devices are only authorised for 30 days.
     
  16. Greenlantern101

    Greenlantern101 Super Hero And All Round Good Guy Contributor

    Featured Threads:
    22
    meh

    password is unique to this site anyway don't think I will bother.
     
  17. cider_and_toast

    cider_and_toast Everything in moderation Staff Member Premium Contributor

    Featured Threads:
    20
    Just do what I do and use 1234 for everything. ;)
     

Share This