Password security


Super Hero And All Round Good Guy
How secure are our CTA account passwords?

Does the heartbleed bug issue affect CTA?

When we log in is it over HTTPS?
The server this site runs on isn't affected by Heartbleed.

There is no HTTPS as it's only really required for e-commerce sites.
Facebook, twitter, amazon, ebay etc all use HTTPS to sign in.

I read it was very easy for a third party to be recording passwords that are entered when HTTPS is not used.
This could be a way getting users passwords which they may also use for other sites including commerce.
Yet ironically SSL has had this major bug for 2 years actually making it easier to get passwords, etc.

I won't be paying for an SSL certificate for the site.
It doesn't warrant it.

If we had hundreds of active members logging in and posting then it would definitely by considered.
But we don't.

This site does not in any way compare to Facebook, Twitter, Amazon, eBay, etc.
Done. :thumbsup:

Interesting system. I assume the back up codes are only in case I get a hacked or loose my password? I feel like I wasn't paying attention. :embarrassed: Edit: just read it again so yes. See I was paying attention.

I used the email system. Worked fine. Does the app path support all mobiles (blackberry and windows) or just Andriod and iOS?

I've written the backup codes down in my little book of passwords. Which if it ever gets stolen will mean I am totally stuffed. I've been thinking of labelling my little book with a sticker to dissuade all interest in its contents. Some thing like 'Research notes into political and economic theory and forecasts on a post democratic society entering Oligarchy' :)
Last edited:
Well thats weird. Just got asked for a code to log in that was sent to my email address. If that's going to happen every 30 days I think I will disable the two step thing.
Top Bottom