Password security

Greenlantern101

Super Hero And All Round Good Guy
Contributor
How secure are our CTA account passwords?

Does the heartbleed bug issue affect CTA?

When we log in is it over HTTPS?
 

Brogan

🦶 Leg end
Staff member
The server this site runs on isn't affected by Heartbleed.

There is no HTTPS as it's only really required for e-commerce sites.
 

Greenlantern101

Super Hero And All Round Good Guy
Contributor
Facebook, twitter, amazon, ebay etc all use HTTPS to sign in.

I read it was very easy for a third party to be recording passwords that are entered when HTTPS is not used.
This could be a way getting users passwords which they may also use for other sites including commerce.
 

Brogan

🦶 Leg end
Staff member
Yet ironically SSL has had this major bug for 2 years actually making it easier to get passwords, etc.

I won't be paying for an SSL certificate for the site.
It doesn't warrant it.

If we had hundreds of active members logging in and posting then it would definitely by considered.
But we don't.

This site does not in any way compare to Facebook, Twitter, Amazon, eBay, etc.
 

Greenlantern101

Super Hero And All Round Good Guy
Contributor
Done. :thumbsup:

Interesting system. I assume the back up codes are only in case I get a hacked or loose my password? I feel like I wasn't paying attention. :embarrassed: Edit: just read it again so yes. See I was paying attention.

I used the email system. Worked fine. Does the app path support all mobiles (blackberry and windows) or just Andriod and iOS?

I've written the backup codes down in my little book of passwords. Which if it ever gets stolen will mean I am totally stuffed. I've been thinking of labelling my little book with a sticker to dissuade all interest in its contents. Some thing like 'Research notes into political and economic theory and forecasts on a post democratic society entering Oligarchy' :)
 
Last edited:

Greenlantern101

Super Hero And All Round Good Guy
Contributor
Well thats weird. Just got asked for a code to log in that was sent to my email address. If that's going to happen every 30 days I think I will disable the two step thing.
 

cider_and_toast

Exulted Lord High Moderator of the Apex
Staff member
Premium Contributor
The password I use for this site is unique to this site so it's never really been an issue for me.
 
Top Bottom