Stories Untold
Welcome, Guest. Please login or register.

Author Topic: Guide to Having a Secure, Nearly Hackerproof Account. (Last Updated: 4/14/17)  (Read 4050 times)

Offline Ravicale 

  • Valgrind is love, Valgrind is life.
  • [Staff] Lieutenant
  • Centipede
  • ***
  • Posts: 29,850
  • Karma: +2509/-0
  • Give me liberty or give me death!
  • Awards Award bestowed upon members inducted into the forum Hall of Fame - from konnichiha For having an eye for good games - from Yugioh77 An award to all your great help, War Veteran - from Hivetyrantofawesome We don't exist. - from General Death For Extensive Game making Knowledge - from General Death Forever Alone - from swallowthesun For having the best ideas - from ☠General Death☠ For reaching the rank 'General' - from  
    • View Profile
    • Awards
How to Have a Secure Account:
     Lets say you make an account on the forums, your password is "Password1," 2 weeks later you are hacked and your account is in PoW. This is a very possible reality, and you are in PoW because it is hazardous to have an account used by multiple members on the forums. You're also in PoW because it was your fault you got hacked.

Ways you can be hacked:
  • Having an unsecure password.
  • Telling someone else your password.
  • Sharing your session ID.

     This short list literally contains every possible way your account can be hacked here. Master hackers would have trouble getting the passwords off of the server as they are encrypted, and "script kiddies" can't get through a secure password using brute force very easily.

How to Make a Good Password:
     This is a rather simple skill that most people fail horribly at. It's not even that hard! Follow these steps and you will have a password that can stand the test of time.

  • Start with one or more long words you can remember
  • Replace a few letters with numbers and/or add numbers around it
  • Capitalize random letters in the password
  • Add in some random part of the site name somewhere in it. (I'lle explain later)
  • Test your password at this site and aim for something higher than one million years.

     It's that simple to make a secure password. Even if all of your passwords are mostly the same, you are still somewhat safe if you vary it somehow (Ie: parts of the site name).

Never Tell others Your Password:
     Under no circumstances should you give out your password, even if a staff member asks you. If you want to collaborate on a game on the Mainsite then create an alternate "collab" account. If you want to collaborate on an Rpfg then use google docs then copy/paste it to the forums. If you have siblings or use a shared computer then don't save your password on it or stay logged in. If someone threatens to hack you if you don't give them your password, you're making it possible for them to hack. Remember, if you publicly announce your password you will be punished as if you are a hacker, same goes for anyone else logging onto your account.

Don't Give Out Your Session ID:
     There are many places on Sploder where your session ID will appear somewhere in the page, and occasionally in the url itself. The most common place it will appear is the pop-up window that comes up when you publish a game. Please be cautious and do not paste links containing your ID anywhere, as it can be used to access your account very easily. Example of what a session ID looks like in a url.

What to do if You Get Hacked Anyway:
     Contact Geoff via this link. If you have given a fake email address for your account then you are going to have some problems. If you currently have a fake email on your account then change it promptly.

If you didn't follow any of this then let it be known that we told you.
Thanks: treyt, Dragonknight, Crackbone, World's Biggest Nubcake, The Boxster, Lucinho, prav, Peacekeeper, HuskyMudkipz, mjduniverse, batte, PD, redandblue2000, thelegenduser, MasterViper, TheKingOfSwin, bhopeful, linkdork77, 44lifedollars, setsunaESPer
« Last Edit: April 14, 2017, 01:08 AM by konnichiha »
If you want my attention on Discord, DM me instead of pinging me. I ignore @everyones, and there's no way to separate those from actual pings.