Stories Untold
Welcome, Guest. Please login or register.

Author Topic: Guide to Having a Secure, Nearly Hackerproof Account. (Last Updated: 5/20/18)  (Read 4355 times)

Offline Ravicale 

  • Will program for food.
  • [Staff] Lieutenant
  • Centipede
  • ***
  • Posts: 29,911
  • Karma: +2535/-0
  • The power to do good is also the power to do harm.
  • Awards Award bestowed upon members inducted into the forum Hall of Fame - from konnichiha For having an eye for good games - from Yugioh77 An award to all your great help, War Veteran - from Hivetyrantofawesome We don't exist. - from General Death For Extensive Game making Knowledge - from General Death Forever Alone - from swallowthesun For having the best ideas - from ☠General Death☠ For reaching the rank 'General' - from  
    • View Profile
    • Awards
How to Have a Secure Account:
     Lets say you make an account on the forums, your password is "Password1," 2 weeks later you are 'hacked' and your account is in PoW. This is a very possible reality, and you are in PoW because it is hazardous to have an account used by multiple members on the forums. Thankfully, it is possible to avoid this reality and avoid being hacked.

Ways you can be hacked here:
  • Following unsafe practices with passwords.
  • Sharing your session ID.

     This short list literally contains every possible way your account could likely be hacked here. Sure, someone could theoretically find some massive vulnerability and compromise every account here... But that's beyond your control and highly improbable.

How to Make a Good Password:
     This is a rather simple skill that most people fail horribly at. Common mistakes include:

  • Using extremely common passwords such as "Password" or "123456". If your password appears on this list, CHANGE IT NOW.
  • Using the same, or similar passwords across multiple services.
  • Using a password manager that stores data 'on the cloud'.
  • Sharing a password with someone else.
  • Leaving some way for someone else to easily view your password.
  • Creating extremely short passwords. Such things have low 'entropy' and are far easier to guess than longer passwords. Longer passwords are exponentially more difficult to brute force.

     My advice is to use an offline password manager and create long passwords that don't commit any of the above sins. Password Safe is a decent, free open source option.

Never Tell others Your Password:
     Under no circumstances should you give out your password, even if a staff member asks you. If you want to collaborate on a game on the Mainsite then create an alternate "collab" account. If you want to collaborate on an Rpfg then use google docs then copy/paste it to the forums. If you have siblings or use a shared computer then don't save your password (outside of an encrypted file/password manager) on it or stay logged in. If someone threatens to hack you if you don't give them your password, then they don't even have the means to hack you if you don't give them your password. Remember, if you publicly announce your password you will be punished as if you are a hacker, same goes for anyone else logging onto your account.

Don't Give Out Your Session ID:
     There are many places on Sploder where your session ID will appear somewhere in the page, and occasionally in the url itself. The most common place it will appear is the pop-up window that comes up when you publish a game. Please be cautious and do not paste links containing your ID anywhere, as it can be used to access your account very easily. Example of what a session ID looks like in a url. This could be used to gain limited access to an account.

What to do if You Get Hacked Anyway:
     Contact Geoff via this link. If you have given a fake email address for your account then you are going to have some problems. If you currently have a fake email on your account then change it promptly.

If you didn't follow any of this then let it be known that we told you.

Note: Updated circa May 2018 as some information regarding account security wasn't best practice.
Thanks: treyt, Dragonknight, Crackbone, World's Biggest Nubcake, The Boxster, Lucinho, prav, Peacekeeper, HuskyMudkipz, mjduniverse, batte, PD, redandblue2000, thelegenduser, MasterViper, TheKingOfSwin, bhopeful, linkdork77, 44lifedollars, setsunaESPer
« Last Edit: May 20, 2018, 05:38 PM by Ravicale  »
If you want my attention on Discord, DM me instead of pinging me. I ignore @everyones, and there's no way to separate those from actual pings.