User Controls

Site not secure?

  1. #21
    Hmm so I guess just forcing HTTPS on the index would be a good idea. Or perhaps make a separate login page that is the only place where https is forced? Will it continue to not be downgraded to http across sessions in this way if you stay logged in?
  2. #22
    -SpectraL coward [the spuriously bluish-lilac bushman]
    Always use a different password here than you use anywhere else. Word to the wise.
  3. #23
    Originally posted by -SpectraL Always use a different password here than you use anywhere else. Word to the wise.

    You should do that no matter what on every site.

    Or if not, at least use a unique suffix or prefix for each site.

    So if your normal password is QUANGOUNCHAINED, you use QUANGOUNCHAINEDniggerz for niggasin.space
  4. #24
    Sophie Pedophile Tech Support
    Originally posted by Captain Falcon You should do that no matter what on every site.

    Or if not, at least use a unique suffix or prefix for each site.

    So if your normal password is QUANGOUNCHAINED, you use QUANGOUNCHAINEDniggerz for niggasin.space

    I would advise against using a suffix or prefix. It's pretty easy to generate a password list with custom mutations once you know the "main" password.
  5. #25
    Originally posted by Sophie I would advise against using a suffix or prefix. It's pretty easy to generate a password list with custom mutations once you know the "main" password.

    As I said "at least"; it's not by any means best practice, but it's better than just using the same password... Because then you just lose when someone has the password.

    The main threat to you as an average netizen is not a targeted attack, it is an attack of opportunity. When large database dumps are released and you're on one of them, the threat becomes correlation attacks, not direct penetration.

    That's why people use bcrypt despite the fact that targeted attacks are difficult but still possible; the threat is mass decryption.

    Also, if your suffix is complex enough (like your normal password should be), then it doesn't matter, it simply becomes a matter of extra security at that point.
  6. #26
    The best idea is still to use entirely unique passwords. But even the secret service uses the base-suffix method when attempting to secure important normies. So when they have to remember 8 different passwords, they'll tell them to use a strong "base" that they keep only in their brain, weak "middles" that they keep in their brain and are unique to each system and easy to remember, and write down strong suffixes.
  7. #27
    Originally posted by -SpectraL Always use a different password here than you use anywhere else. Word to the wise.

    I don't get it
  8. #28
    TreyGowdy Houston
    Originally posted by Lanny I'm of the opinion that a self signed cert is worse than no SSL at all, self signing encourages people to ignore warnings or worse acknowledging untrusted certificate authorities, it's a false sense of security as far as I'm concerned. At least with no SSL people who care should understand there's a risk of MitM.

    In any case, letsencrypt is now issuing free certs, which is cool, https is now working. Serving http alongside because I'm not convinced everything ever (especially anonymous sessions) needs SSL, but if you're signing in I encourage you to use it, I will.

    Your browser may still refuse to show you the happy green lock of warm-safe-feelings on some pages since users can embed non-SSL images. If this bothers you you can disable images either from your user profile page or through your browser.

    That's bullshit and you know. (Previously) Anyone who signs in through a sketchy proxy, probably ~50% of the users, are risking having their credentials stolen. That goes double when sharing a lan with other people. And it also assumes ISPs aren't hostile. A cert distributed through a trusted party (ie. github) would be completely legitimate. Anyone who blindly trusts it is already a lost cause. The site isn't going to tip the scales and cause grandma to lose her life saving to bankofamerica.ru

    I see your point of course, but that's like saying "no child left behind" makes everyone smarter. The reality is it drags everyone else down to the stupidest person.

    Anyway cool to have SSL nonetheless.

    I believe there's like 3 levels of security the browser assigns and to get the green lock you have to jump through a shitload of hoops. Take say yahoo.com doesn't have it (just a grey lock), banofamerica.com does.
  9. #29
    The caper man im telling you.
  10. #30
    -SpectraL coward [the spuriously bluish-lilac bushman]
    And don't use the e-mail address you used to register here anywhere else, because if the registration address is known and compromised, that address can then be used to reset passwords elsewhere, and the Inbox and Deleted Items folders in the registration address can often contain old "forgot password" e-mails containing current live passwords from various places on the Internet.
  11. #31
    TreyGowdy Houston
    Jokes on you kid, I used my dad's email.
    The following users say it would be alright if the author of this post didn't die in a fire!
  12. #32
    YOu tell me this NOW>!
  13. #33
    -SpectraL coward [the spuriously bluish-lilac bushman]
    Lanny is a federal agent. Although, he won't bite unless bitten.
  14. #34
    Well he sure fucking acts like one deleting my drunk posts and what not, I think he's younger than me too, HA!.
  15. #35
    -SpectraL coward [the spuriously bluish-lilac bushman]
    Originally posted by SCronaldo_J_Trump Well he sure fucking acts like one deleting my drunk posts and what not, I think he's younger than me too, HA!.

    The Lanny account is actually three different federal cyber agents, each, of course, with his own unique personality. One is a drunkard. There even used to be a female cyber spy on the Lanny account, at one time. All of the Lannys are highly trained specialists in the fields of networking, programming, architecture and logistics.
  16. #36
    How do you know all this? Are you a double agent?.
  17. #37
    -SpectraL coward [the spuriously bluish-lilac bushman]
    Originally posted by SCronaldo_J_Trump How do you know all this? Are you a double agent?.

    I'm a triple agent. Rare.
  18. #38
    Originally posted by -SpectraL I'm a triple agent. Rare.

    But are you a triple threat?.
  19. #39
    -SpectraL coward [the spuriously bluish-lilac bushman]
    Originally posted by SCronaldo_J_Trump But are you a triple threat?.

    No. Lanny is the triple threat. He could even be half a dozen federal agents by now.
  20. #40
    Sophie Pedophile Tech Support
    Everyone here is a fed. Trust no one. Not even yourself.
Jump to Top