User Controls
Site not secure?
-
2017-02-10 at 5:24 PM UTCHmm so I guess just forcing HTTPS on the index would be a good idea. Or perhaps make a separate login page that is the only place where https is forced? Will it continue to not be downgraded to http across sessions in this way if you stay logged in?
-
2017-02-10 at 6:46 PM UTCAlways use a different password here than you use anywhere else. Word to the wise.
-
2017-02-10 at 6:50 PM UTC
Originally posted by -SpectraL Always use a different password here than you use anywhere else. Word to the wise.
You should do that no matter what on every site.
Or if not, at least use a unique suffix or prefix for each site.
So if your normal password is QUANGOUNCHAINED, you use QUANGOUNCHAINEDniggerz for niggasin.space -
2017-02-10 at 7:26 PM UTC
Originally posted by Captain Falcon You should do that no matter what on every site.
Or if not, at least use a unique suffix or prefix for each site.
So if your normal password is QUANGOUNCHAINED, you use QUANGOUNCHAINEDniggerz for niggasin.space
I would advise against using a suffix or prefix. It's pretty easy to generate a password list with custom mutations once you know the "main" password. -
2017-02-10 at 7:39 PM UTC
Originally posted by Sophie I would advise against using a suffix or prefix. It's pretty easy to generate a password list with custom mutations once you know the "main" password.
As I said "at least"; it's not by any means best practice, but it's better than just using the same password... Because then you just lose when someone has the password.
The main threat to you as an average netizen is not a targeted attack, it is an attack of opportunity. When large database dumps are released and you're on one of them, the threat becomes correlation attacks, not direct penetration.
That's why people use bcrypt despite the fact that targeted attacks are difficult but still possible; the threat is mass decryption.
Also, if your suffix is complex enough (like your normal password should be), then it doesn't matter, it simply becomes a matter of extra security at that point. -
2017-02-10 at 7:43 PM UTCThe best idea is still to use entirely unique passwords. But even the secret service uses the base-suffix method when attempting to secure important normies. So when they have to remember 8 different passwords, they'll tell them to use a strong "base" that they keep only in their brain, weak "middles" that they keep in their brain and are unique to each system and easy to remember, and write down strong suffixes.
-
2017-02-10 at 7:48 PM UTC
-
2017-02-11 at 1:24 AM UTC
Originally posted by Lanny I'm of the opinion that a self signed cert is worse than no SSL at all, self signing encourages people to ignore warnings or worse acknowledging untrusted certificate authorities, it's a false sense of security as far as I'm concerned. At least with no SSL people who care should understand there's a risk of MitM.
In any case, letsencrypt is now issuing free certs, which is cool, https is now working. Serving http alongside because I'm not convinced everything ever (especially anonymous sessions) needs SSL, but if you're signing in I encourage you to use it, I will.
Your browser may still refuse to show you the happy green lock of warm-safe-feelings on some pages since users can embed non-SSL images. If this bothers you you can disable images either from your user profile page or through your browser.
That's bullshit and you know. (Previously) Anyone who signs in through a sketchy proxy, probably ~50% of the users, are risking having their credentials stolen. That goes double when sharing a lan with other people. And it also assumes ISPs aren't hostile. A cert distributed through a trusted party (ie. github) would be completely legitimate. Anyone who blindly trusts it is already a lost cause. The site isn't going to tip the scales and cause grandma to lose her life saving to bankofamerica.ru
I see your point of course, but that's like saying "no child left behind" makes everyone smarter. The reality is it drags everyone else down to the stupidest person.
Anyway cool to have SSL nonetheless.
I believe there's like 3 levels of security the browser assigns and to get the green lock you have to jump through a shitload of hoops. Take say yahoo.com doesn't have it (just a grey lock), banofamerica.com does. -
2017-02-11 at 1:26 AM UTCThe caper man im telling you.
-
2017-02-11 at 2:05 AM UTCAnd don't use the e-mail address you used to register here anywhere else, because if the registration address is known and compromised, that address can then be used to reset passwords elsewhere, and the Inbox and Deleted Items folders in the registration address can often contain old "forgot password" e-mails containing current live passwords from various places on the Internet.
-
2017-02-11 at 2:11 AM UTCJokes on you kid, I used my dad's email.The following users say it would be alright if the author of this post didn't die in a fire!
-
2017-02-11 at 2:14 AM UTCYOu tell me this NOW>!
-
2017-02-11 at 2:16 AM UTCLanny is a federal agent. Although, he won't bite unless bitten.
-
2017-02-11 at 2:19 AM UTCWell he sure fucking acts like one deleting my drunk posts and what not, I think he's younger than me too, HA!.
-
2017-02-11 at 2:24 AM UTC
Originally posted by SCronaldo_J_Trump Well he sure fucking acts like one deleting my drunk posts and what not, I think he's younger than me too, HA!.
The Lanny account is actually three different federal cyber agents, each, of course, with his own unique personality. One is a drunkard. There even used to be a female cyber spy on the Lanny account, at one time. All of the Lannys are highly trained specialists in the fields of networking, programming, architecture and logistics. -
2017-02-11 at 2:27 AM UTCHow do you know all this? Are you a double agent?.
-
2017-02-11 at 2:39 AM UTC
-
2017-02-11 at 2:49 AM UTC
-
2017-02-11 at 3:42 AM UTC
-
2017-02-11 at 4:50 AM UTCEveryone here is a fed. Trust no one. Not even yourself.
