PASSWORD Security

Discuss technical problems and features here
User avatar
MorkTheFiddle
Black Belt - 2nd Dan
Posts: 2113
Joined: Sat Jul 18, 2015 8:59 pm
Location: North Texas USA
Languages: English (N). Read (only) French and Spanish. Studying Ancient Greek. Studying a bit of Latin. Once studied Old Norse. Dabbled in Catalan, Provençal and Italian.
Language Log: https://forum.language-learners.org/vie ... 11#p133911
x 4823

Re: PASSWORD Security

Postby MorkTheFiddle » Tue Aug 01, 2017 5:52 pm

Elenia wrote:I didn't bother changing my password. It's not particularly easy to guess, I don't think, and it's not the same as my password for anything else. It's automatically saved in my browser, so I only had the CAPTCHA problem when trying to log in from my phone - which I only tried to see if I would have that problem.

If your password is solid and secure, and if you use it only on this site, then I agree there is no reason to change it.
The weak spot is the user name, which I'm hypothesizing the hacker got from HTLAL. However, even if we could change our user name here, it would cause a nightmare that I would not want to inflict on our admin or the moderators.
Right now the captcha is just a very minor nuisance, and, really, an added layer of security.
0 x
Many things which are false are transmitted from book to book, and gain credit in the world. -- attributed to Samuel Johnson

aaleks
Blue Belt
Posts: 884
Joined: Thu Apr 13, 2017 7:04 pm
Languages: Russian (N)
x 1910

Re: PASSWORD Security

Postby aaleks » Wed Aug 02, 2017 9:31 am

I usually have to deal with captcha at least two times in the row before it stops to appear. I've thought it should be this way, that some time has to pass between attempts to log in anyway.
0 x

William Camden
Green Belt
Posts: 384
Joined: Sat Nov 14, 2015 2:47 am
Location: Greenwich Mean Time zone
Languages: English (N), German (fluent), Turkish (fluent), Russian (fluent), French (semi-fluent), Spanish (semi-fluent), am studying Polish, have some knowledge of it, also studying modern Greek, basic knowledge of Arabic (mostly MSA, some exposure to colloquial dialects), basic knowledge of Latin and Italian, beginner in Scottish Gaelic.
x 476

Re: PASSWORD Security

Postby William Camden » Wed Aug 02, 2017 12:13 pm

Changed the password and still getting it. Oh well.
0 x
: 4321 / 4321Greek Memrise

William Camden
Green Belt
Posts: 384
Joined: Sat Nov 14, 2015 2:47 am
Location: Greenwich Mean Time zone
Languages: English (N), German (fluent), Turkish (fluent), Russian (fluent), French (semi-fluent), Spanish (semi-fluent), am studying Polish, have some knowledge of it, also studying modern Greek, basic knowledge of Arabic (mostly MSA, some exposure to colloquial dialects), basic knowledge of Latin and Italian, beginner in Scottish Gaelic.
x 476

Re: PASSWORD Security

Postby William Camden » Wed Aug 02, 2017 12:19 pm

I think it is a bot. I can't imagine even the most f*****-up sentient being with a keyboard doing this, as opposed to writing endless screeds about Europe's imminent downfall at the hands of refugees.
1 x
: 4321 / 4321Greek Memrise

User avatar
Iversen
Black Belt - 4th Dan
Posts: 4768
Joined: Sun Jul 19, 2015 7:36 pm
Location: Denmark
Languages: Monolingual travels in Danish, English, German, Dutch, Swedish, French, Portuguese, Spanish, Catalan, Italian, Romanian and (part time) Esperanto
Ahem, not yet: Norwegian, Afrikaans, Platt, Scots, Russian, Serbian, Bulgarian, Albanian, Greek, Latin, Irish, Indonesian and a few more...
Language Log: viewtopic.php?f=15&t=1027
x 14962

Re: PASSWORD Security

Postby Iversen » Wed Aug 02, 2017 2:46 pm

Morgana wrote:I wonder, is this really a real person sitting behind a computer, manually guessing multiple users' passwords? Or could there be a bot or script or something doing this?


I think it is a task that has been set up to run continuously, trying one password after the other and hoping to find one with a weak password. Otherwise Morgana's account wouldn't have been targeted in the few minutes from her last logout to she tried to log in again - in not only that: a number of accounts must have been targeted in parallel because it clearly also target Camden.

If there weren't an upper limit on the number of attempts before you have to solve a riddle an automated task could in principle try a million times before you had had time to enter your data just once.

By the way: why should the usernames be snatched from HTLAL? They are visible here.
0 x

Tillumadoguenirurm
Orange Belt
Posts: 193
Joined: Fri May 06, 2016 3:07 pm
Languages: English
x 235

Re: PASSWORD Security

Postby Tillumadoguenirurm » Wed Aug 02, 2017 3:04 pm

I never had an active account on htal so it's not that. It makes sense that there's no point in changing passwords unless it's a weak one. Whoever tried getting access didn't get very far after all. I use passwords thas have the same logic as my usernames does, so the chances of someone or something getting it right is pretty low.
0 x

aaleks
Blue Belt
Posts: 884
Joined: Thu Apr 13, 2017 7:04 pm
Languages: Russian (N)
x 1910

Re: PASSWORD Security

Postby aaleks » Wed Aug 02, 2017 3:06 pm

Just in case, I've never been registered on HTLAL.
1 x

Ingaræð
Orange Belt
Posts: 170
Joined: Sat Nov 26, 2016 9:34 pm
Languages: English (N), German (heritage)
Learning: Russian, French, German, Mandarin, Arabic, Spanish.
Mostly forgotten: Italian, Welsh.
x 377

Re: PASSWORD Security

Postby Ingaræð » Wed Aug 02, 2017 3:09 pm

What happens if the hacker/bot tries to get into your account when you're already logged in?
0 x

William Camden
Green Belt
Posts: 384
Joined: Sat Nov 14, 2015 2:47 am
Location: Greenwich Mean Time zone
Languages: English (N), German (fluent), Turkish (fluent), Russian (fluent), French (semi-fluent), Spanish (semi-fluent), am studying Polish, have some knowledge of it, also studying modern Greek, basic knowledge of Arabic (mostly MSA, some exposure to colloquial dialects), basic knowledge of Latin and Italian, beginner in Scottish Gaelic.
x 476

Re: PASSWORD Security

Postby William Camden » Mon Aug 14, 2017 4:08 pm

I have started getting those "you have logged in with the wrong password too many times" messages again (after logging in just once), even though I changed to a new password which temporarily solved the problem.
0 x
: 4321 / 4321Greek Memrise

User avatar
neofight78
Blue Belt
Posts: 539
Joined: Wed Jul 22, 2015 8:02 pm
Location: Novosibirsk, Russia
Languages: English (N), Russian (B2+), Spanish (A0)
Language Log: viewtopic.php?t=833
x 1232

Re: PASSWORD Security

Postby neofight78 » Mon Aug 14, 2017 5:29 pm

Me too, although I wasn't a victim last time.
0 x


Return to “Technical Support and Feature Requests”

Who is online

Users browsing this forum: No registered users and 2 guests