PASSWORD Security

Discuss technical problems and features here
User avatar
rdearman
Site Admin
Posts: 2728
Joined: Thu May 14, 2015 4:18 pm
Location: United Kingdom
Languages: English (N)
French (studies), Italian (studies), Mandarin (studies),
Esperanto TAC (Only god knows why), Finnish (only in it for the cookies)
Language Log: viewtopic.php?f=15&t=1836
x 5684
Contact:

PASSWORD Security

Postby rdearman » Sun Jul 23, 2017 8:17 pm

We've had some reports of people being locked out of their accounts because of "failed login attempts". We've taken the IP addresses of the person(s) attempting this, but just for security sake you might want to change your password to something completely random and not guessable. Because you can have your browser remember the password there isn't any need to make it easy to remember. You can get some very strong passwords on Random.org. Or https://www.generateurdemotdepasse.com/

I would suggest a password of 20 characters with mixed upper and lower-case, with digits. This will get you a very strong password, which isn't going to be in a dictionary.
9 x
"Never blame on malice that which can be explained by stupidity."

User avatar
aokoye
Brown Belt
Posts: 1299
Joined: Sat Jul 18, 2015 6:14 pm
Location: Portland, OR
Languages: English (N), German (~C1), Swedish (beginner), Dutch (beginner), French (beginner)
Language Log: viewtopic.php?f=15&t=2935
x 2061
Contact:

Re: PASSWORD Security

Postby aokoye » Sun Jul 23, 2017 9:50 pm

Ugh I was wondering what was going on with this as I have been having this issue lately with my new phone that I've never logged in on. Thanks for keeping us all abreast and needless to say I'm happy the password I use for this website is almost totally unlike any of my other ones (I should be a bit better about password management though).
0 x
Prefered gender pronouns: Masculine

MorkTheFiddle
Blue Belt
Posts: 534
Joined: Sat Jul 18, 2015 8:59 pm
Location: usa
Languages: English (N). Relearning German. Read (only) French and Spanish.
Language Log: viewtopic.php?f=15&t=5680&p=70021#p70021
x 768

Re: PASSWORD Security

Postby MorkTheFiddle » Sun Jul 23, 2017 10:59 pm

rdearman wrote:We've had some reports of people being locked out of their accounts because of "failed login attempts". We've taken the IP addresses of the person(s) attempting this, but just for security sake you might want to change your password to something completely random and not guessable. Because you can have your browser remember the password there isn't any need to make it easy to remember. You can get some very strong passwords on Random.org. Or https://www.generateurdemotdepasse.com/

I would suggest a password of 20 characters with mixed upper and lower-case, with digits. This will get you a very strong password, which isn't going to be in a dictionary.

For the record, I was one locked out of my account. Answering the security question let me in.
Also for the record, I changed my password, which was 55iwtbotiwtwot%% when I was challenged. I didn't use that password for any other site, and I use password management software.
0 x
Ah ! Le bon billet qu'a La Châtre !

User avatar
rdearman
Site Admin
Posts: 2728
Joined: Thu May 14, 2015 4:18 pm
Location: United Kingdom
Languages: English (N)
French (studies), Italian (studies), Mandarin (studies),
Esperanto TAC (Only god knows why), Finnish (only in it for the cookies)
Language Log: viewtopic.php?f=15&t=1836
x 5684
Contact:

Re: PASSWORD Security

Postby rdearman » Sun Jul 23, 2017 11:12 pm

I must add, we don't think anyone's account was accessed just locked out because of someone attempting to get in.
2 x
"Never blame on malice that which can be explained by stupidity."

Morgana
Orange Belt
Posts: 108
Joined: Tue Jun 06, 2017 6:02 pm
Languages: English (N)
x 117

Re:

Postby Morgana » Mon Jul 24, 2017 2:21 am

Last edited by Morgana on Mon Nov 27, 2017 12:01 am, edited 2 times in total.
0 x

User avatar
arthaey
Blue Belt
Posts: 990
Joined: Sat Jul 18, 2015 9:11 pm
Location: Seattle, WA, USA
Languages: EN (N); ES (adv receptive, int productive); FR (false beginner); DE (lapsed beg); ASL (lapsed beg); HU (tourist)
Language Log: viewtopic.php?f=15&t=3864&view=unread#unread
x 1435
Contact:

Re: PASSWORD Security

Postby arthaey » Mon Jul 24, 2017 3:09 am

Morgana wrote:Thank you for this. I had the "exceeded login attempts" warning as well. I don't know what the point would be to hacking into random users' accounts :(

If they figure out a username/password combination that works on the forum, they can then go and try that same combo at bank websites etc, to see if you reused it there.
5 x
Log links: ASLFrenchHungarianSpanish
Anki catchup : 565 / 2204

Morgana
Orange Belt
Posts: 108
Joined: Tue Jun 06, 2017 6:02 pm
Languages: English (N)
x 117

Re:

Postby Morgana » Mon Jul 24, 2017 3:12 am

Last edited by Morgana on Mon Nov 27, 2017 12:00 am, edited 2 times in total.
1 x

User avatar
leosmith
Green Belt
Posts: 380
Joined: Thu Sep 29, 2016 10:06 pm
Location: Seattle
Languages: English (N)
Actively learning Tagalog (complete beginner)
Maintaining Spanish (~C1), Thai (~B2+), Russian (~B2+), French (~B2+), Mandarin (~B2), Japanese (~B2), Korean (~B2)
All but forgotten Swahili (~B1)
Language Log: viewtopic.php?f=15&t=5054
x 747

Re: PASSWORD Security

Postby leosmith » Mon Jul 24, 2017 4:28 am

MorkTheFiddle wrote:I use password management software.

I do too. One thing that I've found is that in certain instances on certain sites it wasn't inputting the correct password. An example of this is stored browser data somehow beating my software to the punch. Certain sites confuse it for some reason, but not this one, at least in my case.
1 x
: 53 / 60 Pimsleur Tagalog (60 lessons goal):

Tillumadoguenirurm
Orange Belt
Posts: 189
Joined: Fri May 06, 2016 3:07 pm
Languages: English
x 211

Re: PASSWORD Security

Postby Tillumadoguenirurm » Mon Jul 24, 2017 11:42 am

I was wondering about this, I thought it was just my phone acting weird again. I have to say that I'm quite happy that the site admins, owners (...you people there...) inform us users when something like this happens. Thanks! :)
2 x

MorkTheFiddle
Blue Belt
Posts: 534
Joined: Sat Jul 18, 2015 8:59 pm
Location: usa
Languages: English (N). Relearning German. Read (only) French and Spanish.
Language Log: viewtopic.php?f=15&t=5680&p=70021#p70021
x 768

Re: PASSWORD Security

Postby MorkTheFiddle » Mon Jul 24, 2017 5:11 pm

Thanks to the admin for the heads-up and his diligence. My user name is not one a hacker could pick out of a hat (given the obscurity of the source and given the fact that I misspelled the name), and I use the name in very few other places. One of the other places is HTLAL, which when last I logged on did not have https security. Is there a way, I wonder, to get oneself purged from the user list of HTLAL?
0 x
Ah ! Le bon billet qu'a La Châtre !


Return to “Technical Support and Feature Requests”

Who is online

Users browsing this forum: No registered users and 1 guest