A language learners’ forum

We've had some reports of people being locked out of their accounts because of "failed login attempts". We've taken the IP addresses of the person(s) attempting this, but just for security sake you might want to change your password to something completely random and not guessable. Because you can have your browser remember the password there isn't any need to make it easy to remember. You can get some very strong passwords on Random.org. Or https://www.generateurdemotdepasse.com/

I would suggest a password of 20 characters with mixed upper and lower-case, with digits. This will get you a very strong password, which isn't going to be in a dictionary.

Ugh I was wondering what was going on with this as I have been having this issue lately with my new phone that I've never logged in on. Thanks for keeping us all abreast and needless to say I'm happy the password I use for this website is almost totally unlike any of my other ones (I should be a bit better about password management though).

rdearman wrote:We've had some reports of people being locked out of their accounts because of "failed login attempts". We've taken the IP addresses of the person(s) attempting this, but just for security sake you might want to change your password to something completely random and not guessable. Because you can have your browser remember the password there isn't any need to make it easy to remember. You can get some very strong passwords on Random.org. Or https://www.generateurdemotdepasse.com/

I would suggest a password of 20 characters with mixed upper and lower-case, with digits. This will get you a very strong password, which isn't going to be in a dictionary.

For the record, I was one locked out of my account. Answering the security question let me in.
Also for the record, I changed my password, which was 55iwtbotiwtwot%% when I was challenged. I didn't use that password for any other site, and I use password management software.

I must add, we don't think anyone's account was accessed just locked out because of someone attempting to get in.

Morgana wrote:Thank you for this. I had the "exceeded login attempts" warning as well. I don't know what the point would be to hacking into random users' accounts

If they figure out a username/password combination that works on the forum, they can then go and try that same combo at bank websites etc, to see if you reused it there.

MorkTheFiddle wrote:I use password management software.

I do too. One thing that I've found is that in certain instances on certain sites it wasn't inputting the correct password. An example of this is stored browser data somehow beating my software to the punch. Certain sites confuse it for some reason, but not this one, at least in my case.

I was wondering about this, I thought it was just my phone acting weird again. I have to say that I'm quite happy that the site admins, owners (...you people there...) inform us users when something like this happens. Thanks!

Thanks to the admin for the heads-up and his diligence. My user name is not one a hacker could pick out of a hat (given the obscurity of the source and given the fact that I misspelled the name), and I use the name in very few other places. One of the other places is HTLAL, which when last I logged on did not have https security. Is there a way, I wonder, to get oneself purged from the user list of HTLAL?

MorkTheFiddle wrote:Thanks to the admin for the heads-up and his diligence. My user name is not one a hacker could pick out of a hat (given the obscurity of the source and given the fact that I misspelled the name), and I use the name in very few other places. One of the other places is HTLAL, which when last I logged on did not have https security. Is there a way, I wonder, to get oneself purged from the user list of HTLAL?

The admin on HTLAL never replies to us so I highly doubt it.

Those of us who are moderators in both places can block your HTLAL account, but then you can't use the search facilites or the list over the latest messages (though that list has become somewhat of joke lately). Besides your name would still figure on the user list, and we can't remove it from there.