A language learners’ forum

I had changed my password yesterday per rdearman's suggestion, and logged in again to test it with no problems. I just had another problem with logging in today, however, and I had to answer the CAPTCHA.

After some confusion and with CAPTCHA, I know have a new password and I can log in. Mods, you may disregard my email. Thank you for your work.

Iversen wrote:Those of us who are moderators in both places can block your HTLAL account, but then you can't use the search facilites or the list over the latest messages (though that list has become somewhat of joke lately). Besides your name would still figure on the user list, and we can't remove it from there.

If the user list still shows the name, there is no point in blocking my account. So don't bother. If I am not mistaken, searching can still be done through Google (website:how-to-learn-any-language.com etc.). Thanks to both you and Rhian for your replies.

Old news maybe, but this just happened to me. I changed my password. It really stinks because my password was easy to remember, but not very safe.

Hank wrote:Old news maybe, but this just happened to me. I changed my password. It really stinks because my password was easy to remember, but not very safe.

And I got the captcha again today, but I've only tried to logg in once.

Presumably this is them attempting to use the data from the recent hack...?

It's happened to me several times recently, and the most recent was five minutes ago. I logged in with my password yesterday too, so it looks like the hackers attempted overnight.

As for password security settings, four unrelated words from four unrelated languages make for a surprisingly secure password, and you can even add in a few extra characters to mix things up.

It is necessary to have good strong passwords, but actually there is no reason to believe that they have been guessed so far (and therefore no reason to change a good strong password). The point is at the fake login attempts fizzle out when the limit is reached, and to go beyond this point you have to supply the correct password AND solve a riddle - in other words the riddle isn't used unless you also have supply a correct password. When the rightful account owner has passed this double test and got access to the forum the counter is of course reset and the hacker can then attempt a new series of guesses - but with a good password you would need an astronomical number of rounds before finding the right one purely by guessing. Maybe the goal of the attacker right now simply is to irritate us.

I keep getting "the number of tries has been exceeded" -type messages, after just trying to log in once, and I get the CAPTCHA. I may change my password.

Iversen wrote:Maybe the goal of the attacker right now simply is to irritate us.

Or maybe they are hoping to find one of us has used a password such as "password" or "12345678" and steal an identity. And find a bank account attached to that identity.

Or maybe a bored, clueless person who has no real objective.

I'd love to hear the theories of the computer boffins on the forum who know more than me!

I didn't bother changing my password. It's not particularly easy to guess, I don't think, and it's not the same as my password for anything else. It's automatically saved in my browser, so I only had the CAPTCHA problem when trying to log in from my phone - which I only tried to see if I would have that problem.