Security 101: Securing your online forum accounts

Discussion in 'Forum Suggestions' started by RainstormZA, 28/2/19.

Tags:
  1. RainstormZA

    Excellent Member

    5/5, 7 votes

    RainstormZA The Girl on Fire

    Threads:
    48
    Posts:
    3,553
    Country:
    South Africa
    Joined:
    24/8/17
    Gender:
    Female
    Location:
    Mooiriver, KZN Midlands
    Ratings:
    +9,549
    Hi all

    Just to clarify on something I've been pondering on for a while.

    Security of forum accounts.

    Just to put it out there, an account of mine on another forum was hacked and a tiny change in my personal details. I would have not noticed if I had not checked today as I regularly check in daily a few times. The reason I missed it was because it was just one tiny detail that was changed. Note, the password and email was not changed.

    Webp.net-resizeimage-2-min.jpg
    The biggest issue we face daily is invasion of privacy. I have actually requested to have my account deleted over there because it seems that it has been an ongoing problem, and the owner not doing anything about it, numerous of messages going unanswered. Also with me going to the UK, it's just pointless keeping that account alive.

    I"m not assuming it to be the same case here. I'm just writing this to give you a few pointers on account security - how to prevent it from being hacked and how to beef up a bit more security on your personal / vendor accounts. This is a really great forum and I don't want to see it go down the drain.

    A few security pointers to keep in mind, if you really want a secure account:
    • Make use of the two-step verification - either email or cellphone number. This is one of the best security measures I've ever seen in today's technology. If it doesn't work as intended, notify the administration as this is an huge security risk if something isn't working.
    • Make regular password changes - I'm guilty of this, it's hard enough trying to remember 20 different passwords for 20 different online accounts.
    • Password history - don't reuse the same password after 20 changes, it makes things so much easier for an hacker to gain access.
    • Password complexity - don't use iamabletohackaccounts. A mix of alpha-numerical and symbols make it so much harder to hack. Something along the lines of this example - !am@bl3t0h@ck - not a easy feat to remember, I agree. But not exactly like this, make it really random to make it much harder to hack.
    11salszieder_web.jpg
    The other thing that the administrators can only do is make regular security audits and increase their security defenses, such as using a WAF (Web application Firewall) and refuse ICMP packets from incoming (this is a source of DDOS attacks) plus banning grabbing is a real issue. If it is too much of an hassle, it does pay to have SaaS (Security-as-a-Service) cloud based security if you are using an hosting company that can do all of your security for your business or forum. HIPS (Host-based Intrusion Prevention System) and HIDS (Host-based Intrusion Detection System) also helps if one does a regular security audit to check for false negatives and false positives.

    The rest is up to you to safeguard your accounts. If you get hacked, it's actually your own fault if you keep a simple password, not do regular virus and malware scanning, keeping your software updated regularly and do system checks.
     
    • Winner Winner x 2
    • Informative Informative x 2
    • Thanks Thanks x 1
    • List
    Last edited: 28/2/19
  2. Silver

    Excellent Member

    5/5, 34 votes

    Silver Flavour and throat hit seeker Staff Member Administrator ECIGSSA Donor VIP

    Threads:
    659
    Posts:
    38,089
    Country:
    South Africa
    Joined:
    16/11/13
    Gender:
    Male
    Location:
    Joburg
    Ratings:
    +67,839
    Thanks for this info @RainstormZA - it is helpful and appreciate the effort.

    I agree, choosing a good password and changing it every now and then is the way to go

    If someone suspects their account has been "hacked" or logged into by someone else, let one of the members of the Admin & Mod Team know and we will try assist.

    Stay safe
     
    • Like Like x 1
    • Agree Agree x 1
    • List
  3. Jean claude Vaaldamme

    Excellent Member

    5/5, 1 vote

    Jean claude Vaaldamme Dedicated Vaper

    Threads:
    42
    Posts:
    762
    Country:
    South Africa
    Joined:
    28/10/18
    Gender:
    Male
    Location:
    Centurion
    Ratings:
    +2,232
    Thanks, just tell me something. If they hack my Ecigssa account, what are the going to do? Make sarcastic comments under my name and piss people off? I do it allready:-D
     
  4. Dela Rey Steyn

    Excellent Member

    5/5, 1 vote

    Dela Rey Steyn Vaper and Mech Mod Enthusiast

    Threads:
    14
    Posts:
    456
    Country:
    South Africa
    Joined:
    23/10/17
    Gender:
    Male
    Location:
    Louis Trichardt
    Ratings:
    +1,682
    Most people as a habit tend to use the same password over different platforms. So Hackers go for the "Soft Targets" first, then when they have your details they start going onto "harder accounts like e-mails and banking etc.
     
    • Like Like x 1
    • Agree Agree x 1
    • List
  5. RainstormZA

    Excellent Member

    5/5, 7 votes

    RainstormZA The Girl on Fire

    Threads:
    48
    Posts:
    3,553
    Country:
    South Africa
    Joined:
    24/8/17
    Gender:
    Female
    Location:
    Mooiriver, KZN Midlands
    Ratings:
    +9,549
    Something along the line of she's dangerously stupid was put under the about me section. Obviously someone over there has a beef with me. :D

    But yeah things like that.

    Btw the Google Authenticator is an awesome tool. It has both barcode reader and generates random code so this makes it much harder to hack. I recommend this method.
     
  6. Jean claude Vaaldamme

    Excellent Member

    5/5, 1 vote

    Jean claude Vaaldamme Dedicated Vaper

    Threads:
    42
    Posts:
    762
    Country:
    South Africa
    Joined:
    28/10/18
    Gender:
    Male
    Location:
    Centurion
    Ratings:
    +2,232
    Thats funny, wish I knew how to hack a few accounts here:-D, could pump some life into the forum
     
  7. RainstormZA

    Excellent Member

    5/5, 7 votes

    RainstormZA The Girl on Fire

    Threads:
    48
    Posts:
    3,553
    Country:
    South Africa
    Joined:
    24/8/17
    Gender:
    Female
    Location:
    Mooiriver, KZN Midlands
    Ratings:
    +9,549
    Yeah but knowing someone has read my pm's is scary - they know who I talk to and what it is about. Dam people are so nosey !!! Lol
     
    • Like Like x 1
    • Agree Agree x 1
    • List
  8. RainstormZA

    Excellent Member

    5/5, 7 votes

    RainstormZA The Girl on Fire

    Threads:
    48
    Posts:
    3,553
    Country:
    South Africa
    Joined:
    24/8/17
    Gender:
    Female
    Location:
    Mooiriver, KZN Midlands
    Ratings:
    +9,549
    Ok I have an issue with Google Authenticator. It pops up adverts, even when it's closed and right in the middle of browsing on websites / forums. This really irritates me. Judging by the reviews, I don't think Google has done anything about the issues and probably has made the problems worse by adding stuff that shouldn't even be there in the first place.

    I suggest you find something else, something that will work well for you.
     
  9. RainstormZA

    Excellent Member

    5/5, 7 votes

    RainstormZA The Girl on Fire

    Threads:
    48
    Posts:
    3,553
    Country:
    South Africa
    Joined:
    24/8/17
    Gender:
    Female
    Location:
    Mooiriver, KZN Midlands
    Ratings:
    +9,549
    Ok I've tried a few Auth apps and they all are crap. These things are full of adware - I wouldn't even touch them with a barge pole.

    I see that ECIGSSA provides 2-step through email which is probably far the best option you can have over Auth apps as the email goes straight to your inbox.
     
  10. Elmien

    Not Rated Member

    0/5,

    Elmien New Vaper

    Threads:
    3
    Posts:
    90
    Country:
    South Africa
    Joined:
    13/10/18
    Gender:
    Female
    Location:
    Secunda
    Ratings:
    +340
    Password managers work quite well if you get a proper one. It will cost you some money but they are relatively cheap. One pro is that you can generate passwords that look like this: P6rTsa1. It saves all the passwords for you and the only one you have to remember is your master password. If you can't remember your master password you won't be able to reset it. The only problem you can run into otherwise is if someone hacks into your password database that is why I recommend getting a good one.
     
  11. Rob Fisher

    Excellent Member

    5/5, 24 votes

    Rob Fisher ECIGSSA Admin Staff Member Administrator ECIGSSA Donor FINES MASTER VIP

    Threads:
    1,135
    Posts:
    30,517
    Country:
    South Africa
    Joined:
    3/2/14
    Gender:
    Male
    Location:
    Winston Park, Durbs
    Ratings:
    +88,791
    I use LassPass and have done for more than a year... very happy with it and it's a reasonable price to protect your passwords... as you can imagine I have more than one or two passwords and it has been a real help. Works on my PC and on my iPhone and my iPad!

    https://www.lastpass.com/
     
    • Like Like x 2
    • Winner Winner x 1
    • List
  12. Christos

    Excellent Member

    5/5, 8 votes

    Christos Reonaut Staff Member Moderator

    Threads:
    66
    Posts:
    6,261
    Country:
    South Africa
    Joined:
    3/8/15
    Gender:
    Male
    Location:
    Johannesburg
    Ratings:
    +14,726
    Im still mentally young and have 6000 passwords in my head. Pity I only get 3 tries on most platforms :D
    I even remember the windows 98 key I used ages ago as I typed this out so many times!
     
    • Funny Funny x 2
    • Like Like x 1
    • List
  13. RainstormZA

    Excellent Member

    5/5, 7 votes

    RainstormZA The Girl on Fire

    Threads:
    48
    Posts:
    3,553
    Country:
    South Africa
    Joined:
    24/8/17
    Gender:
    Female
    Location:
    Mooiriver, KZN Midlands
    Ratings:
    +9,549
    Yeah, @Christos, one's memory can be trained to retain a whole plethora of information.

    Just a warning to you guys - when I installed the Google Authenticator, it infected my phone with adware. I've just spend 30 minutes wiping it and then restoring everything now. I've reported it to the App store as not safe. Even after I uninstalled the two offending apps, I was still getting ads in the middle of doing things. It was really driving me up the wall so hopefully the wipe will give me a clean start.

    Oh and @RenaldoRheeder kept on face-palming me because of the above. :D
     
  14. RainstormZA

    Excellent Member

    5/5, 7 votes

    RainstormZA The Girl on Fire

    Threads:
    48
    Posts:
    3,553
    Country:
    South Africa
    Joined:
    24/8/17
    Gender:
    Female
    Location:
    Mooiriver, KZN Midlands
    Ratings:
    +9,549
    I definitely agree with you there - have just learnt a lot of new stuff today with 2FA and what you said makes a helluva lot of sense.
     
  15. Jean claude Vaaldamme

    Excellent Member

    5/5, 1 vote

    Jean claude Vaaldamme Dedicated Vaper

    Threads:
    42
    Posts:
    762
    Country:
    South Africa
    Joined:
    28/10/18
    Gender:
    Male
    Location:
    Centurion
    Ratings:
    +2,232
    Atleast he didnt change your profile to dangerously stupid:-D
     
  16. RenaldoRheeder

    Excellent Member

    5/5, 3 votes

    RenaldoRheeder Vaping Addict ECIGSSA Donor

    Threads:
    42
    Posts:
    2,054
    Country:
    South Africa
    Joined:
    29/4/17
    Gender:
    Male
    Location:
    Port Elizabeth, South Africa
    Ratings:
    +7,426
    Never @RainstormZA is a good friend of mine.


    Sent from my iPhone using Tapatalk
     
  17. RainstormZA

    Excellent Member

    5/5, 7 votes

    RainstormZA The Girl on Fire

    Threads:
    48
    Posts:
    3,553
    Country:
    South Africa
    Joined:
    24/8/17
    Gender:
    Female
    Location:
    Mooiriver, KZN Midlands
    Ratings:
    +9,549
    I was just thinking of ways to store a list of sites and random passwords and hide them.

    We just did a bunch of steganography puzzles. We could apply the same principle - audio files , video files, image files and so on.
     
    • Like Like x 1
    • Agree Agree x 1
    • List
  18. lesvaches

    Excellent Member

    5/5, 4 votes

    lesvaches Elite Vaper ECIGSSA Donor

    Threads:
    8
    Posts:
    1,123
    Country:
    South Africa
    Joined:
    21/8/18
    Gender:
    Male
    Location:
    clone town
    Ratings:
    +5,054
    hide it inside a photo.
     
    • Like Like x 1
    • Winner Winner x 1
    • List