I've been thinking about this lately. I'm interested to see how much power arn (or blake for that matter) actually has. Like, can they see what our password is? Or can they just access and modify our account as pleases them (well, I KNOW they can do this, but the main thing is, can they actually see our password and such?) I guess this is more of a vBulletin question than an arn question, but anyway, feel free to post any more questions. I want to see if arn has that kind of power. If he does, I recommend changing your password and that could be a security risk if he can.
No. And this is publicly available information, anyone who wants to know this could look it up in the vBulletin documentation. http://www.vbulletin.com/docs/html/main/users_add This is a page about the admin's right to create a new user or edit an existing one. While he/she can edit your e-mail address, signature, postcount and the IP address you registered with, you can ready that:
FML. I knew this should be one to PM arn, but I thought I could get some mature discussion going. Why harp on one statement? I never said it would or would not help. Thank you.
Arn and Blake have root on the TA servers. They have access to everything in the forum database including the MD5 hash that stores your password. Technically speaking they could break your MD5 password hash using rainbow tables or other tricks but I really can't think of any reason why they would bother. It's a good security practice to use a different password for every web site that you have a log in for. That way, if one is compromised, everything else is still secure.
But how would you remember all of them? Put them on a post-it and stick it to your forehead? I know I should use more passwords. I use a few (e-mail, forums, etc. have different ones) but still, remembering more than 5 passwords gets hard especially if they're random character combinations.
Use a password manager like 1Password, use a very strong password for your main password file. Problem solved!
Well, with great power comes great responsibility... Arn and Blake are responsible they won't hand out your password or change it I would think There's always a chance that something could happen though....lol...But honestly this is sorta dumb question on the password thing. I see what some people like spmwrinkle about ta+password etc... and Hodapp on 1Password I agree that's a good thing to do just that I;m assuming arn and blake are responsible with passwords and personal info (e-mail etc...,DOB (optional) etc....).
http://keepass.info/ You should use a password manager. Keepass is free. And then you can use proper passwords like 3djraiYzlP1wIttxNGO
Administrators for most web sites worth visiting can be trusted with the information you give them to register. The problem comes in when you're using widely distributed software like vbulletin, wordpress, and any other number of forum and content management systems when exploits are released. Say for instance you use one password for everything, and you're registered to some Pokemon forum that's running a 2 year old unpatched install of phpBB, they get hacked, the hackers instantly have a database including your email and your password. They go to your web mail access, try your password, and have access to everything you do online. It's never a bad idea to be extra careful about security. If you were using a unique password for each forum and the Pokemon site got hacked, all your other accounts would remain secure.
Thanks for the tips about the password managers. I didn't know so many people were actually using them. It seems annoying to first go into your password manager before logging in to toucharcade, e-mail, twitter, etc. etc. etc.
I use 1password. Not free but not costly either. Come to toucharcade, click the lock icon in the browser bar and it will auto-fill the name/pass AND it presses return for me. So one click saves me many. Another tip: If you use 2 machines, get dropbox - https://www.getdropbox.com/ - and make the save location for your password files to be inside dropbox. That way it syncs automatically. (That is not an affiliate link) And these programs will also stores serial numbers, bank details and other notes you need secure. And for those that read this and think "It won't happen to me" - what if it does?