Announcements - Change your password (or at least refresh it)
Mine GO BOOM - Fri Feb 22, 2008 4:41 pm
Post subject: Change your password (or at least refresh it)
With some other sites I frequent having issues with people grabbing the database and then attacking the password, I figured it would be time to upgrade php's password method from being a simple unsalted hash to a bit more secure (aka, salted) to protect against simple rainbow attacks.
But to do that, people need to either change or refresh their password by going to Profile and editing their profiles.
Now is also a good time to remind people that the site does support SSL. If you don't want to browse the website with SSL, I'd recommend using Use HTTPS only on login which will have the server redirect everything to normal HTTP as soon as possible. This will still allow you to login via the SSL link at the top, so your password will not be sent over plaintext. But this does require you to login via clicking the HTTPS link. As a reminder for this, on the login page it will notify you when you login via the unsecure login page.
In a few weeks, I'll send personal reminders to those that have no updated their passwords to be the new system.
REMEMBER - I can only protect your account as much as possible from the server side. If you choose a weak password like '12345' that is your own fault. I can only protect you so far as to make it very difficult to crack your password, not to protect against brute forcing or simply guesses.