First, 2FA (Two Factor Authentication) is available for EVERY user account. See "Two Step Verification" at this link:
More info on 2FA options:
www.cloudwards.net
Personally, I use Google Authenticator. GA is nice since you can "transfer" to additional devices...in my case, my backup phone also carries the codes....just in case. Others offer various options for backup.
Activating 2FA on your account has some advantages...specifically, user password resets may be required every 180ish days (automated)....enabling 2FA on your account means you BYPASS that requirement. There still may be password reset needs in the future, but you won't be stuck with the frequency. Additionally, 2FA-enabled accounts skip some of the spam/scam triggers. As of 2022-05-04, 1,403 users have 2FA enabled. Thank you
----------
Password information/requirements: (update 2021/08/04)
Password compromises are checked by:
GitHub - dropbox/zxcvbn: Low-Budget Password Strength Estimation - https://github.com/dropbox/zxcvbn
Have I Been Pwned: Pwned Passwords - https://haveibeenpwned.com/Passwords
There is also a required 8-character length check, password strength minimums, as well as blocking common site phrases like "ih8mud", "toyota", "lexus", "4runner", etc from being allowed in a password. REAL words will fail password strength checks.
2FA is required for Admin accounts. Frankly, everyone should be using it.
Every registration is checked against a few services as well, and a handful get flagged daily. Every account login gets checked daily too, and a few end up flagged. Those include StopForumSpam, TOR detection, Cloudfare GeoIP, getipintel, two services for ASN lookups, as well as an ever growing list of links/keywords that trigger admin alerts.
-----
There is no perfect solution for security.
I personally do nothing without an active VPN on my phone/laptop, and use 2FA for everything possible. I change my forum password monthly, and it's always in the 20-25 character range and looks similar to: &bbCKHRB8#5YkJqLjN4$f - I then rely on one of the many password services to keep my hundreds of unique passwords secure. (Lastpass, 1Password, NordPass, etc)
PRO TIP: Passwords are hashed/encrypted in the database via bcrypt. ie: I do not know them, and never have. NEVER post/email your password. I will never ask for your password.
More info on 2FA options:
5 Best Authenticator App Picks 2024: FREE iPhone & Android
In this best authenticator app review, we will look at five top providers to determine the best choices for iPhone and Android.
Personally, I use Google Authenticator. GA is nice since you can "transfer" to additional devices...in my case, my backup phone also carries the codes....just in case. Others offer various options for backup.
Activating 2FA on your account has some advantages...specifically, user password resets may be required every 180ish days (automated)....enabling 2FA on your account means you BYPASS that requirement. There still may be password reset needs in the future, but you won't be stuck with the frequency. Additionally, 2FA-enabled accounts skip some of the spam/scam triggers. As of 2022-05-04, 1,403 users have 2FA enabled. Thank you
----------
Password information/requirements: (update 2021/08/04)
Password compromises are checked by:
GitHub - dropbox/zxcvbn: Low-Budget Password Strength Estimation - https://github.com/dropbox/zxcvbn
Have I Been Pwned: Pwned Passwords - https://haveibeenpwned.com/Passwords
There is also a required 8-character length check, password strength minimums, as well as blocking common site phrases like "ih8mud", "toyota", "lexus", "4runner", etc from being allowed in a password. REAL words will fail password strength checks.
2FA is required for Admin accounts. Frankly, everyone should be using it.
Every registration is checked against a few services as well, and a handful get flagged daily. Every account login gets checked daily too, and a few end up flagged. Those include StopForumSpam, TOR detection, Cloudfare GeoIP, getipintel, two services for ASN lookups, as well as an ever growing list of links/keywords that trigger admin alerts.
-----
There is no perfect solution for security.
I personally do nothing without an active VPN on my phone/laptop, and use 2FA for everything possible. I change my forum password monthly, and it's always in the 20-25 character range and looks similar to: &bbCKHRB8#5YkJqLjN4$f - I then rely on one of the many password services to keep my hundreds of unique passwords secure. (Lastpass, 1Password, NordPass, etc)
PRO TIP: Passwords are hashed/encrypted in the database via bcrypt. ie: I do not know them, and never have. NEVER post/email your password. I will never ask for your password.
Last edited by a moderator:
