Separate names with a comma.
Discussion in 'GBAtemp & Scene News' started by Costello, Jan 12, 2017.
You sign in via Facebook. If your Facebook is not compromised, I wouldn't worry.
Scroll down before page fully loads
You mean they would have access to my Facebook?
No. What I mean is if they hack your facebook (know your facebook login details) they can login to your GBAtemp account.
I changed my GBATemp password. So, I should probably change all of my accounts with the same password right?
Ugh, I hate those type of hackers.
You should anyway. Don't believe they got anything from GBA unless they got into an admin account...
@RedBlueGreen Edit: Another possibility would be to create a QR code of your Master and Grandmaster passwords and tattoo it to a well hidden place.
This is why passwords are not meant to be good on those ROM sites, let alone anything like your good passwords.
My good stuff is like ofjdhisocnrq193(626195)*:&2(_96$: (on phone, too lazy to mix those up)
And those ROM sites passwords are like
Note: example passwords. My passwords are much better.
I didn't even know 2FA was an option here - Thanks!
what site was it? was it that paradise?
That iso network.
phew, my acct there is completely different
Can someone please take that stupid video off of AuroraWrights original post. Its a slap in the face to her hard work.
2FA sounds nice but is too much of a PITA to use on most sites, especially if you often browse in incognito mode and/or actively log out of web sites ASAP (to reduce the chance of cookie/session key replay attacks). Perhaps I'd feel differently if it weren't the case that I use randomly generated passwords and hence I should only really be vulnerable if (1) my system is compromised (for which 2FA may be of little help), (2) some part of the chain of identification could be MITM (*cough*where's the SSL?*cough*), or (3) the website itself is either compromised or allows for brute force attacking accounts. For (1), I'm as much to blame as if I were using a weak password or reusing passwords. But for (2) and (3), well that's a poor excuse for me, the user, to go out of my way to try to mitigate what should be being done properly on the website end.
PS - By no means is this meant to be chastising anyone (Aurora Wright or GBATemp.net's admins). I just think that 2FA is often overkill and really misses the point: whatever system you use, you have to figure out what the real weakness is/should be. If the issue fundamentally is a weak password, deal with that. If it's that it's too easy for others to snoop the password, deal with that. If the server is so readily compromised, deal with that. If all of that's been well addressed and 2FA still makes sense, do that. Otherwise, well, they'll just compromise the weakest part (hack your email account, reset passwords, and then 2FA can become a joke) which actually makes the situation worse. :/
Now where would've they gotten a list of unencrypted usernames and passwords? :^)
In all seriousness, the password I've been using was burned long ago so this change is overdue anyway.
Costello's account is fine.
GBATemp itself wasn't compromised, but some ISO site was.
I honestly suggest people stop using that iso site. They appear to have some pretty shitty security going on over there. If you do it, use a throwaway account/password.
Thank u Changed my password =D
omg thats exactly what i do lol
@Costello OK, time to password change then
For sites like that ISO site and a like, I use 10 minute mail & a different user name & a random pass at the time of signing up.