What we're doing
The MegaGlest forum respects the security of its users. In an attempt to further improve the security of your account, we are changing the way passwords currently work. The main reason we are doing this is because previous password requirements used very basic validation. We've since applied our own validation, ensuring that passwords meet a specific complexity. This helps ensure the password is more resistant to brute force attempts and prevent password reuse.
However, in order for this change to be of any use, it has to be applied to all accounts. To do that, we had to reset all passwords
. This means that you cannot login until you change your password
. You can change your password on this page
, where you must enter either your username or email address and a password reset will be sent to your email address. If you encounter any difficulties, please contact us at forum-migration-2013[at] megaglest.org
There is a three month deadline (28 October 2013)
to update your account, after which time inactive accounts will be removed.
Why did you do this?
A secure password is important not only to keep malicious users from accessing your account, but also because a large number of users are reusing passwords on more valuable accounts, such as for their email or paypal. By reusing passwords, even an inconsequential site becomes a security risk, and with access to your email, a malicious user can generally access any other account you've created online, spam your address book, or uncover personal information.
Can I opt out?
Yes. If you are not happy with the forum migration, our changes to account security, or no longer desire an account on the MegaGlest Forum, you can request to delete your account on your profile page (this requires you to login first, to confirm you own the account).
What kind of password should I be using?
The new password requirements don't measure a specific length, but rather a specific complexity. In other words, instead of a long password, you could use a mixture of different character types. A six character lowercase password has 308,915,776 different combinations. But with lowercase and uppercase characters, there are 19,770,609,600 different combinations, an increase of nearly 64 times! As you can expect, adding symbols, numbers, and unicode characters increase the number of combinations even further.
So in addition to a long password, consider using a mixture of character types. Alternatively, you could use passwords that are extremely long, as demonstrated in this comic
. The technique doesn't matter, the end goal is the same: preventing your password from being brute forced in a reasonable time. So in summation: long passwords or a mixture of character types are the way to go.
We recommend using a password manager such as KeePass
. Password managers allow you to use strong, unique passwords on all sites while only needing to remember a single master password.
What's stopping people from changing their password to the same password they were using before?
Nothing. If you were using a secure password previously, you're welcome to continue doing so. There's no way to find out how secure everyone's passwords' are, so it was necessary that we reset everyone's. The only requirement is that your password is at least reasonably secure.
This doesn't stop people from reusing passwords!
No, it does not, and we have no way to enforce that. The best we can do is bring it to people's attention. At least they can't say we didn't try.
Can I use unicode in my password?
Yes, our password system supports unicode characters. In fact, a unicode password of a reasonable length (excluding ASCII characters) is nearly impossible to brute force, due to the massive number of characters. However, typing unicode characters can be difficult. We recommend you do not use characters which you cannot easily type.
What's stopping us from using a password like "aaaaaaaaaaaaaaaaaaaaaa"?
Such a password would be a terrible choice, since it's not necessarily any easier to remember than a chain of four words (since you have to remember the number of "a"s). Irregardless, our improved system catches repeated characters and will not allow such a password. Similarly, series of characters (like 1234567890) are prohibited by the password system.
I don't like this!
We're sorry you feel that way. This change is not intended to be an inconvenience to our users, but rather a measure of making sure that your accounts (both here and on other websites) are as secure as possible.