Technical Issues - TPU Main Site & Forum (2021)

[Mussels]

it has the same words at the front
but a unique 3 letter number at the end is that ok/?

you should not reveal even that much dude

 

[Hachi_Roku256563]

you should not reveal even that much dude

i mean anything important i have much more secure
anything using that system i could lose and would not be to worried

I mean each to their own but i aint to worried about telling people my password systems

 

[qubit]

Deleted quote

No, that's NOT safe - knowing most of your password, hackers can then crack the last three numbers in mere milliseconds. It's only a matter of time until one or more of your accounts is compromised. Each login must have a unique password and your should use a good password manager, as it's impossible to remember all those passwords.

And as mussels said, advertising this in public wasn't a good idea. You should take down your comment for your own security. I'll then remove my quote.

EDIT: user's post has been removed, so I've removed the quote.

 

[Chomiq]

@W1zzard what's the number of affected users? Should we be worried? Should I enable 2FA just in case?

 

[W1zzard]

@W1zzard what's the number of affected users? Should we be worried? Should I enable 2FA just in case?

Only 3, which isn't enough to mandate a whole password reset. 2FA is always a good idea, it works really well on XF. I've been too lazy, too, but using it now since a few months and very happy with it

I think everyone has it.

yeah it's a permanent banner on top of the forums, for every logged-in user. things moved very fast yday, people lost $$ because hacked account sold them a RTX 3070, for $800, "but only transfer with paypal friends & family" ....

everything seems fine atm, so i'll probably take down the notice later today

 

[Mussels]

Can we get email notifications on login?

 

[W1zzard]

Can we get email notifications on login?

I like the idea. Something like "Login from new IP" ? I'd have to write an addon, but shouldn't be too complicated

 

[Durvelle27]

I like the idea. Something like "Login from new IP" ? I'd have to write an addon, but shouldn't be too complicated

This is what actually alerted me to my profile being compromised. I received an email stating a conversation was started (I wasn’t active for a few weeks) and than I got another email saying my info was changed. If I didn’t have those emailed I wouldn’t have ever known

 

[Hachi_Roku256563]

I like the idea. Something like "Login from new IP" ? I'd have to write an addon, but shouldn't be too complicated

I find this kind of system really annoying as i have a dynamic ip and it means i have to do it everymonth
idk how you would fix it im just saying it annoys me

 

[kayjay010101]

I find this kind of system really annoying as i have a dynamic ip and it means i have to do it everymonth
idk how you would fix it im just saying it annoys me

I'd rather it be opt-out than not be implemented at all. It's a very important safety feature.

 

[Hachi_Roku256563]

I'd rather it be opt-out than not be implemented at all. It's a very important safety feature.

yeah i agree with having this but i perfer like steams system which is machine by machine rather then ip

 

[the54thvoid]

I find this kind of system really annoying as i have a dynamic ip and it means i have to do it everymonth
idk how you would fix it im just saying it annoys me

Web security isn't about convenience. The hackers and fraudsters up their game each year. We have to adapt.

 

[Mussels]

I find this kind of system really annoying as i have a dynamic ip and it means i have to do it everymonth
idk how you would fix it im just saying it annoys me

one email a month is an issue? i get 100+ a day just from TPU

 

[Hachi_Roku256563]

one email a month is an issue? i get 100+ a day just from TPU

more acuratley a securite mesure which means its always a pain to get that mail

 

[Mussels]

more acuratley a securite mesure which means its always a pain to get that mail

Sorry, how is it a bad thing for security?

How would receiving an email on a new login/new IP cause you any difficulty at all? It's an email - ignore it, delete it, print it out and eat it...

 

[W1zzard]

I find this kind of system really annoying as i have a dynamic ip and it means i have to do it everymonth
idk how you would fix it im just saying it annoys me

it would remember all your recent IPs of course, not just the last one

XF already records this IP history, so just piggybacking on it with an addon should be easy

 

[Hachi_Roku256563]

Sorry, how is it a bad thing for security?

How would receiving an email on a new login/new IP cause you any difficulty at all? It's an email - ignore it, delete it, print it out and eat it...

Cause k don't receive it I have to getyve code or confirm

it would remember all your recent IPs of course, not just the last one

XF already records this IP history, so just piggybacking on it with an addon should be easy

So if my ISP gives me a IP I've had before it will remember

 

[Mussels]

Cause k don't receive it I have to getyve code or confirm

So far nothing has been said about 2FA which is what you're thinking of - purely a notification

 

[Hachi_Roku256563]

So far nothing has been said about 2FA wh

ich is what you're thinking of - purely a notification

Ohhhh opps soz lol

 

[W1zzard]

So if my ISP gives me a IP I've had before it will remember

Correct. I could probably check a whole Class C net for this, so 1.2.3.* being "same address", instead of 1.2.3.4

 

[Hachi_Roku256563]

Correct. I could probably check a whole Class C net for this, so 1.2.3.* being "same address", instead of 1.2.3.4

How long for (just curious)

 

[W1zzard]

How long for (just curious)

Long enough A few months, or a year, should be enough.

 

[lexluthermiester]

If not, is it time we start making it mandatory?

Oh, hell no. TPU starts that crap and there will be problems. It should be user choice, not mandatory.

 

[Frick]

Oh, hell no. TPU starts that crap and there will be problems.

2FA is crap?

 

[Hachi_Roku256563]

2FA is crap?

Mandatory yes