Security starts with you! Although we try our best to keep your information secure the recent high profile database leaks of the last year (MyFitnessPal for example) show that even multi million dollar companies have security breaches so here is a post to try and keep you as safe as we can online.
What we do to keep your information safe:
Our forum software runs on a forum software called NodeBB, NodeBB hashes all user passwords using the bcrypt hashing algorithm. This means we cannot read your password and neither can a successful attacker.
Hashes can be cracked to reveal the true password:
Hashes are only as strong as your password though, this is why strong passwords are so important, we suggest your password has a mixture of uppercase letters, lowercase letters as well as symbols and numbers and atleast 8 characters in length. A commonly used password is easy to guess and therefore the hash is easy to crack.
Password reuse is when you use the same password for multiple services, this is a big problem - it's very easy for people to look online for your information including database leaks and find your old passwords, if you are still using these password's they can then be used to hack into others services that use the password, such as your email account.
A good idea is to have a separate email address for private use (connected to your bank account for example) and a common one for not so important services, such as Plutonium. This way if a database breach does occur it makes it harder for an attacker to find your more important email address.
2 Factor Authentication (2FA):
2 Factor Authentication is one of the best defenses in the situation where your password is stolen - 2FA requires your password as well as a secondary action to authenticate to a service and log in. This normally entering a time sensitive code from an app on your phone or getting an SMS message with a code on it.
This form of defense is being used more and more - as such we have adopted it's use since NodeBB has a plugin to allow its use. We suggest enabling 2FA on your Plutonium account - although we are not the most important service in the world it's still a good idea for peace of mind. If you do not want to enable 2FA here at Plutonium, please turn it on for your email account if it supports it. It's security 101.
How to enable 2FA on Plutonium:
- Click your avatar on the top right of our menu bar at the top of your screen.
- Click profile your name.
- Click the circle with the 3 white squares inside it.
- Click Two Factor Authentication.
- Click the 'Enable Two-Factor Authentication" button.
- Follow the on-screen instructions and you'll soon have 2FA turned on, every unrecognized device trying to log in to your account will require a code from your phone using the GAuth app or any other supported app.