Dec 28th 2016, 6:11 PM Edited
I'll be talking about how you can improve your security, and how we're taking steps to improve your security. Security isn't something that you can just apply, it's a process that never ends, and we'll always work to prioritize security over everything else.

How can you improve security?
  •  Don't reuse passwords. Sure, you might have a really good password for accounts you care about, but we can't do anything about how other sites handle passwords. For example, 000webhost stored millions of passwords in plaintext. You may feel this is really inconvenient to remember a password for every site, but you don't have to, use Keepass to store all of your passwords.
  • Use a strong password. Keepass can generate a password for you with whatever settings you want. "vzjYz*#b7^s%+m2knvu9" is the kind of password you should be using.
  • Check your account sessions to see if your account is being used by someone other than you.
  • Make sure you always have access to your email, and don't use disposable emails. You can always change your email provided you can still use your registration email. The only way you can get back into your account is by resetting your password through the email you have listed for your account.
How are we improving security?

  • We're hashing passwords with bcrypt.
  • We've taken steps to make it very difficult to bruteforce an account, one of those steps is requiring a captcha on every login.
  • We're testing 2FA out, it's already required for admins.
  • We have all account logins (including failed) available for admins to view.
We'll continue to add new layers of security as the community grows and new issues are presented.
