Question about how much power the admins actually have?

Discussion in 'Site Feedback and News' started by brewstermax, May 31, 2009.

  1. brewstermax

    brewstermax Well-Known Member

    I've been thinking about this lately. I'm interested to see how much power arn (or blake for that matter) actually has. Like, can they see what our password is? Or can they just access and modify our account as pleases them (well, I KNOW they can do this, but the main thing is, can they actually see our password and such?) I guess this is more of a vBulletin question than an arn question, but anyway, feel free to post any more questions. I want to see if arn has that kind of power. If he does, I recommend changing your password and that could be a security risk if he can. :rolleyes:
     
  2. DaveMc99

    DaveMc99 Well-Known Member

    Mar 1, 2009
    4,761
    0
    0
    Seattle, WA USA
    If an admin can see your password now.. what would changing your password do?
     
  3. spmwinkel

    spmwinkel Well-Known Member

    Oct 22, 2008
    1,351
    0
    36
    No. And this is publicly available information, anyone who wants to know this could look it up in the vBulletin documentation.

    http://www.vbulletin.com/docs/html/main/users_add
    This is a page about the admin's right to create a new user or edit an existing one.

    While he/she can edit your e-mail address, signature, postcount and the IP address you registered with, you can ready that:

     
  4. brewstermax

    brewstermax Well-Known Member

    FML. I knew this should be one to PM arn, but I thought I could get some mature discussion going. Why harp on one statement? I never said it would or would not help.

    Thank you.
     
  5. Eli

    Eli ᕕ┌◕ᗜ◕┐ᕗ
    Staff Member Patreon Silver Patreon Gold

    Arn and Blake have root on the TA servers. They have access to everything in the forum database including the MD5 hash that stores your password. Technically speaking they could break your MD5 password hash using rainbow tables or other tricks but I really can't think of any reason why they would bother.

    It's a good security practice to use a different password for every web site that you have a log in for. That way, if one is compromised, everything else is still secure.
     
  6. spmwinkel

    spmwinkel Well-Known Member

    Oct 22, 2008
    1,351
    0
    36
    But how would you remember all of them? Put them on a post-it and stick it to your forehead? ;)

    I know I should use more passwords. I use a few (e-mail, forums, etc. have different ones) but still, remembering more than 5 passwords gets hard especially if they're random character combinations.
     
  7. DaveMc99

    DaveMc99 Well-Known Member

    Mar 1, 2009
    4,761
    0
    0
    Seattle, WA USA
    Use initials for the site and add it to your password. password+ta or ta+password
     
  8. Eli

    Eli ᕕ┌◕ᗜ◕┐ᕗ
    Staff Member Patreon Silver Patreon Gold

    Use a password manager like 1Password, use a very strong password for your main password file. Problem solved!
     
  9. yourofl10

    yourofl10 Well-Known Member

    Dec 11, 2008
    4,176
    1
    0
    Well, with great power comes great responsibility...:cool:

    Arn and Blake are responsible they won't hand out your password or change it I would think:confused: There's always a chance that something could happen though....lol...But honestly this is sorta dumb question on the password thing. I see what some people like spmwrinkle about ta+password etc... and Hodapp on 1Password I agree that's a good thing to do just that I;m assuming arn and blake are responsible with passwords and personal info (e-mail etc...,DOB (optional) etc....).
     
  10. markx2

    markx2 Well-Known Member

    Dec 28, 2008
    685
    0
    16
    http://keepass.info/

    You should use a password manager. Keepass is free.

    And then you can use proper passwords like 3djraiYzlP1wIttxNGO
     
  11. Eli

    Eli ᕕ┌◕ᗜ◕┐ᕗ
    Staff Member Patreon Silver Patreon Gold

    Administrators for most web sites worth visiting can be trusted with the information you give them to register. The problem comes in when you're using widely distributed software like vbulletin, wordpress, and any other number of forum and content management systems when exploits are released.

    Say for instance you use one password for everything, and you're registered to some Pokemon forum that's running a 2 year old unpatched install of phpBB, they get hacked, the hackers instantly have a database including your email and your password. They go to your web mail access, try your password, and have access to everything you do online.

    It's never a bad idea to be extra careful about security. If you were using a unique password for each forum and the Pokemon site got hacked, all your other accounts would remain secure.
     
  12. spmwinkel

    spmwinkel Well-Known Member

    Oct 22, 2008
    1,351
    0
    36
    Thanks for the tips about the password managers. I didn't know so many people were actually using them. It seems annoying to first go into your password manager before logging in to toucharcade, e-mail, twitter, etc. etc. etc.
     
  13. markx2

    markx2 Well-Known Member

    Dec 28, 2008
    685
    0
    16
    I use 1password. Not free but not costly either.

    Come to toucharcade, click the lock icon in the browser bar and it will auto-fill the name/pass AND it presses return for me. So one click saves me many.

    Another tip: If you use 2 machines, get dropbox - https://www.getdropbox.com/ - and make the save location for your password files to be inside dropbox. That way it syncs automatically. (That is not an affiliate link)

    And these programs will also stores serial numbers, bank details and other notes you need secure.

    And for those that read this and think "It won't happen to me" - what if it does?
     

Share This Page