I think it'll take quite some computational power to actually brute force crack every hashed password on this site. Time is on the side of the users of this site to secure themselves up, unless the hacker has the power of Google's servers at their disposal (which they won't have).
Anyone who has access to your password from this site will also have access to your email address. Any websites where you have used the same password as here you should change your password. You should also change the password of your email account.
Should we continue to change passwords regularly over the next 24-48 hours?
No, this is taking it a bit far. Just change all your passwords everywhere and make your password on here different to your other ones. This means that any subsequent cracks on here will result in them only being able to access your account here, which isn't such a huge problem. What they gonna do - login and post a message?
Its pretty sloppy of web site owners and developers to rely on hashing paswords as some idea of security. Hashing is not encryption and the site should have used proper encryption in the first place instead of something that many websotes can decode for you in a minute or two.
Sloppy sloppy sloppy to risk members passwords like that
One of the first things these people will do, once they've worked out your password, is search your email address on FB to find out who you are IRL. I would make sure you have this feature turned off if you haven't already.
Probably wouldn't have happened if the staff spent more time working on security, instead of warning people for literally every pro-Israel post there is. Typical, farcical TSR really, and someone should be sacked over this.
There's always one.
Empire Total War people moaned they were releasing DLC when there were still bugs, not the same people dude, not the same people.
I use my TSR password for everything else on the internet. Do I really need to change all my passwords? Like do they know my ebay and Amazon user name and can use my password with it? I don't see how they could know my other user names for other sites, but the TSR message is telling me to change all my passwords for everything.
I use my TSR password for everything else on the internet. Do I really need to change all my passwords? Like do they know my ebay and Amazon user name and can use my password with it? I don't see how they could know my other user names for other sites, but the TSR message is telling me to change all my passwords for everything.
Do you really want to take the risk of not changing them? If I were you I'd change them all, but if you really don't want to then at least secure up sites like Amazon, Ebay, Paypal etc... and definately change your email account password.
The inconvenience of changing your passwords is far less than the inconvenience if someone gains access to them.
Do you really want to take the risk of not changing them? If I were you I'd change them all, but if you really don't want to then at least secure up sites like Amazon, Ebay, Paypal etc... and definately change your email account password.
The inconvenience of changing your passwords is far less than the inconvenience if someone gains access to them.
But how on Earth could they have my Amazon and Paypal usernames if they've only stolen information from this site?
Its pretty sloppy of web site owners and developers to rely on hashing paswords as some idea of security. Hashing is not encryption and the site should have used proper encryption in the first place instead of something that many websotes can decode for you in a minute or two.
Sloppy sloppy sloppy to risk members passwords like that
Encryption (by definition) guarantees that the passwords can be recovered.
Its pretty sloppy of web site owners and developers to rely on hashing paswords as some idea of security. Hashing is not encryption and the site should have used proper encryption in the first place instead of something that many websotes can decode for you in a minute or two.
Sloppy sloppy sloppy to risk members passwords like that
Hashing is a very common method of storing passwords, and it's not as easy to crack as you are suggesting. It's specifically designed to not be decrypted, and indeed can't be. To the best of my knowledge the only way to crack a password which is hashed using md5 is via a brute force method.