Mathematical
Silver Coder
Introduction
Hey there, CF.
As you know, we've recently had an outage. But don't worry, it was just @Master Yoda in the process of doing some changes to the infrastructure(More changes will be done in the next few days, so expect to have issues accessing the site again). Although, one user was recently worried about their account, as they had to reset the password. As a result, I am making this thread to give some tips to help secure your account on CF and help keep you safe as possible while browsing.
Also, feel free to chime in with other security-tips that I may not have covered and I'll add them to this post, along with whoever shared that tip. I welcome all contributions.
If at any point during your stay here on CF, you encounter content or even a technical-issue that may threaten the security or privacy of others, please immediately report it to CF staff so we can get it fixed.
1. Don't Share Personal-Information
You've been taught it many times before and I'll teach you it again: Don't share your personal-information with others, regardless of how well you know them(Unless of course, they're your friend). What counts as personal-information is:
This is a list of what you really shouldn't share. Here at CF, we actually recommend you do not share any of the information listed above, but you're free to do so, provided you take precautions to ensure the safety of this information when you share it.
The only time that is really suitable to give out personal-information, is when you've been offered a job or if somebody wants to contact you later about something, outside of CF.
2. Watch What You Click
Nowadays on the web, just one wrong click can land you into trouble. The site you enter may be full of ads which contain a plethora of trackers or it may contain some kind of illegal content which can land you into trouble with the authorities in your country. So, watch what you click on, please.
To see what website you are just about head to, look down at either the bottom-left or bottom-right corner of your screen. You should see the link there. If the URL kind of looks off(E.g. freecoolmoviesite.net), then ignore it, and then report the post containing the link to CF so that we can remove it and either warn or ban the user who shared that link. If it's a link to a site such as The Verge or Wikipedia, then you know it's safe.
3. Use A Burner-Email
There is a good reason to use a burner-email and that is to ensure that in the case that CF gets hacked, that your real email does not get involved in that breach. A burner-email will essentially be your email for CF until you delete it. I have two tips for managing your burner-email:
By the following the tips above, you ensure in minimizing the risk of your CF account from getting hacked and even minimize the risk of the email itself getting hacked. Do not use an email-alias, as this is just a name that disguises the original address of your personal-email. If a hacker gets a hold of the email-alias belonging to your original email and the password to it too, they'll still be able to break into the account.
Go with any provider you want for this burner-email: Gmail, Outlook, Yahoo! Mail, Tutanota, Protonmail, anyone. It doesn't matter whatever one you use, just make sure you follow the tips for managing the burner-email that I gave above.
4. Enable 2FA(Two-Factor-Authentication)
2FA is a way to make it harder for people to break into your account. What will happen, is you will connect your account to either an email, phone-number, or an app. Once you login, you will either be asked for a code(If you're using either an email or a phone-number), or you will have to scan a QR code using the device linked to your account - This is to ensure it really is you logging in.
As long as nobody has access to your phone, email, or phone-number, it is nearly impossible to break into your account. CF has support for both apps and an email account for verifying that you're the one logging into the account. To be on the safer-side of life, set-up 2FA for your email too(If you're using an email for 2FA that is) - This will make it near impossible to break in now. CF also allows you to have back-up codes, in the case you lose access to your device or email - Save these in a safe place as these will come in handy at some point.
For any accounts linked to your CF account(Email, Discord, Facebook, etc.), please do not use a phone-number for 2FA via SMS. Yes, it's quite easy to use a number and get a text-message for verifying yourself, but your phone-number is tied to your smartphone, which has it's own set of security issues. Plus, it's possible for phone-numbers to be hijacked and it is possible for an SMS message to be intercepted(Refer to this CNet article, which also offers a bunch of other tips: Google signs up 150 million people for two-factor authentication: What it is, how it works).
If you did follow my advice for using a burner-email for your CF account and you're using that email as a way to verify yourself via 2FA, please do not delete that burner-email. If you do delete that burner-email, it will become impossible to verify yourself unless you have stored your back-up codes somewhere(Side-Note: Do not store these back-ups on any cloud-services either, as these services are quite vulnerable to attacks). And if you did not save the back-up codes offered, then you've essentially lost access to your CF account. At that point, you can contact the staff-team to see if it's possible to recover the account, or you can just start over with a new account and have the old one deleted.
5. Use A Good Password
This is pretty self-explanatory. If you don't use a good password, other measures such as 2FA practically become useless. Here's a good idea of what should be in your password:
By following the above list of rules for a password, you will be making your account(s) much harder to password-guess, and if the password is encrypted in the site's database using a secure algorithm - Much harder to decrypt.
And of course, do not share these passwords with anyone, including friends and family. By sharing these passwords, you are asking to lose access to your accounts and all content associated with those accounts. Never share your passwords with anyone.
Again as well, use a password-manager. Although, do not use a cloud-based manager or the manager built-into your browser, as these are vulnerable to attacks - Use a manager that stays only on your computer instead(If you have an encrypted hard-drive, then that's a big plus. If it's not, make sure you do encrypt your hard-drive the next time you install your OS. The only issue is that if you lose the hard-drive, you lose your passwords with it).
Note: Don't forget to share your tips. Some other sections that I need to write, will be written later. Keep an eye out.
Hey there, CF.
As you know, we've recently had an outage. But don't worry, it was just @Master Yoda in the process of doing some changes to the infrastructure(More changes will be done in the next few days, so expect to have issues accessing the site again). Although, one user was recently worried about their account, as they had to reset the password. As a result, I am making this thread to give some tips to help secure your account on CF and help keep you safe as possible while browsing.
Also, feel free to chime in with other security-tips that I may not have covered and I'll add them to this post, along with whoever shared that tip. I welcome all contributions.
If at any point during your stay here on CF, you encounter content or even a technical-issue that may threaten the security or privacy of others, please immediately report it to CF staff so we can get it fixed.
1. Don't Share Personal-Information
You've been taught it many times before and I'll teach you it again: Don't share your personal-information with others, regardless of how well you know them(Unless of course, they're your friend). What counts as personal-information is:
- Real name
- Age/Date of Birth
- Location/Nationality
- Any ID cards you have(Passport, driver's license, etc.)
- Phone number
- Personal email-address(More on email-addresses later)
- IP Address(This can be traced back to your real location)
This is a list of what you really shouldn't share. Here at CF, we actually recommend you do not share any of the information listed above, but you're free to do so, provided you take precautions to ensure the safety of this information when you share it.
The only time that is really suitable to give out personal-information, is when you've been offered a job or if somebody wants to contact you later about something, outside of CF.
2. Watch What You Click
Nowadays on the web, just one wrong click can land you into trouble. The site you enter may be full of ads which contain a plethora of trackers or it may contain some kind of illegal content which can land you into trouble with the authorities in your country. So, watch what you click on, please.
To see what website you are just about head to, look down at either the bottom-left or bottom-right corner of your screen. You should see the link there. If the URL kind of looks off(E.g. freecoolmoviesite.net), then ignore it, and then report the post containing the link to CF so that we can remove it and either warn or ban the user who shared that link. If it's a link to a site such as The Verge or Wikipedia, then you know it's safe.
3. Use A Burner-Email
There is a good reason to use a burner-email and that is to ensure that in the case that CF gets hacked, that your real email does not get involved in that breach. A burner-email will essentially be your email for CF until you delete it. I have two tips for managing your burner-email:
- Only use the burner-email for CF.
- Delete the burner-email immediately as soon as CF has notified users of a security-breach.
By the following the tips above, you ensure in minimizing the risk of your CF account from getting hacked and even minimize the risk of the email itself getting hacked. Do not use an email-alias, as this is just a name that disguises the original address of your personal-email. If a hacker gets a hold of the email-alias belonging to your original email and the password to it too, they'll still be able to break into the account.
Go with any provider you want for this burner-email: Gmail, Outlook, Yahoo! Mail, Tutanota, Protonmail, anyone. It doesn't matter whatever one you use, just make sure you follow the tips for managing the burner-email that I gave above.
4. Enable 2FA(Two-Factor-Authentication)
2FA is a way to make it harder for people to break into your account. What will happen, is you will connect your account to either an email, phone-number, or an app. Once you login, you will either be asked for a code(If you're using either an email or a phone-number), or you will have to scan a QR code using the device linked to your account - This is to ensure it really is you logging in.
As long as nobody has access to your phone, email, or phone-number, it is nearly impossible to break into your account. CF has support for both apps and an email account for verifying that you're the one logging into the account. To be on the safer-side of life, set-up 2FA for your email too(If you're using an email for 2FA that is) - This will make it near impossible to break in now. CF also allows you to have back-up codes, in the case you lose access to your device or email - Save these in a safe place as these will come in handy at some point.
For any accounts linked to your CF account(Email, Discord, Facebook, etc.), please do not use a phone-number for 2FA via SMS. Yes, it's quite easy to use a number and get a text-message for verifying yourself, but your phone-number is tied to your smartphone, which has it's own set of security issues. Plus, it's possible for phone-numbers to be hijacked and it is possible for an SMS message to be intercepted(Refer to this CNet article, which also offers a bunch of other tips: Google signs up 150 million people for two-factor authentication: What it is, how it works).
If you did follow my advice for using a burner-email for your CF account and you're using that email as a way to verify yourself via 2FA, please do not delete that burner-email. If you do delete that burner-email, it will become impossible to verify yourself unless you have stored your back-up codes somewhere(Side-Note: Do not store these back-ups on any cloud-services either, as these services are quite vulnerable to attacks). And if you did not save the back-up codes offered, then you've essentially lost access to your CF account. At that point, you can contact the staff-team to see if it's possible to recover the account, or you can just start over with a new account and have the old one deleted.
5. Use A Good Password
This is pretty self-explanatory. If you don't use a good password, other measures such as 2FA practically become useless. Here's a good idea of what should be in your password:
- Between 16-25+ characters and contain a bunch of different numbers, symbols, and letters - This can be done using a generator in your password-manager.
- Contain about one or two special-characters - This includes underscores, hyphens, ampersands, etc.
- Contain random words that do not tie-in together - Use a dictionary for some good words that will be hard to guess and make sure the words do not relate to one another. (Contribution by @Tealk): Using a dictionary and a special tool to crack passwords, a "dictionary-attack" can be performed if you use this method. This method can still be freely used but it's advised that you don't do this as these kinds of passwords can easily be cracked.
- Must not contain any words or phrases that relate to any part of your personal-life - Please refer to the previous point about dictionary-attacks.
- (Contribution by @Tealk): Use a password-manager to generate and manage passwords for your accounts. You are able to generate extremely random passwords using a manager, which will take an extremely long time to crack - Of course, you won't remember these random passwords, which is why you have a manager for them in the first place. Take advantage of the generator in your manager and make sure you generate the most random and complicated password that you can for every account.
By following the above list of rules for a password, you will be making your account(s) much harder to password-guess, and if the password is encrypted in the site's database using a secure algorithm - Much harder to decrypt.
And of course, do not share these passwords with anyone, including friends and family. By sharing these passwords, you are asking to lose access to your accounts and all content associated with those accounts. Never share your passwords with anyone.
Again as well, use a password-manager. Although, do not use a cloud-based manager or the manager built-into your browser, as these are vulnerable to attacks - Use a manager that stays only on your computer instead(If you have an encrypted hard-drive, then that's a big plus. If it's not, make sure you do encrypt your hard-drive the next time you install your OS. The only issue is that if you lose the hard-drive, you lose your passwords with it).
Note: Don't forget to share your tips. Some other sections that I need to write, will be written later. Keep an eye out.
Last edited by a moderator: