# Important notice: FA passwords posted on 4chan



## chocolatekitsune (Apr 27, 2007)

What the topic says.

Numerous FA username and passwords have been put up on 4chan and it would be helpful if an admin placed a warning at the top of the site to let everybody know.

Or better yet, if possible, just reset the passwords :S


----------



## MoonTWolf (Apr 27, 2007)

chocolatekitsune said:
			
		

> What the topic says.
> 
> Numerous FA username and passwords have been put up on 4chan and it would be helpful if an admin placed a warning at the top of the site to let everybody know.
> 
> Or better yet, if possible, just reset the passwords :S



Well then, how'd they get out? and why wont anyone link to it? ALSO, what would anyone do with it?, most of us arent targets the only ones who have anything to worry about are those on Encyclopedia dramatica, and artists who do "questionable" material.


----------



## yak (Apr 27, 2007)

The passwords posted were (since that thread got deleted) more then one and a half years old, and since then 
a. All of the accounts with matching passwords were automatically blocked and un-blocked only on request
b. 4 or 5 times an administration notice was posted on top of each page on FA
c. Several accounts re-blocked, because they used the same passwords as before.

Yet people *still* put their old passwords in, despite all the effort to warn them of the consequences. 




> [26 Apr 07 20:18] * verix * OK NOW I HAVE PEOPLES INTEREST
> [26 Apr 07 20:18] * verix * FurAffinity WAS HACKED:
> [26 Apr 07 20:18] * verix * 1. download http://clanspum.net/~pi/fa/fa.tar.bz2
> [26 Apr 07 20:18] * verix * 2. unzip
> ...


----------



## chocolatekitsune (Apr 28, 2007)

MoonT, 4chan's /b/ threads have as much longevity as an ADHD ferret's attention span. Linking a thread on that site would only be of any use for barely 15 minutes or much less.

And Yak, yeah - I was told that they were outdated after I informed others about it. Go figure.


----------



## Dragoneer (Apr 28, 2007)

yak said:
			
		

> Yet people *still* put their old passwords in, despite all the effort to warn them of the consequences.


I hate to say it, but after all the warnings we have given and after all the attempts we have made to suggest users use a secure, mix-character password and they STILL DO NOT... if their account is compromised I have much less sympathy.

But for the record, if anybody wants to know the #1 cause of account violations/intrusions on FA, it's...

*drumroll*

#1 - Giving your password to a friend/mate who later users it against you after a fight/disagreement! 
#2 - Clicking the "save password" feature at a friend's house and they later are able to just log right into your account without any difficulty.

While site security is important, the ultimate security lay within the user. Use strong passwords (mix character, at least one lowercase, uppercase and a number) and NEVER GIVE YOUR PASSWORD OUT! EVEEEER!


----------



## DuncanFox (Apr 29, 2007)

Ok, I downloaded that list out of curiosity, because the sysadmin in me wanted to see what kind of passwords folks were using.Â Â I didn't see more than a couple passwords more complex than dictionary words plus maybe a number.

The most complex password I saw in the whole mess was either "flcmkllgdj" or "19racc99", depending on your definition of complex.Â Â The worst?Â Â Sixty-five people using "dragon" or "Dragon", and 47 using "password".

Of the rest, the vast majority were using 1-2 simple dictionary words, without even a capital letter.

DON'T USE PASSWORDS THAT PEOPLE CAN JUST GUESS!  Like Preyfar said, "Use strong passwords (mix character, at least one lowercase, uppercase and a number)"


----------



## themocaw (Apr 30, 2007)

Sadly enough, I find that randomly l337ing and repeating certain letters in your password makes for a pretty secure password.

example:  Dragon = Dr4g0oNN

Password: Pa5sw012d

Sexykitty: 42yearoldvirgin


----------



## gliengul (May 2, 2007)

chocolatekitsune said:
			
		

> Or better yet, if possible, just reset the passwords :S



Any chance that you guys randomly reset a bunch of passwords again?
I just had to use the password retrieval system again(and i know i wasn't recycling passwords).


----------



## Dragoneer (May 5, 2007)

No, we have not reset anything of recent.


----------

