new hacks - is our information on the forum safe?

I work in identity management and InfoSec in an environment with almost half a million users for a living. There's very little info on a typical forum that would be considered sensitive. In fact, you're more likely to have PII (personally identifying information) show up in the wild from 3rd party companies that farm your advertising info than you are to have something serious be gleaned from your standard PHP forum (I have an account with SpyCloud and it's scary what shows up there on a regular basis). That said, the advice given about not using reusing passwords is sound.

Multi-factor auth is the best thing you can do for any account you own, by the way. In my own organization, we had a big issue with people clicking on phishing emails and getting compromised, and then spamming the phishing internally and externally to other victims. MFA made that issue go away overnight. Just try to stay away from SMS texts for accounts you care about, SMS isn't secure. I tend toward FIDO keys or Google Authenticator when I actually need strong security. It helps if your password is over 10 characters long, too. The crackability of a password goes up exponentially with the number of characters you use.

Also, please don't click on stuff you don't recognize in email, and don't click random links on the internet. Seriously. 99% of the time when I see someone was compromised, it was because they were looking at stuff on the web they shouldn't be. The first thing we teach in InfoSec is that there is no security technology that can fix problems caused by users who do dumb things; therefore, training users to be smarter internet citizens always comes before spending a briefcase of money on fancy firewalls and security technologies.
 
Back
Top Bottom