Welcome to our New Forums!

Our forums have been upgraded and expanded!

Welcome to Our New Forums

  • Our forums have been upgraded! You can read about this HERE

Passwords & Forums [Fixing the issues]

Hp. Hoodedcobra666

Administrative High Priest
Staff member
Joined
Sep 19, 2017
Messages
11,058
Website
joyofsatan.org
Dec 12 2022 Update:

We are working to resolve the e-mail mechanism problem especially in regards to Protonmail. It might take a while.

The recommendations from the SS who noted this feature was no longer necessary after the breach of the years old files have been followed; therefore the mandatory password reset has been removed, nobody will have to change password again.

Passwords from now on will require a little more length and complexity, to make sure things are safe.

It is still advised to change your password every so often.

Anyone who cannot login, please send an e-mail at [email protected] and we will do a manual password retrial process.

Sorry for the inconvenience.

____________________

Dec 6 2022 Update:

Apparently, Protonmail has blocked the password retrieval e-mails. At the same time, they have blocked the function to receive new e-mails as posts, likely triggering false alarms in their spam filter.

Until that is resolved [it might not be] then receiving e-mails from the forum will be blocked on this provider.

We have tried this on other e-mail providers and everything was received properly.


______________________

Greetings everyone,

So every sometime now [40 days or a month] one might be asked to change their password. That's for security measures and in case anything gets attacked by the enemy.

I know this might be a little non convenient, but it's kind of needed. So try to use a password you remember, and then change it at the given interval.

Recently it appears also the pass retrieve mechanism is not working on those who registered with Protonmail. We are not sure why, maybe it is triggering a spam filter. We are looking into this and will implement a solution.

If anyone has account access problems, please do email at [email protected] so we can restore access or manually send the retrieval e-mail.

Thank you and sorry for this inconvenience.

-High Priest Hooded Cobra 666
 
Can the password be a complex variant of the same word used previously? I ask because I suck at remembering passwords and several times on this forum I had to change accounts because I didn't remember my login details when I changed my mobile phone and therefore I no longer had the passwords memorized...
 
Glad I am not as dumb as I thought :lol: . For a second there I thought something was wrong with me for forgetting passwords...

Anyway, what alternatives can be used ? Instead of protonmail I mean.
 
Shadowcat said:
It's all good, I saw and changed mine this morning. Gotta do what we gotta do to keep everything safe :)

I agree, but I know things will get better with the time.
 
SeguaceDiSatana said:
Can the password be a complex variant of the same word used previously? I ask because I suck at remembering passwords and several times on this forum I had to change accounts because I didn't remember my login details when I changed my mobile phone and therefore I no longer had the passwords memorized...
Technically yes, but you would have to make considerable changes, like turning all e:s into 3:s and so on, and after a while the password becomes obsolete anyway requiring you to make so many changes it becomes practically a new password.

Check this software out: https://keepassxc.org/
 
Sadly I lost my previous account (Carvier) due to that little inconvenience. I even had a thanks from Lydia, I'm sad.
 
I believe a password change every month is a little overkill. It was a good precaution after a known database leak happened, but if people use strong passwords, changing them every month gives very little benefit.

There are two types of password leaks to consider:

1. Password Hashes. The hacker would access the database and get password hashes. These cannot be cracked if a strong password was used. (That's what they were designed for!) Changing it in a month would only help if a weak password was used, which might be cracked after a month of CPU time, but it's still risky since you never know how long a weak password will withstand.

2. Password Plaintext. The hacker would get passwords in plaintext, probably by injecting code to capture passwords as people log in. The hacker would get a person's password immediately after they use it, and he can use it immediately to hack the account, so it will not help to change it in a month.

---------

A monthly password change will help people who use weak passwords, but it's an unnecessary inconvenience for everyone who uses strong passwords.
 
HP. Hoodedcobra666 said:
Greetings everyone,

So every sometime now [40 days or a month] one might be asked to change their password. That's for security measures and in case anything gets attacked by the enemy.

I know this might be a little non convenient, but it's kind of needed. So try to use a password you remember, and then change it at the given interval.

Recently it appears also the pass retrieve mechanism is not working on those who registered with Protonmail. We are not sure why, maybe it is triggering a spam filter. We are looking into this and will implement a solution.

If anyone has account access problems, please do email at [email protected] so we can restore access or manually send the retrieval e-mail.

Thank you and sorry for this inconvenience.

-High Priest Hooded Cobra 666

HPHC bro i have forgotton all mine im on my 8th acc as you can prob see.



Thanks for this might need if happens again. Wish I still had my original.
 
Soaring Eagle 666 [JG said:
" post_id=403556 time=1670127681 user_id=346]
I believe a password change every month is a little overkill. It was a good precaution after a known database leak happened, but if people use strong passwords, changing them every month gives very little benefit.

There are two types of password leaks to consider:

1. Password Hashes. The hacker would access the database and get password hashes. These cannot be cracked if a strong password was used. (That's what they were designed for!) Changing it in a month would only help if a weak password was used, which might be cracked after a month of CPU time, but it's still risky since you never know how long a weak password will withstand.

2. Password Plaintext. The hacker would get passwords in plaintext, probably by injecting code to capture passwords as people log in. The hacker would get a person's password immediately after they use it, and he can use it immediately to hack the account, so it will not help to change it in a month.

---------

A monthly password change will help people who use weak passwords, but it's an unnecessary inconvenience for everyone who uses strong passwords.

To add to this, simply instructing members how to make a strong password without the nonsensical requirements that lots of other sites have for their passwords, like special characters, numbers, upper/lower case letters, ect would be more helpful.

A strong password that's hard to crack by a CPU is as simple as a string of words together that can't be guessed in random order.

Easy example being

PurpleMonkeyDishwasher

A CPU will never guess the above in any practical or meaningful time.
 
This was only temporary, we will eventually go to 60 days and 100 days interval.

Yet this change now must be used so everyone makes a strong memorable password. Statistically a lot of people might have a weak password, so that would help. For this time.

It is all very good if this is what must be done.

Admittedly, I myself hate to have to do all of this. We will up the limit to trice per year.


Soaring Eagle 666 [JG said:
" post_id=403556 time=1670127681 user_id=346]
I believe a password change every month is a little overkill. It was a good precaution after a known database leak happened, but if people use strong passwords, changing them every month gives very little benefit.

There are two types of password leaks to consider:

1. Password Hashes. The hacker would access the database and get password hashes. These cannot be cracked if a strong password was used. (That's what they were designed for!) Changing it in a month would only help if a weak password was used, which might be cracked after a month of CPU time, but it's still risky since you never know how long a weak password will withstand.

2. Password Plaintext. The hacker would get passwords in plaintext, probably by injecting code to capture passwords as people log in. The hacker would get a person's password immediately after they use it, and he can use it immediately to hack the account, so it will not help to change it in a month.

---------

A monthly password change will help people who use weak passwords, but it's an unnecessary inconvenience for everyone who uses strong passwords.
 
Like Henu said, KeePass is a fully encrypted and secure place to create and store passwords. For Satanic Documents, VeraCrypt can be a good place to store your files in an encrypted Hidden partitions that only you can access.

BrightSpace666 wrote: ↑
Mon Oct 10, 2022 5:28 pm
VeraCrypt

If you want additional encryption for your files under your already encrypted Linux system, you can use VeraCrypt. In it you can encrypt partitions or even files. You can choose multiple encryption types for a file, and you can perform two Encryptions within a virtual storage. The essence in a nutshell - you create an encrypted virtual space for yourself and encrypt it with a password, then PIM and log in. You store files there, but in this encrypted space there is also a hidden encrypted space where you store more important files.

When you unlock the first encrypted space, the second one doesn't show up, you have to unlock it manually, then once unlocked, you enter the password and PIM if you chose that too, and log in. This is your file encrypted in several ways, if you chose this at the beginning it is also hidden, plus you have to enter two passwords (I recommend you choose the PIM too, it's like a PIN, it's made up of numbers).

You can also generate a "key file" yourself, this is an even bigger security detail, because without these you cannot enter your files. You can store anything here, be it Project works, or passwords, or text documents, anything, and it's your own encrypted part under an encrypted Linux system.

The Tutorial video - https://incogtube.com/watch?v=4SBWc_cQm-Y

https://veracrypt.fr/en/Home.html
 
HP. Hoodedcobra666 said:
Greetings everyone,

So every sometime now [40 days or a month] one might be asked to change their password. That's for security measures and in case anything gets attacked by the enemy.

I know this might be a little non convenient, but it's kind of needed. So try to use a password you remember, and then change it at the given interval.

Recently it appears also the pass retrieve mechanism is not working on those who registered with Protonmail. We are not sure why, maybe it is triggering a spam filter. We are looking into this and will implement a solution.

If anyone has account access problems, please do email at [email protected] so we can restore access or manually send the retrieval e-mail.

Thank you and sorry for this inconvenience.

-High Priest Hooded Cobra 666

I use a password manager with an extremely secure password, is this in case you guys get hacked or I get hacked?
 
HP. Hoodedcobra666 said:
This was only temporary, we will eventually go to 60 days and 100 days interval.

Yet this change now must be used so everyone makes a strong memorable password. Statistically a lot of people might have a weak password, so that would help. For this time.

It is all very good if this is what must be done.

Admittedly, I myself hate to have to do all of this. We will up the limit to trice per year.

Soaring Eagle 666 [JG said:
" post_id=403556 time=1670127681 user_id=346]
but if people use strong passwords, changing them every month gives very little benefit.
...

It sounds like a better option would be for the forums to be strict about the password strength and not the frequency of change. Doesn't sound like it is currently possible to do that, but that would be more ideal.
 
Hp please can you manually send me the verification email on the Weassel account?
I forgot my password and despite having a gmail on that account I didn't received the verification email and I also sent you an email from saturday where i ask for help and... you still didn't respond.
Can you help me please?
 
BigWeassel said:
Hp please can you manually send me the verification email on the Weassel account?
I forgot my password and despite having a gmail on that account I didn't received the verification email and I also sent you an email from saturday where i ask for help and... you still didn't respond.
Can you help me please?

I do not know about the e-mail you sent to Cobra, but I think you should check your spam filter.

Perhaps the mail woth verification or password reset link ended up in there


Happens to me a lot with other emails from news sites and others.

Gmail and other email providers perhaps have a "hard time" in putting our emails correctly in place, especially when it comes to the JoS.
 
HP. Hoodedcobra666 said:
Dec 6 2022 Update:

Apparently, Protonmail has blocked the password retrieval e-mails. At the same time, they have blocked the function to receive new e-mails as posts, likely triggering false alarms in their spam filter.

Until that is resolved [it might not be] then receiving e-mails from the forum will be blocked on this provider.

We have tried this on other e-mail providers and everything was received properly.
Protonmail offers other domains for their emails, such as pm.me and proton.me. Have these been tested as well?
 
BlueLake666 said:
BigWeassel said:
Hp please can you manually send me the verification email on the Weassel account?
I forgot my password and despite having a gmail on that account I didn't received the verification email and I also sent you an email from saturday where i ask for help and... you still didn't respond.
Can you help me please?

I do not know about the e-mail you sent to Cobra, but I think you should check your spam filter.

Perhaps the mail woth verification or password reset link ended up in there


Happens to me a lot with other emails from news sites and others.

Gmail and other email providers perhaps have a "hard time" in putting our emails correctly in place, especially when it comes to the JoS.
Yes, yes i checked there, I only have like 5 stupid mails there and nothing from JOS.
 
BigWeassel said:
BlueLake666 said:
BigWeassel said:
Hp please can you manually send me the verification email on the Weassel account?
I forgot my password and despite having a gmail on that account I didn't received the verification email and I also sent you an email from saturday where i ask for help and... you still didn't respond.
Can you help me please?

I do not know about the e-mail you sent to Cobra, but I think you should check your spam filter.

Perhaps the mail woth verification or password reset link ended up in there


Happens to me a lot with other emails from news sites and others.

Gmail and other email providers perhaps have a "hard time" in putting our emails correctly in place, especially when it comes to the JoS.
Yes, yes i checked there, I only have like 5 stupid mails there and nothing from JOS.

Hmm.. okay... understood.

Then it really needs to be clarified with HP. Cobra then
 
BlueLake666 said:
BigWeassel said:
BlueLake666 said:
I do not know about the e-mail you sent to Cobra, but I think you should check your spam filter.

Perhaps the mail woth verification or password reset link ended up in there


Happens to me a lot with other emails from news sites and others.

Gmail and other email providers perhaps have a "hard time" in putting our emails correctly in place, especially when it comes to the JoS.
Yes, yes i checked there, I only have like 5 stupid mails there and nothing from JOS.

Hmm.. okay... understood.

Then it really needs to be clarified with HP. Cobra then
Okay it solved now, got my account back :D




Thx HP!
 
I am Angramainyu now. I could not remember the other password, as I let my computer do it for me. So I have been RE born again. The new and improved wannabe.... ""Wannabe what?'"". Hell if I know. A better meditator hopefully.
 
An idea I have here, don't know if it works or if it is convenient, but I think we should also use other anonymous email messaging providers like Tutanota email services which are also from our proud Germans.

I do not say that Protonmail is annoying, in fact, it is quite good if you ask me based on the fact that it is used in Sweden and it is protected by the Swiss laws regarding privacy, ie. No third party has access to your data... but... in the case of the JoS it is not useful as it blocks emails with password retrieval in the case of mers who want to reset their passwords.

Plus it is very annoying that if you forget your ProtonMail password, then your conversations will have only the PGP keys shown, and nothing else, as the password plays as a symmetric key when is set.

That is just my opinion, but, if anyone has ideas, be sure to reply them in this message I posted now.

If using Tutanota is useful, then I may write an usage guide on the main JoS forum.

What do you think?

Waiting for your suggestions :)

Hail Satan
 
I think changing the password once a month is okay in terms of security. Albeit I'd like better if the page for password creation would emphasis: Create a STRONG password.

Sheer fact is maybe a better solution is make a sermon: Password Improvement XYZ.

Every month or two months maybe each season once every 3 months. Remind people to re-evaluate their passwords and focus on a new stronger, strong one.

Maybe in FAQ or Basic information: Explain passwords SHOULD and ARE RECOMMENDED to be as strong and lengthy as possible within reason or maintain a large password 30-digit max is the current max size which is perfectly divisible in 10 Symbols, 10 Numbers, and 5/5(10) letters(5 capital/5 lowercase).

I think anytime a breach or any security issue occurs issue a password change warning just in case. As it's been mentioned either they gain access to the passwords and have a notepad (.ini) file similar to Linux or Unreal Engine and it's .ini. Or it's salted and hashed and is in the process of being cracked. So before they can crack it change passwords and it messes with the hackers.

Either way I think best thing is Seasonally and in basic FAQ/Documentation implore people to double-up on their passwords and secure themselves with an appropriate string of passwords.

Keep your password written down in a safe location. Then when making a new password cross-reference with the old one and make sure passwords are better. Once a month might seem problematic for people but it really isn't all that frightening if anything it just more annoying. Again unlike other websites on the internet JoS is a serious threat to many entities whether people lie and state nope or people go absolutely.

Sheer fact is security should be Prime.
 
Gear88 said:
I think changing the password once a month is okay in terms of security. Albeit I'd like better if the page for password creation would emphasis: Create a STRONG password.

Sheer fact is maybe a better solution is make a sermon: Password Improvement XYZ.

Every month or two months maybe each season once every 3 months. Remind people to re-evaluate their passwords and focus on a new stronger, strong one.

Maybe in FAQ or Basic information: Explain passwords SHOULD and ARE RECOMMENDED to be as strong and lengthy as possible within reason or maintain a large password 30-digit max is the current max size which is perfectly divisible in 10 Symbols, 10 Numbers, and 5/5(10) letters(5 capital/5 lowercase).

I think anytime a breach or any security issue occurs issue a password change warning just in case. As it's been mentioned either they gain access to the passwords and have a notepad (.ini) file similar to Linux or Unreal Engine and it's .ini. Or it's salted and hashed and is in the process of being cracked. So before they can crack it change passwords and it messes with the hackers.

Either way I think best thing is Seasonally and in basic FAQ/Documentation implore people to double-up on their passwords and secure themselves with an appropriate string of passwords.

Keep your password written down in a safe location. Then when making a new password cross-reference with the old one and make sure passwords are better. Once a month might seem problematic for people but it really isn't all that frightening if anything it just more annoying. Again unlike other websites on the internet JoS is a serious threat to many entities whether people lie and state nope or people go absolutely.

Sheer fact is security should be Prime.

I agree with your statement.

Secueity should always be a Prime concept for us.

Even though I think there are some things that need to be kept in mind that besides changing the passwords / session or once a month, it is important that one should always keep up his own device security, in order to not have any keyloggers or other spyware programs such as Pegasus Malware.

You need to keep your passwords and remember me keys if you log in automatically safe from any misuse, better on a local note software such as Notepad for Windows, Document Editor for Linux or the note system on your phone, or at least an app that stores notes only locally.

Google Keep or other noting software such as Evernote that has connections with the cloud and on the centralized servers should be avoided as ome can easily have access to the server and see the information in clear as hea is the proprietor of the server, and by this I mean the whole Govt and also Google or Evernote CEO.

Also, hashes shall be combined and use both a miz of SHA256 and AES 128 bit encryption and also Salsa20 and Base64 encoding.

If necessary, encrypt emails and sensible files that are locally stored on your PC with a tool like PGP4Win. This is a tool that offers local PGP key management and can be used to encrypt files and emails locally.

The working systems of the key is totally asynchronous, as there is only one key that is used for encrypting the files or emails and only one key that can be used to decrypt the documents or emails.

And, as another important step into security, digital security, one can also opt for hard drive lockers / encryptors (software that locks the hard drive from being readable when the user doesn't use the computer anymore, and encrypt all its contents). Be careful to remember your passwords as if you do not, there is no guaranteed way that the hard drive locking / encrypting at request software can help you recover your password. So, whatever you do, put your password on a paper and remember it.

The password is stored locally in the program's memory so, you should consider to add a middle to mostly complicated password.

Again, note the password on a physical support and /or local note software.

Finally, one shall also use Bitcoin in order to do transactions anonymously, as Bitcoin and Monero provide a lot of privacy.

Be careful to use cold storage wallets if possible, such as USB wallets from Trezor or Copay.

Apply same security measures such as noting the password and keeping the USB wallet safe.
 
HP. Hoodedcobra666 said:
We are working to resolve the e-mail mechanism problem
I sent you some e-mails, Cobra. It seems that the 'forgot password' function doesn't send e-mails to gmail.
I seem to have forgotten the last password I entered when forced to change. I'm writing this from the last personal device where the session is still alive.
Can you please advise?
 

Al Jilwah: Chapter IV

"It is my desire that all my followers unite in a bond of unity, lest those who are without prevail against them." - Satan

Back
Top