Jump to content

Regarding the new version...


My1

Recommended Posts

since twisted threw out a nice little demo video for the new version

https://twitter.com/Twist3d89/status/812938269520494592

I think it's a good time to talk about it and account security.

I dont know too much yet myself but as we all saw, you wont be around using product keys anymore but rather you use your forum account login to activate the software.

since probably some users want to do sharing and stuff again let's get to the security part:

the good thing is obviously that when you accidentially leak your data you can just change your password and that's it for the product key this wasnt possible which can lead to annoying scenarios in case of an accident.

this also means that when you directly share your activation is that your friend doesnt have any product key he could misuse in anyway

of course this makes remote sharing (giving someone just the details to activate) quite a lot harder since it requires more trust because that user could take over your account.

so Let's start with some advice here (by the way I will make rule changes regarding that soon enough so be prepared): 

While these are mostly advice, you will hold responsible if you intentionally break it and something bad happens

  1. Use a not-so-weak password.
    • There are quite a bunch of ways to make a strong password. of course there's the average ransom password generator but it wont help but unless you store your passwords somewhere I doubt you remember it, there's also the so-called wordlist or Diceware or XKCD-Style approach which uses a few RANDOMLY chosen words to make the password memorable and secure at the same time. because even under the assumption the attacker knows how you chose your password (for example "one word and a number at the end") a wordlist based approach is a lot more secure because assuming we have a wordlist of 7776 words (the length of a diceware list) and use 4 words you have over 3656 trillion possible passwords (you can use more words to make it even better) also if the attacker doesnt know that you used wordlist and just bruteforces it he would have to try even more (but security is usually measured by the worst possible outcome)
      for diceware you can either use this tool https://www.rempe.us/diceware/#eff choose a wordlist and generate the passwords, or if you want the most secure approach, you can get the list of your choice here https://github.com/grempe/diceware/tree/master/js/lists and roll the dice (6 per word) yourself and patch your password together.
  2. Don't share your password
    • It seems obvious but you cant be sure enough. but well just for good measure.
      If you REALLY want to share your product activation, do it in real life and type in the password by yourself.
      It's generally not advised to share your Product key online and it's the same with the account key except that they can do more damage with your account because they could take away your account and other bad stuff.
  3. Try to avoid phishing
    • Of course it's hard to avoid phishing so at least please TRY to.
    • when you are logging into the forum make sure you are on https://tmacdev.com/forum and that you get a lock to show that the page is encrypted and that you download the software only from here. (Nerd tip: if you really make sure the software cane from the right place check that the URL the file actually comes from starts with https://s3.amazonaws.com/tmacdevforumdownloads/ )
    • If you found a suspicious site asking for your details from here, please report it by writing a message to me or @Twisted

Well that's it for now, read you guys Later

Best Regards and have a nice Christmas

My1

Link to comment
Share on other sites

  • 2 weeks later...
Guest mentobi

These all seem like reasonable security protocols. In the long run it'll be less hassle for The sites admin staff to maintain .

 

Link to comment
Share on other sites

oops I didnt lock this, but okay, let it be a discussion, this gives me an Idea, I'll make a rule discussion thread just for the sake of it, because well why not. might give me some Idea for rule changes in the future (by the way lol 777th post)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Member Statistics

    4823
    Total Members
    37858
    Most Online
    fraudoll
    Newest Member
    fraudoll
    Joined
×
×
  • Create New...