I had hoped one of the forum admins would contact me to discuss the security of this bulletin board but unfortunately none did.
So by way of a belated caution to those whom have already signed-up, please consider the following.
Many forum users may not be concerned, but the fact that when each of us signed up, our initial password was sent back to us as unencrypted plain text emails, is poor practice in today's privacy-compromised and hacker-prevalent world!
Certainly, common sense dictates that you should never sign-up to sites using a password which you plan to retain, or use on other sites, however, there are still issues with this practice:
- Many would enter their initial password perhaps expecting it to be their password-of choice until required to update it, thus NOT making it some careless choice of characters, soon to be replaced.
- After receiving their affirmation emails with their passwords now in plan text, many probably won't bother updating them immediately, leaving their forum accounts open to abuse.
- Most are challenged by having too many passwords to remember, so tend to use "common" or "shared" passwords across 'protected' sites
- It is also common practice to use password patterns (e.g. QwErTy1@3$5^ vis QWERTY 123456 with alternates case-shifted) ... seeing these in plain text helps a hacker target an individual, by then trying all case-shifted combinations to access that person's (other) accounts
- Publishing passwords in plain text like this makes hacker dictionaries so much easier to compile or expand, simply by harvesting the data streams of sites (such as this forum) where plain text passwords are known to be transmitted
... so if nothing else, make sure any password you used to initially access this forum HAS been changed and that you are NOT using that initial password on any of your OTHER sites ... particularly where you hold sensitive or 'private' information (a misnomer in itself).