On Saturday, Cloudflare let us know that ysfhq.com is not one of the websites that they have discovered leaked data for. We have since confirmed that your data on YSFlight Headquarters remains completely unaffected by this vulnerability after conducting a thorough audit.
YSFlight Headquarters has additional security measures in place to prevent someone gaining access to your forum account, such as conducting certain validation of authentication traffic and limiting "Remember Me" login times to a few days at most. These measures ensure that anyone that did get access to sensitive data would have a difficult time doing anything with it. Check out the phpBB blog to know what more the developers doing to improve security and stability of the software behind YSFHQ.
Other websites you visit likely also utilize Cloudflare, so in light of this news we wanted to share some useful tips on keeping your accounts secure:
- Don’t reuse passwords across accounts
- It may seem easy to remember one password, but if a hacker gets hold of that master key, they can access all your accounts. Check out this video to learn more.
- We recommend a password manager such as LastPass, 1Password, or Encryptr which makes keeping track of all your accounts super easy.
- Use strong, randomly-generated passwords
- Strong, complex passwords are much harder to guess, and thus makes your account less likely to be compromised.
- Password managers make it really easy to generate strong passwords. You can also use trusted websites such as strongpasswordgenerator.com.
- Change your passwords regularly (every 3 months is a good amount)
- This helps ensure that any passwords that do get compromised have a limited lifespan.
- If two-factor authentication (or multi-factor authentication) is available, use it!
- Accounts using two-factor authentication require both the username/password combo as well as second code, often generated from your phone, in order to login. A hacker would need both your username/password as well as your phone to login.
- We plan to implement this on YSFHQ when a stable 2FA forum extension is released. When it’s ready, we’ll let you know!
Want to learn more about the bug known as Cloudbleed? Here’s a good non-technical explanation of the situation, and here’s the original post from Cloudflare about it.
Happy flying,
- Eric and the YSFHQ staff