Save your Login data, your login name and passwords the exact way you used to apply for the 10mm-firearms forum account. 
For circumstances unknown and you might experience a rejection trying to log on to the forum. 
That way you ill be able to refer back to your saved info insuring the data entered at login is correct.

Sometimes we forget things and the slightest thing, like a missing character or misplaced character will cause your login to fail!

In case of such failures to log on, the moderators can work to help you reestablish your account access if needed!

Best regards and enjoy the forum!

Oh no do I see a upgrade coming. Another forum I'm on updated about 6 months ago.

how can I find that info? I don't remember my password.

blaster,

The forum can't tell you your password. If you get logged out you can have the forum email you a reset password link to the email address in your profile.  I just created a test account to play with this option.  If you have already created a challenge question you can also use that method to reset your password.  However, you can't create a challenge question without entering a password, so if you have forgotten then the email reset is the remaining choice.

If the email address on your profile no longer works, then Patriot, The_Shadow or I can update the email to a new one for you, and then you could use the recover password option.

Below is a technical explanation of how the forum can authenticate you if it doesn't know your password.  If you don't care about those technical details, stop reading here.

The answer is the magic of a "one-way" hash.  This is basically an encryption algorithm that changes your password into a string of characters from which it cannot decrypt back to the original string.

For instance, lets take the password "Welcome1".  If we use an older hash tool called MD5, which used to be very common, this produces the following string which gets saved in the database:


[MacBook-Pro:~] Yes, Master? md5 -s Welcome1
MD5 ("Welcome1") = b56e0b4ea4962283bee762525c2d490f


This string gets saved in association with your user account, and when you come here to login, the web software takes the password you give it, converts it to an "hashed" string and then compares that hashed string to a value on file.  If they match, the website knows you typed the same password, but doesn't know what password you typed.

MD5 is an older hash technology and there is now a "rainbow" table of possible results that can be looked up.  A relatively complete table is about 15GB in space, so very searchable.  As a result most websites now save the password as a shasum hash:


[MacBook-Pro:~] Yes, Master? shasum -a 512  w.txt
f70b743b66266394cb9773b77b40b1178e2a43e36e51f0ee61356ee6416fa2b798d3f17144639dbe6f8d6b56b60a6e8394bf70e60898ff33d352771052aa1fde  w.txt


As you can see, the hash is much, much larger than the MD5 hash, which makes it much harder to crack.

That is probably far more information than you wanted, but it does help explain frustrations like a website that can't tell you your password, but when you go to change the password it says you can't use any of the last five.  It doesn't actually know any of your last five passwords, but it knows the hash and therefore knows that you typed one of them.

thanks!

Thanks my Friend!

There's a danger in recording passwords on paper or say a text file but way back at IBM we used a method called "obfuscation" (the action of making something obscure, unclear, or unintelligible from Oxford) . Simply put password obfuscation means writing a password in an easily recognizable format in plain text that's impossible for another to figure out. 

At IBM our offices were regularly audited by security, and an unlocked office door, unlocked desk/cabinets and saving passwords on paper was grounds for immediate dismissal, which was a REAL PITA because we had to change passwords often and not use the same password for several iterations.

Say you had a password like CocaCola123 you could use an algorithm / obfuscation method like

SodaPop456& (the next 3 numbers in the sequence and a bogus special character that is not in the password) which you would recognize as CocaCola123. Your first dog's name, could be puppy321, beast could be leviathan or any number of analogous word permutations. It could get weird too where every cap letter in the recorded format would actually be the opposite, a lower case letter. Special characters in the password like $ could be recorded as any number of special characters a specific range AWAY (left or right on the keyboard) from the actual special character.

The key  to using  obfuscation is  coming up with patterns, characters and sequences that are easy to remember and never change it.








 

The funny part of this is the guy at the NSA just make up the rules we live by without asking a technician.  And from a human perspective "Tr0ub4dor&3" looks way more complex and hard than "correct horse staple battery".

But, Tr0ub4dor&3 can be cracked in about three days using standard practices, while "correct horse staple battery" would take 550 years using standard practices.  This is because not only computers that are doing the cracking not constrained by our perception that random capitals, numbers and symbols are "hard", but computers are also really hard to teach things like random strings of words.

Of course, if the rule was "passwords must be at least four random words totaling at least 25 characters, the standard practice would change to not guessing random characters as fast as possible to testing random collections of words.  This effectively reduces a 44 bit entropy string to one of only about 10 bits, which would only take a few hours to crack.

And, left to their own devices, humans come up with passwords like "1234abcd" so we need a way to validate that the password has high random entropy, which means written rules we can use to test.

The best compromise here would be to do negative tests, not positive ones.  The only useful positive test is "at least X long".  The negative tests would be things like "not only dictionary words", "no long sequences", etc.  This would result in passwords like "korrect horse staple battry" that are easy to remember, not easily mapped to a dictionary table to reduce entropy to blocks of bits, and high bit count.