Two new security features on Club Log By G7VJR, Michael Wells
Club Log has two new features as of [yesterday]:
1) Support for Google Authenticator (2-factor authentication). You can use your smart phone as a second factor (in addition to your password) to protect access to your account. When logging into Club Log, you will be asked to enter a code from your phone. This is optional, but many internet users prefer to have this in place as passwords are generally considered inadequate to protect a site on their own. To enable Google Auth, go to the Settings page and click the button just under the password form.
2-factor authentication is available to use entirely at your preference. I recommend it, but be aware it will block you from logging in if you haven't got your phone with you.
2) Vulnerable password tests
Nearly five billing login details have been circulating on the internet for various web sites, having been stolen or sold by hackers. This is the "new normal". You can check if any of your internet accounts have been compromised by logging into this site and checking: https://haveibeenpwned.com/. From today, every time you login to Club Log, a test (using an indirect representation of your password) will be made to see if it is one of the compromised passwords listed on that site. If you get nagged about a compromised password, please take it seriously. You can protect not only your amateur radio log (which surely has some worth!) but also potentially avoid bigger problems by using a stronger password - or a strong password generator - whenever you use any internet site. Simple passwords put your data at risk and invite identity theft, and organised gangs are taking every opportunity.
Club Log hasn't been involved in any data breaches, and I have taken every precaution to ensure that no passwords are ever stored in a reversible format in the database. As you may already know, all traffic to Club Log is HTTPS by default. Later this year, there will be no remaining HTTP interfaces at all. These two new features, above, are an attempt to improve security by involving you in the process.
Club Log has two new features as of [yesterday]:
1) Support for Google Authenticator (2-factor authentication). You can use your smart phone as a second factor (in addition to your password) to protect access to your account. When logging into Club Log, you will be asked to enter a code from your phone. This is optional, but many internet users prefer to have this in place as passwords are generally considered inadequate to protect a site on their own. To enable Google Auth, go to the Settings page and click the button just under the password form.
2-factor authentication is available to use entirely at your preference. I recommend it, but be aware it will block you from logging in if you haven't got your phone with you.
2) Vulnerable password tests
Nearly five billing login details have been circulating on the internet for various web sites, having been stolen or sold by hackers. This is the "new normal". You can check if any of your internet accounts have been compromised by logging into this site and checking: https://haveibeenpwned.com/. From today, every time you login to Club Log, a test (using an indirect representation of your password) will be made to see if it is one of the compromised passwords listed on that site. If you get nagged about a compromised password, please take it seriously. You can protect not only your amateur radio log (which surely has some worth!) but also potentially avoid bigger problems by using a stronger password - or a strong password generator - whenever you use any internet site. Simple passwords put your data at risk and invite identity theft, and organised gangs are taking every opportunity.
Club Log hasn't been involved in any data breaches, and I have taken every precaution to ensure that no passwords are ever stored in a reversible format in the database. As you may already know, all traffic to Club Log is HTTPS by default. Later this year, there will be no remaining HTTP interfaces at all. These two new features, above, are an attempt to improve security by involving you in the process.