October 22, 2014

Keep safe online

For the second time, we just had some instances of some peoples' accounts being accessed by other people.

The reason is now very clear: there are some escort sites who may store your password in clear text in their database. Some of them may then use your password to try and log in as you in other places (like for your profile on Massage Republic). They were changing links to the profile owner website to their own site.  These sites are obviously bad places with very bad people running them (idiots, basically).

Any decent site (like us) will never store your password in clear in the database. The full explanation is a bit technical, but I will try and provide the human version. When you register or change your password we take that password and transform it using some clever maths (which I don't understand, but it's the same one used when you login to your bank) and store the transformed password. The great thing is we cannot reverse the math (explanation is complicated) so we can never know your password. When you login, we have to make the transformation on the password provided and compare against the originally transformed version.

Regardless of how safe we work to make things on Massage Republic, you can still be at risk if someone else has your password. Especially if you re-use it on multiple sites. To keep it safe, use a different password on Massage Republic.

If you have any questions on this, please ask. It is complicated and the underlying reasons are tough for many people (including computer scientists) to understand.

Post a Comment