How to…

 

This page contains instructions and information to help you get more from our website. If you have any suggestions for improvements, please feel free to contact us.

How to sign up for our email updates

If you would like to join the many subscribers who already enjoy the benefits of our automated email updates which will keep you up to date about upcoming events together with news from the committee and trip reports from other members (and help us keep down our postage costs), please follow these simple steps:

1. On the right hand side of our home page you will see a box that says “to receive new posts by email, please enter your email address below and press OK”. Simply enter your email address in the box and press “OK”.

2. A small window will appear asking you to copy some letters and/or numbers into a box (this is to prevent spam) – type in the letters and numbers you see and press “complete subscription request”.

3. The window will now say “your request has been accepted” and you can close it.

4. The final step is to wait for an email to arrive from “feedburner email subscriptions” which has a link in it to activate your subscription (please check it hasn’t been put in your “spam” folder by your email provider). Simply click on that link and you will see a new window appear with “Email subscription confirmed!”

That’s it – job done! All you have to do now is watch out for automatic email updates whenever we post any news or event details on the website. Don’t worry – you won’t be flooded with emails, and you can unsubscribe at any time if you don’t want to continue receiving them – there is an “unsubscribe” link on every email you receive from us.

How to keep your passwords secure

Many of you will know our website was “hacked” in 2012. Annoying as it was for us, it could have been much worse:

Imagine if they successfully hacked in to somewhere much bigger like facebook, ebay, or amazon – they could download the user account database and use de-encryption software to identify user passwords.

This wouldn’t be a huge problem in itself, but for one fact known to the hackers: Most people use the same password for all the websites they access because it’s easier than having to remember a whole set of different passwords.

Most services will store an encrypted (technically, a “hashed”) form of your password. What that means is that hackers don’t get a simple list of user names and passwords. What they get is a list of user-ids and password hashes. What’s good about hashes is that you can calculate a hash from a password, but you cannot do the reverse, so you cannot work out the password from the hash.

As a result, you would think that by being hashed it’d be pretty unhackable, but sadly that’s not so.

Computers these days are fast. In fact, the computer on your desk is so fast that it’s ability to do simple operations is measured in terms of billions of operations per second.

Assuming you use an 8 character password. Excluding special characters for now, you have 62 possible characters (26 lower case, 26 upper case, 10 digits), in each of the eight positions gives us over 221 trillion, combinations. This seems like a lot, until you realize that once you’ve stolen a database of usernames and encrypted passwords, an off-line decryption of all combinations of 8 characters could be completed in a few hours.

It doesn’t matter what your password is. If it’s eight characters and is comprised of upper and lower case letters and numbers, the hackers now have it – even if it was hashed by the service that they stole it from.

Increase your password to ten characters gives you over 850 quadrillion, and the offline guessing time would be measured in months.

Twelve characters gives you over three sextillion (3,279,156,381,453,603,096,810), where the offline guessing time would be measured in centuries.

That’s why 12 is better than 10 and both are better than eight. Throw in some special characters as well, and the numbers grow exponentially.

So remember these 2 rules and you can beat the hackers:

Use a different password for each different site login you have. That way a password compromised on one service won’t give hackers access to everything else you access.

Even the best eight character passwords should no longer be considered secure. 10 is better, but you really should consider moving to 12 or more for the long run, and include special characters if you can.

be safe!

reference material & further reading:

Ask Leo

Password Haystack