After we changed everyone's passwords a couple of weeks ago, people were asking some questions about passwords and personal data. Firstly, we don't hold much personal data- as people have usernames, we don't know real names. We do ask for the year and date of birth to comply with the Children's Online Privacy Protection Act (COPPA). We ask for an active email account and send a link that has to be clicked on to complete the registration. This is to make it harder for automated registration by advertisers and spammers. We also ask where you're from, where you are based now and what your first language is. There are also optional fields where people can add biographical information and interests if they wish. Unless you use your real name as a username or connect via Facebook, the data is anonymous. If an acount is deleted, this information is deleted from our records.
We cannot see passwords. Here's a screenshot of what we can see in admin:
The box for password is blank- we have no idea what it is or how many characters it uses, and we have no way of seeing it. We can enter a new password, and occasionally do when someone is having problems logging in or sorting out a new password. However, the second we save it, the box goes blank again.
If you're emailing or sending us a Private Message about your account, please don't send us the password- the username is enough.
[Edited by the webmaster to add...]
Since we use the leading brand of forum software (vBulletin) to manage our forum membership lists, these passwords are stored in a secure way and we have no possibility of retrieving them from the database. For those that are more technical, the actual passwords are salted with a random three character string created on registration. The actual password is stored as md5(md5(password) + salt).
Categories: UsingEnglish Content