ProtoNode A Social Programming Environment
Login Security Tips
Remember to follow our Secure Login Guide to make sure you know how to tell when some other website is pretending to be us.

We offer extra security features for logging in besides just mandatory HTTPS and optional Local Password Hashing. For starters we let you add a "+label" to the end of your username when logging in. This makes it easier for you to track your login history. Usually the label will contain the location of the suspicious computer you are using. When you add a label you also activate a special mode which lets you scramble your password and prevent anyone who did see it from using it to login. Not only is it a single use password but you can also track the IP address of anyone who tried to use it. The procedure for scrambling your password is so simple that you will probably do it by accident. You just add extra random letters into your password as you type it. No more than 10 because it would take too much CPU time to test all the combinations of removed letters against the stored hash of your real password. You will want to make sure that your password looks random enough to begin with because adding extra characters to obvious words will not prevent a determined attacker from deciphering your actual password.

How to randomize your password to make it only work once
If your username is "user1" and your password is "Xo9ty*sn" then you can login more safely from an untrusted device by typing your username as "user1+library" and your password as "pX6bof98tJfy*^skn", where the characters in red were chosen at random.

If anyone tries to remove a few characters from your password they will likely remove a required character, or they will not remove enough of the random characters and will get busted for reusing a password similar to one you already used. As a bonus, if you accidentally add extra characters into your password you won't notice and you won't have to try again. However if you add the same characters again you will not be logged in and it will trigger a warning. After you login you should review your login history and look for suspicious login attempts. If you see anything you were not expecting, or if it has been a while, you should change your password. Remember that password resets are done using your verified email address so you should also change that password often.

You must enable this feature in your settings for it to work. This is because it is easier for an attacker to test against many passwords using fuzzy matching. For example, "password_123", "pasword_123456", "password_024680", etc... can all be checked using this one password: "password_01234567890". That is another reason why it is so important to choose a very random password that doesn't fit a pattern.