ProtoNode A Social Programming Environment
How to Verify the Login Page is Secure


To verify that you are really logging into protonode.com there are a few things you need to check before you start typing in your password.
On the main login page, the first thing you need to check is that the URL in the browser's address bar starts with https and includes a green lock icon (as shown above). This means that your username and password will be encrypted before being submitted. It also means that the page you are on was not intercepted and modified by a man-in-the-middle who can steal your password as you type it.
The other thing you must check is that the URL actually says protonode.com. Someone can easily buy a domain that looks similar and might include sub-domains. For example, URLs similar to the following should not be trusted:

BAD: http://protonode.com/login
        ^^^ https required. We automatically redirect you to https.

BAD: https://protonode.com.log.in
                                         ^^^^ wrong domain name. Only the last 2 or 3 sections are important. The rest can be ignored.

BAD: https://protomode.com/login
                           ^ wrong letter


2 Factor Authentication

In your user settings you can enable time-based one-time passwords (TOTP) which allow you to authorize multiple devices to act as secondary keys when logging into your account.
Once you are sure you are on our real login page you simply need to enter your username and password as usual, then open your TOTP App of choice (such as Google Authenticator) and append the generated 6 digit number to your username after a single space.
You can generate a new TOTP secret whenever any of your authorized devices get compromised. You should also make sure you use a long lock screen code if possible.

If you lose all of your authenticated devices you can still get access to your account by activating the forgot password feature. You will then recieve a link in your email which will log you in.
Remember to keep your email account secure. Change your password often (or just extend it so you can better remember it) and don't login to any site from an untrusted device which may have a virus.
If your email account gets hijacked then you should create a new one and register it quick while you are still logged in to your account. If you are logged out and don't know your password or lost/uninstalled all your authorized TOTP apps then you are probably out of luck, depending on which data you lost and how many different people are claiming to be locked out of your account.
It is strongly recommended that you store extra copies of your passwords in a safe place (like a steel safe, under book jackets, or hidden in an email you sent to several friends for extra redundancy). You should also changes some of the letters in your password backups so people can't quickly try every suspicious bit of text they find against every email address they know.